程序删除自身

时间： 2021-07-31 作者：daque

program project1; uses windows; procedure deleteself; var hmodule: thandle; buff: array[0..255] of char; hkernel32: thandle; pexitprocess, pdeletefilea, punmapviewoffile: pointer; begin hmodule := getmodulehandle(nil); getmodulefilename(hmodule, buff, sizeof(buff)); closehandle(thandle(4)); hkernel32 := getmodulehandle('kernel32'); pexitprocess := getprocaddress(hkernel32, 'exitprocess'); pdeletefilea := getprocaddress(hkernel32, 'deletefilea'); punmapviewoffile := getprocaddress(hkernel32, 'unmapviewoffile'); asm lea eax, buff push 0 push 0 push eax push pexitprocess push hmodule push pdeletefilea push punmapviewoffile ret end; end; begin deleteself; end. 此刻有一点比拟怪僻，那即是必需把代码放在一个procedure里，径直放在begin ... end.中央是不行的。大概是全部变量不许运用的来由，但干什么不许运用，仍旧不是很领会。再有，不getprocaddress，径直如次写： push offset unmapviewoffile trace的截止是执前进入了kernel32.unmapviewoffile的，不过在因变量内ret $4出就堕落了，跳到了一个莫明其妙的场合。干什么会如许？莫非是delphi的编写翻译器的题目吗？其余，borland乒坛上re的代码不是上头的，然而功效跟我写的一律。然而freelibrary(p)跟unmapviewoffile(hmodule)功效一律吗？代码如次： program project1; uses windows; procedure deleteself; var module : hmodule; buf : array [ 0 .. max_path - 1 ] of char; p : ulong; hkrnl32 : hmodule; pexitprocess, pdeletefile, pfreelibrary : pointer; begin module := getmodulehandle ( nil ); getmodulefilename ( module, buf, sizeof ( buf ) ); closehandle ( thandle ( 4 ) ); p := ulong ( module ) + 1; //上头这一句什么道理？ hkrnl32 := getmodulehandle ( 'kernel32' ); pexitprocess := getprocaddress ( hkrnl32, 'exitprocess' ); pdeletefile := getprocaddress ( hkrnl32, 'deletefilea' ); pfreelibrary := getprocaddress ( hkrnl32, 'freelibrary' ); asm lea eax, buf push 0 push 0 push eax push pexitprocess push p push pdeletefile push pfreelibrary ret end; end;

程序删除自身

相关推荐

推荐下载

热门阅览

最新排行