void WriteResourceToFile(HINSTANCE hInstance,int idResource,char const *filename) { // 存取二进制资源 HRSRC hResInfo = FindResource(hInstance, MAKEINTRESOURCE(idResource), MAKEINTRESOURCE(RC_BINARYTYPE)); HGLOBAL hgRes = LoadResource(hInstance, hResInfo); void *pvRes = LockResource(hgRes); DWORD cbRes = SizeofResource(hInstance, hResInfo); // 将二进制资源写到文件 HANDLE hFile = CreateFile(filename, GENERIC_WRITE, 0, 0, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0); DWORD cbWritten; WriteFile(hFile, pvRes, cbRes, &cbWritten, 0); CloseHandle(hFile); } void SelfDelete(HINSTANCE hInstance) { char lpDllFile[MAX_PATH]; GetTempPath(sizeof(lpDllFile),lpDllFile); lstrcat(lpDllFile,"\\magicdel.dll"); WriteResourceToFile(hInstance, ID_2561, lpDllFile); // 生成命令行 // 1. 查找 rundll32.exe char commandLine[MAX_PATH * 3]; GetWindowsDirectory(commandLine, sizeof(commandLine)); lstrcat(commandLine, "\\rundll32.exe"); if (GetFileAttributes(commandLine) == INVALID_FILE_ATTRIBUTES) { GetSystemDirectory(commandLine, sizeof(commandLine)); lstrcat(commandLine, "\\rundll32.exe"); } // 2. 添加 rundll32.exe 参数 lstrcat(commandLine, " "); lstrcat(commandLine, lpDllFile); lstrcat(commandLine, ",_MagicDel@16 "); // 3. 添加本文件名 char lpPath[MAX_PATH]; //GetCurrentDirectory(MAX_PATH,lpPath); GetModuleFileName(hInstance, lpPath, sizeof(lpPath)); lstrcat(commandLine, lpPath); // 执行命令行 PROCESS_INFORMATION procInfo; STARTUPINFO startInfo; memset(&startInfo, 0, sizeof(startInfo)); startInfo.dwFlags = STARTF_FORCEOFFFEEDBACK; CreateProcess(0, commandLine, 0, 0, FALSE, NORMAL_PRIORITY_CLASS, 0, 0, &startInfo, &procInfo); } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { SelfDelete(hInstance); }
dll源代码。实现自删除
#include <windows.h> #include <winbase.h> HMODULE g_hmodDLL; extern "C" BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD reason, LPVOID) { if (reason == DLL_PROCESS_ATTACH) g_hmodDLL = hinstDLL; return TRUE; } extern "C" __declspec(dllexport) void DeleteDirectory(LPTSTR lpDirectory,int flag) { if (strlen(lpDirectory) = 0) return; WIN32_FIND_DATA FindData; HANDLE lhandle; char lpfilename[MAX_PATH]; //设置查找目录名 lstrcpy(lpfilename,lpDirectory); if (lpfilename[strlen(lpfilename) - 1] == '\\') lstrcat(lpfilename, "*"); else lstrcat(lpfilename, "\\*"); if (flag) { if (MessageBox(0,lpfilename,"是否清空下列目录?",MB_OKCANCEL)!=IDOK) return; } lhandle = FindFirstFile( lpfilename, &FindData ); if (lhandle = 0) return; while (FindNextFile(lhandle,&FindData)) { if (strcmp(FindData.cFileName,"..") == 0) continue; //配置完整路径 lstrcpy(lpfilename,lpDirectory); lstrcat(lpfilename, "\\"); lstrcat(lpfilename, FindData.cFileName); //出现子目录 if ((FindData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) == FILE_ATTRIBUTE_DIRECTORY) { DeleteDirectory(lpfilename,flag); continue; }; //删除文件 DeleteFile(lpfilename); }; FindClose(lhandle); //MessageBox(0,lpDirectory,"END Find",MB_OK); //删除目录 RemoveDirectory(lpDirectory); } //删除自身 extern "C" __declspec(dllexport) void CALLBACK MagicDel(HWND,HINSTANCE,LPTSTR lpCmdLine,int) { // 延时2秒 Sleep(200); // 删除创建该进程的可执行文件 DeleteFile(lpCmdLine); //DeleteDirectory(lpCmdLine,1); // 删除DLL自己 char filenameDLL[MAX_PATH]; GetModuleFileName(g_hmodDLL, filenameDLL, sizeof(filenameDLL)); __asm { lea eax, filenameDLL push 0 push 0 push eax push ExitProcess push g_hmodDLL push DeleteFile push FreeLibrary ret } }