利用MoveFileA特性实现运行中的exe伪强删

Syntax

BOOL MoveFileA(
  LPCSTR lpExistingFileName,
  LPCSTR lpNewFileName
);
BOOL CreateDirectoryA(
  LPCSTR                lpPathName,
  LPSECURITY_ATTRIBUTES lpSecurityAttributes
);

引入相关命名空间

using System.Runtime.InteropServices;
using System.IO;

引入Win32 DLL

[DllImport("kernel32.dll")]
static extern int CreateDirectoryA(string lpPathName, Attributes attributes);

[DllImport("kernel32.dll")]
static extern int MoveFileA(string lpExistingFileName, string lpNewFileName);

定义DLL C++参数里所需的 LPSECURITY_ATTRIBUTES

public class Attributes
    {
        public int nLength;
        public int lpSecurityDescriptor;
        public int bInheritHandle;
    }

通过在系统临时目录中创建目录并将目标文件利用特性移动实现强制删除

public  static void DeleteFile(string path)
        {
            try
            {
                string LpPathName = Path.GetTempPath() + Environment.TickCount.ToString();
                Attributes attributes = new Attributes();
                CreateDirectoryA(LpPathName, attributes);
                CreateDirectoryA(LpPathName + @"\....\", attributes);
                string RandomDirectory = string.Empty;
                Random rnd = new Random();
                for (int i = 0; i < 30; i++)
                {
                    RandomDirectory += rnd.Next(10).ToString();
                }
                MoveFileA(path, LpPathName + @"\....\" + RandomDirectory);
                MoveFileA(LpPathName + @"\....\", LpPathName + @"\" + RandomDirectory);
                Directory.Delete(LpPathName, true);
            }
            catch { }
        }

总结

MoveFileA强制移动的文件的文件将在系统重启后被删除,至此完成强制删除功能。

Last modification:July 20th, 2021 at 07:59 pm
如果喜欢可以赞赏哦~