LloydLabs / Delete Self Poc
Licence: mit
A way to delete a locked file, or current running executable, on disk.
Stars: ✭ 229
Programming Languages
c
50402 projects - #5 most used programming language
🗑️ delete-self-poc
A way to delete a locked, or current running executable, on disk. This was originally found by Jonas Lykkegaard - I just wrote the POC for it. This can also be used to delete locked files on disk, that the current calling process has permissions to get DELETE
access to.
How does this work, though - in this POC?
- Open a
HANDLE
to the current running process, withDELETE
access. Note,DELETE
is only needed. - Rename the primary file stream,
:$DATA
, usingSetFileInformationByHandle
to:wtfbbq
. - Close the
HANDLE
- Open a
HANDLE
to the current process, setDeleteFile
for theFileDispositionInfo
class toTRUE
. - Close the
HANDLE
to trigger the file disposition - Viola - the file is gone.
Releases
I have included a statically linked release within this repository, if you can't be bothered compiling the original source code.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].