As there was no 64-bit version of Buster's Anti Delete DLL available, I've created a similar plugin called NoDelete, which is available for both 32 and 64-bit platforms. I've hooked API functions, which have the delete functionality that I know of:
- DeleteFile
- CreateFile
- NtDeleteFile
- NtSetInformationFile
- SHFileOperation
Usage is the same as for other plugins (see readme.txt). Full source of the plugin is included (released under MIT license).
Download from here: https://app.box.com/NoDelete-104-zip
NoDelete for 32 and 64-bit platforms
It prevents programs running under Sandboxie to delete files - useful for example during installation of a program or when some malware creates temporary files, do something with them and then deletes them to hide it's activity. With this plugin the programs think they were successful when deleting files although in reality the files are left in the sandbox.
Of course this could cause a different response from the program if it checks if the file is really deleted, but that's a trade-off.
Of course this could cause a different response from the program if it checks if the file is really deleted, but that's a trade-off.
Who is online
Users browsing this forum: No registered users and 1 guest