8

有一个自删除程序

#include <windows.h>
#include <stdio.h>

void main(int argc, char* argv[])
{
    STARTUPINFO si = {0};
    PROCESS_INFORMATION pi = {0};
    si.cb = sizeof(si);

    if (argc == 1)
    {
        SECURITY_ATTRIBUTES sa;
        sa.nLength = sizeof(sa);
        sa.lpSecurityDescriptor = NULL;
        sa.bInheritHandle = TRUE;

        CopyFile(argv[0], "1.exe", FALSE);
        MoveFile(argv[0], "2.exe");

        CreateFile("1.exe", 0, FILE_SHARE_READ, &sa, 
            OPEN_EXISTING, FILE_FLAG_DELETE_ON_CLOSE, NULL);

        CreateProcess(NULL, "1.exe x", NULL, NULL, 
            TRUE, 0, NULL, NULL, &si, &pi);
    }
    else if (argc == 2)
    {
        while(!DeleteFile("2.exe"));

        CreateProcess(NULL, "net", NULL, NULL, TRUE, 
            DEBUG_ONLY_THIS_PROCESS, NULL, NULL, &si, &pi);
    }
}

如果我删除它:CreateProcess(NULL, "net", NULL, NULL, TRUE, DEBUG_ONLY_THIS_PROCESS, NULL, NULL, &si, &pi); 它不能工作。
谁能向我解释它是如何工作的?

4

1 回答 1

9

这是一个解释(据我了解)

void main(int argc, char* argv[])
{
    STARTUPINFO si = {0};
    PROCESS_INFORMATION pi = {0};
    si.cb = sizeof(si);

    if (argc == 1)
    {
        SECURITY_ATTRIBUTES sa;
        sa.nLength = sizeof(sa);
        sa.lpSecurityDescriptor = NULL;
        sa.bInheritHandle = TRUE;

        // Make a copy of ourselves which we'll use to delete the version we were run from
        CopyFile(argv[0], "1.exe", FALSE);

        // Rename the running copy of ourself to another name
        MoveFile(argv[0], "2.exe");

        // Make sure we delete the copy of ourselves that's going to delete us when we die
        CreateFile("1.exe", 0, FILE_SHARE_READ, &sa, OPEN_EXISTING, FILE_FLAG_DELETE_ON_CLOSE, NULL);

        // Invoke the process that will delete us
        // allowing it to inherit the handle we just created above.
        CreateProcess(NULL, "1.exe x", NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);
    }
    else if (argc == 2)
    {
        // Wait for the original program to die (deleting us and closing a handle), then delete it
        while(!DeleteFile("2.exe"));

        // Launch a child process which will inherit our file handles
        // -- This keeps the file handle with FILE_FLAG_DELETE_ON_CLOSE (which we inherited) alive beyond our lifetime
        // this allowing us to be deleted after we've died and our own handle is closed.
        CreateProcess(NULL, "notepad", NULL, NULL, TRUE, DEBUG_ONLY_THIS_PROCESS, NULL, NULL, &si, &pi);
    }
}
于 2012-04-25T16:37:43.807 回答