标题:运行中删除自己 VB+API
只看楼主
vcholy
Rank: 1
等 级:新手上路
帖 子:2
专家分:0
注 册:2007-6-6
 问题点数:0 回复次数:3 
运行中删除自己 VB+API

至于研究这个话题有什么意义,坦白说不大,但是对于我们学习了解windows倒是有很大帮助的。
记得在Win98时代便有很多这样的文章讨论,那个时候大菜鸟一个(当然现在也菜的厉害),不明白这个的道理,后来学了点Bat, 知道可以用vb生成一个bat文件,在退出时调用bat文件,退出之后,bat文件开始运行,然后用 del这个dos命令删除。再后来学了点vbs,知道还可以用FSO删除,但是这些大家基本都做的到。没什么新鲜的了。
真正的不生成任何文件,就是直接 运行ing And 删除ing集成在一个动作里才是本文要讨论的主题,否则,本文的价值,不值得浪费大家的时间了。
后来看了一篇是vc来做的,具体的是讲述文件在运行中的时候,有个文件对应的HANDLE打开,文件删除就会失败,而调用CloseHandle(HANDLE(4))就可以删除映射,其中HANDLE4是OS的硬编码,对应于EXE的IMAGE.在缺省情况下,OS假定没有任何调用会关闭IMAGE SECTION的HANDLE,而现在,该HANDLE被关闭了.删除文件就解除了文件对应的一个句柄.这样就可以删除了,代码不长,但是用vc做这个也没什么新鲜的。
我当时将这段代码打算换成vb,调试了半天总是不成功,汇编的功底不够到家,呵呵。就变通了一个方法,这个便是我要对大家讲述的本文主题:vb远程线程办法来的。
所谓远程线程,简单直白说就是2个进程之间,一个向另一个的内存中建立一个线程,而这个线程的父进程并非是建立他的进程,而是被建立线程的这个进程。网上很多的例子范文,讲述的是先用vc等其他编程语言,写个DLL,然后拿到VB中,用vb代码把这个DLL弄到另一个进程中,这样, 先不说多了一个 DLL文件,就是随便一个进程查看器就可以查到这个DLL的。呵呵,实在是。。。。。。
我所讲述的是VB生成的EXE本身进入到其他进程里,然后删除自己,这样以来整个过程就是,程序运行,把自己弄到目标进程,然后在目标进程里作为一个线程运行,把自己删除。
VB6.0+Windows2000下调试成功,Xp/Vista下测试成功,别的系统没有做测试。
(演示文件: http://www.360aqws.com/deleteSelf.rar 先运行project,这个是目标文件)
代码如下
Public Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hwnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long

Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Public Declare Function VirtualAllocEx Lib "kernel32" (ByVal ProcessHandle As Long, ByVal lpAddress As Long, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect As Long) As Long
Public Declare Function VirtualFreeEx Lib "kernel32" (ByVal ProcessHandle As Long, lpAddress As Any, ByVal dwSize As Long, ByVal dwFreeType As Long) As Long
Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Public Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As Any, ByVal lpWindowName As Any) As Long
Public Declare Function CreateRemoteThread Lib "kernel32" (ByVal ProcessHandle As Long, lpThreadAttributes As Long, ByVal dwStackSize As Long, lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpthreadid As Long) As Long
Public Declare Function CreateThread Lib "kernel32" (ByVal lpThreadAttributes As Any, ByVal dwStackSize As Long, ByVal lpStartAddress As Long, lpParameter As Any, ByVal dwCreationFlags As Long, lpthreadid As Long) As Long
Public Declare Function GetModuleHandleA Lib "kernel32" (ByVal ModName As Any) As Long
Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal ProcessHandle As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Public Declare Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Public Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" (ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Any, ByVal wParam As Any, ByVal lParam As Any) As Long
Public Declare Function MessageBox Lib "user32" Alias "MessageBoxA" (ByVal hwnd As Long, ByVal lpText As String, ByVal lpCaption As String, ByVal wType As Long) As Long
Public Declare Function DeleteFile Lib "kernel32" Alias "DeleteFileA" (ByVal lpFileName As String) As Long
Public Declare Function CreateEvent Lib "kernel32" Alias "CreateEventA" (ByVal lpEventAttributes As Long, ByVal bManualReset As Long, ByVal bInitialState As Long, ByVal lpName As String) As Long
Public Declare Function GetModuleFileName Lib "kernel32" Alias "GetModuleFileNameA" (ByVal hModule As Integer, ByVal lpFileName As String, ByVal nSize As Integer) As Integer
Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long
Public Declare Function GetMessage Lib "user32" Alias "GetMessageA" (lpMsg As Msg, ByVal hwnd As Long, ByVal wMsgFilterMin As Long, ByVal wMsgFilterMax As Long) As Long
Public Declare Function TranslateMessage Lib "user32" (lpMsg As Msg) As Long
Public Declare Function DispatchMessage Lib "user32" Alias "DispatchMessageA" (lpMsg As Msg) As Long
Public Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long

搜索更多相关主题的帖子: API windows bat 运行 删除 
2007-06-06 09:07
lthiy
Rank: 16Rank: 16Rank: 16Rank: 16
等 级:版主
威 望:9
帖 子:849
专家分:0
注 册:2007-4-4
得分:0 
学习学习

2007-06-06 21:10
snrlgyqve
Rank: 1
等 级:新手上路
帖 子:81
专家分:0
注 册:2007-6-9
得分:0 
很好

2007-06-10 21:39



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-145266-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.139593 second(s), 7 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved