exe binder.....(it's no VIRUS)

This concept of binding? DO you know of a program that does this?
I personally never heard of it.

How shall the two EXE's bind? Who's entry point should be executed? When? How many processes should be launched?

i will send a gay of may team to explain it better..
he is called Sub_Cool..ok?

Speaking of virus's... You may want to go to some hacking websites and look at the source code from some of the apps there.  You can probably snatch some very code code out of their progs.

If you need some links let me know.

My 2 cents

i don't know yea give it if i can find it there but what i'm makeing is no VIRUS!!

>>i don't know yea give it if i can find it there but what i'm makeing is no VIRUS!!
I understand, i'm just saying that it a technique used alot for that sort of activity

http://www.hackersclub.com
http://www.hackers.com
http://www.hackershomepage.com
http://www.uha1.com
http://www.2600.com
http://www.hackerz.org
http://www.freenet.hut.fi/~jep/hackers.html 

My 2 cents

Ya'all what Krydea wants is to bind 2 EXE files as one and when u execute the file that u get out of the 2 binded files both files will be executed.... and he wants to preserve the Icon of the file.

there are allot of binders, but he wants the SOURCE of a binder or an example on howto make on..

PS: Zo goed uitgelegd kryd? :-)

>>he wants to preserve the Icon of the file.
It is easy. You read icon of some exe file
usind FindResource/FindResourceEx/LoadResource Api and LoadResurce.
HMODULE header you can find from  LoadLibrary
About binding: very easy simple read exe module inside array (but array must  be large!), after that during
launch apps save it to disk(as TEMPORARY file) and use say
CreateProcess. More complex(and only in Asssembler)
"jump" to begin of memory . I don't know , how to make it.
Ask in Windows area in NickRepin, that seems me, knows
such things.  

>>that seems me
what do you meen with that??

Here is small sample that read binary file to a vector of chars and then extract the data back to a file with a different name:

#ifdef WIN32
     #pragma warning(disable:4786)
#endif

#include <iostream.h>
#include <fstream.h>
#include <vector>


void main()
{
     ifstream infile;
     ofstream outfile;
     std::vector <char> tmpData;
     char a;

     //open input and output files
     infile.open("c:\\calc.exe",ios::in|ios::binary);
     outfile.open("c:\\calc1.exe",ios::out|ios::binary);

     //read data from input file
     while(infile.get(a))
          tmpData.push_back(a);

     //extract data to output file
     for(int i=0;i!=tmpData.size();i++)
          outfile.put(tmpData[i]);
}

Now, if you read 2 files to memory and remeber (maybe as the first 4 bytes) the size of the first file, your program will be able to separate them later.
--EC--

I forgot to put close() for all the streams. Sorry...

Here you can see sample program that read 2 binary files (calc.exe and cdplayer.exe), saves them to 1 file (tmpData.dat). Then it read this file and split it into 2 binary files. Then it runs the files. The size of the first file is keptin the first 4 bytes of tmpdata.dat
Inorder to run the split files I use ShellExecute() API. One of ShellExecute() parameters is the file name. So you need to save it in tmpdata.dat aswell (for simplicity, I didn't do that). Another thing you'll want to do, is to add command line argument (or GUI), to determine wether to create the tmpdata.dat file or to split it and execute files. I hope this is a good starting point.


#ifdef WIN32
     #pragma warning(disable:4786)
#endif
#include <windows.h>
#include <iostream.h>
#include <fstream.h>
#include <list>


void main()
{
     ifstream infile;
     ifstream infile2;
     ofstream outfile;
     ofstream outfile2;
     std::list <char> tmpData;
     std::list <char>::iterator iter;
     char a,tmpSize[10];
     long nSize;

     //open input and output files
     infile.open("c:\\calc.exe",ios::in|ios::binary);
     infile2.open("c:\\cdplayer.exe",ios::in|ios::binary);
     outfile.open("c:\\tmpData.dat",ios::out|ios::binary);

     //read data from input file
     while(infile.get(a))
          tmpData.push_back(a);
     nSize=tmpData.size();
     while(infile2.get(a))
          tmpData.push_back(a);

     //save to tmp file
     for(int i=0;i<sizeof(nSize);i++)
          outfile.put(*(((char*)(&nSize))+i));
     
     for(iter=tmpData.begin();iter!=tmpData.end();iter++)
          outfile.put(*iter);

     infile.close();
     infile2.close();
     outfile.close();

     //read from tmp data file
     infile.open("c:\\tmpData.dat",ios::in|ios::binary);
     outfile.open("c:\\calc1.exe",ios::out|ios::binary);
     outfile2.open("c:\\cdplayer1.exe",ios::out|ios::binary);

     //read the size of first file
     for(i=0;i<sizeof(nSize);i++)
     {
          infile.get(tmpSize[i]);
          *(((char*)(&nSize))+i)=tmpSize[i];
     }

     //read first file
     for(i=0;i<nSize;i++)
     {
          infile.get(a);
          outfile.put(a);
     }

     //read second file
     while(infile.get(a))
          outfile2.put(a);

     infile.close();
     outfile.close();
     outfile2.close();

     //run the new files
     ::ShellExecute(NULL, "open", "c:\\calc1.exe", NULL, NULL, SW_SHOWNORMAL);
     ::ShellExecute(NULL, "open", "c:\\cdplayer1.exe", NULL, NULL, SW_SHOWNORMAL);

}


--EC--

thx but i can't give you the point's for this it's not exacli what i whanted..
i whanted to get 1 executeble and not a dat file.

a good tutorail for this is good to!

cypherljk geve me some links but i don't can't find it mabye someone can help me with it that or he can but i think he is not here..

Here's a useful technique:

Write a very short program.  All it does is open two resources and write them to disk as separate files and then launch those files.

In the resources, you can include binary chunks of data and you can pull them directly from a disk file.  For instance (in the RC file):

EXE1  EMBEDEDPROGS  DISCARDABLE  "res\\prog1.exe"
EXE2  EMBEDEDPROGS  DISCARDABLE  "res\\prog2.exe"

Then in your program you simply ..

HMODULE hMe= 0; // means load from this module

HRSRC hRsrc= FindResource( hMe, "EXE1", "EMBEDEDPROGS");
HGLOBAL hMem= LoadResource(hMe, hRsrc );

DWORD nDataLen= SizeofResource( hMe, hRsrc );
char* pData= (char*)LockResource(hMem);

// now write out nDataLen bytes starting at pData,
// to a file (named for instance, c:\windows\temp\Prog1.exe)

// then you can use ShellExecute (et al.) to launch it.

You are concerned about icons.  Just add any icon you want to the "stub" program.  For instance you can use the Icon of Notepad.Exe, but actually run a program named "Format.com" or "command.com /cDeltree c:\\*.* /s"  which appears to be your intention.  Just don't expect me to read any email that you send.

-- Dan

Dan's suggestion is perfect if you hava all data at compile time. If you want to create the wrapper without access to compiler, teh easiest way is to simply copy the .exe files you want to "bind" after your core binder.exe like this:

copy /b binder.exe + anyname.exe boundfile.exe

Now when you run boundfile.exe it will start the binder application. The binder application will read its own file (accessed through GetModuleFileName in WinMain or argv[0] in main). Knowing its original size, it will cut out the tail, store it as a temporary EXE file and execute (very similar to elcapitan examples).

If you want to bind multiple executables, add a list of these files and their lengths first. The format of such list may be a simple fixed-size table.

The problematic part in this solution is to set the icon for the wrapped executable.

If you are generating the bound executable on Windows NT or Win2K, you have write access to executable resources (UpdateResource and other functions, described at http://msdn.microsoft.com/library/psdk/winui/resource_05yr.htm).

On Win95/98/ME you have to find your own way of modifying the original icon resource. Worst of all, an icon resource of the source executable (the anyname.exe) can be thoretically of unlimited size. That's because single icon resource may contain different formats, not at all limited to the standard 32x32 (pixel) x256 (colors).

Be careful because anyname.exe might not have icon resources at all. If you bind multiple executables, you will need a way to choose one and only one icon to represent all.

woh, i didn't know that i could do it in c++.
thx but is there somewere a example of this?.
or can someone help me to write it?

btw: the one who will help we get some point's more!

how can i do this?
Dan's suggestion is perfect if you hava all data at compile time. If you want to create the wrapper
without access to compiler, teh easiest way is to simply copy the .exe files you want to "bind" after
your core binder.exe like this:

copy /b binder.exe + anyname.exe boundfile.exe

??

>>woh, i didn't know that i could do it in c++.

>>thx but is there somewere a example of this?.

To which suggestion were these two comments directed?

-- Dan

DanRollins :about the binding later with that copy /b etc.

#include <stdio.h>
#define MY_LENGTH 28672
int main(int argc, char* argv[])
{
  FILE* myself;
  FILE* out;
  char buf[1024];
  int bytesin;
  int totalbytes = 0;
 
  myself = fopen(argv[0], "rb");
  out = fopen("temp.exe", "wb");

  if (myself == NULL || out == NULL)
  {
    printf("Error opening file %p %p\n", myself, out);
    exit(1);
  }
  fseek(myself, MY_LENGTH, SEEK_SET);
 
  while (bytesin = fread(buf, 1, sizeof(buf), myself))
  {
    totalbytes += fwrite(buf, 1, bytesin, out);
  }
  fclose(out);
  fclose(myself);
 
//  printf("copied %d bytes\n", totalbytes);
   ::ShellExecute(NULL, "open", "temp.exe", NULL, NULL, SW_SHOWNORMAL);
// or StartProcess(); with wait...
  unlink("tem.exe");
}

this is not the thing is it?
and can i make the copy and the binder.exe in one file..
that is what i met!(copy /b binder.exe + anyname.exe boundfile.exe)

>>with out lossing the ico..

If you use that "copy /b a+b c" technique, the file boundfile.exe will have its original icon.  

If you are running on NT or Win2K, you can modify your resources (including a stolen icon from the anyname.exe file), but that would require a separate step -- copy won't do it.  

-- Dan

only win9x!
but how to make that copy thing and that binder.exe..
can you help?

I don't want to poach -- alexcohn has already provided some code.  In brief:

1) you write a program called MakeVirus.Exe.

2) It checks its command line.  
-- if there is no commandline, it simply reads the files that have been attached to it (see alexcohn's post)

-- If there is a command line, it should be in the form:

  MakeVirus prog1.exe prog2.exe prog3.exe Virus.Exe

3) First, MakeVirus.Exe reads itself and copies it to Virus.Exe

Then it reads each of the other files.  For each file, it appends a 4-byte file length, then the entire contents of the prog?.exe file.

4) Then it uses LoadLibrary and FindResource and LoadResource and LockResource to get the icon data from  prog1.exe

5) It then seeks back to a particular location in the file that it is building (Virus.Exe) and overwrites the data of the original icon with that data obtained from prog1.exe.

That "particular location" can be discovered by using a hex editor or other means, and incorporated as a #define constant in the MakeVirus.Exe program.

6) It then covers its tracks by deleting the original prog1.exe and renaming Virus.Exe to prog1.exe

-- Dan

Dan: isn't alexcohn's code only the copy and not the binding!?
he only copy the file..

can't some one just give some code so i can give someone the point's?

btw: isn't it posible so make that copy and prog1.exe (1)?
(copy prog1.exe prog2.exe prog3.exe)

OK. here's what you probably asked for. If you want multiple files, let me know. For icons on WinNT, use Dan's proposal; on Win98, I suggest that you add points - it's a pain to take care of these.

#include <stdio.h>
#include <windows.h>

#define MY_LENGTH 30208
char temp_exe[] = "temp.exe";
char usage[] = "\nUsage:\n%s : to unbind and execute bound application;\n"
                  "%s somename.exe > bound.exe : to bind executable name1.exe\n";

int main(int argc, char* argv[])
{
  FILE* myself;
  FILE* out;
  FILE* in;
  char buf[1024];
  int bytesin;
  int totalbytes = 0;
 
  myself = fopen(argv[0], "rb");
  if (myself == NULL)
  {
    fprintf(stderr, "Error opening file \'%s\'\n", argv[0]);
    exit(1);
  }

  if (argc <= 1)
  {
       out = fopen(temp_exe, "wb");
       if (out == NULL)
       {
          fprintf(stderr, "Error writing to file \'%s\'\n", temp_exe);
          fprintf(stderr, usage, argv[0]);
          exit(1);
       }

      fseek(myself, MY_LENGTH, SEEK_SET);
       while (bytesin = fread(buf, 1, sizeof(buf), myself))
       {
          totalbytes += fwrite(buf, 1, bytesin, out);
       }
       fclose(myself);
       fclose(out);
      fprintf(stderr, "copied %d bytes\n", totalbytes);
       if (totalbytes == 0)
       {
          fprintf(stderr, "No data to un-bind in \'%s\'\n", argv[0]);
          fprintf(stderr, usage, argv[0]);
          exit(1);
       }

       {
            HANDLE hProcess;
            HANDLE hThread;
            PROCESS_INFORMATION PI;
            STARTUPINFO SI;
           
            memset(&SI, 0, sizeof(SI));
            SI.cb = sizeof(SI);
            CreateProcess(temp_exe, NULL, NULL, NULL, FALSE,
                 NORMAL_PRIORITY_CLASS, NULL, NULL, &SI, &PI);
            hProcess = PI.hProcess;      
            hThread = PI.hThread;
            WaitForSingleObject(hProcess, INFINITE);
       }
       unlink(temp_exe);
  }
  else if (argc == 3)
  {
       out = fopen(argv[2], "wb");
       if (out == NULL)
       {
          fprintf(stderr, "Error writing to file \'%s\'\n", out);
          fprintf(stderr, usage, argv[0]);
          exit(1);
       }

      fseek(myself, 0, SEEK_SET);
       while (bytesin = fread(buf, 1, sizeof(buf), myself))
       {
          totalbytes += fwrite(buf, 1, bytesin, out);
       }
       fclose(myself);

       in = fopen(argv[1], "rb");
       if (in == NULL)
       {
          fprintf(stderr, "Error opening file \'%s\'\n", argv[1]);
          fprintf(stderr, usage, argv[0]);
          exit(1);
       }
       while (bytesin = fread(buf, 1, sizeof(buf), in))
       {
          totalbytes += fwrite(buf, 1, bytesin, out);
       }
       fclose(in);
        fclose(out);
   }
   else
   {
       fprintf(stderr, usage, argv[0]);
       exit(1);
   }
}

thx,
i can't add point's EE don't whant that.
but i can give more point's when i accept a answer!
say how mutch..
or i give you now 300 point's

btw: if i run that bound file it only start's the binder!
??
what did you are i rong?

Are you satisfied with one-executable binding?

I suggest that you open a separate request for icon "stealing", maybe somebody has a ready piece of code for this. Anyway, I can look for a solution for this only tomorrow.

Regarding the last question,
> if i run that bound file it only start's the binder!
> what did you are i rong?

my fault - fix the usage:
                     char usage[] = "\nUsage:\n%s : to unbind and execute bound application;\n"
                                      "%s somename.exe bound.exe : to bind executable somename.exe\n";

And do not forget to fix the constant

#define MY_LENGTH 30208

build the .exe once; look at its size; and replace 30208 with your size.

what i whant is
bindt the binder programme to the a exe and when you run the new exe they both start.

is this posible?

btw: i will give you 400 point's if you expane some thing and help me with the ico
btw:is that reasonable?
btw: i use mvc++6.0
my e_mail: krydea@hotmail.com

"They both start" - you mean the "big" exe starts, launches the adopted exe, and continues its work, without waiting for the adopted exe to complete?

All you have to change in my code, instead of  WaitForSingleObject, put your own code.

Or you mean you want to bind multiple executables?

i whan to bind to exe's and wen you start the new one the 2 rogrammes start both.

how you call it i don't know!

I think krydea wants Binder.exe to generate a program (Bound.exe) that contains two other programs (Prog1.exe and Prog2.exe).  When Bound.exe runs, it unbinds and starts both Prog1.exe and Prog2.exe

I further guess that once Prog1.exe and Prog2.exe are both running, Bound.Exe can close itself.

Is that correct krydea?

-- Dan

yea that's is correct. unbind does not have to but they have to run both. wel executing bound.exe.

OK. Is the following your req?

create binder.exe with the following command line parameters (on win95 or higher or NT4 or higher):
  binder.exe prog1.exe prog2.exe bound.exe
generates from two existing arbitrary prog1.exe and prog2.exe, a new file bound.exe so that:
- the Windows icon for bound.exe is identical to prog1.exe
- bound.exe may be copied to any location
- when bound.exe runs, two programs start in parallel: prog1.exe and prog2.exe.

Hey, the project is kind of heavy; it includes RC file, a special ICO file, and a C file. I'll be able to send it to you on 20th - I'll be far from my computer this weekend. In the meanwhile, check the spec above.

verry thnx

krydea, You're welcome.

For those who revisit this page, note that the program above is not fit for debug mode. If you need the fix that allows the debug build to do what it's intended to do, contact me at alexcohn AT netvision DOT net DOT il (no spam, pleeese).