windows下自己删除自己
文章转自王牌软件
站长推荐:NSetup一键部署软件
一键式完成美化安装包制作,自动增量升级,数据统计,数字签名。应对各种复杂场景,脚本模块化拆分,常规复杂的脚本代码,图形化设置。无需专业的研发经验,轻松完成项目部署。(www.nsetup.cn)
只回答业务咨询
站长推荐:NSetup一键部署软件
一键式完成美化安装包制作,自动增量升级,数据统计,数字签名。应对各种复杂场景,脚本模块化拆分,常规复杂的脚本代码,图形化设置。无需专业的研发经验,轻松完成项目部署。(www.nsetup.cn)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
#include <windows.h> #include <tlhelp32.h> #include <iostream> __declspec(naked) DWORD WINAPI Start_(LPVOID lpThreadParameter) { __asm { call $+5 sub [esp],5 ; // _code_start_ mov ebp,[esp+8] ; // hHandle push [ebp-4] push INFINITE push [ebp-4] call [ebp-8] ; // WaitForSingleObject call [ebp-12] ; // CloseHandle push ebp ; // lpFileName call [ebp-16] ; // DeleteFileA pop eax push EXIT_SUCCESS sub esp,4 ; // nothing push MEM_RELEASE push 0 push eax ; // _code_start_ push [ebp-20] ; // ExitThread mov eax,[ebp-24] jmp eax ; // VirtualFree } } BYTE code[] ={ 232,0,0,0,0,128,44,36,5,139,108,36,8,255,117, 252,106,255,255,117,252,255,85,248,255,85,244, 85,255,85,240,88,106,0,131,236,4,104,0, 128,0,0,106,0,80,255,117,236,139,69,232,255,224 }; #include <iostream> void DeleteMe() { HANDLE hToken; TOKEN_PRIVILEGES tp; ZeroMemory(&tp,sizeof tp); HANDLE hProcess = GetCurrentProcess(); OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken); LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid); tp.PrivilegeCount = 1; tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),NULL,NULL); CloseHandle(hToken); /////////////////////////////////////////////////////////////////////// CHAR szFileName[MAX_PATH] = {'\0'}; GetModuleFileNameA(NULL, szFileName, MAX_PATH); DWORD dwProcessID = 0; PROCESSENTRY32W pe32 = { sizeof( PROCESSENTRY32W ) }; HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); Process32FirstW(hSnapshot, &pe32); do { if (0 == lstrcmpiW(pe32.szExeFile, L"winlogon.exe")) { dwProcessID = pe32.th32ProcessID; break; } } while (Process32NextW(hSnapshot, &pe32)); CloseHandle(hSnapshot); ////////////////////////////////////////////////////////////////////// HANDLE hTargetProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,dwProcessID); HANDLE h= NULL; DuplicateHandle(hProcess,hProcess,hTargetProcess,&h,0,FALSE,DUPLICATE_SAME_ACCESS); const SIZE_T dwSize = 4096; const DWORD codeLen = dwSize - MAX_PATH - sizeof(HANDLE); PBYTE lpRemoteBuf = (PBYTE)VirtualAllocEx(hTargetProcess, NULL, dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); PBYTE pLocalBuf =(PBYTE)VirtualAlloc(NULL, dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); HMODULE x =GetModuleHandleA("kernel32") ; memcpy(pLocalBuf,code,codeLen); *(PHANDLE(pLocalBuf+codeLen)) = h; *((FARPROC*)(pLocalBuf+codeLen- 4)) =GetProcAddress(x,"WaitForSingleObject"); *((FARPROC*)(pLocalBuf+codeLen- 8)) =GetProcAddress(x,"CloseHandle"); *((FARPROC*)(pLocalBuf+codeLen-12)) =GetProcAddress(x,"DeleteFileA"); *((FARPROC*)(pLocalBuf+codeLen-16)) =GetProcAddress(x,"ExitThread"); *((FARPROC*)(pLocalBuf+codeLen-20)) =GetProcAddress(x,"VirtualFree"); memcpy(pLocalBuf+codeLen+4,szFileName,MAX_PATH); WriteProcessMemory(hTargetProcess, lpRemoteBuf, pLocalBuf,dwSize,0); VirtualFree(pLocalBuf, 0, MEM_RELEASE); HANDLE hThread = CreateRemoteThread(hTargetProcess, NULL, 0, (LPTHREAD_START_ROUTINE)lpRemoteBuf, (LPVOID)(lpRemoteBuf + codeLen + sizeof(HANDLE) ),0,0); CloseHandle(hThread); CloseHandle(hTargetProcess); } int main() { DeleteMe(); } |
学习日记,兼职软件设计,软件修改,毕业设计。
本文出自 学习日记,转载时请注明出处及相应链接。
本文永久链接: https://www.softwareace.cn/?p=450
