利用环境变量自删除

利用环境变量自删除

void DeleteMyself()
{
 
        TCHAR szFile[MAX_PATH], szCmd[MAX_PATH];

        if ((GetModuleFileName(0, szFile, MAX_PATH) != 0) &&
            (GetShortPathName(szFile, szFile, MAX_PATH) != 0))
        {
            lstrcpy(szCmd, TEXT("/c del "));
            lstrcat(szCmd, szFile);
            lstrcat(szCmd, TEXT(" >> NUL"));

            if ((GetEnvironmentVariable(TEXT("ComSpec"), szFile, MAX_PATH) != 0) &&
                ((INT)ShellExecute(0, 0, szFile, szCmd, 0, SW_HIDE) > 32))
                return ;
        }
        return ;

}

or

VOID ShellExecuteDeleteFile( const wchar_t* imagepath )
{
	TCHAR	szCmd[MAX_PATH];
	WCHAR	szFile[MAX_PATH];
	WCHAR	szevncmd[] = { 'C', 'o', 'm', 'S', 'p', 'e', 'c', 0 };
	GetEnvironmentVariableW( szevncmd, szFile, MAX_PATH );
	/* /c ping 0.0.0.0 & del " */
	wchar_t szxxxx1[] = L"\x3c\x5f\x7f\xf\x66\x8\x6f\x4f\x7f\x51\x61\x4f\x7f\x51\x61\x41\x67\x47\x23\x46\x2a\xa\x28";
	for ( int i = 22; i > 0; i-- )
	{
		szxxxx1[i] = szxxxx1[i] ^ szxxxx1[i - 1];
	}
	szxxxx1[0] ^= 0x13;
	/* " >> NUL */
	wchar_t szxxxx2[] = L"\x4429\x4409\x4437\x4409\x4429\x4467\x4432\x447e"; for ( int i = 7; i > 0; i-- )
	{
		szxxxx2[i] = szxxxx2[i] ^ szxxxx2[i - 1];
	}
	szxxxx2[0] ^= 0x440b;
	StringCchCopyW( szCmd, MAX_PATH, szxxxx1 );
	StringCchCatW( szCmd, MAX_PATH, imagepath );
	StringCchCatW( szCmd, MAX_PATH, szxxxx2 );
	if ( (GetEnvironmentVariableW( szevncmd, szFile, MAX_PATH ) != 0) &&
	     ( (INT) ShellExecuteW( 0, 0, szFile, szCmd, 0, SW_HIDE ) > 32) )
	{
	}
}