A clever way to remove a program by itself

Recently saw netizens asked how to implement the program after the operation of their own Delete method, I do not know what the interest of Trojans is too strong, or want to effect: the user as long as a running program, executable file is not, but the program is still running, timid afraid to shout "Ghost!", "wife, come out and see God."

。 In fact, the most typical use is to write an anti-Setup program. There was nothing to do, and the bear broke into a clever "remove yourself" method.

As we all know, when a general program is running, the executable itself is protected by the operating system and cannot be accessed in a rewritten way, let alone when it is still running. See a Undocument method on Lu0 's home page to remove yourself by changing the file access mode at the bottom of the system, which is really kung fu. I looked very admire. But is there a function that can be found on MSDN? Yes! Jeffrey Richter gave us an example:

DeleteMe.CPP


Module name:DeleteMe.cpp


written By:jeffrey Richter


description:allows A executable file to delete itself


**************************************************/


#include <Windows.h>


#include <stdlib.h>


#include <tchar.h>


/////////////////////////////////////////////////


int WINAPI WinMain (hinstance H, hinstance B, LPSTR psz, int n) {


//Is this the Original exe or the clone EXE?


If the command-line 1 argument, this is the Original EXE


//If The command-line >1 argument, this is the clone EXE


if (__ARGC = = 1) {


//Original exe:spawn clone exe to delete this EXE


//Copy This executable image into the user ' s temp directory


TCHAR Szpathorig[_max_path], Szpathclone[_max_path];


GetModuleFileName (NULL, Szpathorig, _max_path);


GetTempPath (_max_path, Szpathclone);


GetTempFileName (Szpathclone, __text ("Del"), 0, Szpathclone);


CopyFile (Szpathorig, Szpathclone, FALSE);


//*** attention to the * * *:


//Open the clone EXE using File_flag_delete_on_close


HANDLE hfile = CreateFile (szpathclone, 0, File_share_read, NULL, Open_existi


NG, File_flag_delete_on_close, NULL);


//Spawn The clone EXE passing it our EXE ' s process handle


and the full path name to the Original EXE file.


TCHAR szcmdline[512];


HANDLE Hprocessorig = OpenProcess (SYNCHRONIZE, TRUE, GetCurrentProcessId ());


wsprintf (szCmdLine, __text ("%s%d \"%s\ "), Szpathclone, Hprocessorig, Szpat


Horig);


startupinfo si;


ZeroMemory (&si, sizeof (SI));


si.cb = sizeof (SI);


process_information Pi;


CreateProcess (NULL, szcmdline, NULL, NULL, TRUE, 0, NULL, NULL, &SI, &PI);


CloseHandle (Hprocessorig);


CloseHandle (hfile);


//This original process can now terminate.


} else {


//Clone Exe:when original EXE terminates, delete it


HANDLE Hprocessorig = (HANDLE) _ttoi (__targv[1));


WaitForSingleObject (Hprocessorig, INFINITE);


CloseHandle (Hprocessorig);


DeleteFile (__targv[2]);


//Insert code here to remove the subdirectory too (if desired).


//The system would delete the clone EXE automatically


//Because it is opened with File_flag_delete_on_close


}


return (0);


}