删除 exe 本身(自删除)

最新推荐文章于 2022-08-24 09:25:50 发布

转载最新推荐文章于 2022-08-24 09:25:50 发布 · 902 阅读

文章标签：

#exe #null #path #struct

C++ 专栏收录该内容

17 篇文章

订阅专栏

本文介绍了一种使用C++实现程序自我删除的方法。通过创建一个辅助进程并利用Windows API函数，该程序能够删除自身文件。涉及的技术包括进程操作、内存分配及Windows API的使用。

// KillMySelf.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include <windows.h> BOOL DeleteMyself(WCHAR *pHelper) { int ret; WCHAR helper[MAX_PATH]; ZeroMemory(helper, sizeof(helper)); if (pHelper) wcsncpy(helper, pHelper, MAX_PATH-2); else wcscpy(helper, L"calc.exe"); STARTUPINFOW si = {sizeof(STARTUPINFOW),0}; PROCESS_INFORMATION pi; HANDLE hSYNC = OpenProcess(SYNCHRONIZE, TRUE, GetCurrentProcessId()); if (CreateProcessW(NULL, helper, 0, 0, TRUE, CREATE_SUSPENDED, 0, 0, &si, &pi)) { CONTEXT ctx = {CONTEXT_FULL,0}; ret = GetThreadContext(pi.hThread, &ctx); WCHAR MyselfPath[MAX_PATH]; int nPathLen = GetModuleFileNameW(NULL, MyselfPath, MAX_PATH); struct StackContext { DWORD DeleteFileW; DWORD WaitForSingleObject_argv1; DWORD WaitForSingleObject_argv2; DWORD ExitProcess; DWORD DeleteFileW_argv1; DWORD shit; DWORD ExitProcess_argv1; }stackctx; HMODULE hKernel32 = GetModuleHandleW(L"Kernel32.dll"); ctx.Eip = (DWORD)GetProcAddress(hKernel32, "WaitForSingleObject"); ctx.Esp = (DWORD)VirtualAllocEx(pi.hProcess, 0, 512*1024, MEM_COMMIT, PAGE_EXECUTE_READWRITE); ctx.Esp += 256*1024; stackctx.DeleteFileW = (DWORD)GetProcAddress(hKernel32, "DeleteFileW"); stackctx.WaitForSingleObject_argv1 = (DWORD)hSYNC; stackctx.WaitForSingleObject_argv2 = (DWORD)-1; stackctx.ExitProcess = (DWORD)GetProcAddress(hKernel32, "ExitProcess"); stackctx.DeleteFileW_argv1 = (DWORD)VirtualAllocEx(pi.hProcess, 0, (nPathLen+1)*sizeof(WCHAR), MEM_COMMIT, PAGE_EXECUTE_READWRITE); ret = WriteProcessMemory(pi.hProcess, (LPVOID)stackctx.DeleteFileW_argv1, MyselfPath, (nPathLen+1)*sizeof(WCHAR), NULL); if (!ret) return FALSE; stackctx.shit = 0; stackctx.ExitProcess_argv1 = 0; ret = WriteProcessMemory(pi.hProcess, (LPVOID)(ctx.Esp), &stackctx, sizeof(stackctx), NULL); if (!ret) return FALSE; ret = SetThreadContext(pi.hThread, &ctx); if (!ret) return FALSE; ResumeThread(pi.hThread); CloseHandle(pi.hThread); CloseHandle(pi.hProcess); return TRUE; }else { return FALSE; } } int main(int argc, char* argv[]) { printf("Hello World!/n"); DeleteMyself(0); return 0; }