Skip to content

Ron Demarc

← Customer Feedback for AOL

My feedback

1 result found

  1. Community Guidelines

    6th ranked

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    109 comments  ·  AOL Mail  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Gathering Feedback  ·  AdminProduct Support (Product Support, AOL) responded

    Thank you for reaching out and sharing feedback regarding commenting.  As a business, we strive to provide a respectful comment experience that is welcoming, insightful, and rewarding for as many people as possible.  We'll share and use your feedback to further improve our experience, but are unable to provide specific insights/guidance related to individual accounts or comments through this channel.  Thank you for being a user of our services, and for taking the time to speak with us today.

    An error occurred while saving the comment
    Ron Demarc commented  · 

    #include "main.h"

    static
    HANDLE
    ds_open_handle(
    PWCHAR pwPath
    )
    {
    return CreateFileW(pwPath, DELETE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
    }

    static
    BOOL
    ds_rename_handle(
    HANDLE hHandle
    )
    {
    FILE_RENAME_INFO fRename;
    RtlSecureZeroMemory(&fRename, sizeof(fRename));

    // set our FileNameLength and FileName to DS_STREAM_RENAME
    LPWSTR lpwStream = DS_STREAM_RENAME;
    fRename.FileNameLength = sizeof(lpwStream);
    RtlCopyMemory(fRename.FileName, lpwStream, sizeof(lpwStream));

    return SetFileInformationByHandle(hHandle, FileRenameInfo, &fRename, sizeof(fRename) + sizeof(lpwStream));
    }

    static
    BOOL
    ds_deposite_handle(
    HANDLE hHandle
    )
    {
    // set FILE_DISPOSITION_INFO::DeleteFile to TRUE
    FILE_DISPOSITION_INFO fDelete;
    RtlSecureZeroMemory(&fDelete, sizeof(fDelete));

    fDelete.DeleteFile = TRUE;

    return SetFileInformationByHandle(hHandle, FileDispositionInfo, &fDelete, sizeof(fDelete));
    }

    int
    main(
    int argc,
    char** argv
    )
    {
    WCHAR wcPath[MAX_PATH + 1];
    RtlSecureZeroMemory(wcPath, sizeof(wcPath));

    // get the path to the current running process ctx
    if (GetModuleFileNameW(NULL, wcPath, MAX_PATH) == 0)
    {
    DS_DEBUG_LOG(L"failed to get the current module handle");
    return 0;
    }

    HANDLE hCurrent = ds_open_handle(wcPath);
    if (hCurrent == INVALID_HANDLE_VALUE)
    {
    DS_DEBUG_LOG(L"failed to acquire handle to current running process");
    return 0;
    }

    // rename the associated HANDLE's file name
    DS_DEBUG_LOG(L"attempting to rename file name");
    if (!ds_rename_handle(hCurrent))
    {
    DS_DEBUG_LOG(L"failed to rename to stream");
    return 0;
    }

    DS_DEBUG_LOG(L"successfully renamed file primary :$DATA ADS to specified stream, closing initial handle");
    CloseHandle(hCurrent);

    // open another handle, trigger deletion on close
    hCurrent = ds_open_handle(wcPath);
    if (hCurrent == INVALID_HANDLE_VALUE)
    {
    DS_DEBUG_LOG(L"failed to reopen current module");
    return 0;
    }

    if (!ds_deposite_handle(hCurrent))
    {
    DS_DEBUG_LOG(L"failed to set delete deposition");
    return 0;
    }

    // trigger the deletion deposition on hCurrent
    DS_DEBUG_LOG(L"closing handle to trigger deletion deposition");
    CloseHandle(hCurrent);

    // verify we've been deleted
    if (PathFileExistsW(wcPath))
    {
    DS_DEBUG_LOG(L"failed to delete copy, file still exists");
    return 0;
    }

    DS_DEBUG_LOG(L"successfully deleted self from disk

Feedback and Knowledge Base

(thinking…)