Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

HELP!! deleting running EXE (code included)

0 views
Skip to first unread message

oknp

unread,
Apr 14, 2001, 1:20:27 AM4/14/01
to
hi, i am trying to delete a running executable. i've changed the
characteristics field of the EXE in the Win32 PE File Header to include the
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP flag
(http://msdn.microsoft.com/library/specs/pecoff_section3_3.htm) but it still
doesnt work. any idea? thanks!!

code to change the characteristics flag:
char buf[]="C:\\Documents and
Settings\\Administrator\\Desktop\\imghlptst\\hello\\Debug\\hello.exe";
WORD wChar = 0;
DWORD dwRead;
DWORD signature_offset;
BOOL b;
DWORD char_offset;

HANDLE file =
CreateFile(buf,GENERIC_WRITE|GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FI
LE_ATTRIBUTE_NORMAL,NULL);
SetFilePointer(file,0x3c,0,FILE_BEGIN);
b = ReadFile(file,&signature_offset,4,&dwRead,0);
char_offset = signature_offset+4+18;
SetFilePointer(file,char_offset,0,FILE_BEGIN);
b = ReadFile(file,&wChar,2,&dwRead,0);
wChar = wChar | IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP;
SetFilePointer(file,char_offset,0,FILE_BEGIN);
b = WriteFile(file,&wChar,2,&dwRead,0);

code for hello.exe:

int main(int argc, char* argv[])
{
BOOL b = DeleteFile("hello.exe");
if (b)
printf("delete ok\n");
else
printf("delete failed\n");
printf("err %d\n",GetLastError());
getchar();
return 0;
}

Richard Jernigan

unread,
Apr 14, 2001, 1:53:42 PM4/14/01
to
A really cheesy, but effective, way to do this is:

(1) Have your program use CreateFile() to create a batch file
(2) Into the batch file write the following:

:again
del hello.exe
if exist hello.exe goto again

(3) Use CreateProcess() to run that batch file, low priority, hidden window
(4) Let your application close normally. When it does, *poof*, it will be
deleted.

--Richard


oknp

unread,
Apr 15, 2001, 9:14:00 PM4/15/01
to
but i want to delete the EXE while it's still running...
thanks...

"Richard Jernigan" <ric...@randomly.com> wrote in message
news:G80C6.2496$B22.6...@news1.rdc2.pa.home.com...

Jackson Yee

unread,
Apr 16, 2001, 10:58:10 AM4/16/01
to
That, I'm afraid, would be problematic at best. Windows protects the disk
image of a currently running executable as to avoid deletion because it uses
the disk image for its virtual memory swapping system. I suppose that you
could do it with some low-level APIs, but I'd be interested to see if you
could find a way to do this with user mode code.

Regards,
Jackson Yee
http://jacksonyee.welcome.to/
E-mails for help will be ignored unless I had asked for them. Please post
to the group.

"oknp" <ok...@hotmail.com> wrote in message
news:9bdgrf$p2...@imsp212.netvigator.com...

0 new messages