使用场景如文件运行后自动删除自己的卸载程序
Linux
Linux下的删除程序概念验证代码
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
# ifdef _WIN32
#include <windows.h>
#endif
#define PATH_MAX 256
int main(int argc, char *argv[]) {
// 检查是否有足够的参数(即程序名)
if (argc < 1) {
fprintf(stderr, "Usage: %s\n", argv[0]);
return 1;
}
// 获取当前程序的绝对路径
char path[PATH_MAX];
# ifdef _WIN32
HMODULE hm=GetModuleHandle(NULL);
GetModuleFileName(hm,path,sizeof(path));
if(GetLastError()!=0){
perror("GetModuleFileName");
return 1;
}
# else
if (readlink("/proc/self/exe", path, PATH_MAX) == -1) {
perror("readlink");
return 1;
}
# endif
printf("path: %s\n", path);
// 尝试删除自身
if (unlink(path) == -1) {
perror("unlink");
return 1;
}
// 这里添加你的主要程序逻辑
printf("Self-deleted, but still running...\n");
// 为了演示,这里让程序睡眠一段时间而不是立即退出
sleep(10000);
return 0;
}
Windows NT
利用NTFS 特性 备份数据流
#include <Windows.h>
#include <iostream>
BOOL Self_Delete() {
const wchar_t* NewStream = L":endlessparadox";
WCHAR szPath[MAX_PATH * 2] = { 0 };
// 获取当前可执行文件的路径
if (GetModuleFileNameW(NULL, szPath, MAX_PATH * 2) == 0) {
std::wcerr << L"[!] GetModuleFileNameW fail , code is " << GetLastError() << std::endl;
return FALSE;
}
// 打开文件
HANDLE hFile = CreateFileW(szPath,
DELETE | SYNCHRONIZE,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
NULL, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
std::wcerr << L"[!] CreateFileW fail , code is " << GetLastError() << std::endl;
return FALSE;
}
// 准备重命名信息
SIZE_T sRename = sizeof(FILE_RENAME_INFO) + sizeof(wchar_t) * wcslen(NewStream);
PFILE_RENAME_INFO pRename = (PFILE_RENAME_INFO)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sRename);
if (!pRename) {
CloseHandle(hFile);
std::wcerr << L"[!] HeapAlloc fail , code is " << GetLastError() << std::endl;
return FALSE;
}
pRename->FileNameLength = wcslen(NewStream) * sizeof(wchar_t);
RtlCopyMemory(pRename->FileName, NewStream, pRename->FileNameLength);
std::wcout << L"[i] Renaming :$DATA to file data as " << NewStream << std::endl;
if (!SetFileInformationByHandle(hFile, FileRenameInfo, pRename, sRename)) {
std::wcerr << L"[!] SetFileInformationByHandle fail, code is" << GetLastError() << std::endl;
CloseHandle(hFile);
HeapFree(GetProcessHeap(), 0, pRename);
return FALSE;
}
std::wcout << L"[+] Completed" << std::endl;
CloseHandle(hFile);
// 打开文件以删除
hFile = CreateFileW(szPath,
DELETE | SYNCHRONIZE,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
NULL, NULL);
if (hFile == INVALID_HANDLE_VALUE && GetLastError() == 0) {
std::wcout << "free memory" << std::endl;
HeapFree(GetProcessHeap(), 0, pRename);
return TRUE;
}
FILE_DISPOSITION_INFO Delete = { 0 };
Delete.DeleteFile = TRUE;
std::wcout << L"[+] Deleting ....." << std::endl;
if (!SetFileInformationByHandle(hFile, FileDispositionInfo, &Delete, sizeof(Delete))) {
std::wcerr << L"[!] SetFileInformationByHandle fail, code is " << GetLastError() << std::endl;
CloseHandle(hFile);
HeapFree(GetProcessHeap(), 0, pRename);
return FALSE;
}
CloseHandle(hFile);
HeapFree(GetProcessHeap(), 0, pRename);
wprintf(L"[+] Done\n");
return TRUE;
}
int main() {
Self_Delete();
std::wcout << "stop in memory" << std::endl;
std::string userInput; // 声明一个字符串变量用于存储用户输入
std::cout << "Input Str: ";
std::cin >> userInput ;
std::cout << "Get: " << userInput << std::endl;
return 0;
}
来自社区文章