Thread: selfdeleting dll possible?

>>I know that executables can delete themself, now i want that a into a process loaded dll does a self deletion.<<

And why do you want to do this?

This is a windows question anyway, so it's off to the windows board.

I have a dll i distribute to a few customers, they pay for the functions of the dll. the community that is interested in the functions of my dll, this community has a realy big problem with leakers. they just steal your work and in some cases they even edit ressources of your binarys and claim thats their work. that was one of the many reasons i have implemented a self file validation check to my dll and exe files and i have implemented a hardwarebased antileak protection and some other checks i wont mention here. you can calm down, this self deletion of my dll is never meant to harm anyone, i know how to wipe whole drives, but this is not my goal. i only want that my dll does itself delete if some unauthorized persons try to use the dll, that's all. and sry, when i've posted in the wrong forum, didn't knew i have posted in the wrong forum.

ok, so far i've came up with this code:

Code:

	BOOL SelfDeleteDll()
	{
		TCHAR szCmd[MAX_PATH];

		if ((GetModuleFileNameW((HMODULE)hDll, path, sizeof(path)) != 0) && 
		    (GetShortPathNameW(path, path, sizeof(path)) != 0))
		{
			lstrcpy(szCmd, L"/c del ");
			lstrcat(szCmd, path);
			lstrcat(szCmd, L" >> NUL");

			if ((GetEnvironmentVariable(L"ComSpec", path, MAX_PATH) != 0) && 
			    ((INT)ShellExecute(0, 0, path, szCmd, 0, SW_HIDE) > 32))
			return TRUE;
		}
		return FALSE;
	}

Code:

      if (!bWhatImCheckingHere(myparam1, myparam2, myparam3, myparam4, myparam5)) 
      { 
         SelfDeleteDll(); 
         ExitProcess(0); 
         //shutdownpc();//shutdowns pc if wrong serial 
      }

but it's not working!

i have now added a messagebox that displays me path and command, this is the result:
MessageBox(NULL, path, TEXT("Test"), 0);
result of msgbox is: C:\WINDOWS\system32\cmd.exe

MessageBox(NULL, szCmd, TEXT("Test"), 0);
result of msgbox is: /c del D:\PROGRA~1\MyTest~1\Folder\Test.exe >> NUL

test.exe is the target process
and path is:
TCHAR path[MAX_PATH];

the crazy thing is, when i use only GetModuleFileNameW msgbox shows the exact path to my dll.

Anyone smart enough to figure out how to edit resources in files is probably smart enough to find an "undelete" utility (or just look in the trash can).

Or maybe the easier way of making the COMSPEC environment variable point at an executable which does nothing.

first off, it doesnt delete the file into the trashcan, 2nd: i dont care if they want to use any "undelete" utilitys, just so you know you can advance the code and let it secure delete ala gutman methode. 3rd: i let the target process exit and then immediately shutdown their pc's and if that $hit is not enough, i just let my dll format their crappy plate. 4rd: dll is encrypted and compressed with an custom non public software and code, 5th: i'm using hardwarebased and ipbased antileak and self file checksum validation, 6th: the final dll is inside a loader.exe as a byte array header file, makes it impossible to use a ressource editor to even get the dll, the loader.exe is too heavily protected. 7th: i'm using antidump techniques, 8th: im using antidebug and antidessamble code and 9th: if thats not enough i would say /*mod edit for offensive language*/ leakers. 10th: the file is not publicaly distributed, it is hand out by myself to a few people. all i wanted is to figure out, if it's possible to use self deletion code in a dynamic link library and not only for a executable, for the executable it works very good. and now have a nice day, klugscheisser.

Wow
*plonk*