A clever delete program own method

Title: A smartly deleted program own method recently seen how the netizen asked how to delete itself after the program run, I don't know if you are in the Trojan, or want this effect: users as long as one is running The program, the executable file is not, but the program is still running, timid is only afraid to call "ghosts!", "Wife, come out to see God". In fact, the most typical usage is to write anti-installation procedures. If you are free, BEAR is a way to "delete yourself". Everyone knows that when the general program is running, the executable itself is protected by the operating system. It cannot be accessed by rewritten, let alone delete themselves when it is still running. Seeing a Undocument method on the homepage of LU0, deleting yourself by changing the file access mode of the system underlying. I saw it very admired. But is there a function that can be found on the MSDN? Yeffrey richter gives us a sample: deleteme.cpp, name: deleteme.cppwritten by: Jeffrey RichterDescription: allows an executable file to delete itself ******************** ******************************************* / #include #include #include < Tchar.h> / int Winapi WinMain (Hinstance H, Hinstance B, LPSTR PSZ, INT N) {// is this the Original EXE or THE Clone EX? //ness, this Is The Original Exe / / If the command-line> 1 argument, this is the clone EXE if (__argc == 1) {// Original EXE: Spawn clone EXE to delete this EXE // Copy this EXEcutable image into the user's temp directory TCHAR szPathOrig [_MAX_PATH ], szPathClone [_MAX_PATH]; GetModuleFileName (NULL, szPathOrig, _MAX_PATH); GetTempPath (_MAX_PATH, szPathClone); GetTempFileName (szPathClone, __TEXT ( "Del"), 0, szPathClone); CopyFile (szPathOrig, szPathClone, FALSE); // *** Note ***: // Open theclone exe usding file_flag_delete_on_closehandle hfile = createfile (szpathclone, 0, file_share_read, null, open_existing, FILE_FLAG_DELETE_ON_CLOSE, NULL); // Spawn the clone EXE passing it our EXE's process handle // and the full path name to the Original EXE file.TCHAR szCmdLine [512]; HANDLE hProcessOrig = OpenProcess (SYNCHRONIZE, TRUE, GetCurrentProcessId ());

WSPrintf (""% s% d / "% s /"), szpathclone, hprocessorig, szpathorig; startupinfo si; zeromemory (& Si, SIZEOF (Si)); Si.cb = sizeof (si); process_information Cre; CreateProcess (NULL, SZCMDLINE, NULL, NULL, TRUE, 0, NULL, NULL, & SI, & PI); CloseHandle (HProcessorig); CloseHandle (HFILE); // this Original Process Can Now Terminate.} else {// Clone EXE: When original EXE terminates, delete itHANDLE hProcessOrig = (HANDLE) _ttoi (__ targv [1]); WaitForSingleObject (hProcessOrig, INFINITE); CloseHandle (hProcessOrig); DeleteFile (__ targv [2]); // Insert code here to remove the Subdirectory TOO (if desired). // the systematadally // because it is opened_on_close} return (0);} This program is very simple: isn't it possible to delete itself directly at runtime? Ok, then the program is copied (clone) one yourself, start another process with the replica, then end the run, then the original EXE file is not protected by the system. At this time, the original EXE file is removed by the new process as the killer, and continue Complete other functions of the program.