Reverse Engineering Team Board

Reverse Engineering Team Board (
-   General Forum (
-   -   writing an application which can delete itself (

white scorpion 01-30-2005 06:17 PM

writing an application which can delete itself
Hi all,

i'm writing a crackme and i would like to add the option to remove itself if the user enters the wrong password too many times.

well, the crackme itself isn't that hard to write, but the piece of code to let the program delete itself is...

i've been thinking about using the windows installer (if i knew how:)),
or perhaps there might be some API's which can be of use.

any ideas?

Thanks in advance,

Kind regards

White Scorpion

Crudd 01-31-2005 12:57 AM

Google has a few solutions for you:
and could be helpful.
I dont see the point of making the .exe delete itself. The cracker will just d/l it again if he needs/wants to. Seems like alot of work for little payoff.
Crudd [RET]

Devine9 01-31-2005 11:39 AM

Installers do this all the time..

[ ] delete setup file after install

could pass the pid to a seperate process which watches for exit, then delete.. or just wait a couple seconds but then you risk race conditions.


white scorpion 01-31-2005 04:11 PM

thanks for your answers and i did google :)

well, here's what i came up with:


commd * * * db "cmd.exe /c del ",0


startup * * STARTUPINFO * * * * <>

clbuff * * *db 500 dup (?)

TotalCleanUp PROC

;remove the program itself

invoke GetCommandLine

mov ComLine,eax

invoke lstrcpy,addr clbuff,addr commd

invoke lstrcat,addr clbuff,ComLine

mov startup.wShowWindow,SW_HIDE

invoke CreateProcess,NULL,addr clbuff,NULL,NULL,FALSE,0,NULL,NULL,addr startup,addr processinfo

invoke ExitProcess,0

TotalCleanUp ENDP

btw, here's the same code in C for those who do not understand ASM:

#include <stdio.h>

#include <windows.h>

#include <strings.h>

int main(void)


 * *char buffer[500]="cmd.exe /c del ";



 * *ZeroMemory( &si, sizeof(si) );

 * *si.cb = sizeof(si);

 * *ZeroMemory( &pi, sizeof(pi) );

 * *strcat(buffer,GetCommandLine());

 * *CreateProcess(NULL,buffer,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi);

 * *return 0;

 * *


so my problem is solved :)

i want to include it to prevent brute forcing. if i let the program run 100 times before this code is executed the program can not be bruteforced without first RE'ing it by removing this code :)

thanks for the help tho :D

sna 02-01-2005 08:31 PM

writing an application which can delete itself

Recall that the command promt is not brought up by cmd.exe under Windows 95/98/ME.
There's an environment variable named COMSPEC that specifes the command-interpreter in use.

Regards, sna

white scorpion 02-02-2005 02:25 AM

yes i i know, perhaps i should use instead :)

sna 02-02-2005 10:18 AM

Environment Variables

Regards, sna

white scorpion 02-02-2005 01:43 PM

yes i know of the API, but it doesn't really matter since is available in all versions of windows . so why write a lot of extra code when you can just use ?

sna 02-02-2005 04:22 PM

cmd.exe VS

so why write a lot of extra code when you can just use ?
Because is executed inside a virtual machine. It's just wrong damn it!

Regards, sna

All times are GMT -4. The time now is 05:36 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.