Are there any tricks to make "exe" file delete itself or it is completely impossible under MS Windows?
Posted on 2000-12-10 23:36:00 by Ol
You can't delete the program while it's still running. The operating system uses the file as backup in case it needs to reload the missing memory pages.
Posted on 2000-12-11 00:27:00 by Iczelion
In setup programs I know you set a key somewhere in the windows registry and it will delete the files when windows restarts. Windows handles this BEFORE anything is loaded so you can do this to shared DLL's or anything and you can replace the DLL's in the same place in the registry. For example in your setup program if you wanted per se to update the "RichEdit32.dll" file then you would make it as a temp file and enter a special registry key and windows would update it before it's used on next boot. Now after saying all that, I don't have the slightest clue as to where that was! I can't remember but maybe someone else would... I believe there is a way to delete itself though, I've seen examples many times, even under NT, using ring-0 tricks. I've also seen some programs which delete themselves before... See ya, Ben
Posted on 2000-12-11 02:47:00 by cyberben
Hmm.... now you got me thinking. I was thinking about something like create a code segment in memory and then switching to that, which you would have written on the fly, which would close your program and delete it. I don't understand all that much about code segments and stuff, but I'm sure it's possible. I saw a qbasic program once which would load some assembler routines into memory then switch the cpu's instruction pointer to their assembler routine and then switch back at the end. But maybe that was a DOS thing with the CS register... Can you do that in win32? Somebodies gotta know? The theory would then be, you would load up a small routine in memory which closes your program by sending a WM_CLOSE message to it, then it would invoke an API to delete the file? Assuming the API call doesn't want a window handle. This would obviously for sure not work on NT, as you need a window to get security preivilages, in order to access files period, let alone delete them. But then again, look into NT ring-0, I know it's a "no-no" but hey your not marketing your program are you? Well hope this at least inspires someone who knows about the code segment stuff. See ya, Ben
Posted on 2000-12-11 02:54:00 by cyberben
A while back when I was looking at coding an installer program (but found a freebie (Parque Builder) that works very well, so abandoned the task), I was faced with the uninstaller problem of just this: How to make a program delete itself. Yes Virginia, there IS a self-deletion method. It is based on the curious fact that a .bat file can delete itself. Even in NT. So... the program to delete itself just needs to determine it's own file name, write a short bat file to: 1) delete the exe file 2) determine IF the exe is really deleted, if not, loop 3) once the exe is truly gone, delete it's own .bat file That's it. Extra bonus points for shelling the bat file in a low priority process. The only possible drawback is it leaves a "WINOLDAPP" seeming to run in the task manager, I have no idea what resources or cpu time this consumes (but it does go away when rebooting). I'll be at my main computer later this week, I'll try to find the source for that code and post it here is you request. (I'll be moving my computer HERE within 2 weeks--HORAY)
Posted on 2000-12-11 03:21:00 by TTom Elicz did it, check his DeleteModule stuff
Posted on 2000-12-11 03:33:00 by Maurice
I guess this is somewhat off topic, but i remember when i was twelve years or something and just started out programming with VB 3, i played with that and made a program which deleted itself.. Sadly i never been able to make that program again, and i don't have a copy of the program or the sources for it.. i remember the code was very easy, it was something like "unload me" and then OnUnload() "kill application.exename"
Posted on 2000-12-11 09:07:00 by tmf
I think the registry key (for what cyberben said) is "run Once" If you put the path of your app (getModulename?) as a new string-key within there, then when windows restarts it should delete it. ....At least I think that's how it works
Posted on 2000-12-11 10:48:00 by Tedd
the registry key for running things once is LM\Software\Microsoft\Windows\CurrentVersion\RunOnce\ You can put the name of a .bat file there, and as has been explained, the .bat file can delete the exe and itself.
Posted on 2000-12-11 11:04:00 by Hel
You could do something like find a segment gap in kernel32.dll or some other dll loaded in another process, then with that write some code to that and then use CreateRemoteThread to create a new thread in the new code. That new code is then running in the context of the other process, so it can wait until your process exits then delete the exe file etc... (Yeah kinda far-fetched and comlicated but it could be done)
Posted on 2000-12-11 19:01:00 by rorge
like we don't know what you wanna make.. some nasty prog that deletes some files (or does something even worse) and then deletes itself. If the person this prog is intented for is not a lamer as yourself, he'll be able to reconstruct your exe. And trace you down, pal. There are labs that are able to read files from completely wacked hard-disks A NUMBER of writes BACK, from the same sector. If you want to be evil AND invisible, detect what cluster your exe sits in and then make several writes of gibbrish data onto it.
Posted on 2000-12-11 20:12:00 by your mama
rorge, The technique is known generically as "dll injection," written by (I believe) Jeffrey Richter, about '95 or '96 in MSJ. Basically, you fool another process into accepting some code by facking it as a dll to load it, then starting another thread to run it. No, I've never tried it, but it is applicabe to self-deletion (Richter even uses it in a self-deletion article he wrote about the same timeframe). So your idea WOULD work. :-)
Posted on 2000-12-11 21:52:00 by TTom
Ah, I FINALLY found that article. MSJ, Jan '96, Win32 Q&A Available online in the MSDN library:
Posted on 2000-12-11 21:56:00 by TTom