// Repost: I used to translate a such article for Mr. Lu Lin. I used Delphi to rewrite it. I didn't succeed. Today, I went to Tsinghua BBS to see this Delphi version, special post
Sender: Litoad (Rick), News District: Delphi
Title: The Delphi version of the Self-delete program finally got. (Reproduced)
Sending station: BBS Shuimu Tsinghua Station (Mon Jun 4 20:51:55 2001)
[The following text reprinted from the Programming discussion area]
Sender: Litoad (Rick), News District: Programming
Title: The Delphi version of the Self-delete program finally got.
Sending station: BBS Shuimu Tsinghua Station (Mon Jun 4 20:50:42 2001)
Asked to Borland's Forum, I really said that Laoduan is the same.
I'm getProcaddress. code show as below:
PROGRAM Project1;
Uses
WINDOWS;
PROCEDURE DELETESELF;
VAR
HModule: Thandle;
BUFF: Array [0..255] of char;
Hkernel32: thandle;
PEXITPROCESS, PDELETEFILEA, PUNMAPVIEWOFFILE: POINTER
Begin
HModule: = getModuleHandle (NIL);
GetModuleFileName (HMODULE, BUFF, SIZEOF (BUFF));
CloseHandle (Thandle (4));
Hkernel32: = getModuleHandle ('kernel32');
PEXITPROCESS: = GetProcaddress (Hkernel32, 'EXITPROCESS');
Pdletefilea: = getProcaddress (Hkernel32, 'deletefilea');
PunmapViewoffile: = getProcaddress (Hkernel32, 'unmapViewOffile');
ASM
Lea Eax, Buff
PUSH 0
PUSH 0
Push EAX
Push pexitprocess
Push hmodule
Push Pdeletefilea
Push PunmapViewoffile
RET
END;
END;
Begin
Deleteseelf;
End.
Now there is a little quirky, that is, you must put the code in a procedure,
Placed directly in Begin ... End. It is not possible. Maybe a global variable cannot be used
The reason, but why can't you use it, still not very clear.
Also, not getProcAddress, write directly as follows:
Push Offset UnmapViewOffile
The result of TRACE is to implement the Kernel32.UnmapViewoffile, just
RET $ 4 in the function is wrong, jumps to an inexplicable place. Why
such? Is it the problem of Delphi compiler?
In addition, the code in the Borland Forum is not above, but the effect is the same as I wrote.
. But is FREELIBRARY (P) like unmapViewoffile (hmodule)?
code show as below:
Program Project1; Uses
WINDOWS;
PROCEDURE DELETESELF;
VAR
Module: hmodule;
BUF: array [0 .. max_path - 1] of char;
p: ulong;
HKRNL32: HMODULE;
PExitProcess, Pdletefile, Pfreelibrary: Pointer;
Begin
Module: = getModuleHandle (NIL);
GetModuleFileName (Module, BUF, SIZEOF (BUF));
CloseHandle (Thandle (4));
P: = ulong (module) 1;
// What do you mean by this?
HKRNL32: = GetModuleHandle ('Kernel32');
PexitProcess: = getProcaddress (HKRNL32, 'EXITPROCESS');
Pdletefile: = getProcaddress (HKRNL32, 'Deletefilea');
Pfreelibrary: = getProcaddress (HKRNL32, 'FreeElibrary');
ASM
Lea Eax, BUF
PUSH 0
PUSH 0
Push EAX
Push pexitprocess
Push P
Push Pdletefile
Push Pfreelibrary
RET
END;
END;
-
※ Modification: · Litoad in Jun 4 21:18:43 Modified this article · [From: 166.111.171.40]
