Application write to self(Self modifying) - Possible?
OK, a while back I wrote a class out of boredom as a lightweight file stream from scratch. I then sprouted from that creating a self archive like class that would read and write data to itself. I never tested it.
Now I came to a project today that would use something like that and remember I already made it. I set up a demo to actually test it and find out that it can only open a read handle from CreateFile() not a writing one. I could make it so that it creates a copy of the executable on the fly and modifies that one then launches it, but that seems messy. Is it possible to write to the end of an executable as it's running?
Now I came to a project today that would use something like that and remember I already made it. I set up a demo to actually test it and find out that it can only open a read handle from CreateFile() not a writing one. I could make it so that it creates a copy of the executable on the fly and modifies that one then launches it, but that seems messy. Is it possible to write to the end of an executable as it's running?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, this is what I thought at first when researching the subject. I was sure I needed to use a workaround.
The thing is, a program I use constantly called OllyDbg, a debugger, does the exact thing I'm trying to do. I can open an EXE in the debugger, modify the data(in this case editing the address space of the executable) then save it while it's still running. Now I'm wondering if anyone knows if this is a trick of some sort, or if there is more to it.
The thing is, a program I use constantly called OllyDbg, a debugger, does the exact thing I'm trying to do. I can open an EXE in the debugger, modify the data(in this case editing the address space of the executable) then save it while it's still running. Now I'm wondering if anyone knows if this is a trick of some sort, or if there is more to it.
editing in memory ?
from OllyDbg site:
Examines and modifies memory, sets breakpoints and pauses program on-the-fly
Does it actually modify the file on disk ?
saving the changes to a temp location
after the exe shuts down
write from the temp to the exe
from OllyDbg site:
Examines and modifies memory, sets breakpoints and pauses program on-the-fly
Does it actually modify the file on disk ?
saving the changes to a temp location
after the exe shuts down
write from the temp to the exe
you could rename the exe when running, copy it to the old name
save changes to the new file
when it restarts you have the changes in the new exe
save changes to the new file
when it restarts you have the changes in the new exe
ASKER
Well I just did a test to where I edited an executable while it was running, saved it, and killed ollydbg. The original.exe kept the changes. And the program that was running WAS the original.
after you save the changes with OllyDbg you could see which file is actually still running with procexp.exe
from http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
from http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
ASKER
I did use procexp. It was the same file. It was never terminated(Used Ollydbg to debug Ollydbg to debug a test application).
beats me how he does it :)
maybe you could ask him for the source code to see how ...
maybe you could ask him for the source code to see how ...
ASKER
Well I went ahead and did just that. Although it struck me that with some users not being able to modify the Program Files directory I'll have to go a different route anyway, so I'll accept the "no" answer since that's what it is.
If I get a reply from Ollydbg's creator I'll paste here how it's done.
Thanks for the quick reply though.
If I get a reply from Ollydbg's creator I'll paste here how it's done.
Thanks for the quick reply though.
https://www.experts-exchange.com/questions/10086867/Writing-data-in-EXE-files.html?anchorAnswerId=1342166#a1342166