|
|
提醒:若下载的软件是收费的"请不要付款",可能是骗子,请立即联系本站举报,执意要付款被骗后本站概不负责。(任何交易请走第三方中介,请勿直接付款交易以免被骗!切记).
windows下删除自身程序源码
- #include <windows.h>
- #include <tlhelp32.h>
- #include <iostream>
-
- __declspec(naked) DWORD WINAPI Start_(LPVOID lpThreadParameter)
- {
- __asm
- {
- call $+5
- sub [esp],5 ; // _code_start_
- mov ebp,[esp+8] ; // hHandle
- push [ebp-4]
- push INFINITE
- push [ebp-4]
-
- call [ebp-8] ; // WaitForSingleObject
- call [ebp-12] ; // CloseHandle
-
- push ebp ; // lpFileName
- call [ebp-16] ; // DeleteFileA
-
- pop eax
- push EXIT_SUCCESS
- sub esp,4 ; // nothing
-
- push MEM_RELEASE
- push 0
- push eax ; // _code_start_
-
- push [ebp-20] ; // ExitThread
- mov eax,[ebp-24]
- jmp eax ; // VirtualFree
- }
- }
-
- BYTE code[] ={
- 232,0,0,0,0,128,44,36,5,139,108,36,8,255,117,
- 252,106,255,255,117,252,255,85,248,255,85,244,
- 85,255,85,240,88,106,0,131,236,4,104,0,
- 128,0,0,106,0,80,255,117,236,139,69,232,255,224
- };
- #include <iostream>
- void DeleteMe()
- {
- HANDLE hToken;
- TOKEN_PRIVILEGES tp;
- ZeroMemory(&tp,sizeof tp);
- HANDLE hProcess = GetCurrentProcess();
-
- OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,&hToken);
- LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
-
- tp.PrivilegeCount = 1;
- tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
-
- AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES),NULL,NULL);
- CloseHandle(hToken);
-
- ///////////////////////////////////////////////////////////////////////
-
- CHAR szFileName[MAX_PATH] = {'\0'};
- GetModuleFileNameA(NULL, szFileName, MAX_PATH);
-
- DWORD dwProcessID = 0;
- PROCESSENTRY32W pe32 = { sizeof( PROCESSENTRY32W ) };
- HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- Process32FirstW(hSnapshot, &pe32);
- do
- {
- if (0 == lstrcmpiW(pe32.szExeFile, L"winlogon.exe"))
- {
- dwProcessID = pe32.th32ProcessID;
- break;
- }
- } while (Process32NextW(hSnapshot, &pe32));
-
- CloseHandle(hSnapshot);
-
- //////////////////////////////////////////////////////////////////////
-
- HANDLE hTargetProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE,dwProcessID);
- HANDLE h= NULL;
- DuplicateHandle(hProcess,hProcess,hTargetProcess,&h,0,FALSE,DUPLICATE_SAME_ACCESS);
- const SIZE_T dwSize = 4096;
- const DWORD codeLen = dwSize - MAX_PATH - sizeof(HANDLE);
-
-
- PBYTE lpRemoteBuf = (PBYTE)VirtualAllocEx(hTargetProcess, NULL, dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
- PBYTE pLocalBuf =(PBYTE)VirtualAlloc(NULL, dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
-
- HMODULE x =GetModuleHandleA("kernel32") ;
- memcpy(pLocalBuf,code,codeLen);
- *(PHANDLE(pLocalBuf+codeLen)) = h;
- *((FARPROC*)(pLocalBuf+codeLen- 4)) =GetProcAddress(x,"WaitForSingleObject");
- *((FARPROC*)(pLocalBuf+codeLen- 8)) =GetProcAddress(x,"CloseHandle");
- *((FARPROC*)(pLocalBuf+codeLen-12)) =GetProcAddress(x,"DeleteFileA");
- *((FARPROC*)(pLocalBuf+codeLen-16)) =GetProcAddress(x,"ExitThread");
- *((FARPROC*)(pLocalBuf+codeLen-20)) =GetProcAddress(x,"VirtualFree");
- memcpy(pLocalBuf+codeLen+4,szFileName,MAX_PATH);
- WriteProcessMemory(hTargetProcess, lpRemoteBuf, pLocalBuf,dwSize,0);
- VirtualFree(pLocalBuf, 0, MEM_RELEASE);
-
- HANDLE hThread = CreateRemoteThread(hTargetProcess, NULL, 0,
- (LPTHREAD_START_ROUTINE)lpRemoteBuf,
- (LPVOID)(lpRemoteBuf + codeLen + sizeof(HANDLE) ),0,0);
-
- CloseHandle(hThread);
- CloseHandle(hTargetProcess);
-
- }
-
-
- int main()
- {
- DeleteMe();
- }
联系我时,请说是在 挂海论坛 上看到的,谢谢! |
上一篇: VB 网址链接中的编码函数 GBK及UTF-8 编码解码下一篇: 关于VB P-code的调试方法
免责声明:
1、本主题所有言论和图片纯属会员个人意见,与本论坛立场无关。一切关于该内容及资源商业行为与www.52ghai.com无关。
2、本站提供的一切资源内容信息仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。
3、本站信息来自第三方用户,非本站自制,版权归原作者享有,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑或手机中彻底删除上述内容。
4、如果您喜欢该程序,请支持正版,购买注册,得到更好的正版服务。如有侵犯你版权的,请邮件与我们联系删除(邮箱:xhzlw@foxmail.com),本站将立即改正。
|
好评
贡献
海币
交易币
发表于 2017-6-3 10:55:15
收藏
转播
淘帖
支持
反对
提升卡
置顶卡
变色卡
千斤顶
照妖镜