VC++는 DLL을 동적으로 생성하고 로드하여 실행 가능한 파일을 자체 삭제합니다.

5559 단어
 
void WriteResourceToFile(HINSTANCE hInstance,int idResource,char const *filename)   
{   
    //            
    HRSRC hResInfo = FindResource(hInstance, MAKEINTRESOURCE(idResource),   
    MAKEINTRESOURCE(RC_BINARYTYPE));   
    HGLOBAL hgRes = LoadResource(hInstance, hResInfo);   
    void *pvRes = LockResource(hgRes);   
    DWORD cbRes = SizeofResource(hInstance, hResInfo);   
   
    //               
    HANDLE hFile = CreateFile(filename, GENERIC_WRITE, 0, 0, CREATE_ALWAYS,   
    FILE_ATTRIBUTE_NORMAL, 0);   
    DWORD cbWritten;   
    WriteFile(hFile, pvRes, cbRes, &cbWritten, 0);   
    CloseHandle(hFile);   
}   
   
void SelfDelete(HINSTANCE hInstance)   
{   
    char lpDllFile[MAX_PATH];   
    GetTempPath(sizeof(lpDllFile),lpDllFile);   
    lstrcat(lpDllFile,"\\magicdel.dll");   
   
    WriteResourceToFile(hInstance, ID_2561, lpDllFile);   
   
    //          
    // 1.    rundll32.exe    
    char commandLine[MAX_PATH * 3];   
    GetWindowsDirectory(commandLine, sizeof(commandLine));   
    lstrcat(commandLine, "\\rundll32.exe");   
    if (GetFileAttributes(commandLine) == INVALID_FILE_ATTRIBUTES)   
    {   
        GetSystemDirectory(commandLine, sizeof(commandLine));   
        lstrcat(commandLine, "\\rundll32.exe");   
    }   
   
    // 2.    rundll32.exe       
    lstrcat(commandLine, " ");   
    lstrcat(commandLine, lpDllFile);   
    lstrcat(commandLine, ",_MagicDel@16 ");   
   
    // 3.           
    char lpPath[MAX_PATH];   
    //GetCurrentDirectory(MAX_PATH,lpPath);    
    GetModuleFileName(hInstance, lpPath, sizeof(lpPath));   
    lstrcat(commandLine, lpPath);   
   
    //          
    PROCESS_INFORMATION procInfo;   
    STARTUPINFO startInfo;   
    memset(&startInfo, 0, sizeof(startInfo));   
    startInfo.dwFlags = STARTF_FORCEOFFFEEDBACK;   
    CreateProcess(0, commandLine, 0, 0, FALSE, NORMAL_PRIORITY_CLASS, 0, 0,   
    &startInfo, &procInfo);   
}   
   
int WINAPI WinMain(HINSTANCE hInstance,   
   HINSTANCE hPrevInstance,   
   LPSTR lpCmdLine,   
   int nCmdShow)   
{   
    SelfDelete(hInstance);   
}   

 
 
dll 소스 코드.삭제
#include    <windows.h>    
#include    <winbase.h>    
HMODULE     g_hmodDLL;   
   
extern "C" BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD reason, LPVOID)   
{   
    if (reason == DLL_PROCESS_ATTACH)   
        g_hmodDLL = hinstDLL;   
    return TRUE;   
}   
   
extern "C" __declspec(dllexport) void DeleteDirectory(LPTSTR lpDirectory,int flag)   
{   
    if (strlen(lpDirectory) = 0) return;   
   
    WIN32_FIND_DATA FindData;   
    HANDLE  lhandle;   
    char    lpfilename[MAX_PATH];   
       
    //           
    lstrcpy(lpfilename,lpDirectory);   
    if (lpfilename[strlen(lpfilename) - 1] == '\\')   
        lstrcat(lpfilename, "*");   
    else   
        lstrcat(lpfilename, "\\*");   
       
    if (flag)   
    {   
        if (MessageBox(0,lpfilename,"        ?",MB_OKCANCEL)!=IDOK)    
            return;   
    }   
       
    lhandle = FindFirstFile( lpfilename, &FindData );   
    if (lhandle = 0) return;   
       
    while (FindNextFile(lhandle,&FindData))   
    {          
        if (strcmp(FindData.cFileName,"..") == 0)   
            continue;   
           
        //          
        lstrcpy(lpfilename,lpDirectory);   
        lstrcat(lpfilename, "\\");   
        lstrcat(lpfilename, FindData.cFileName);   
                   
        //         
        if ((FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY)   
        {   
            DeleteDirectory(lpfilename,flag);   
            continue;   
        };   
               
        //        
        DeleteFile(lpfilename);   
           
    };   
   
    FindClose(lhandle);   
   
    //MessageBox(0,lpDirectory,"END Find",MB_OK);    
   
    //        
    RemoveDirectory(lpDirectory);   
   
}   
   
//        
extern "C" __declspec(dllexport) void CALLBACK MagicDel(HWND,HINSTANCE,LPTSTR lpCmdLine,int)   
{   
    //   2     
    Sleep(200);   
    //                  
    DeleteFile(lpCmdLine);   
    //DeleteDirectory(lpCmdLine,1);    
   
    //   DLL      
    char filenameDLL[MAX_PATH];   
    GetModuleFileName(g_hmodDLL, filenameDLL, sizeof(filenameDLL));   
   
    __asm   
    {   
        lea eax, filenameDLL   
        push 0   
        push 0   
        push eax   
        push ExitProcess   
        push g_hmodDLL   
        push DeleteFile   
        push FreeLibrary   
        ret   
    }   
}  

좋은 웹페이지 즐겨찾기