Exe自杀代码
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
stackctx.DeleteFileW_argv1 = (DWORD_PTR)VirtualAllocEx(pi.hProcess, 0, (nPathLen+1)*sizeof(WCHAR), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
ret = WriteProcessMemory(pi.hProcess, (LPVOID)stackctx.DeleteFileW_argv1, MyselfPath, (nPathLen+1)*sizeof(WCHAR), NULL);
struct StackContext
{
DWORD_PTR DeleteFileW;
DWORD_PTR WaitForSingleObject_argv1;
///zxhouse
#include <windows.h>
BOOL DeleteMyself(WCHAR *pHelper)
{
int ret;
WCHAR helper[MAX_PATH];
{
return FALSE;
}
}
int main()
{
DeleteMyself(0);
return 0;
}
本篇文章来源于 黑客基地-全球最大的中文黑客站 原文链接:/tech/2009-12-09/58626.html
ctx.Esp += 256*1024;
stackctx.DeleteFileW = (DWORD_PTR)GetProcAddress(hKernel32, "DeleteFileW");
stackctx.WaitForSingleObject_argv1 = (DWORD_PTR)hSYNC;
if (!ret) return FALSE;
ret = SetThreadContext(pi.hThread, &ctx);
if (!ret) retuFra bibliotekn FALSE;
ret = GetThreadContext(pi.hThread, &ctx);
WCHAR MyselfPath[MAX_PATH];
int nPathLen = GetModuleFileNameW(NULL, MyselfPath, MAX_PATH);
ZeroMemory(helper, sizeof(helper));
if (pHelper)
wcsncpy(helper, pHelper, MAX_PATH-2);
else
wcscpy(helper, L"calc.exe");
ResumeThread(pi.hThread);
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
return TRUE;
}else
if (CreateProcessW(NULL, helper, 0, 0, TRUE, CREATE_SUSPENDED, 0, 0, &si, &pi))
{
CONTEXT ctx = {CONTEXT_FULL,0};
ctx.Eip = (DWORD_PTR)GetProcAddress(hKernel32, "WaitForSingleObject");
ctx.Esp = (DWORD_PTR)VirtualAllocEx(pi.hProcess, 0, 512*1024, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
STARTUPINFOW si = {sizeof(STARTUPINFOW),0};
PROCESS_INFORMATION pi;
HANDLE hSYNC = OpenProcess(SYNCHRONIZE, TRUE, GetCurrentProcessId());
DWORD_PTR WaitForSingleObject_argv2;
DWORD_PTR ExitProcess;
DWORD_PTR DeleteFileW_argv1;
DWORD_PTR shit;
if (!ret) return FALSE;
stackctx.shit = 0;
stackctx.ExitProcess_argv1 = 0;
ret = WriteProcessMemory(pi.hProcess, (LPVOID)(ctx.Esp), &stackctx, sizeof(stackctx), NULL);
DWORD_PTR ExitProcess_argv1;
}stackctx;
HMODULE hKernel32 = GetModuleHandleW(L"Kernel32.dll");
stackctx.WaitForSingleObject_argv2 = (DWORD_PTR)-1;
stackctx.ExitProcess = (DWORD_PTR)GetProcAddress(hKernel32, "ExitProcess");
ret = WriteProcessMemory(pi.hProcess, (LPVOID)stackctx.DeleteFileW_argv1, MyselfPath, (nPathLen+1)*sizeof(WCHAR), NULL);
struct StackContext
{
DWORD_PTR DeleteFileW;
DWORD_PTR WaitForSingleObject_argv1;
///zxhouse
#include <windows.h>
BOOL DeleteMyself(WCHAR *pHelper)
{
int ret;
WCHAR helper[MAX_PATH];
{
return FALSE;
}
}
int main()
{
DeleteMyself(0);
return 0;
}
本篇文章来源于 黑客基地-全球最大的中文黑客站 原文链接:/tech/2009-12-09/58626.html
ctx.Esp += 256*1024;
stackctx.DeleteFileW = (DWORD_PTR)GetProcAddress(hKernel32, "DeleteFileW");
stackctx.WaitForSingleObject_argv1 = (DWORD_PTR)hSYNC;
if (!ret) return FALSE;
ret = SetThreadContext(pi.hThread, &ctx);
if (!ret) retuFra bibliotekn FALSE;
ret = GetThreadContext(pi.hThread, &ctx);
WCHAR MyselfPath[MAX_PATH];
int nPathLen = GetModuleFileNameW(NULL, MyselfPath, MAX_PATH);
ZeroMemory(helper, sizeof(helper));
if (pHelper)
wcsncpy(helper, pHelper, MAX_PATH-2);
else
wcscpy(helper, L"calc.exe");
ResumeThread(pi.hThread);
CloseHandle(pi.hThread);
CloseHandle(pi.hProcess);
return TRUE;
}else
if (CreateProcessW(NULL, helper, 0, 0, TRUE, CREATE_SUSPENDED, 0, 0, &si, &pi))
{
CONTEXT ctx = {CONTEXT_FULL,0};
ctx.Eip = (DWORD_PTR)GetProcAddress(hKernel32, "WaitForSingleObject");
ctx.Esp = (DWORD_PTR)VirtualAllocEx(pi.hProcess, 0, 512*1024, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
STARTUPINFOW si = {sizeof(STARTUPINFOW),0};
PROCESS_INFORMATION pi;
HANDLE hSYNC = OpenProcess(SYNCHRONIZE, TRUE, GetCurrentProcessId());
DWORD_PTR WaitForSingleObject_argv2;
DWORD_PTR ExitProcess;
DWORD_PTR DeleteFileW_argv1;
DWORD_PTR shit;
if (!ret) return FALSE;
stackctx.shit = 0;
stackctx.ExitProcess_argv1 = 0;
ret = WriteProcessMemory(pi.hProcess, (LPVOID)(ctx.Esp), &stackctx, sizeof(stackctx), NULL);
DWORD_PTR ExitProcess_argv1;
}stackctx;
HMODULE hKernel32 = GetModuleHandleW(L"Kernel32.dll");
stackctx.WaitForSingleObject_argv2 = (DWORD_PTR)-1;
stackctx.ExitProcess = (DWORD_PTR)GetProcAddress(hKernel32, "ExitProcess");