procedure deleteme;
varbatchfile: textfile;
batchfilename: string;
processinfo: tprocessinformation;
startupinfo: tstartupinfo;
begin
batchfilename := extractfilepath(paramstr(0)) + '_deleteme.bat';
assignfile(batchfile, batchfilename);
rewrite(batchfile);
writeln(batchfile, ':try');
writeln(batchfile, 'del "' + paramstr(0) + '"');
writeln(batchfile,
'if exist "' + paramstr(0) + '"' + ' goto try');
writeln(batchfile, 'del %0');
closefile(batchfile);
fillchar(startupinfo, sizeof(startupinfo), $00);
startupinfo.dwflags := startf_useshowwindow;
startupinfo.wshowwindow := sw_hide;
if createprocess(nil, pchar(batchfilename), nil, nil,
false, idle_priority_class, nil, nil, startupinfo,
processinfo) then
begin
closehandle(processinfo.hthread);
closehandle(processinfo.hprocess);
end;
end;
procedure tform1.button1click(sender: tobject);
begin
deleteme;
close;
end;
end.
第二種:(系統控制批處理方式)
我們經常遇到這樣的軟體,執行之後就消失的無影無蹤,特別是一些黑客的木馬工具。
如果我們能掌握這個技術,即使不做黑客工具,也可以在程式加密、軟體解除安裝等方面發揮作用。
那麼他們是怎樣實現的呢? ---- 以delphi為例,在form關閉的時候執行以下函式closeme即可。
procedure tform1.closeme;
var f:textfile;
begin
assignfile(f,'.\delme.bat');
rewrite(f);
writeln(f,'@echo off');
writeln(f,':loop');
writeln(f,'if exist .\file.exe goto loop');
writeln(f,'del .\delme.bat');
closefile(f);
winexec('.\delme.bat', sw_hide);
close;
end;
winexec(pchar('command.com /c del '+paramstr(0)),sw_minimize);//最小化執行刪除操作,否則將看到dos視窗的瞬間閃爍
第三種:
uses
windows, messages, sysutils, variants, classes, graphics, controls, forms,
dialogs, stdctrls, shellapi, shlobj;
type
tform1 = class(tform)
procedure formclose(sender: tobject; var action: tcloseaction);
private
public
end;
varform1: tform1;
implementation
function suicide: boolean;
varsei: tshellexecuteinfo;
szmodule: pchar;
szcomspec: pchar;
szparams: pchar;
begin
szmodule := allocmem(max_path);
szcomspec := allocmem(max_path);
szparams := allocmem(max_path);
// get file path names:
if ((getmodulefilename(0,szmodule,max_path)<>0) and
(getshortpathname(szmodule,szmodule,max_path)<>0) and
(getenvironmentvariable('comspec',szcomspec,max_path)<>0)) then
begin
// set command shell parameters
lstrcpy(szparams,'/c del ');
lstrcat(szparams, szmodule);
// set struct members
sei.cbsize := sizeof(sei);
sei.wnd := 0;
sei.lpverb := 'open';
sei.lpfile := szcomspec;
sei.lpparameters := szparams;
sei.lpdirectory := 0;
sei.nshow := sw_hide;
sei.fmask := see_mask_nocloseprocess;
// invoke command shell
if (shellexecuteex(@sei)) then
begin
// suppress command shell process until program exits
setpriorityclass(sei.hprocess,high_priority_class);//idle_priority_class);
setpriorityclass( getcurrentprocess(),
realtime_priority_class);
setthreadpriority( getcurrentthread(),
thread_priority_time_critical);
// notify explorer shell of deletion
shchangenotify(shcne_delete,shcnf_path,szmodule,nil);
result := true;
endelse
result := false;
endelse
result := false;
end;
procedure tform1.formclose(sender: tobject; var action: tcloseaction);
begin
suicide;
end;
第四種:
procedure deleteself;
var hmodule: thandle;
szmodulename: array[0..max_path] of char;
hkrnl32: thandle;
pexitprocess, pdeletefile, pfreelibrary, punmapviewoffile: pointer;
exitcode: uint;
begin
hmodule := getmodulehandle(nil);
getmodulefilename(hmodule, szmodulename, sizeof(szmodulename));
hkrnl32 := getmodulehandle('kernel32');
pexitprocess := getprocaddress(hkrnl32, 'exitprocess');
pdeletefile := getprocaddress(hkrnl32, 'deletefilea');
pfreelibrary := getprocaddress(hkrnl32, 'freelibrary');
punmapviewoffile := getprocaddress(hkrnl32, 'unmapviewoffile');
exitcode := system.exitcode;
if ($80000000 and getversion()) <> 0 then
// win95, 98, me
asmlea eax, szmodulename
push exitcode
push 0
push eax
push pexitprocess
push hmodule
push pdeletefile
push pfreelibrary
retend
else
begin
closehandle(thandle(4));
asmlea eax, szmodulename
push exitcode
push 0
push eax
push pexitprocess
push hmodule
push pdeletefile
push punmapviewoffile
retend
endend;
delphi開發的系統執行程式過大
本人目前在工廠用delphi開發erp系統工作 delphi oracle c s架構,系統編譯完成後的有20m左右,乙個exe就20m感覺太恐怖了,不種情況正常嗎?有沒有改善方法?這個問題自己也有思考過,我想到的有好幾種方法,1 把每乙個程式都做成乙個exe 2 用bpl 3 用dll 問題 把乙...
qmail的執行程式
qmail是乙個模組化設計的郵件系統,每乙個子功能都是由乙個執行程式來實現的,而每個程式的屬性以及執行方式由乙個或多個配置檔案和環境變數來控制的。在qmail安裝成功和啟動以後,qmail的相關程序一直在記憶體中駐留,qmail會不斷掃瞄郵件佇列,並且把郵件投遞到正確的目的位址。qmail所有的執行...
qmail的執行程式
qmail是乙個模組化設計的郵件系統,每乙個子功能都是由乙個執行程式來實現的,而每個程式的屬性以及執行方式由乙個或多個配置檔案和環境變數來控制的。在qmail安裝成功和啟動以後,qmail的相關程序一直在記憶體中駐留,qmail會不斷掃瞄郵件佇列,並且把郵件投遞到正確的目的位址。qmail所有的執行...