flat assembler
Message board for the users of flat assembler.
Index
> Windows > selfmodifying exe file |
Author |
|
odrene.koleno 14 Feb 2005, 15:48
Hi,
I have a small question. Does enyone know how to modify exe file by itself? |
|||
14 Feb 2005, 15:48 |
|
BoR0 14 Feb 2005, 16:41
What do you mean by modify? As in modifying it in memory or what?
|
|||
14 Feb 2005, 16:41 |
|
odrene.koleno 14 Feb 2005, 17:04
No, I mean to write to file on harddisk while the file is running.
|
|||
14 Feb 2005, 17:04 |
|
odrene.koleno 15 Feb 2005, 16:56
I have thought about these techniques before. But I don't know this one where program leaves some routine in stack. Can you explain it little closer or write a link where is some description of this method? It seems to be interesting. I am writing protection of executbles and I want to try new things.
Thanks |
|||
15 Feb 2005, 16:56 |
|
odrene.koleno 15 Feb 2005, 17:07
Perhaps one method can be to write to disk by clusters. But this is quite hard.
|
|||
15 Feb 2005, 17:07 |
|
f0dder 15 Feb 2005, 17:18
Forget about direct disk access, Microsoft has the only NTFS implementation that could be trusted. "Leaving code on the stack" doesn't work on all win32 versions. Injecting code to another process works, for now, but it's sorta dirty, and could be picked up by antiviral products as suspicious behaviour.
In short... don't do it |
|||
15 Feb 2005, 17:18 |
|
r22 17 Feb 2005, 05:02
Your.EXE starts, your.EXE makes a copy of itself copyYour.exe, Your.exe edits copyYour.exe then runs it. Inside of Your.exe and copyYour.exe there is a procedure if the name of the exe has the string 'copy' in it then it closes & deletes Your.exe and makes a copy of itself called Your.exe.
So all you really need a start precedure that gets its own name and knows what to do. |
|||
17 Feb 2005, 05:02 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.