| In many cases, you need to execute the program to delete yourself from the physical disk, for example, uninstall the program, and clear the information obtained by some hacker programs, these programs with the auto-deletion function are collectively referred to as "suicide" programs. For a programmer, we must all have the experience of using code to delete physical disk files in the program. We only need to simply call the DeleteFile API function, however, this function cannot delete itself. When it deletes itself, the following error occurs: "file cannot be deleted: access is denied. The error message "the source file may be being used" is displayed because the program is still in memory when it deletes its own code. In Windows, the program in progress cannot be deleted. To implement the program auto-deletion function, we can solve this problem through multi-process methods. Before the executable file is returned, create a new process that runs the Command window (Command process in Windows98 and CMD process in Windows2000/XP ), of course, this command window is executed in a hidden way, And the delete function is executed by passing parameters. To prevent the deletion of images of executable files in the memory, you need to set the current process to a real-time priority, and the command window process to a very low IDLE priority, in this way, you can run the DELETE command in the Command window to delete the file. Next, let's create a "suicide" Program (with the auto-deletion function). The program is developed and compiled in Visual C ++ 6.0. First, start Visual C ++ 6.0 and create a new MFC AppWizard (exe) project named SelfDelete. Select create program framework in dialog box mode. Next, open the resource editor, add a button control, and set the content to "stop", as shown in Figure 1: Start ClassWizard, create a new CLICK event processing function for the newly added control, and then open the function. Add the "suicide" Code as follows: Void CSelfDeleteDlg: OnButton1 () {// TODO: Add your control notification handler code here SHELLEXECUTEINFO sei; TCHAR szModule [MAX_PATH], szComspec [MAX_PATH], szParams [MAX_PATH]; // obtain the file path name if (GetModuleFileName (0, szModule, MAX_PATH )! = 0) & (getequalpathname (szModule, szModule, MAX_PATH )! = 0) & (GetEnvironmentVariable ("COMSPEC", szComspec, MAX_PATH )! = 0) {// set the command line parameters. Lstrcpy (szParams, "/c del"); lstrcat (szParams, szModule); lstrcat (szParams, "> nul"); // initialize the sei of the shellexecuteinfo structure member. cbSize = sizeof (sei); // set the type size. // Process handle in the Command window, which is set when the ShellExecuteEx function is executed. Sei. hwnd = 0; sei. lpVerb = "Open"; // The action is "Open execution ". Sei. lpFile = szComspec; // full path name of the execution program file. Sei. lpParameters = szParams; // execution parameters. Sei. lpDirectory = 0; // display mode. Hide the mode to prevent the command window from appearing. Sei. nShow = SW_HIDE; // The process exits after the SellExecuteEx function is complete. Sei. fMask = SEE_MASK_NOCLOSEPROCESS; // create an execution command window process. If (ShellExecuteEx (& sei) {// set the invocation level of the command line process to idle, so that the program has enough time to exit from the memory. SetPriorityClass (sei. hProcess, IDLE_PRIORITY_CLASS); // set the execution level of the program process to real-time execution. This program immediately obtains the CPU execution right and exits quickly. SetPriorityClass (GetCurrentProcess (), REALTIME_PRIORITY_CLASS); SetThreadPriority (GetCurrentThread (), THREAD_PRIORITY_TIME_CRITICAL); // notifies the Windows resource browser that the program file has been deleted. Shchangenovel (shcn_delete, SHCNF_PATH, szModule, 0); // execute the exit program EndDialog (0 );}}}If the comments in the above Code cannot help you understand the meaning of the Code, please do not worry, we will explain the code in detail later. Now, you can start to compile the program project and run the program. Please carefully observe the program file in the Windows resource browser. Several seconds after you press the "Start suicide" button, the program file disappears from the Windows resource browser, which is also expected by the program.
After experiencing the magic of the "suicide" program, let's look back and analyze the code that implements the "suicide" function.
As we have discussed earlier, the core of the "suicide" function is to create a new process in the Command window in the program and delete the program file by passing the del command and parameters to the Command window process. The COMMAND window program is defined by the Environment Variable COMSPEC. Win9x/ME Uses COMMAND. COM, WinNT/2 K/XP uses CMD. COM. The program passes the command string "/c del filename> nul" to the Command window, where filename is the full path file name of the file to be deleted, and the file name must be converted to the 8.3 format; the/c switch is used to exit the command window.
In the implementation code, you first need to obtain the full path of the current program module and convert it to the 8.3 format required by the Command window. In the code, the GetModuleFileName (0, szModule, MAX_PATH) function obtains the full path name of the current program mode and stores it in the variable szModule. Then, use the get‑pathname (szModule, szModule, MAX_PATH) function to convert the full path name of the program module in the szModule variable to the 8.3 format required by the Command window. In addition, the GetEnvironmentVariable ("COMSPEC", szComspec, MAX_PATH) function is called to obtain the full path of the command window program from the system environment variable COMSPC. Next, you need to combine the full path string of the program module in the 8.3 format in the variable szModule into the command string "/c del" + szModule + "> nul ".
With this information, you can call the shellexecuteex () API function to create a new command window process. This function requires a parameter of the shellexecuteinfo type and calls shellexecuteex () the function must initialize this type parameter. For details about the shellexecuteinfo type, see msdn. This parameter is used to set the execution action of the command window process to open and the execution file to the Command window (PATH provided by szcomspec) the execution file parameters are the command strings combined above, and the display mode is the hidden mode (the hidden mode can prevent the appearance of the command window interface ).
The command window is run by calling the shellexecuteex () function as a separate process. Its window handle is defined in the hprocess member variable in the shellexectueinfo structure. A special problem needs to be solved in self-deletion, that is, the main program must exit and close the opened file handle before deleting it in the Command window. To achieve this, we must synchronize two independent and parallel processes: the current program process and the command window process. This allows you to temporarily reduce the execution priority of the command window by operating the CPU resource priority. In this way, the main program allocates all resources to the CPU until it Exits normally, and blocks the execution of any other command window until the main program ends. The following code adjusts the execution priority of two processes:
// Set the execution level of the command line process to idle,
// This gives the program enough time to exit from the memory.
Setpriorityclass (SEI. hprocess, idle_priority_class );
// Set the execution level of the program process to real-time execution,
// This program immediately obtains the CPU execution right and quickly exits.
SetPriorityClass (GetCurrentProcess (), REALTIME_PRIORITY_CLASS );
SetThreadPriority (GetCurrentThread (), THREAD_PRIORITY_TIME_CRITICAL ); At this point, the "suicide" function is basically implemented. The last thing to do is to call the shchangenovel (shcn_delete, SHCNF_PATH, szModule, 0) function to notify Windows resource browser that the program file has been successfully deleted. If the current Windows resource browser window is in the program file directory, this notification is very necessary, it will cause the Windows resource browser to immediately delete this program file item from the program file directory list. After completing the above work, you must call the code for exiting the program. The EndDialog () function is used here. If you do not exit the program in time, the command window process cannot delete the program file normally, the cause has been studied before. |
