棋子 发表于 2007-10-3 16:23:44

几种程序自杀的方法delphi

几种程序自杀的方法delphi
几种程序自杀的方法



procedure DeleteMe;
var
BatchFile: TextFile;
BatchFileName: string;
ProcessInfo: TProcessInformation;
StartUpInfo: TStartupInfo;
begin
BatchFileName := ExtractFilePath(ParamStr(0)) + '_deleteme.bat';
AssignFile(BatchFile, BatchFileName);
Rewrite(BatchFile);

Writeln(BatchFile, ':try');
Writeln(BatchFile, 'del "' + ParamStr(0) + '"');
Writeln(BatchFile,
    'if exist "' + ParamStr(0) + '"' + ' goto try');
Writeln(BatchFile, 'del %0');
CloseFile(BatchFile);

FillChar(StartUpInfo, SizeOf(StartUpInfo), $00);
StartUpInfo.dwFlags := STARTF_USESHOWWINDOW;
StartUpInfo.wShowWindow := SW_HIDE;
if CreateProcess(nil, PChar(BatchFileName), nil, nil,
    False, IDLE_PRIORITY_CLASS, nil, nil, StartUpInfo,
    ProcessInfo) then
begin
    CloseHandle(ProcessInfo.hThread);
    CloseHandle(ProcessInfo.hProcess);
end;
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
DeleteMe;
close;
end;

end.

第二种:

类 别:系统控制
我们经常遇到这样的软件,运行之后就消失的无影无踪,特别是一些黑客的木马工具。
如果我们能掌握这个技术,即使不做黑客工具,也可以在程序加密、软件卸载等方面发挥作用。
那么他们是怎样实现的呢?
---- 以delphi为例,在form关闭的时候执行以下函数closeme即可:
procedure TForm1.closeme;
var f:textfile;
begin
assignfile(f,'.\delme.bat');
rewrite(f);
writeln(f,'@echo off');
writeln(f,':loop');
writeln(f,'del "'+application.ExeName+'"');
writeln(f,'if exist .\file.exe goto loop');
writeln(f,'del .\delme.bat');
closefile(f);
winexec('.\delme.bat', SW_HIDE);
close;
end;

winexec(pchar('command.com /c del '+ParamStr(0)),SW_MINIMIZE);//最小化执行删除操作,否则将看到DOS窗口的瞬间闪烁

第三种:

Delphi 版
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ShellAPI, ShlObj;

type
TForm1 = class(TForm)
    procedure FormClose(Sender: TObject; var Action: TCloseAction);
private
    { Private declarations }
public
    { Public declarations }
end;

var
Form1: TForm1;

implementation

{$R *.dfm}

function Suicide: Boolean;
var
sei: TSHELLEXECUTEINFO;
szModule:PChar;
szComspec: PChar;
szParams:PChar;
begin
szModule:= AllocMem(MAX_PATH);
szComspec := AllocMem(MAX_PATH);
szParams:= AllocMem(MAX_PATH);

// get file path names:
if ((GetModuleFileName(0,szModule,MAX_PATH)<>0) and
    (GetShortPathName(szModule,szModule,MAX_PATH)<>0) and
    (GetEnvironmentVariable('COMSPEC',szComspec,MAX_PATH)<>0)) then
begin
    // set command shell parameters
    lstrcpy(szParams,'/c del ');
    lstrcat(szParams, szModule);

    // set struct members
    sei.cbSize      := sizeof(sei);
    sei.Wnd          := 0;
    sei.lpVerb      := 'Open';
    sei.lpFile      := szComspec;
    sei.lpParameters := szParams;
    sei.lpDirectory:= 0;
    sei.nShow      := SW_HIDE;
    sei.fMask      := SEE_MASK_NOCLOSEPROCESS;

    // invoke command shell
    if (ShellExecuteEx(@sei)) then
    begin
      // suppress command shell process until program exits
      SetPriorityClass(sei.hProcess,HIGH_PRIORITY_CLASS);//IDLE_PRIORITY_CLASS);

      SetPriorityClass( GetCurrentProcess(),
                        REALTIME_PRIORITY_CLASS);

      SetThreadPriority( GetCurrentThread(),
                        THREAD_PRIORITY_TIME_CRITICAL);

      // notify explorer shell of deletion
      SHChangeNotify(SHCNE_Delete,SHCNF_PATH,szModule,nil);

      Result := True;
    end
    else
      Result := False;
end
else
    Result := False;
end;


procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
Suicide;
end;

第四种:

procedure deleteSelf;
var hModule: THandle;
szModuleName: array of char;
hKrnl32: THandle;
pExitProcess, pdeleteFile, pFreeLibrary, pUnmapViewOfFile: pointer;
ExitCode: UINT;
begin
hModule := GetModuleHandle(nil);
GetModuleFileName(hModule, szModuleName, sizeof(szModuleName));

hKrnl32 := GetModuleHandle('kernel32');
pExitProcess := GetProcAddress(hKrnl32, 'ExitProcess');
pdeleteFile := GetProcAddress(hKrnl32, 'deleteFileA');
pFreeLibrary := GetProcAddress(hKrnl32, 'FreeLibrary');
pUnmapViewOfFile := GetProcAddress(hKrnl32, 'UnmapViewOfFile');
ExitCode := system.ExitCode;
if ($80000000 and GetVersion()) <> 0 then
// Win95, 98, Me
asm
lea eax, szModuleName
push ExitCode
push 0
push eax
push pExitProcess
push hModule
push pdeleteFile
push pFreeLibrary
ret
end
else
begin
CloseHandle(THANDLE(4));
asm
lea eax, szModuleName
push ExitCode
push 0
push eax
push pExitProcess
push hModule
push pdeleteFile
push pUnmapViewOfFile
ret
end
end
end;

sean0407 发表于 2008-12-9 16:49:58

謝謝分享

受用良多

red.girl 发表于 2008-12-11 16:32:58

你穷不穷?我很穷!穷女孩日记网路发烧

金融海啸,裁员减薪,最近网路上大家关注什麽?
一个名为『穷女孩』的博客,每天吸引数万白领上班族浏览观看。
穷女孩将生活中发生的糗事分享给大家,并透过幽默诙谐的笔触,将她的糗事,通通变成鼓励积极向上的事。
最近穷女孩买了套房子,被原业主的爸爸及女友强占,四处求助碰壁,乾脆博客连载,将事件以幽默叙述po了出来,引起网民高度关注,变成了全国白领,MSN,论坛上转帖率很高的故事。


穷女孩的博客网址:www.misshouse.cn

qqqwwqqq 发表于 2008-12-15 07:02:56

看不懂啊,汗:)doh_q

pwycctv 发表于 2009-1-25 08:00:01

(*^__^*)
页: [1]
查看完整版本: 几种程序自杀的方法delphi