Probably, the only way that always works as advertised:
.386
.model flat, stdcall
include .\delHelper.inc
.data
batname db "deleter.bat",0
batTemplate db '@echo off',10,':try',10,'del "%s"',10,'if exist "%s" goto try',10,'del %%0',10,0
.code
main proc
LOCAL tempPath[256] : BYTE
LOCAL tempLen : DWORD
LOCAL currentFile[256] : BYTE
LOCAL fileLen : DWORD
LOCAL fHandle : HANDLE
LOCAL batContents [512] : BYTE
LOCAL batLen : DWORD
LOCAL written : DWORD
LOCAL stupinfo : STARTUPINFOA
LOCAL ProcessInfo : PROCESS_INFORMATION
INVOKE GetTempPathA, 200, addr tempPath
mov tempLen, eax
invoke strcat, addr tempPath, addr batname
invoke GetModuleFileNameA, 0, addr currentFile, 256
mov fileLen, eax
; Create the .bat file
invoke CreateFileA, addr tempPath, GENERIC_WRITE,FILE_SHARE_READ,0, CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0
.if eax==-1
jmp @exit
.endif
mov fHandle, eax
invoke sprintf, addr batContents, addr batTemplate, addr currentFile, addr currentFile
mov batLen, eax
invoke WriteFile, fHandle, addr batContents, batLen, addr written, 0
invoke CloseHandle, fHandle
; Launch .bat file
lea edi, stupinfo
mov ecx, sizeof STARTUPINFOA
mov al, 0
cld
rep stosb
mov stupinfo.cb, sizeof STARTUPINFOA
mov stupinfo.dwFlags, STARTF_USESHOWWINDOW
invoke CreateProcessA, 0, addr tempPath, 0, 0, 1, CREATE_NO_WINDOW, 0, 0, addr stupinfo, addr ProcessInfo
invoke Closehandle, ProcessInfo.hThread
@exit:
invoke ExitProcess,0
main endp
end main
oh, i know! :shock:
ExitProcess
:biggrin:
Where you been DAVE???
Quote from: dedndave on November 27, 2017, 04:59:24 AM
oh, i know! :shock:
ExitProcess
:biggrin:
Of course, but before you find Christ you must first find the church (amen :bgrin:)
self-destructor (http://www.manhunter.ru/assembler/1019_samoudalyayuschiysya_fayl.html)
In the time of MS-DOS, nobody was surprised at such a focus, the operating system allowed to write anything anywhere, and even delete the executable file while executing it. With the advent of Windows, the free will ended. If the file is started, then before it finishes, nothing can be done with it. But from this rule there is one exception - the so-called batch or bat-files. They are executed not as a stand-alone application, but as a set of instructions for the command processor, so they can easily delete themselves. This we will use to solve our problem. Here is an example of a batch file that first tries to delete a file on a given path, and then self-destruct.:loc
del "D:\Path\file.exe"
if exist "D:\Path\file.exe" goto loc
del %0
Checking and looping are needed in order to wait until the file is released and becomes available for elimination. The "del% 0" command deletes the bat file in which it is executed, without reference to its name. Now, to make our executable self-extracting, it must perform the following actions: get the name and path of the executable file, create a bat-file, run it and exit. bat-file wait for the end of the executable file, delete it, then delete itself..data
mask db ':loc',13,10
db 'del "%s"',13,10
db 'if exist "%s" goto loc',13,10
db 'del %%0',0
batext db '.bat',0
fname db MAX_PATH dup (?)
buff db MAX_PATH*3 dup (?)
...
.code
.....
invoke GetModuleFileName,0,addr buff,MAX_PATH
; name of file in DOS'style
invoke GetShortPathName,addr buff,addr fname,MAX_PATH
; make bat-file
invoke wsprintf,buff,mask,fname,fname
add esp,16
; size of bat-file
mov esi,eax
; add ".bat"
invoke lstrcat,addr fname,addr batext
; write bat-file
invoke _lcreat,addr fname,0
cmp eax,-1
je @f
mov ebx,eax
invoke _lwrite,ebx,addr buff,esi
invoke _lclose,ebx
;hide run
invoke WinExec,addr fname,SW_HIDE
@@: invoke ExitProcess,0
@Mikl__
Thank you for explaining what my example does and for making it Windows 95 compatible :t
aw27,
There isn't my article. I pointed out the link to the article http://www.manhunter.ru/assembler/1019_samoudalyayuschiysya_fayl.html (17.05.2016)
(http://www.manhunter.ru/upload/e1/42/e142d1cbcbba290dcbe0b67483bb08e1.jpg)
This is another version of the suicide file. I do not presume to judge who the author, but IMHO both files come from the same source
@Mikl__
Ah, that is the reason it is broken then.
1) mask is a reserved word, replace with _mask.
2) invoke wsprintf,buff,mask,fname,fname is wrong. It must be invoke wsprintf, addr buff, addr _mask, addr fname, addr fname
3) add esp,16 should not exist.
4) Also, what is the point of GetShortPathName to obtain a 8.3 DOS name when you are going to use double quotes surrounding the name in the batch file?
Strange is that no one tried to build it and see it is broken. :icon_rolleyes:
invoke wsprintf,buff,mask,fname,fname is wrong
it's not a mistake. I translated the program from FASM to MASM but not very carefully ~ 1 min
Quote from: Mikl__ on November 28, 2017, 02:10:10 AM
invoke wsprintf,buff,mask,fname,fname is wrong
it's not a mistake. I translated the program from FASM to MASM but not very carefully ~ 1 min
Ah, FASM. :t