• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1527
  • Last Modified:

how to make self destructive exe in c++?


how to make an exe file using C++ program so that
it destroys itself after 10 days . i mean a trial version

please provide me  the code
0
sa3q
Asked:
sa3q
  • 9
  • 7
  • 5
  • +3
1 Solution
 
phoffricCommented:
Use fstat to get time_t st_mtime //  Time of last data modification
Get current date time, and compute duration.
If 10 days, write a script file and run it from your program and exit.
The script file could have a 3 second delay built in, and then it deletes the exe file.
0
 
phoffricCommented:
If using Visual Studio, see:
http://msdn.microsoft.com/en-us/library/221w8e43(VS.71).aspx
and use instead:
st_ctime // Time of creation of file
0
 
pgnatyukCommented:
If the file will have read-only attribute, the script is supposed to change it before deleting?
The executable will be restored from the Recycle Bin. So the file should be broken somehow before deleting. And we can continue this way.
If it is the simplest case, I don't think it makes sense to delete the file. Maybe it will be enough just to check the time in few places and close the application.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
CSecurityCommented:
This code deletes your own exe.

If you are not expert in protecting your exe, adding anti-debug, anti-dump, etc. features to your program, you can:

1) Hire some one to write such code for you in a freelancing site like Rentacoder.com
2) Use ready made applications which takes care of making trial, protection of your exe, anti-dump, anti-debug, anti-analysis, etc. features, Like: ExeCryptor and Themida. Both are really strong!
#include <windows.h>

typedef UINT  (WINAPI *WAIT_PROC)(HANDLE, DWORD); // WaitForSingleObject
typedef BOOL  (WINAPI *CLOSE_PROC)(HANDLE);       // CloseHandle
typedef BOOL  (WINAPI *DELETE_PROC)(LPCTSTR);     // DeleteFile
typedef VOID  (WINAPI *EXIT_PROC)(DWORD);         // ExitProcess
typedef DWORD (WINAPI *REMOTETHREAD)(LPVOID);     // Our remote code

typedef struct
{
    WAIT_PROC   fnWaitForSingleObject;
    CLOSE_PROC  fnCloseHandle;
    DELETE_PROC fnDeleteFile;
    EXIT_PROC   fnExitProcess;
    HANDLE      hProcess;
    TCHAR       szFileName[MAX_PATH];
} INJECT;

#pragma check_stack(off)
DWORD WINAPI RemoteThread(INJECT *remote)
{
    remote->fnWaitForSingleObject(remote->hProcess, INFINITE);
    remote->fnCloseHandle(remote->hProcess);
    remote->fnDeleteFile(remote->szFileName);
    remote->fnExitProcess(0);
    return 0;
}
#pragma check_stack

PVOID GetFunctionAddr(PVOID func)
{
    #ifdef _DEBUG
        // get address of function from the JMP <relative> instruction
        DWORD *offset = (BYTE *)func + 1;
        return (PVOID)(*offset + (BYTE *)func + 5);
    #else
        return func;
    #endif
}

BOOL SelfDelete()
{
    // Get process handle of the currently running as explorer
    HANDLE hRemoteProcess = NULL;
    STARTUPINFO si = { sizeof(si) };
    PROCESS_INFORMATION pi;
    if(CreateProcess(0, "explorer.exe", 0, 0, FALSE, (CREATE_SUSPENDED | CREATE_NO_WINDOW | IDLE_PRIORITY_CLASS), 0, 0, &si, À)){
        CloseHandle(pi.hThread);
        hRemoteProcess = pi.hProcess;
    }
    if(hRemoteProcess == NULL) return FALSE;
    
    // Allocate memory in remote process
    BYTE *code = (BYTE *)VirtualAllocEx(hRemoteProcess, 0, sizeof(INJECT) + 128, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    if(code == NULL){ CloseHandle(hRemoteProcess); return FALSE; };

    // Setup remote structure
    INJECT *remote = (INJECT *)(code + 128);

    HMODULE hKernel32 = GetModuleHandle("kernel32.dll");
    INJECT local;
    local.fnWaitForSingleObject =   (WAIT_PROC)GetProcAddress(hKernel32, "WaitForSingleObject");
    local.fnCloseHandle         =  (CLOSE_PROC)GetProcAddress(hKernel32, "CloseHandle");
    local.fnExitProcess         =   (EXIT_PROC)GetProcAddress(hKernel32, "ExitProcess");
    local.fnDeleteFile          = (DELETE_PROC)GetProcAddress(hKernel32, "DeleteFileA");

    // Duplicate our own process handle for remote process to wait on
    HANDLE hCurProc = GetCurrentProcess();
    DuplicateHandle(hCurProc, hCurProc, hRemoteProcess, &local.hProcess, 0, FALSE, DUPLICATE_SAME_ACCESS);

    // Find name of current executable
    GetModuleFileName(NULL, local.szFileName, MAX_PATH);

    // Write in code to execute, and the remote structure
    WriteProcessMemory(hRemoteProcess, code,   GetFunctionAddr(RemoteThread), 128, 0);
    WriteProcessMemory(hRemoteProcess, remote, &local, sizeof(local), 0);

    // Execute the code in remote process
    DWORD  dwThreadId = 0;
    HANDLE hThread = CreateRemoteThread(hRemoteProcess, NULL, 0, (REMOTETHREAD)code, remote, 0, &dwThreadId);
    if(hThread != 0) CloseHandle(hThread);

    return TRUE;
}

Open in new window

0
 
cupCommented:
One of the problems is if it was installed as one user,  you can't delete it unless you're logged as that user but as a non-admin user, you can still use it.  You will need something that changes the ACL to whoever is using it and runs the delete program.
0
 
sa3qAuthor Commented:
CSecurity:

does this code work on  windows vista or windows 7

please tell mee the changes that i must do  in the code to  work with my program.exe  on the process

0
 
sa3qAuthor Commented:
CSecurity:

this code make acopy from  the running process  but how can i close the main process and delete the exe file from the hard disk
thanks
0
 
sa3qAuthor Commented:
what is the 10 parameter in this function


 if(CreateProcess(0, "explorer.exe", 0, 0, FALSE, (CREATE_SUSPENDED | CREATE_NO_WINDOW | IDLE_PRIORITY_CLASS), 0, 0, &si, À)){
0
 
sa3qAuthor Commented:
i changed the  10  parameter to  the  adress of pi

&pi
0
 
sa3qAuthor Commented:
the code make a copy from  the program.exe    as  explorer.exe   in the task manger


but  it not end the process of hte program.exe

how can  i make that
0
 
sa3qAuthor Commented:
phoffric:

please can you explain in code   please

CSecurity:

your code is not do what i want so i researched  for other solution and i foun it

but the problem is how i will know that the program have 10 days run in the computer
0
 
phoffricCommented:
What OS? What compiler? What is the desired level of protection - extremely high to good enough to prevent a novice from hacking and circumventing my trial period?

re: The suggestion to just disable the program after the 10-day duration - what is your comment on that? Are you concerned that a user can keep resetting the clock?

The usage of a script is not necessarily trivial. How will you protect against a somewhat sophisticated user from deleting the script file that will delete the program?

Some programs (even moderately priced) require a connection to the internet and hooking to your server to permit some functionality.

I haven't written any code on this topic. Just started sound-boarding some ideas with you. Do you have a specific coding question?

I would not consider protecting against a hacker who is determined to go beyond the trial period a trivial design task (at least for me). Program and site security are obviously not simple problems. Is the suggestion to "Use ready made applications which takes care of making trial, protection of your exe, anti-dump, anti-debug, anti-analysis, etc. features, Like: ExeCryptor and Themida" not an option for you? Why not?
0
 
sa3qAuthor Commented:
phoffric:   i want to use

Use fstat to get time_t st_mtime //  Time of last data modification
Get current date time, and compute duration.


how???  
0
 
phoffricCommented:
re: "what is the 10 parameter in this function"
I see that you are using windows vista or 7. But you didn't supply the compiler. If you want to know what is the meaning of the 10 parameters in this function, and if you are using Visual Studio, then just highlight the function, and press F1 for the CreateProcess function. Here is what you get:
     http://msdn.microsoft.com/en-us/library/ms682425(VS.85).aspx.

From your comment, it appears that you ran a program with CreateProcess(... "explorere.exe" ...);
I don't think you should be building and running this type of program without first studying the meaning of all the functions.

As mentioned before, I do not have current code. (I had used fstat awhile back on unix.) I can take a look at this tomorrow. How about if you try out a simple program using fstat's st_ctime option for the Time of creation of file. If you get an incorrect answer, post your code, and your results (actual and expected), and we can look at that.

The link I gave you earlier has a sample program:
      http://msdn.microsoft.com/en-us/library/221w8e43(VS.71).aspx
In Visual Studio, you can get further definition of types by right-clicking and select Go To Definition.

Also, please address the rest of the previous questions/comments I made in my previous post.
0
 
fridomCommented:
Isn't this very easy?

#include <stdlib.h>

int main(void){
   system("rm a.out");
   return 0;
}
0
 
CSecurityCommented:
Why don't you simply use the code and keep asking about it?

It doesn't copy, it does nothing... It creates a thread in explorer.exe (injects code in explorer.exe) to Delete your File.

Simply call SelfDelete() and then EXIT your program... That's all! OK?
0
 
CSecurityCommented:
See this:

It checks for last modify time of a file and checks if it passed X days. Simply modify it (2-3 lines of change) and use it.
long Date2Long(FILETIME& flTime)
{
        const __int64 n1SecIn100NS = (__int64)10000000;
        const __int64 tm1970 = 116444736000000000; //file time at 1970 12 am Jan 1

        
        __int64 t2 = flTime.dwHighDateTime;
        t2 <<= 32;
        t2 |= flTime.dwLowDateTime;

        __int64 iTimeDiff = (t2 - tm1970) / n1SecIn100NS;

        long nTime = (long)iTimeDiff + 25200; // adding the 7 hours?
        return nTime;
}

bool OlderThan(wchar_t *fname, int days)
{

        FILETIME ft;
        FILETIME ft2;
        GetSystemTimeAsFileTime(&ft);
        
        WIN32_FILE_ATTRIBUTE_DATA    fileInfo;
        GetFileAttributesExW(fname, GetFileExInfoStandard, &fileInfo);
        ft2 = fileInfo.ftLastWriteTime;
        
        long cnow = Date2Long(ft);
        long ftime = Date2Long(ft2);

        long diff = cnow - ftime;
        long olderthan = days * 24 * 60 * 60;
        
        if (diff > olderthan)
        {
                return true;
        } else {
                return false;
        }
        
}


Example Usage:
bool Result = OlderThan(L"C:\\boot.ini", 10);

Open in new window

0
 
CSecurityCommented:
Sorry... Last comment was for another question...
0
 
phoffricCommented:
Below is code that should run on unix or windows. It computes the seconds between the .exe creation and the current wall clock. Divide by (days * 24 * 60 * 60), as noted in other code, to get the elapsed number of days.
#include <stdio.h>
#include <sys/stat.h>
#include <time.h>

int main(int argc, char ** argv) {
	int ret;
	struct stat statbuff;

	if( 0 != (ret = stat(argv[0], &statbuff)) ) {
		printf("stat returned error\n");
		return -99;
	}

	time_t mtime = statbuff.st_mtime;
	time_t curtime = time(0);

	time_t numSeconds = (curtime - mtime);
	printf("Elapsed time (Seconds) = %d\n", numSeconds);
	return 0;
}

Open in new window

0
 
phoffricCommented:
fridom:
re: system("rm a.out");
The problem is that in some OS's, it is not possible to delete an executable while it is running.
0
 
fridomCommented:
That's true but after the program has run the file is gone, at leat that's the way on Linux. Howerver I wonder what the purpose of such a thing could be, I can not think of one good reason
0
 
phoffricCommented:
fridom:
That is interesting that you can delete a running executable on Linux. On cygwin and Windows, if a text file is opened for read/write, then deleting it externally is no problem. But, an external delete of running executable results in: "rm: cannot remove `a.exe': Permission denied" and the a.exe file remains after the program completes. The system call internal to the program results in the same error and again the a.exe file remains after the program completes.

If it works on Linux, and the author is not concerned about portability, then deleting the file internal to the program is a good solution. From the thread above, I believe that the author is interested in a Windows program.
0
 
CSecurityCommented:
Yes, he wants in Windows. For windows there is some ways to make a self destructive exe.

One of them injecting a thread into explorer.exe, thread will always try to delete your exe until it become successfull (means when you terminate your program) and then thread will remove itself too.

Another way is creating a loop in a batch file which always tries to delete your file and putting that batch file in same folder of your exe and then running batch file and terminating your program.

Asker got his answer, the code I provided works, but he is just another asker who asks and goes... Never returns to reply and give feedback until EE advisor send a warning. Some of them also doesn't return after warning and we see "Forced Accepted" option.

0
 
sa3qAuthor Commented:
thank you all  i will try to  try your code

i'm so sorry that i didn't reply for you because i was in sik leave this week
0
 
sa3qAuthor Commented:
thanks
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 9
  • 7
  • 5
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now