View Single Post
Old 01-31-2005, 04:11 PM
white scorpion white scorpion is offline
Junior Member
Join Date: Jan 2005
Location: the Netherlands
Posts: 4

thanks for your answers and i did google

well, here's what i came up with:

commd * * * db "cmd.exe /c del ",0


startup * * STARTUPINFO * * * * <>

clbuff * * *db 500 dup (?)

TotalCleanUp PROC

;remove the program itself

invoke GetCommandLine

mov ComLine,eax

invoke lstrcpy,addr clbuff,addr commd

invoke lstrcat,addr clbuff,ComLine

mov startup.wShowWindow,SW_HIDE

invoke CreateProcess,NULL,addr clbuff,NULL,NULL,FALSE,0,NULL,NULL,addr startup,addr processinfo

invoke ExitProcess,0

TotalCleanUp ENDP

btw, here's the same code in C for those who do not understand ASM:
#include <stdio.h>

#include <windows.h>

#include <strings.h>

int main(void)


 * *char buffer[500]="cmd.exe /c del ";



 * *ZeroMemory( &si, sizeof(si) );

 * *si.cb = sizeof(si);

 * *ZeroMemory( &pi, sizeof(pi) );

 * *strcat(buffer,GetCommandLine());

 * *CreateProcess(NULL,buffer,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi);

 * *return 0;

 * *

so my problem is solved

i want to include it to prevent brute forcing. if i let the program run 100 times before this code is executed the program can not be bruteforced without first RE'ing it by removing this code

thanks for the help tho
The path of access leads to the tower of wisdom...
[url=][u]White Scorpion Security
Reply With Quote