yamakadi / houdini

A rust library that allows you to delete your executable while it's running.
MIT License
84 stars 10 forks source link

Houdini

Houdini is a rust library that allows you to delete your executable while it's running.

This is fairly straightforward for unix systems, since the executable is released after getting mapped to the memory. We just need to find where it is and unlink it.

On Windows, we use a method discovered by @jonasLyk. My implementation heavily references @byt3bl33d3r's Nim implementation in OffensiveNim and in turn LloydLabs' initial C PoC.

Usage

// With a default placeholder value on windows (`svcmsrpc`)
use houdini;

fn main() {
    match houdini::disappear() {
        Ok(_) => println!("Pulled a Houdini!!"),
        Err(e) => println!("Nope! => {}", e),
    };
}
// With a placeholder you provide
use houdini::disappear;

fn main() {
    #[cfg(target_os = "windows")]
    match houdini::disappear_with_placeholder("temporary") {
        Ok(_) => println!("Pulled a Houdini!!"),
        Err(e) => println!("Nope! => {}", e),
    };
}