I am looking to unlick / kill the image file of an executable. I already used IRP_MJ_SET_INFORMATION / FILE_DISPOSITION_INFORMATION but looking for different solutions.
A forum for reverse engineering, OS internals and malware analysis
