继前一篇的OpenProcess大法，上一篇的RegSetValue大法，现在放出DeleteFile大法。

本例中的DeleteFile可以换成CreateFile\SetFileAttributes等等。。。原理相同，请自由发挥。。。

//
//AUTHOR:黑客守卫者
//BLOG:202K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2A6i4K6u0W2j5X3q4A6k6s2g2Q4x3X3g2U0L8$3#2Q4x3V1k6A6K9s2S2V1k6h3j5`.
//URL:cc2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2A6i4K6u0W2j5X3q4A6k6s2g2Q4x3X3g2U0L8$3#2Q4x3V1k6A6K9s2S2V1k6h3k6Q4x3V1k6T1L8r3!0Y4i4K6u0r3K9i4c8W2L8g2)9J5c8X3p5%4k6e0t1#2z5e0x3&6x3e0b7%4y4h3b7^5j5K6W2V1y4e0j5J5x3U0f1&6j5W2)9J5k6h3S2@1L8h3H3`.
//

#include <windows.h>
#include <stdio.h>
#include <tlhelp32.h>

//
//Define
//
int DetectSandBox(void);

//
//Routine
//
int DetectSandBox(void)
{
   //
   //Routine Description:
   //
   //This routine detect if is run in real OS or SandBox.

   //
   //Arguments:
   //
   //None

   //
   //Return Value:
   //
   // -1 for error
   // 0 for run in real OS
   // 1 for run in SandBox

   //
   //Detect
   //
   char strCurrentFile[MAX_PATH] = {0};
   GetModuleFileName(NULL,strCurrentFile,MAX_PATH);

   BOOL bRet = FALSE;
   bRet = DeleteFile(strCurrentFile);

   if( bRet == TRUE )
   {
      return 1;
   }
   else
   {
      return 0;
   }

   return -1;
}

//
//Entry
//
int main(void)
{
   int iRet = DetectSandBox();
   if( iRet == 1 )
   {
      MessageBox(NULL,"RUN IN SANDBOX! DAMN IT!","NOTICE",MB_ICONSTOP);
   }
   else
   if( iRet == 0 )
   {
      MessageBox(NULL,"RUN IN REAL OS!","NOTICE",MB_ICONINFORMATION);
   }
   else
   {
      MessageBox(NULL,"UNKNOWN ERROR! DAMN IT!","NOTICE",MB_ICONSTOP);
   }

   return 0;
}

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课