http://hi.baidu.com/baiganby baiganmail : yymingh # gmail . com本人水平很菜,欢迎讨论(代码写的极其丑陋,只是测试了一下功能)最近用了一下金山文件粉碎器,这个软件号称如何如何强大,其实恐怕连简单的Ring3 HOOK都可以fack它.在我的电脑上试用的过程中发现其不能够删除NTFS分区上的Running File (这部分也没细看), 可能是我的电脑的毛病也可能是金山的BUG ,简单的说一下其在FAT32区上删除Running File大致思路,省略n多字.... CreateFile打开文件所在的盘 ,ReadFile读第一扇区的内容,定位一些数据得到根目录.在根目录中搜索子目录(如果有),定位文件设置删除 ,猜想其说的不能恢复是遍历文件在硬盘的所有簇清除数据(只是猜测 , 每看 ,也没实现这个),大概就这些,贴一段测试代码删除正在运行的文件(代码写的极其丑陋,hehe水平比较菜).但愿排版不会很乱
#include <windows.h>
#include <stdio.h>openDiskdelFile(PCHAR chr);int main()
{
char szBuffer[MAX_PATH]="0"; OPENFILENAME file={0};
file.lStructSize=sizeof(file);
file.lpstrFile=szBuffer;
file.nMaxFile=256;
file.lpstrFilter="All Files\0*.*";
file.nFilterIndex=1;
printf("--------------------------------------------------------------------------------");
printf("\n");
printf("用于删除文件");
printf("警告:\n");
printf("\t 1 . 只能运用在FAT32文件系统分区 \n");
printf("\t 2 . 稳定性我不敢保证");
printf("\n");
printf("--------------------------------------------------------------------------------");int sc=0;
printf("输入 7 转到删除文件 \n");
scanf("%d",&sc);if(sc==7)
{
if(::GetOpenFileName(&file))
{ char *pbuffer=strupr(file.lpstrFile); openDiskdelFile(pbuffer);
}
}
return 0;
}//-----------------------------------------------------------------------------------------------
//-----------------------------------------------------------------------------------------------
//------------------------
//定义根目录结构体
typedef struct _FAT_32{
CHAR name[11];
BYTE attr;
BYTE nouse1;
BYTE nouse2;
BYTE nouse3[2];
BYTE nouse4[2];
BYTE nouse5[2];
BYTE nouse6[2];
BYTE nouse7[2];
BYTE nouse8[2];
BYTE nouse9[2];
BYTE nouse10[4];}FAT_32,*PFAT_32;
//-------------------------
//定义全局变量
//求每扇区的字节数v
int v;
//根目录所在的第一个簇号k
int k;
//数据区起始m
int m;
//每簇的扇区数j
int j;
//数据开始地址n
int n;
//根目录开始地址c
int c;
//FAT表地址b
int b;
//目录起始偏移地址p
int p;
//缓冲区bBfuffer
//BYTE bBuffer[512 * 32] = {0} ;
BYTE * bBuffer;
//
char ptrname[128][12]={0};//-------------------------
void delRunningFile(HANDLE hDisk ,int execname, int caddr ,int x);
char * charto83ds(char * chr);
char * charto83ex(char * chr);
//-------------------------openDiskdelFile(PCHAR chr)
{
HANDLE hDisk ;
char * ptr;char shortchar[MAX_PATH];
char pDiskPath[10] = "\\\\.\\";
BYTE buffer[512] = {0} ;::GetShortPathName(chr,shortchar,MAX_PATH);
strncat(pDiskPath,shortchar,2);bBuffer=(unsigned char *)malloc(512*32);//分配不成功导致Relrese版本失败// int tsize=1;
// while(tsize!=0)
// {
ptr=strchr(shortchar,'\\');
ptr=ptr+1;
int tsize=strcspn(ptr,"\\");
strncpy(ptrname[0],ptr,tsize);
// }int i=1;
while(tsize!=0)
{
ptr=strchr(ptr,'\\');
if(ptr==NULL)
{
break;
}
ptr=ptr+1;
tsize=strcspn(ptr,"\\");
strncpy(ptrname[i],ptr,tsize);
i++;
}int execname=i-1; __try {
hDisk = CreateFile ( pDiskPath, GENERIC_READ | GENERIC_WRITE, \
FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, 0 ) ;
if ( hDisk == INVALID_HANDLE_VALUE )
{
MessageBox ( 0, "磁盘打开错误!", 0, 0 ) ;
return 0;
}
SetFilePointer ( hDisk, 0, 0, FILE_BEGIN ) ;
DWORD dwReadByte ;ReadFile ( hDisk, (LPVOID)buffer, 512, &dwReadByte, NULL ) ; if ( dwReadByte == 0 )
{
MessageBox ( 0, "磁盘读取错误!", 0, 0 ) ;
return 0;
}
//----
//得到关键数据
v=buffer[12] * 0x0100 + buffer[11];
k=buffer[47]*0x01000000 + buffer[46]*0x010000 +buffer[45]*0x0100+buffer[44];
int BPB_RsvdSecCnt=buffer[15] * 0x0100 + buffer[14];
int BPB_NumFATs=buffer[16];
int BPB_FATSz32=buffer[39]*0x01000000 + buffer[38]*0x010000 +buffer[37]*0x0100+buffer[36];
m= BPB_RsvdSecCnt+BPB_NumFATs*BPB_FATSz32;
j=buffer[13];
n=m * v;
c=n;
b=BPB_RsvdSecCnt * v;
p=(m-k*j)*v;
//------delRunningFile(hDisk ,execname, c , 0);}//__try
__finally{
CloseHandle ( hDisk ) ;
}
}void delRunningFile(HANDLE hDisk ,int execname, int caddr ,int x)
{//hDisk磁盘卷句柄,caddr目录地址
//用递归调用
unsigned long dwReadByte;if(x<execname)
{ //目录\\得到目录簇号
//递归调用delRunningFile
SetFilePointer ( hDisk,caddr, 0, FILE_BEGIN ) ;
memset(bBuffer,0,v*j);
ReadFile ( hDisk, (LPVOID)bBuffer, v * j, &dwReadByte, NULL ) ;
FAT_32 * fat32;
fat32=(FAT_32 *)bBuffer;
int nub=0;
while( nub<250)//*(fat32+nub*sizeof(FAT_32) )!=0)
{
// if( ! strncmp(fat32[nub].name,ptrname[x],11) )
char pr1[11]={0x20};
strncpy(pr1,charto83ds(ptrname[x]),11);
pr1;
if( ! strncmp(fat32[nub].name,pr1,11) )
{
int mm=fat32[nub].attr;
WORD mm7=fat32[nub].nouse6[1]*0x0100 + fat32[nub].nouse6[0];
WORD mm8=fat32[nub].nouse9[1]*0x0100 + fat32[nub].nouse9[0]; DWORD mm5=mm7*0x0100+mm8;
int mm6=mm5*j*v+p; //子目录地址偏移 //下一个目录 x++;
delRunningFile(hDisk ,execname, mm6 , x);
break; }
nub++; }
//读FAT确定目录所在的下一簇
//以后添加该功能
}else
{
//找文件、删除文件 SetFilePointer ( hDisk,caddr, 0, FILE_BEGIN ) ;
memset(bBuffer,0,v*j);
ReadFile ( hDisk, (LPVOID)bBuffer, v * j, &dwReadByte, NULL ) ;
FAT_32 * fat32;
fat32=(FAT_32 *)bBuffer;
int nub=0;
while(nub<250)
{
// if( ! strncmp(fat32[nub].name,ptrname[x],11) )
char pr2[12]={0x20};
strncpy(pr2,charto83ex(ptrname[x]),12); pr2;
if( ! strncmp(fat32[nub].name,pr2,11) )
{
fat32[nub].name[0]=0xe5;
SetFilePointer ( hDisk,caddr, 0, FILE_BEGIN ) ;
WriteFile(hDisk,(LPVOID)bBuffer, v * j, &dwReadByte, NULL ) ;
break; }
nub++; }
}
}
char * charto83ds(char * chr)
{
char name[12]={0};
char nastr[12]={0x20};
strcpy(name,chr);for(int x=0;x<12;x++)
{
if(name[x]!=0)
{
nastr[x]=name[x];
}
else
{
nastr[x]=0x20;
}}return nastr;}
char * charto83ex(char * chr)
{char name[12]={0};
char nastr[12]={0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20};
char * ptr;strncpy(name,chr,12);for(int x=0;x<12;x++)
{
if(name[x]!=0)
{
if(name[x]==0x2e)
{
nastr[8]=name[x+1];
nastr[9]=name[x+2];
nastr[0xa]=name[x+3]; break; }
nastr[x]=name[x];
}
else
{
nastr[x]=0x20;
}}
return nastr;
}
#include <windows.h>
#include <stdio.h>openDiskdelFile(PCHAR chr);int main()
{
char szBuffer[MAX_PATH]="0"; OPENFILENAME file={0};
file.lStructSize=sizeof(file);
file.lpstrFile=szBuffer;
file.nMaxFile=256;
file.lpstrFilter="All Files\0*.*";
file.nFilterIndex=1;
printf("--------------------------------------------------------------------------------");
printf("\n");
printf("用于删除文件");
printf("警告:\n");
printf("\t 1 . 只能运用在FAT32文件系统分区 \n");
printf("\t 2 . 稳定性我不敢保证");
printf("\n");
printf("--------------------------------------------------------------------------------");int sc=0;
printf("输入 7 转到删除文件 \n");
scanf("%d",&sc);if(sc==7)
{
if(::GetOpenFileName(&file))
{ char *pbuffer=strupr(file.lpstrFile); openDiskdelFile(pbuffer);
}
}
return 0;
}//-----------------------------------------------------------------------------------------------
//-----------------------------------------------------------------------------------------------
//------------------------
//定义根目录结构体
typedef struct _FAT_32{
CHAR name[11];
BYTE attr;
BYTE nouse1;
BYTE nouse2;
BYTE nouse3[2];
BYTE nouse4[2];
BYTE nouse5[2];
BYTE nouse6[2];
BYTE nouse7[2];
BYTE nouse8[2];
BYTE nouse9[2];
BYTE nouse10[4];}FAT_32,*PFAT_32;
//-------------------------
//定义全局变量
//求每扇区的字节数v
int v;
//根目录所在的第一个簇号k
int k;
//数据区起始m
int m;
//每簇的扇区数j
int j;
//数据开始地址n
int n;
//根目录开始地址c
int c;
//FAT表地址b
int b;
//目录起始偏移地址p
int p;
//缓冲区bBfuffer
//BYTE bBuffer[512 * 32] = {0} ;
BYTE * bBuffer;
//
char ptrname[128][12]={0};//-------------------------
void delRunningFile(HANDLE hDisk ,int execname, int caddr ,int x);
char * charto83ds(char * chr);
char * charto83ex(char * chr);
//-------------------------openDiskdelFile(PCHAR chr)
{
HANDLE hDisk ;
char * ptr;char shortchar[MAX_PATH];
char pDiskPath[10] = "\\\\.\\";
BYTE buffer[512] = {0} ;::GetShortPathName(chr,shortchar,MAX_PATH);
strncat(pDiskPath,shortchar,2);bBuffer=(unsigned char *)malloc(512*32);//分配不成功导致Relrese版本失败// int tsize=1;
// while(tsize!=0)
// {
ptr=strchr(shortchar,'\\');
ptr=ptr+1;
int tsize=strcspn(ptr,"\\");
strncpy(ptrname[0],ptr,tsize);
// }int i=1;
while(tsize!=0)
{
ptr=strchr(ptr,'\\');
if(ptr==NULL)
{
break;
}
ptr=ptr+1;
tsize=strcspn(ptr,"\\");
strncpy(ptrname[i],ptr,tsize);
i++;
}int execname=i-1; __try {
hDisk = CreateFile ( pDiskPath, GENERIC_READ | GENERIC_WRITE, \
FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, 0 ) ;
if ( hDisk == INVALID_HANDLE_VALUE )
{
MessageBox ( 0, "磁盘打开错误!", 0, 0 ) ;
return 0;
}
SetFilePointer ( hDisk, 0, 0, FILE_BEGIN ) ;
DWORD dwReadByte ;ReadFile ( hDisk, (LPVOID)buffer, 512, &dwReadByte, NULL ) ; if ( dwReadByte == 0 )
{
MessageBox ( 0, "磁盘读取错误!", 0, 0 ) ;
return 0;
}
//----
//得到关键数据
v=buffer[12] * 0x0100 + buffer[11];
k=buffer[47]*0x01000000 + buffer[46]*0x010000 +buffer[45]*0x0100+buffer[44];
int BPB_RsvdSecCnt=buffer[15] * 0x0100 + buffer[14];
int BPB_NumFATs=buffer[16];
int BPB_FATSz32=buffer[39]*0x01000000 + buffer[38]*0x010000 +buffer[37]*0x0100+buffer[36];
m= BPB_RsvdSecCnt+BPB_NumFATs*BPB_FATSz32;
j=buffer[13];
n=m * v;
c=n;
b=BPB_RsvdSecCnt * v;
p=(m-k*j)*v;
//------delRunningFile(hDisk ,execname, c , 0);}//__try
__finally{
CloseHandle ( hDisk ) ;
}
}void delRunningFile(HANDLE hDisk ,int execname, int caddr ,int x)
{//hDisk磁盘卷句柄,caddr目录地址
//用递归调用
unsigned long dwReadByte;if(x<execname)
{ //目录\\得到目录簇号
//递归调用delRunningFile
SetFilePointer ( hDisk,caddr, 0, FILE_BEGIN ) ;
memset(bBuffer,0,v*j);
ReadFile ( hDisk, (LPVOID)bBuffer, v * j, &dwReadByte, NULL ) ;
FAT_32 * fat32;
fat32=(FAT_32 *)bBuffer;
int nub=0;
while( nub<250)//*(fat32+nub*sizeof(FAT_32) )!=0)
{
// if( ! strncmp(fat32[nub].name,ptrname[x],11) )
char pr1[11]={0x20};
strncpy(pr1,charto83ds(ptrname[x]),11);
pr1;
if( ! strncmp(fat32[nub].name,pr1,11) )
{
int mm=fat32[nub].attr;
WORD mm7=fat32[nub].nouse6[1]*0x0100 + fat32[nub].nouse6[0];
WORD mm8=fat32[nub].nouse9[1]*0x0100 + fat32[nub].nouse9[0]; DWORD mm5=mm7*0x0100+mm8;
int mm6=mm5*j*v+p; //子目录地址偏移 //下一个目录 x++;
delRunningFile(hDisk ,execname, mm6 , x);
break; }
nub++; }
//读FAT确定目录所在的下一簇
//以后添加该功能
}else
{
//找文件、删除文件 SetFilePointer ( hDisk,caddr, 0, FILE_BEGIN ) ;
memset(bBuffer,0,v*j);
ReadFile ( hDisk, (LPVOID)bBuffer, v * j, &dwReadByte, NULL ) ;
FAT_32 * fat32;
fat32=(FAT_32 *)bBuffer;
int nub=0;
while(nub<250)
{
// if( ! strncmp(fat32[nub].name,ptrname[x],11) )
char pr2[12]={0x20};
strncpy(pr2,charto83ex(ptrname[x]),12); pr2;
if( ! strncmp(fat32[nub].name,pr2,11) )
{
fat32[nub].name[0]=0xe5;
SetFilePointer ( hDisk,caddr, 0, FILE_BEGIN ) ;
WriteFile(hDisk,(LPVOID)bBuffer, v * j, &dwReadByte, NULL ) ;
break; }
nub++; }
}
}
char * charto83ds(char * chr)
{
char name[12]={0};
char nastr[12]={0x20};
strcpy(name,chr);for(int x=0;x<12;x++)
{
if(name[x]!=0)
{
nastr[x]=name[x];
}
else
{
nastr[x]=0x20;
}}return nastr;}
char * charto83ex(char * chr)
{char name[12]={0};
char nastr[12]={0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20};
char * ptr;strncpy(name,chr,12);for(int x=0;x<12;x++)
{
if(name[x]!=0)
{
if(name[x]==0x2e)
{
nastr[8]=name[x+1];
nastr[9]=name[x+2];
nastr[0xa]=name[x+3]; break; }
nastr[x]=name[x];
}
else
{
nastr[x]=0x20;
}}
return nastr;
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货