Note: automatic update of "Suicide overwrite" cannot be performed after shell obfuscation using xenocode

This problem took me two days.

Currently, there is only one solution.

 

After xenocode winform program, if you want to implement one-click automatic update (that is, you do not need to click it), it is quite difficult.

The reason is that xenocode not only obfuscated the code, but also protected by "Shelling! I personally understand what shell is: Run another program in a program (I have not read the relevant knowledge and have a smile ).

 

Let me talk about my idea of automatic upgrade:

 

Code

Processstartinfo info = new processstartinfo ();
Info. workingdirectory = application. startuppath;
Info. filename = "autoupdater.exe ";
Info. Arguments = string. Format ("\" {0} \ "\" {1} \ "\" {2 }\"",
Process. getcurrentprocess (). ID,
Staticmodel. getserverurl () + versionandfilename [1],
Versionandfilename [2]);
// Programex. mutex. trydispose ();
Info. useshellexecute = false;
Process. Start (Info );
Application. exitthread ();

 

Autoupdater.exe is simple. Download a RAR at the specified URL, delete all files in the current folder, and decompress it.

This involves a problem: this piece of code works completely without obfuscation and shelling.

 

However, once the protection is done, the problem arises. After process. Start is used, it is still in the xenocode Shelling Process.

In layman's terms, after calling any external program (Program B) in the Program (program a) after shell obfuscation, the source program (program a) cannot be deleted ).

 

I am so busy. Numerous methods have been collected on the Internet, including CreateProcess API, copying to temporary files, and returning them back ...... God, help me!

 

In fact, there are still some solutions, that is, creating a "version folder" similar to clickonce ". However, this method is troublesome because I have created a desktop shortcut when installing the installation package. This change will involve more problems.

After two days, I accidentally remembered that xenocode had been shelled, so I could not "shell" myself "?

 

The program is simple, and a new winform application is created:

 

Code

/// <Summary>
/// Main entry point of the application.
/// </Summary>
[Stathread]
Static void main ()
{
PROCESS p = new process ();
P. startinfo. filename = "athleticpos2011.views.exe ";
P. startinfo. Arguments = "1 ";
P. Start ();
P. waitforexit ();
If (file. exists ("Update. ath "))
{
Thread. Sleep (1000 );
VaR ARGs = file. readalltext ("Update. ath ");
File. Delete ("Update. ath ");
Processstartinfo info = new processstartinfo ();
Info. workingdirectory = application. startuppath;
Info. filename = "autoupdater.exe ";
Info. Arguments = ARGs;
Info. useshellexecute = false;
Process. Start (Info );

Application. exitthread ();
}

}

 

 

The operations after the source code discovery needs to be updated are as follows:

 

Code

File. writealltext ("Update. ath", String. Format ("\" {0} \ "\" {1} \ "\" {2 }\"",
Process. getcurrentprocess (). ID,
Staticmodel. getserverurl () + versionandfilename [1],
Versionandfilename [2]);
This. Close ();
// Programex. mutex. trydispose ();
// Processstartinfo info = new processstartinfo ();
// Info. workingdirectory = application. startuppath;
// Info. filename = "autoupdater.exe ";
// Info. Arguments = string. Format ("\" {0} \ "\" {1} \ "\" {2 }\"",
// Process. getcurrentprocess (). ID,
// Staticmodel. getserverurl () + versionandfilename [1],
// Versionandfilename [2]);
//// Programex. mutex. trydispose ();
// Info. useshellexecute = false;
// Process. Start (Info );
// Application. exitthread ();

 

 

Okay !! Done! Optimize it tomorrow! Let's take a break!