Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

The address of a DWORD which will contain the size of the file upon
successful completion of
bmfsFileSize.
Return Value
Upon successful completion of bmfsFileSize, dwFileSize will contain the size
of the specified file
and NTSTATUS will be STATUS_SUCCESS.
Remarks
If a file handle has not been created before this method is called, undefined
behavior may occur.
bmfsDeleteFile
Attempts to delete the specified file.
NTSTATUS bmfsDeleteFile( [in] BadMFS_HANDLE fileHandle );
Parameters
fileHandle [in]
Valid handle to a file created by bmfsCreateFile().
Return Value
Upon successful completion STATUS_SUCCESS will be returned.
Remarks
Will attempt to delete the specified file. In the case where the proper access
has not been assigned to the file handle (BadMFS_Write) bmfsDeleteFile will
return STATUS_ACCESS_DENIED.
When a file is deleted it is not wiped! The data could still be there. If a wipe
is desired, garbage collection should be run immediately following a delete by
calling bmfsDefrag(). This means it is potentially possible to recover deleted
data if it has not been overwritten already, however data recovery is not
currently supported.
bmfsDefrag
Attempts to recover now unused space and move all files into contiguous blocks of
memory.
DWORD bmfsDefrag( void );

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh