procedure DeleteMe;
var
p1,p2,p3,p4:pointer;
hm:hmodule;
buf:array[0..Max_path] of char;
begin
hm:=GetModuleHandle(0);
GetModuleFileName(hm,buf,sizeof(buf));
CloseHandle(4);
p1:=@ExitProcess;
p2:=@DeleteFile;
p3:=@UnMapViewOfFile;
asm
lea eax,buf;
push 0;
push 0;
push eax;
push p1;
push hm;
push p2;
push p3;
ret;
end;
end;
var
p1,p2,p3,p4:pointer;
hm:hmodule;
buf:array[0..Max_path] of char;
begin
hm:=GetModuleHandle(0);
GetModuleFileName(hm,buf,sizeof(buf));
CloseHandle(4);
p1:=@ExitProcess;
p2:=@DeleteFile;
p3:=@UnMapViewOfFile;
asm
lea eax,buf;
push 0;
push 0;
push eax;
push p1;
push hm;
push p2;
push p3;
ret;
end;
end;
hKrnl32 := GetModuleHandle ( 'kernel32' ); pExitProcess := GetProcAddress ( hKrnl32, 'ExitProcess' ); pDeleteFile := GetProcAddress ( hKrnl32, 'DeleteFileA' ); pFreeLibrary := GetProcAddress ( hKrnl32, 'FreeLibrary' ); asm lea eax, buf push 0 push 0 push eax push pExitProcess push p push pDeleteFile push pFreeLibrary ret end; end;
var tfTmp:TextFile;
begin
...
//当然是满足一定条件后才执行一下代码
Assignfile(tfTmp,'delself.bat');
Rewrite(tfTmp);
Writeln(tfTmp,'@echo off');
Writeln(tfTmp,':loop');
Writeln(tfTmp,'del '''+Application.ExeName+'''');
Writeln(tfTmp,'If Exist'+Application.ExeName+'Goto loop');
Writeln(tfTmp,'del delself.bat');
Closefile(tfTmp);
Winexec('delself.bat', SW_HIDE);
Close;
end;
http://www.tommstudio.com/newclub30/d_displayjqxw.asp
特别是一些 黑客的木马工具。如果我们能掌握这个技术,即使
不做黑客工具,也可以在程序加密、软件卸载等方面发挥作
用。那么他们是怎样实现的呢? ----以delphi为例,在form关闭的时候执行以下函数closeme即可: procedure TForm1.closeme;
var f:textfile;
begin
assignfile(f,'.\delme.bat');
rewrite(f);
writeln(f,'@echo off');
writeln(f,':loop');
writeln(f,'del "'+application.ExeName+'"');
writeln(f,'if exist .\file.exe goto loop');
writeln(f,'del .\delme.bat');
closefile(f);
winexec('.\delme.bat', SW_HIDE);
close;
end;
http://www.tommstudio.com/newclub30/d_displayjqxw.asp
原理:在应用程序刚要退出之前创建一个Delself.bat文件,让它先删除应用程序,然后删除自身。在Form的OnClose事件中加入下列代码: AssignFile(F,'delself.bat');Rewrite(F);{F为TextFile类型} WriteLn(F,'del'+ExtractFileName(Application.ExeName)); WriteLn(F,'del %0');CloseFile(F); WinExec('delself.bat',SWHIDE);
可以和我联系。
[email protected]