flat assembler
Message board for the users of flat assembler.

Index > Windows > selfmodifying exe file

Author
Thread Post new topic Reply to topic
odrene.koleno



Joined: 14 Feb 2005
Posts: 6
Location: Czech Republic
odrene.koleno
Hi,
I have a small question. Does enyone know how to modify exe file by itself?
Post 14 Feb 2005, 15:48
View user's profile Send private message ICQ Number Reply with quote
BoR0



Joined: 12 Nov 2004
Posts: 31
BoR0
What do you mean by modify? As in modifying it in memory or what?
Post 14 Feb 2005, 16:41
View user's profile Send private message Reply with quote
odrene.koleno



Joined: 14 Feb 2005
Posts: 6
Location: Czech Republic
odrene.koleno
No, I mean to write to file on harddisk while the file is running.
Post 14 Feb 2005, 17:04
View user's profile Send private message ICQ Number Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3500
Location: Bulgaria
JohnFound
odrene.koleno wrote:
No, I mean to write to file on harddisk while the file is running.


You can't modify the file while it is running. But there are several techniques to do this just after the .exe is terminated. Some kind of "life after death" Wink

One of them is to attach your oun thread to some working process that to watch when your process will be terminated and to write the updates to the file. Another approach is to create .bat file that to do the job and then to self-delete itself (but I think this is ugly approach).
Probably the most clear way is to use second .exe that only to make the changes.
The main process executes "savedata.exe" and terminate.
"savedata.exe" just waits until the main process .exe file is free for write and make changes. That's all.

There are several other hacks, for example to leave some subroutine in the stack, that to be executed after termination, but AFAIK, they do not work on all Windows versions.

Actually my advice is to not write to the exe at all. There are more standard and usefull ways to store needed data.

Regards.
Post 14 Feb 2005, 18:30
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
odrene.koleno



Joined: 14 Feb 2005
Posts: 6
Location: Czech Republic
odrene.koleno
I have thought about these techniques before. But I don't know this one where program leaves some routine in stack. Can you explain it little closer or write a link where is some description of this method? It seems to be interesting. I am writing protection of executbles and I want to try new things.

Thanks
Post 15 Feb 2005, 16:56
View user's profile Send private message ICQ Number Reply with quote
odrene.koleno



Joined: 14 Feb 2005
Posts: 6
Location: Czech Republic
odrene.koleno
Perhaps one method can be to write to disk by clusters. But this is quite hard. Crying or Very sad
Post 15 Feb 2005, 17:07
View user's profile Send private message ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Forget about direct disk access, Microsoft has the only NTFS implementation that could be trusted. "Leaving code on the stack" doesn't work on all win32 versions. Injecting code to another process works, for now, but it's sorta dirty, and could be picked up by antiviral products as suspicious behaviour.

In short... don't do it Smile
Post 15 Feb 2005, 17:18
View user's profile Send private message Visit poster's website Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
Your.EXE starts, your.EXE makes a copy of itself copyYour.exe, Your.exe edits copyYour.exe then runs it. Inside of Your.exe and copyYour.exe there is a procedure if the name of the exe has the string 'copy' in it then it closes & deletes Your.exe and makes a copy of itself called Your.exe.

So all you really need a start precedure that gets its own name and knows what to do.
Post 17 Feb 2005, 05:02
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.