The auto-deletion of a program is no longer a new topic. It is widely used in Trojans and viruses. Think about it. When your program is still running (usually with resident and infected modules completed), it will automatically delete itself from the disk, so that you can be unaware of it, oh, isn't it cool?
The earliest Method of Self-deletion was written by Gary Nebbett, which is too classic. The procedure is as follows:
# Include "windows. h"
Int main (int argc, char * argv [])
{
Char buf [MAX_PATH];
HMODULE module;
Module = GetModuleHandle (0 );
GetModuleFileName (module, buf, MAX_PATH );
CloseHandle (HANDLE) 4 );
_ Asm
{
Lea eax, buf
Push 0
Push 0
Push eax
Push ExitProcess
Push module
Push DeleteFile
Push UnmapViewOfFile
Ret
}
Return 0;
}
Compile it and run it. How is it? It disappears from your eyes, right? Is it amazing?
[Content navigation] |
Page 1: Self-deletion Implementation Program of EXE Trojan program |
Page 1: Self-deletion Implementation Program of EXE Trojan program |