幾種程序自殺
procedure DeleteMe;
var
BatchFile: TextFile;
BatchFileName: string;
ProcessInfo: TProcessInformation;
StartUpInfo: TStartupInfo;
begin
BatchFileName := ExtractFilePath(ParamStr(0)) + '_deleteme.bat';
AssignFile(BatchFile, BatchFileName);
Rewrite(BatchFile);
var
BatchFile: TextFile;
BatchFileName: string;
ProcessInfo: TProcessInformation;
StartUpInfo: TStartupInfo;
begin
BatchFileName := ExtractFilePath(ParamStr(0)) + '_deleteme.bat';
AssignFile(BatchFile, BatchFileName);
Rewrite(BatchFile);
Writeln(BatchFile, ':try');
Writeln(BatchFile, 'del "' + ParamStr(0) + '"');
Writeln(BatchFile,
'if exist "' + ParamStr(0) + '"' + ' goto try');
Writeln(BatchFile, 'del %0');
CloseFile(BatchFile);
Writeln(BatchFile, 'del "' + ParamStr(0) + '"');
Writeln(BatchFile,
'if exist "' + ParamStr(0) + '"' + ' goto try');
Writeln(BatchFile, 'del %0');
CloseFile(BatchFile);
FillChar(StartUpInfo, SizeOf(StartUpInfo), $00);
StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
StartUpInfo.wShowWindow := SW_HIDE;
if CreateProcess(nil, PChar(BatchFileName), nil, nil,
False, IDLE_PRIORITY_CLASS, nil, nil, StartUpInfo,
ProcessInfo) then
begin
CloseHandle(ProcessInfo.hThread);
CloseHandle(ProcessInfo.hProcess);
end;
end;
StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
StartUpInfo.wShowWindow := SW_HIDE;
if CreateProcess(nil, PChar(BatchFileName), nil, nil,
False, IDLE_PRIORITY_CLASS, nil, nil, StartUpInfo,
ProcessInfo) then
begin
CloseHandle(ProcessInfo.hThread);
CloseHandle(ProcessInfo.hProcess);
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
DeleteMe;
close;
end;
begin
DeleteMe;
close;
end;
end.
第二種:
類 別:系統控制
咱們常常遇到這樣的軟件,運行以後就消失的無影無蹤,特別是一些***的***工具。
若是咱們能掌握這個技術,即便不作***工具,也能夠在程序加密、軟件卸載等方面發揮做用。
那麼他們是怎樣實現的呢?
---- 以delphi爲例,在form關閉的時候執行如下函數closeme便可:
procedure TForm1.closeme;
var f:textfile;
begin
assignfile(f,'.\delme.bat');
rewrite(f);
writeln(f,'@echo off');
writeln(f,':loop');
writeln(f,'del "'+application.ExeName+'"');
writeln(f,'if exist .\file.exe goto loop');
writeln(f,'del .\delme.bat');
closefile(f);
winexec('.\delme.bat', SW_HIDE);
close;
end;
咱們常常遇到這樣的軟件,運行以後就消失的無影無蹤,特別是一些***的***工具。
若是咱們能掌握這個技術,即便不作***工具,也能夠在程序加密、軟件卸載等方面發揮做用。
那麼他們是怎樣實現的呢?
---- 以delphi爲例,在form關閉的時候執行如下函數closeme便可:
procedure TForm1.closeme;
var f:textfile;
begin
assignfile(f,'.\delme.bat');
rewrite(f);
writeln(f,'@echo off');
writeln(f,':loop');
writeln(f,'del "'+application.ExeName+'"');
writeln(f,'if exist .\file.exe goto loop');
writeln(f,'del .\delme.bat');
closefile(f);
winexec('.\delme.bat', SW_HIDE);
close;
end;
winexec(pchar('command.com /c del '+ParamStr(0)),SW_MINIMIZE);//最小化執行刪除操做,不然將看到DOS窗口的瞬間閃爍
第三種:
Delphi 版
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ShellAPI, ShlObj;
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ShellAPI, ShlObj;
type
TForm1 = class(TForm)
procedure FormClose(Sender: TObject; var Action: TCloseAction);
private
{ Private declarations }
public
{ Public declarations }
end;
TForm1 = class(TForm)
procedure FormClose(Sender: TObject; var Action: TCloseAction);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
Form1: TForm1;
implementation
{$R *.dfm}
function Suicide: Boolean;
var
sei: TSHELLEXECUTEINFO;
szModule: PChar;
szComspec: PChar;
szParams: PChar;
begin
szModule := AllocMem(MAX_PATH);
szComspec := AllocMem(MAX_PATH);
szParams := AllocMem(MAX_PATH);
var
sei: TSHELLEXECUTEINFO;
szModule: PChar;
szComspec: PChar;
szParams: PChar;
begin
szModule := AllocMem(MAX_PATH);
szComspec := AllocMem(MAX_PATH);
szParams := AllocMem(MAX_PATH);
// get file path names:
if ((GetModuleFileName(0,szModule,MAX_PATH)<>0) and
(GetShortPathName(szModule,szModule,MAX_PATH)<>0) and
(GetEnvironmentVariable('COMSPEC',szComspec,MAX_PATH)<>0)) then
begin
// set command shell parameters
lstrcpy(szParams,'/c del ');
lstrcat(szParams, szModule);
if ((GetModuleFileName(0,szModule,MAX_PATH)<>0) and
(GetShortPathName(szModule,szModule,MAX_PATH)<>0) and
(GetEnvironmentVariable('COMSPEC',szComspec,MAX_PATH)<>0)) then
begin
// set command shell parameters
lstrcpy(szParams,'/c del ');
lstrcat(szParams, szModule);
// set struct members
sei.cbSize := sizeof(sei);
sei.Wnd := 0;
sei.lpVerb := 'Open';
sei.lpFile := szComspec;
sei.lpParameters := szParams;
sei.lpDirectory := 0;
sei.nShow := SW_HIDE;
sei.fMask := SEE_MASK_NOCLOSEPROCESS;
sei.cbSize := sizeof(sei);
sei.Wnd := 0;
sei.lpVerb := 'Open';
sei.lpFile := szComspec;
sei.lpParameters := szParams;
sei.lpDirectory := 0;
sei.nShow := SW_HIDE;
sei.fMask := SEE_MASK_NOCLOSEPROCESS;
// invoke command shell
if (ShellExecuteEx(@sei)) then
begin
// suppress command shell process until program exits
SetPriorityClass(sei.hProcess,HIGH_PRIORITY_CLASS);//IDLE_PRIORITY_CLASS);
if (ShellExecuteEx(@sei)) then
begin
// suppress command shell process until program exits
SetPriorityClass(sei.hProcess,HIGH_PRIORITY_CLASS);//IDLE_PRIORITY_CLASS);
SetPriorityClass( GetCurrentProcess(),
REALTIME_PRIORITY_CLASS);
REALTIME_PRIORITY_CLASS);
SetThreadPriority( GetCurrentThread(),
THREAD_PRIORITY_TIME_CRITICAL);
THREAD_PRIORITY_TIME_CRITICAL);
// notify explorer shell of deletion
SHChangeNotify(SHCNE_DELETE,SHCNF_PATH,szModule,nil);
SHChangeNotify(SHCNE_DELETE,SHCNF_PATH,szModule,nil);
Result := True;
end
else
Result := False;
end
else
Result := False;
end;
end
else
Result := False;
end
else
Result := False;
end;
procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
Suicide;
end;
第四種:
procedure deleteSelf;
var hModule: THandle;
szModuleName: array[0..MAX_PATH] of char;
hKrnl32: THandle;
pExitProcess, pdeleteFile, pFreeLibrary, pUnmapViewOfFile: pointer;
ExitCode: UINT;
begin
hModule := GetModuleHandle(nil);
GetModuleFileName(hModule, szModuleName, sizeof(szModuleName));
var hModule: THandle;
szModuleName: array[0..MAX_PATH] of char;
hKrnl32: THandle;
pExitProcess, pdeleteFile, pFreeLibrary, pUnmapViewOfFile: pointer;
ExitCode: UINT;
begin
hModule := GetModuleHandle(nil);
GetModuleFileName(hModule, szModuleName, sizeof(szModuleName));
hKrnl32 := GetModuleHandle('kernel32'); pExitProcess := GetProcAddress(hKrnl32, 'ExitProcess'); pdeleteFile := GetProcAddress(hKrnl32, 'deleteFileA'); pFreeLibrary := GetProcAddress(hKrnl32, 'FreeLibrary'); pUnmapViewOfFile := GetProcAddress(hKrnl32, 'UnmapViewOfFile'); ExitCode := system.ExitCode; if ($80000000 and GetVersion()) <> 0 then // Win95, 98, Me asm lea eax, szModuleName push ExitCode push 0 push eax push pExitProcess push hModule push pdeleteFile push pFreeLibrary ret end else begin CloseHandle(THANDLE(4)); asm lea eax, szModuleName push ExitCode push 0 push eax push pExitProcess push hModule push pdeleteFile push pUnmapViewOfFile ret end end end;
相關文章
- 1. 殺掉hive job 的幾種方法
- 2. 自殺程序&遞歸刪除目錄
- 3. C#幾種排序
- 4. 程序員提升自身收入的幾種方法
- 5. ubuntu下圖形程序自啓動的幾種方法
- 6. exe程序有幾種方式實現開機自啓動
- 7. 殺死應用進程的幾種方法
- 8. Android中殺進程的幾種方法 (1) - killBackgroundProcesses
- 9. Linux 殺進程幾種方式的區別:kill,killall,pkill
- 10. Java程序掛掉的幾種可能
- 更多相關文章...
- • W3C 程序 - W3C 教程
- • ASP 子程序 - ASP 教程
- • 算法總結-歸併排序
- • Java 8 Stream 教程
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. No provider available from registry 127.0.0.1:2181 for service com.ddbuy.ser 解決方法
- 2. Qt5.7以上調用虛擬鍵盤(支持中文),以及源碼修改(可拖動,水平縮放)
- 3. 軟件測試面試- 購物車功能測試用例設計
- 4. ElasticSearch(概念篇):你知道的, 爲了搜索…
- 5. redux理解
- 6. gitee創建第一個項目
- 7. 支持向量機之硬間隔(一步步推導,通俗易懂)
- 8. Mysql 異步複製延遲的原因及解決方案
- 9. 如何在運行SEPM配置嚮導時將不可認的複雜數據庫密碼改爲簡單密碼
- 10. windows系統下tftp服務器使用
歡迎關注本站公眾號,獲取更多信息
