Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 245
  • Last Modified:

Application write to self(Self modifying) - Possible?

OK, a while back I wrote a class out of boredom as a lightweight file stream from scratch. I then sprouted from that creating a self archive like class that would read and write data to itself. I never tested it.

Now I came to a project today that would use something like that and remember I already made it. I set up a demo to actually test it and find out that it can only open a read handle from CreateFile() not a writing one. I could make it so that it creates a copy of the executable on the fly and modifies that one then launches it, but that seems messy. Is it possible to write to the end of an executable as it's running?
0
ThievingSix
Asked:
ThievingSix
  • 6
  • 4
1 Solution
 
Geert GruwezOracle dbaCommented:
in short, no
0
 
Geert GruwezOracle dbaCommented:
0
 
ThievingSixAuthor Commented:
Well, this is what I thought at first when researching the subject. I was sure I needed to use a workaround.

The thing is, a program I use constantly called OllyDbg, a debugger, does the exact thing I'm trying to do. I can open an EXE in the debugger, modify the data(in this case editing the address space of the executable) then save it while it's still running. Now I'm wondering if anyone knows if this is a trick of some sort, or if there is more to it.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Geert GruwezOracle dbaCommented:
editing in memory ?
from OllyDbg site:
  Examines and modifies memory, sets breakpoints and pauses program on-the-fly
Does it actually modify the file on disk ?

saving the changes to a temp location
after the exe shuts down
write from the temp to the exe
0
 
Geert GruwezOracle dbaCommented:
you could rename the exe when running, copy it to the old name
save changes to the new file
when it restarts you have the changes in the new exe
0
 
ThievingSixAuthor Commented:
Well I just did a test to where I edited an executable while it was running, saved it, and killed ollydbg. The original.exe kept the changes. And the program that was running WAS the original.
0
 
Geert GruwezOracle dbaCommented:
after you save the changes with OllyDbg you could see which file is actually still running with procexp.exe
from http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

0
 
ThievingSixAuthor Commented:
I did use procexp. It was the same file. It was never terminated(Used Ollydbg to debug Ollydbg to debug a test application).
0
 
Geert GruwezOracle dbaCommented:
beats me how he does it :)
maybe you could ask him for the source code to see how ...
0
 
ThievingSixAuthor Commented:
Well I went ahead and did just that. Although it struck me that with some users not being able to modify the Program Files directory I'll have to go a different route anyway, so I'll accept the "no" answer since that's what it is.

If I get a reply from Ollydbg's creator I'll paste here how it's done.

Thanks for the quick reply though.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now