We help IT Professionals succeed at work.

Creating an exe wrapper type application

sautrn2856
sautrn2856 asked
on
I need to write an application that will do the following.

1) take a program (.exe) as input

2) set some security stuff (e.g. trial mode, limits ect)

3) output the new protected exe


OR

at least try to explain how i can get a exe to wrap around anouther exe so that my new exe runs first, then exicutes the other exe (but the file is just one exe with all its original data, icon, etc etc)

Simular software exists as license protection utilitys
from MANY companys including software titles such as

Armadillo
ProtectIt
Sentinel Systems
ect ect

Thank You in advance
Comment
Watch Question

Commented:
There are many ways but one thing I've done in the past is to store program "B" as a binary resource in program "A".  When "A" starts, it extracts the resource, processes it however (i.e. decrypts, logs, validates, whatever...) then then runs it.

Author

Commented:
That sounds fine, but how do i get an application to load and run a program from within itsaself as a binary resource?

And could i use this method to write my own Copy Protection utility that will load compiled exes add the security and do just what you said?

Any details would be appriciated..thanx

Author

Commented:
And please bare in mind that program a is compiled as well as program b, so program a must load program b by the user at runtime (just like exsisting copyprotection software)

I guess i just need to know exactly how those security key (copy protection) and licensing programs work, how they add the protection to an unprotected compiled exe

THANK YOU
A very simple approach (I hope it's not too simple):
Use 3 .exes. Let's say A is the is the program to be protected. B acts as some kind of protection module. C copies B and A (in this order) into a single file. When you execute this file, it's actually program B that's being started. It must now extract program A and execute it. C (actually B within C) can get it's own path with GetModuleFileName and 0 as module handle. To find A within the combined file C you might use a specified sequence as a distinctive mark for the beginning of the A file. File C would look like this:
 |File B|HiThisIsWhereFileABegins!|File A|
It would simply search for the string "HiThisIsWhereFileABegins!". Everything after this string is copied into a temporary exe and executed using ShellExecute or CreateProcess. The obvious disadvantage of this solution is that while file C is being executed, file A exists in its unprotected state. There are ways to avoid this but I guess, the binary-ressource-way to do it is more elegant. It would be nice if jhance could provide some more info on this.

Author

Commented:
Yes, what you are telling me is a ok method that i have been told of before, but like you said, the unprotected application exsists when running.

with ALL copyprotection software, the original unprotected program appears to grow in size when protected, and keeps ALL of its original resources (e.g. icons, data etc)

Any of the above methods would do providing that:

1) i can have an example of how to implement the code so i can see how app a can load app b from within itself

2) how binary resorces would work so the app can exsist as a binary resource like the original example given.

3) and please bare in mind that the copy protection software has to be able to add different levels of protection each time.

So for example, here is a scenario where i would use my product.

Lets say the product i want to create is called protector.exe

i load protector.exe, it asks for a program i want to create.

i chooses calc.exe  (a calculator), i choose as my protection a limit of 30 days.

Then the calc.exe is edited (SOME HOW..original question at this point) so it will no longer run after 30 days.

But i may choose to protect the next exe with 60 days, etc etc.

So i need SPECIFIC examples of how i can create an app that can do what i want!

I am willing to offer more points......PLEASE help me out

Thanx
Hi, I've tried to gather information on this topic. As far as I can see the most elegant and most sophistricated way to do it is writing a PE encryption tool.
The only source sample I found on this is UPX, an executable compressor.
http://wildsau.idv.uni-linz.ac.at/mfx/download/upx/upx-1.20-src.tar.gz
I was looking for some kind of tutorial but I was not very lucky, sorry. However, I did find a tutorial on virus programming. This may be a little surprising but if you think about it a virus does more or less what you want to do. If it was not a virus tutorial I'd call it good but since it is I'll just abstain from doing so ;)
http://www.geocities.com/Area51/Dimension/8145/docs/lj_pe02.zip
I hope you're not going to write a virus...
Finally some tutorials on the PE file format which are certainly of use for what you are going to try:
http://win32asm.rxsp.com/files/pe-tuts.zip
Again the source of the tutorials seems to be somewhat dubious but they're all I can offer now.
Another way to do it might be to use the simple method I suggested above with some modifications. I do not know if it works, though. Maybe if you encrypt each section of the executable but leave the headers as they are you can use CreateProcess to load it into memory in suspended state and decrypt it there before you continue executing it. I haven't been able to try this yet.
Finally an absolutely minimalistic "solution". I'm afraid it won't be of use to you since you want do wrap existing exes but in case you have the sources it might be ok. It seems to be possible to save functions to files, load them and execute them as long as they don't contain any calls. This limits their abilities to some basic calculations like + - * and / but maybe you can use it:
#include "windows.h"
#include "stdio.h"
#include "conio.h"
#include "io.h"
#include "fcntl.h"
#include "sys/stat.h"

int f(long x)
{
return x * 4;
}

void main()
{    
#define FUNC_SIZE 64 //I found this value by trying.
                     //Don't know how else you can get
                     //the size of a function. It might
                     //vary on other compilers.
     
void *p = malloc(FUNC_SIZE);
memcpy(p, (void*)f, FUNC_SIZE); //copy function to buffer
     
int (*(pF))(long); //declaration of a pointer to a function

long *dummy = (long*)&pF;
*dummy = (long)p;  //here we make our function pointer  
                   //point to the buffer
printf("%d\n", pF(12)); //test

int file = open("C:\\proc.dat", O_BINARY|O_CREAT|O_RDWR, _S_IREAD | _S_IWRITE); //saving the function to a file
write(file, p, FUNC_SIZE);  
close(file);    
}

This saves a function to disk. To load and execute it you might use something like:
int file = open("C:\\proc.dat", O_RDONLY|O_BINARY);
char buffer[2048];
read(file, buffer, 2048);
close(file);
int (*(pF))(long);
long *dummy = (long*)&pF;
*dummy = (long)buffer;
printf("%d\n", pF(50));

Explore More ContentExplore courses, solutions, and other research materials related to this topic.