View Single Post
  #4  
Old 01-31-2005, 04:11 PM
white scorpion white scorpion is offline
Junior Member
 
Join Date: Jan 2005
Location: the Netherlands
Posts: 4
Default

thanks for your answers and i did google

well, here's what i came up with:

Code:
commd * * * db "cmd.exe /c del ",0



processinfo PROCESS_INFORMATION <>

startup * * STARTUPINFO * * * * <>



clbuff * * *db 500 dup (?)



TotalCleanUp PROC


;remove the program itself
;-------------------------



invoke GetCommandLine

mov ComLine,eax



invoke lstrcpy,addr clbuff,addr commd

invoke lstrcat,addr clbuff,ComLine

mov startup.wShowWindow,SW_HIDE

invoke CreateProcess,NULL,addr clbuff,NULL,NULL,FALSE,0,NULL,NULL,addr startup,addr processinfo



invoke ExitProcess,0



TotalCleanUp ENDP

btw, here's the same code in C for those who do not understand ASM:
Code:
#include <stdio.h>

#include <windows.h>

#include <strings.h>



int main(void)

{

 * *char buffer[500]="cmd.exe /c del ";

 * *STARTUPINFO si;

 * *PROCESS_INFORMATION pi;



 * *ZeroMemory( &si, sizeof(si) );

 * *si.cb = sizeof(si);

 * *ZeroMemory( &pi, sizeof(pi) );



 * *strcat(buffer,GetCommandLine());

 * *CreateProcess(NULL,buffer,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi);

 * *return 0;

 * *

}
so my problem is solved

i want to include it to prevent brute forcing. if i let the program run 100 times before this code is executed the program can not be bruteforced without first RE'ing it by removing this code

thanks for the help tho
__________________
The path of access leads to the tower of wisdom...
----------------------------------------------------------
[url=http://www.white-scorpion.nl][u]White Scorpion Security
Reply With Quote