Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > General Forum
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 01-30-2005, 06:17 PM
white scorpion white scorpion is offline
Junior Member
 
Join Date: Jan 2005
Location: the Netherlands
Posts: 4
Default writing an application which can delete itself

Hi all,

i'm writing a crackme and i would like to add the option to remove itself if the user enters the wrong password too many times.

well, the crackme itself isn't that hard to write, but the piece of code to let the program delete itself is...

i've been thinking about using the windows installer (if i knew how),
or perhaps there might be some API's which can be of use.


any ideas?

Thanks in advance,


Kind regards

White Scorpion
__________________
The path of access leads to the tower of wisdom...
----------------------------------------------------------
[url=http://www.white-scorpion.nl][u]White Scorpion Security
Reply With Quote
  #2  
Old 01-31-2005, 12:57 AM
Crudd Crudd is offline
Administrator
 
Join Date: Dec 2002
Posts: 22
Default

Google has a few solutions for you: http://www.codeguru.com/Cpp/W-P/win32/arti...icle.php/c4533/
and http://www.windevnet.com/documents/win0312d/ could be helpful.
I dont see the point of making the .exe delete itself. The cracker will just d/l it again if he needs/wants to. Seems like alot of work for little payoff.
Crudd [RET]
__________________
Just another freak, in the freak kingdom.
Reply With Quote
  #3  
Old 01-31-2005, 11:39 AM
Devine9 Devine9 is offline
Administrator
 
Join Date: Dec 2002
Posts: 180
Default

Installers do this all the time..

[ ] delete setup file after install

could pass the pid to a seperate process which watches for exit, then delete.. or just wait a couple seconds but then you risk race conditions.

-DR.
Reply With Quote
  #4  
Old 01-31-2005, 04:11 PM
white scorpion white scorpion is offline
Junior Member
 
Join Date: Jan 2005
Location: the Netherlands
Posts: 4
Default

thanks for your answers and i did google

well, here's what i came up with:

Code:
commd * * * db "cmd.exe /c del ",0



processinfo PROCESS_INFORMATION <>

startup * * STARTUPINFO * * * * <>



clbuff * * *db 500 dup (?)



TotalCleanUp PROC


;remove the program itself
;-------------------------



invoke GetCommandLine

mov ComLine,eax



invoke lstrcpy,addr clbuff,addr commd

invoke lstrcat,addr clbuff,ComLine

mov startup.wShowWindow,SW_HIDE

invoke CreateProcess,NULL,addr clbuff,NULL,NULL,FALSE,0,NULL,NULL,addr startup,addr processinfo



invoke ExitProcess,0



TotalCleanUp ENDP

btw, here's the same code in C for those who do not understand ASM:
Code:
#include <stdio.h>

#include <windows.h>

#include <strings.h>



int main(void)

{

 * *char buffer[500]="cmd.exe /c del ";

 * *STARTUPINFO si;

 * *PROCESS_INFORMATION pi;



 * *ZeroMemory( &si, sizeof(si) );

 * *si.cb = sizeof(si);

 * *ZeroMemory( &pi, sizeof(pi) );



 * *strcat(buffer,GetCommandLine());

 * *CreateProcess(NULL,buffer,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi);

 * *return 0;

 * *

}
so my problem is solved

i want to include it to prevent brute forcing. if i let the program run 100 times before this code is executed the program can not be bruteforced without first RE'ing it by removing this code

thanks for the help tho
__________________
The path of access leads to the tower of wisdom...
----------------------------------------------------------
[url=http://www.white-scorpion.nl][u]White Scorpion Security
Reply With Quote
  #5  
Old 02-01-2005, 08:31 PM
sna sna is offline
Administrator
 
Join Date: Jun 2003
Posts: 76
Default writing an application which can delete itself

Hi.

Recall that the command promt is not brought up by cmd.exe under Windows 95/98/ME.
There's an environment variable named COMSPEC that specifes the command-interpreter in use.

Regards, sna
Reply With Quote
  #6  
Old 02-02-2005, 02:25 AM
white scorpion white scorpion is offline
Junior Member
 
Join Date: Jan 2005
Location: the Netherlands
Posts: 4
Default

yes i i know, perhaps i should use command.com instead
__________________
The path of access leads to the tower of wisdom...
----------------------------------------------------------
[url=http://www.white-scorpion.nl][u]White Scorpion Security
Reply With Quote
  #7  
Old 02-02-2005, 10:18 AM
sna sna is offline
Administrator
 
Join Date: Jun 2003
Posts: 76
Default Environment Variables

GetEnvironmentVariable()

http://msdn.microsoft.com/library/default....entvariable.asp

Regards, sna
Reply With Quote
  #8  
Old 02-02-2005, 01:43 PM
white scorpion white scorpion is offline
Junior Member
 
Join Date: Jan 2005
Location: the Netherlands
Posts: 4
Default

yes i know of the API, but it doesn't really matter since command.com is available in all versions of windows . so why write a lot of extra code when you can just use command.com ?
__________________
The path of access leads to the tower of wisdom...
----------------------------------------------------------
[url=http://www.white-scorpion.nl][u]White Scorpion Security
Reply With Quote
  #9  
Old 02-02-2005, 04:22 PM
sna sna is offline
Administrator
 
Join Date: Jun 2003
Posts: 76
Default cmd.exe VS command.com

Quote:
so why write a lot of extra code when you can just use command.com ?
Because command.com is executed inside a virtual machine. It's just wrong damn it!

Regards, sna
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.