Will Dormann on Nostr: From over at the Bad Place: ...
From over at the Bad Place:
https://gist.github.com/alfarom256/f1342f14dc6a742de7ea4004a1b6d7ed
IObit Malware Fighter has a driver device called IMFForceDelete123.
When you call the only exposed IOCTL to this device, 0x8016E000, along with a specified path, the Windows kernel will delete the specified file/directory. NTFS ACLs don't matter because we're the kernel.
Who is allowed to interact with this device? EVERYONE.
The more software you have on your system, the less secure it is.
https://gist.github.com/alfarom256/f1342f14dc6a742de7ea4004a1b6d7ed
IObit Malware Fighter has a driver device called IMFForceDelete123.
When you call the only exposed IOCTL to this device, 0x8016E000, along with a specified path, the Windows kernel will delete the specified file/directory. NTFS ACLs don't matter because we're the kernel.
Who is allowed to interact with this device? EVERYONE.
The more software you have on your system, the less secure it is.