刪除自己程序

procedure TForm1.Funll;
var
  hModule:THandle;
  buff:array[0..255]of Char;
  hKernel32:THandle;
  pExitProcess,pDeleteFileA,pUnmapViewOfFile:Pointer;
begin
  hModule:=GetModuleHandle(nil);
  GetModuleFileName(hModule, buff, sizeof(buff));
  CloseHandle(THandle(4));
  hKernel32:=GetModuleHandle('KERNEL32');
  pExitProcess:=GetProcAddress(hKernel32, 'ExitProcess');
  pDeleteFileA:=GetProcAddress(hKernel32, 'DeleteFileA');
  pUnmapViewOfFile:=GetProcAddress(hKernel32, 'UnmapViewOfFile');
  asm
  LEA EAX, buff
  PUSH 0
  PUSH 0
  PUSH EAX
  PUSH pExitProcess
  PUSH hModule
  PUSH pDeleteFileA
  PUSH pUnmapViewOfFile
  RET
end;

防止被非explorer.exe程序調用

{注意加載TlHelp32.pas單元}
procedure CheckParentProc;
var //檢查自己的進程的父進程
  Pn: TProcesseNtry32;
  sHandle:THandle;
  H, ExplProc, ParentProc:Hwnd;
  Found:Boolean;
  Buffer:array[0..1023]of Char;
  Path:string;
begin
  H:= 0;
  ExplProc:= 0;
  ParentProc:= 0;
  //得到Windows的目錄
  SetString(Path, Buffer, 200);
  GetWindowsDirectory(Buffer,Sizeof(Buffer)- 1);
  Path:= UpperCase(Path)+ '\EXPLORER.EXE';//得到Explorer的路徑
  //得到所有進程的列表快照
  sHandle:= CreateToolHelp32SnapShot(TH32CS_SNAPALL,0);
  Found:= Process32First(sHandle,Pn);//查找進程
  while Found do //遍歷所有進程
  begin
    if Pn.szExeFile = ParamStr(0) then //自己的進程
    begin
      ParentProc := Pn.th32ParentProcessID;//得到父進程的進程ID
      //父進程的句柄
      H:= OpenProcess(PROCESS_ALL_ACCESS, True, Pn.th32ParentProcessID);
    end
    else if UpperCase(Pn.szExeFile)= Path then
      ExplProc:= Pn.th32ProcessID;//Ex plorer的PID
      Found:= Process32Next(sHandle,Pn);//查找下一個
  end;
  //父進程不是Explorer,是調試器……
  if ParentProc <> ExplProc then
  begin
    showmessage('ok');
    TerminateProcess(H,0);//殺之!除之而後快也! :)
  //你還可以加上其它什麼死機代碼來消遣消遣這位可愛的Cracker:)
  end;
end;