format PE GUI 4.0 DLL
entry DllEntry
include 'E:\fasmw\INCLUDE\win32a.inc'
section '.code' code readable executable
hDll rd 1
proc DllEntry hinstDll,dwReason,lpvReserved
mov eax,[dwReason]
cmp eax,1
db 74h,02
db 0EBh,09
push [hinstDll]
pop [hDll]
mov eax,TRUE
ret
endp

proc DeleteMe
local pDllBuf:DWORD
push 4h
push 1000h
push 260
push 0
call [VirtualAlloc]
mov [pDllBuf],eax
push 260
push [pDllBuf]
push [hDll]
call [GetModuleFileName]
push 0
push 0
push [pDllBuf]
push [ExitProcess]
push [hDll]
push [DeleteFile]
push [FreeLibrary]
ret
endp

section '.idata' import data readable writeable
library kernel,'KERNEL32.DLL'
import kernel,VirtualAlloc,'VirtualAlloc',\
              GetModuleFileName,'GetModuleFileNameA',\
              ExitProcess,'ExitProcess',\
              DeleteFile,'DeleteFileA',\
              FreeLibrary,'FreeLibrary'
section '.edata' export data readable
export 'delself.dll',DeleteMe,'DeleteMe'
section '.reloc' fixups data discardable
rundll32 delself.dll,DeleteMe运行就出现内存分配访问无效！

[培训]《安卓高级研修班(网课)》月薪三万计划，掌握调试、分析还原ollvm、vmp的方法，定制art虚拟机自动化脱壳的方法