 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
|
|
#1
01-30-2005, 06:17 PM
|
|||
|
|||
writing an application which can delete itself
Hi all,
i'm writing a crackme and i would like to add the option to remove itself if the user enters the wrong password too many times. well, the crackme itself isn't that hard to write, but the piece of code to let the program delete itself is... i've been thinking about using the windows installer (if i knew how  ), or perhaps there might be some API's which can be of use. any ideas? Thanks in advance, Kind regards White Scorpion
__________________
The path of access leads to the tower of wisdom... ---------------------------------------------------------- [url=http://www.white-scorpion.nl][u]White Scorpion Security 
|
|
#2
01-31-2005, 12:57 AM
|
|||
|
|||
|
Google has a few solutions for you: http://www.codeguru.com/Cpp/W-P/win32/arti...icle.php/c4533/
and http://www.windevnet.com/documents/win0312d/ could be helpful. I dont see the point of making the .exe delete itself. The cracker will just d/l it again if he needs/wants to. Seems like alot of work for little payoff. Crudd [RET]
__________________
Just another freak, in the freak kingdom.
|
|
#4
01-31-2005, 04:11 PM
|
|||
|
|||
|
thanks for your answers and i did google
well, here's what i came up with: Code:
commd * * * db "cmd.exe /c del ",0 processinfo PROCESS_INFORMATION <> startup * * STARTUPINFO * * * * <> clbuff * * *db 500 dup (?) TotalCleanUp PROC ;remove the program itself ;------------------------- invoke GetCommandLine mov ComLine,eax invoke lstrcpy,addr clbuff,addr commd invoke lstrcat,addr clbuff,ComLine mov startup.wShowWindow,SW_HIDE invoke CreateProcess,NULL,addr clbuff,NULL,NULL,FALSE,0,NULL,NULL,addr startup,addr processinfo invoke ExitProcess,0 TotalCleanUp ENDP btw, here's the same code in C for those who do not understand ASM: Code:
#include <stdio.h>
#include <windows.h>
#include <strings.h>
int main(void)
{
* *char buffer[500]="cmd.exe /c del ";
* *STARTUPINFO si;
* *PROCESS_INFORMATION pi;
* *ZeroMemory( &si, sizeof(si) );
* *si.cb = sizeof(si);
* *ZeroMemory( &pi, sizeof(pi) );
* *strcat(buffer,GetCommandLine());
* *CreateProcess(NULL,buffer,NULL,NULL,FALSE,0,NULL,NULL,&si,&pi);
* *return 0;
* *
}
i want to include it to prevent brute forcing. if i let the program run 100 times before this code is executed the program can not be bruteforced without first RE'ing it by removing this code thanks for the help tho 
__________________
The path of access leads to the tower of wisdom... ---------------------------------------------------------- [url=http://www.white-scorpion.nl][u]White Scorpion Security
|
|
#5
02-01-2005, 08:31 PM
|
|||
|
|||
|
writing an application which can delete itself
Hi.
Recall that the command promt is not brought up by cmd.exe under Windows 95/98/ME. There's an environment variable named COMSPEC that specifes the command-interpreter in use. Regards, sna
|
|
#6
02-02-2005, 02:25 AM
|
|||
|
|||
|
yes i i know, perhaps i should use command.com instead
__________________
The path of access leads to the tower of wisdom... ---------------------------------------------------------- [url=http://www.white-scorpion.nl][u]White Scorpion Security
|
|
#7
02-02-2005, 10:18 AM
|
|||
|
|||
|
Environment Variables
|
|
#8
02-02-2005, 01:43 PM
|
|||
|
|||
|
yes i know of the API, but it doesn't really matter since command.com is available in all versions of windows . so why write a lot of extra code when you can just use command.com ?
__________________
The path of access leads to the tower of wisdom... ---------------------------------------------------------- [url=http://www.white-scorpion.nl][u]White Scorpion Security
|
Hybrid Mode
