how can i let my program delete itself if the user asks for it?

illwill · March 22, 2005, 04:11:16 PM

here goes my three ways


SelfDel PROTO
.data
szBatFile db  "del.bat",0
Bat       db ":kill",0dh,0ah, \
             "DEL %s",0dh,0ah, \
             "IF EXIST %s GOTO kill",0dh,0ah, \
             " ",0
lineend   db "DEL %0",0

.code
start:
     invoke SelfDel
     invoke WinExec, addr szBatFile, SW_HIDE
     invoke ExitProcess, 0
     
SelfDel Proc
    local hFile:DWORD
    local BytesWrite:DWORD
    local meltbuff[256]:byte
    local batbuff[256]:byte
     invoke GetModuleFileNameA, 0, addr meltbuff, 255
     invoke GetShortPathNameA, addr meltbuff, addr meltbuff, 255 
     invoke wsprintf,addr batbuff,addr Bat,addr meltbuff,addr meltbuff
     invoke lstrcat,addr batbuff,addr lineend
     invoke CreateFile,addr szBatFile, GENERIC_WRITE, FILE_SHARE_READ, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0
             mov hFile, eax
     invoke WriteFile, hFile, addr batbuff, sizeof batbuff, addr BytesWrite, 0
     invoke CloseHandle, hFile
               ret
SelfDel endp
end start

Code Select


;this worked on 9x/2k im not sure about xp
.data
 Melt    db 'Command.com /C Choice.com /C:YN /N /T:Y,5|erase ',0
.data?
meltbuff db 256 dup(?)
.code
start:
     invoke GetModuleFileNameA, 0, addr meltbuff, 255
     invoke GetShortPathNameA, addr meltbuff, addr meltbuff, 255
     invoke lstrcat,addr Melt,Addr meltbuff
     invoke WinExec, addr Melt, SW_HIDE
     invoke  ExitProcess,0
end start

Code Select


.data
  szTraywnd db "shell_traywnd",0
.data?
  TheExe            db 256 dup(?)
  lpModule		  dd ?
  lpProcess		  dd ?
  dwSize		  dd ?
  lpPID			  dd ?
  nBytesWritten	          dd ?

.code
start:
        invoke GetModuleFileNameA, 0, addr TheExe, 255 
        invoke GetShortPathNameA, addr TheExe, addr TheExe, 255 
	invoke GetModuleHandle,0
	mov [lpModule], eax
	mov edi,eax
	add edi,[edi+3Ch]				
	add edi,4
	add edi,14h
	mov eax,[edi+38h]
	mov [dwSize],eax
	invoke FindWindow,offset szTraywnd,0	
	invoke GetWindowThreadProcessId, eax, addr lpPID
	invoke OpenProcess,PROCESS_ALL_ACCESS, FALSE, lpPID
	mov [lpProcess],eax
	invoke xVirtualFreeEx, [lpProcess], [lpModule], 0, MEM_RELEASE
	invoke xVirtualAllocEx, [lpProcess], [lpModule], dwSize, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE 
	invoke WriteProcessMemory, [lpProcess], eax, [lpModule], [dwSize], addr nBytesWritten
	invoke xCreateRemoteThread, [lpProcess], 0, 0, offset injected_thread, [lpModule], 0, ebx
	invoke ExitProcess, 0

injected_thread	proc
	invoke Sleep,2000
	invoke DeleteFile,addr TheExe
	invoke ExitThread,0
	ret
injected_thread endp
end start

pbrennick · March 22, 2005, 06:41:49 PM

The second one runs on XP-HE. Interesting note, the following code:

Code Select


Melt    db 'Command.com /C Choice.com /C:YN /N /T:Y,5|erase ',0

... generates a false positive when scanned by AntiVir.

Paul

ramguru · December 12, 2006, 01:46:47 PM

Quote from: illwill on March 22, 2005, 04:11:16 PM
here goes my three ways
Code Select Expand
SelfDel PROTO .data szBatFile db "del.bat",0 Bat db ":kill",0dh,0ah, \ "DEL %s",0dh,0ah, \ "IF EXIST %s GOTO kill",0dh,0ah, \ " ",0 lineend db "DEL %0",0

Are there any difference between lines above and lines below ?

Code Select


SelfDel PROTO
.data
szBatFile db "del.bat",0
Bat       db "IF EXIST %s GOTO kill1",0dh,0ah, \
             "GOTO kill2",0dh,0ah, \
             ":kill1",0dh,0ah, \
             "DEL %s",0dh,0ah, \
             ":kill2",0dh,0ah, \
             ;.......
             " ",0
lineend   db "DEL %0",0

ramguru · December 12, 2006, 01:59:20 PM

Sorry for taking your time, I got it...that code above creates a loop & code below doesn't

News:

how can i let my program delete itself if the user asks for it?

illwill

pbrennick

ramguru

ramguru