views:

716

answers:

5

How can I make my C# app erase itself (self-destruct)? Here's two ways that I think might work:

  • Supply another program that deletes the main program. How is this deleter program deleted then, though?
  • Create a process to CMD that waits a few seconds then deletes your file. During those few seconds, you close your application.

Both of those methods seem inefficient. I have a feeling that there's some built-in flag or something in Windows that allows for such stuff. How should I do it? Also, can you provide some sample code?

UPDATE: Thanks for all your answers! I'm going to try them, and see where that gets me.

First of all, some people have asked why I'd want my app to do this. Here's the answer: a few days ago, I read the Project Aardvark spec that Joel Spolsky posted on his blog, and it mentioned that the client app would delete itself after the remote session. I'm wondering how this works, and how, if I ever need to do this, I can accomplish such a feat.

Here's a little overview of what's been suggested:

  • Create a registry entry that tells Windows to delete the file on reboot
  • Launch CMD with a ping command to wait a few seconds and then delete the file

Both of those, of course, have their disadvantages, as outlined in the comments.

However, would such a method as outlined below work?

There are two executables: Program.exe and Cleaner.exe. The former is the program itself, the latter is the app that deletes Program.exe and itself (if it's loaded into memory, as I'm about to explain). Is it possible for Program.exe (which has dependencies) to load all of Cleaner.exe, which doesn't have any dependencies, into memory and run it?

If this is possible, could Cleaner.exe be packaged inside Program.exe, loaded into memory, and run?

+5  A: 

There's a great CodeProject Article about this topic.

Edit: Basically it's a simple cmd-call which will delete the specified files after some seconds.

Process.Start("cmd.exe", "/C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del " + Application.ExecutablePath); 
Application.Exit();
Bobby
I think this is the "wait a second and then delete" method (2nd bullet from OP).
FrustratedWithFormsDesigner
+12  A: 

There's a MoveFileEx API, which, when given a MOVEFILE_DELAY_UNTIL_REBOOT flag, will delete specified file on next system startup.

Anton Gogolev
Could a user intervene and prevent this from happening before the next reboot?
FrustratedWithFormsDesigner
@FWFD: Yes, quite easily. They could also delete the appropriate registry entries (that's where the instructions to delete that file on next reboot are stored).
John Feminella
Awesome! Could you give me some sample code?
Maxim Zaslavsky
+7  A: 

You will never be able to guarantee that this will work, as long as you require a physical presence on the machine. For example:

  • What if the app fails to release a resource in a timely fashion while you're trying to delete it? An error occurs, and the app remains.
  • The behavior of one app starting another which then deletes the first app is very suspicious from an AV perspective. You are likely to trigger defenses on a user's machine which may kill the process that's trying to kill your original app.
  • If you do something like delete a file at reboot, what if the user moves your file in between or makes a copy? It's not in the original spot anymore, and the app remains.

If your application requires this level of security, consider hosting it on a machine you control (e.g., by providing a web service and letting a stub client access it that way).

On a somewhat related note, one is also tempted to speculate about the motives of someone who (1) requires a physical presence on someone's machine and (2) wants to delete the evidence that the app existed.

John Feminella
some of the problem of the delete on reboot an be fixed by storing the app in temporary files, hardly anyone looks there i bet
RCIX
_Theoretically_ something should be possible. RAM is volatile, so if you put the program in memory, you should be able to wipe it from the HD while it runs. Then, no matter what happens to the machine, it won't come back unless you take a snapshot of memory. I don't know how that would work in practice, though.
Chris
@Chris: No, because you can't guarantee that the memory supplied by an operating system is bound to volatile storage. (In fact, if this weren't true, it would defeat the entire point of things like virtual memory and ReadyBoost.)
John Feminella
Ooh, good point. I suppose it improves your odds but doesn't guarantee anything. (@John: Could you improve the odds more by going through the video card's RAM? Is that possible?)
Chris
@Chris: I'm not sure you could do that in a way that would be hardware-independent. At the least it would require some low-level poking and an end-run around your virtual memory manager.
John Feminella
+1  A: 

There is also FileOptions.DeleteOnClose, but that requires the file to be open for writing. You might be able to do it with a sequence like this (untested):

  • Program launches as Original.exe, and detects (from its own name) that it needs to trigger the self-destruct function.
  • Original.exe creates a new file Temp.exe with FileOptions.DeleteOnClose and copies its own content into it, but does not close it yet
  • Original.exe opens a second, read-only handle to Temp.exe and closes the first write handle. The read-only handle can co-exist with an execute handle, whilst keeping the file open to delay auto-deletion.
  • Original.exe launches Temp.exe. Temp.exe detects that it has been launched from the temp directory and bypasses the self-destruct sequence and continues normal operation.
  • Original.exe exits (taking its read-only handle to Temp.exe with it.)
  • Temp.exe continues running. When it exits, the file Temp.exe will no longer be in use so it will be deleted automatically.

Edit #2: Actually I don't think this is possible, because it relies on the kernel opening the file with the FILE_SHARE_DELETE flag, which is unlikely.

finnw
Sounds possible, is there a way to do some interop and force it to open that way?
RCIX
A: 

I know reflector deletes itself if you use an old version and choose not to update. You might try to figure out what it does. I would start with FileMon and see if it spawns any processes to achieve this.

PurpleFlux
That's a good idea. I'll take a look.
Maxim Zaslavsky