Home > Others

Reverse installer prototype

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
  1. # Include <Windows. h>
  2. # Include <stdlib. h>
  3. # Include <tchar. h>
  4. # Include <iostream. h>
  6. BOOL DeleteFolder (LPCTSTR lpszPath)
  7. {
  8. SHFILEOPSTRUCT FileOp;
  9. ZeroMemory (void *) & FileOp, sizeof (SHFILEOPSTRUCT ));
  11. FileOp. fFlags = FOF_NOCONFIRMATION;
  12. FileOp. hNameMappings = NULL;
  13. FileOp. hwnd = NULL;
  14. FileOp. lpszProgressTitle = NULL;
  15. FileOp. pFrom = lpszPath;
  16. Fileop. PTO = NULL;
  17. Fileop. wfunc = fo_delete;
  19. Return shfileoperation (& fileop) = 0;
  20. }
  22. Int main ()
  23. {
  25. If (_ argc = 1)
  26. {
  27. // Original EXE: spawn clone EXE to delete this exe
  28. // Copy this EXEcutable image into the user's temp directory
  29. Char del;
  30. Cout <"delete self or not? (Y/n)/n ";
  31. Cin> del;
  32. If (del = 'n ')
  33. Return 0;
  34. TCHAR szPathOrig [_ MAX_PATH], szPathClone [_ MAX_PATH];
  35. Getmodulefilename (null, szpathorig, _ max_path );
  36. Gettemppath (_ max_path, szpathclone );
  37. Gettempfilename (szpathclone, _ text ("Del"), 0, szpathclone );
  38. Copyfile (szpathorig, szpathclone, false );
  39. // *** Note ***:
  40. // Open the clone EXE using file_flag_delete_on_close
  41. Handle hfile = createfile (szpathclone, 0, file_assist_read, null, open_existing, file_flag_delete_on_close, null );
  42. // Spawn the clone EXE passing it our EXE's Process Handle
  43. // And the full path name to the original EXE file.
  44. Tchar szcmdline [512];
  45. Handle hprocessorig = OpenProcess (synchronize, true, getcurrentprocessid ());
  46. Wsprintf (szcmdline, _ text ("% S % d/" % S/""), szpathclone, hprocessorig, szpathorig );
  47. Startupinfo Si;
  48. Zeromemory (& Si, sizeof (SI ));
  49. Si. cb = sizeof (SI );
  50. Process_information PI;
  51. CreateProcess (null, szcmdline, null, null, true, 0, null, null, & Si, & PI );
  52. Closehandle (hprocessorig );
  53. Closehandle (hfile );
  54. // This original process can now terminate.
  55. }
  56. Else
  57. {
  58. // Clone EXE: When original EXE terminates, delete it
  59. Handle hprocessorig = (handle) _ ttoi (_ targv [1]);
  60. WaitForSingleObject (hProcessOrig, INFINITE );
  61. CloseHandle (hProcessOrig );
  62. Char str [256];
  63. Memset (str, 0,256 );
  64. Strcpy (str ,__ targv [2]);
  65. Int len = strlen (str );
  66. While (true)
  67. {
  68. If (str [len] = '//')
  69. {
  70. Str [len] = '/0 ';
  71. Break;
  72. }
  73. Str [len] = '/0 ';
  74. Len --;
  75. }
  76. DeleteFolder (str );
  77. // DeleteFile (_ targv [2]);
  78. // Delete the clone one
  79. SHELLEXECUTEINFO sei;
  80. TCHAR szModule [MAX_PATH], szComspec [MAX_PATH], szParams [MAX_PATH];
  81. // Obtain the file path name
  82. If (GetModuleFileName (0, szModule, MAX_PATH )! = 0 )&&
  83. (Getdomainpathname (szModule, szModule, MAX_PATH )! = 0 )&&
  84. (GetEnvironmentVariable ("COMSPEC", szComspec, MAX_PATH )! = 0 ))
  85. {// Set command line parameters.
  86. Lstrcpy (szParams, "/c del"); FindWindow (NULL, NULL );
  87. Lstrcat (szParams, szModule );
  88. Lstrcat (szParams, "> nul ");
  90. // Initialize the SHELLEXECUTEINFO structure member
  91. Sei. cbSize = sizeof (sei); // set the type size.
  92. // Process handle in the Command window, which is set when the ShellExecuteEx function is executed.
  93. Sei. hwnd = 0;
  94. Sei. lpVerb = "Open"; // The execution action is "Open execution ".
  95. Sei. lpFile = szComspec; // full path name of the execution program file.
  96. Sei. lpParameters = szParams; // execution parameters.
  97. Sei. lpDirectory = 0;
  98. // Display mode. Hide the mode to prevent the command window from appearing.
  99. Sei. nShow = SW_HIDE;
  100. // Set SellExecuteEx to exit after the function is complete.
  101. Sei. fmask = see_mask_nocloseprocess;
  102. // Create an execution command window process.
  103. If (shellexecuteex (& SEI ))
  104. {// Set the execution level of the command line process to idle, which gives the program enough time to exit from the memory.
  105. Setpriorityclass (SEI. hprocess, idle_priority_class );
  106. // Set the execution level of the program process to real-time execution. This program immediately obtains the CPU execution right and quickly exits.
  107. Setpriorityclass (getcurrentprocess (), realtime_priority_class );
  108. Setthreadpriority (getcurrentthread (), thread_priority_time_critical );
  109. }
  110. }
  111. }
  112. // Insert code here to remove the subdirectory too (if desired ).
  113. // The system will delete the clone EXE automatically
  114. // Because it was opened with FILE_FLAG_DELETE_ON_CLOSE
  115. Return (0 );
  116. }

The anti-installation prototype was rewritten by referring to two articles on the Internet. Thank you for sharing your experience.

There are at least two difficulties for the anti-Installer: one is to delete yourself, and the other is to delete the folder where you are located.

On the "webnumen technology life blog", I found a method for the program to delete itself, but it still cannot be implemented to let the program delete its own folder, even if you run the compiled program in vc6.0, you can delete the Debug folder where you are located. However, if you run a generated program directly, you cannot delete your own folder. At most, you can delete all the files and folders in the same directory as yourself.

Therefore, I found the "C + excellent exploration column" and solved the second difficulty by referring to his code.

The idea is to copy your own attachment to the temporary directory, start the attachment, pass your ID and path as parameters to the attachment, and let yourself exit normally. The appendix to be started is to delete the folder where the original program is located based on the parameters passed to the original program. Delete others and then kill yourself. For details about how to kill yourself, refer to "webnumen technology life blog"

 

Webnumen technology life blog
Http://webnumen.blog.hexun.com/19268347_d.html
C + refined Column
Http://blog.csdn.net/dpfordor/archive/2008/01/10/2032954.aspx

 

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More