Solved

Attach Binary To A Running Executable

Posted on 2011-09-25
10
190 Views
Last Modified: 2012-05-12
Hello all.

I am working on an experimental project for a new concept and I'm wondering if someone could give suggestions for possible ways to add binary to the end of an executable that is running. I don't want to modify any binary, just add some at the end, ideally without damaging the executable that is running.

I am currently working in C#/.Net but if it's possible else where, I can move languages.
0
Comment
Question by:Dragonseer
10 Comments
 
LVL 37

Expert Comment

by:TommySzalapski
ID: 36597129
What do you mean by 'add binary to a running executable'? Do you just mean to add some data? You could do that with a .dat file. Or do you mean binary as in a binary file (which is also called an executable)?
0
 

Author Comment

by:Dragonseer
ID: 36597133
Yes, permanently add binary to a running executable, no secondary files.
0
 
LVL 37

Expert Comment

by:TommySzalapski
ID: 36597183
That didn't really answer my question. Are you trying to be able to upgrade a version of your program without having users need to close all running instances of the program?

There is no good way to change a running executable, but depending on what you want to accomplish there are several options. I list a few of them here: http:Q_27276974.html#a36441282
You just have to have one executable for each version.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:Dragonseer
ID: 36597196
No, none of those solutions work.

The idea is to attach some extra binary, an int for example to the end of my program. That's it. No versions, no text files. Nothing else. Just the single executable.

It is possible if viruses can attach their code to running programs, no? I am trying to create a program that is a single exe that contains its own data which can be changed rather than having to rely on secondary files.
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 50 total points
ID: 36597331
That's not a 'new' concept.  In the "old days" we used to do things like that in assembly language and C.  A little arithmetic error can trash your exe when you do that.  I'm not sure that .NET managed code will allow you to do that.  One post I saw said that 'exe's would be read only files.  Windows does a lot these days to prevent certain kinds of code.  It's do-able in the basic sense.  Whether you would be allowed to do it now is another question.
0
 
LVL 37

Assisted Solution

by:TommySzalapski
TommySzalapski earned 300 total points
ID: 36597438
No. In general, viruses attach their code to executables that are currently not running (or can be stopped) but are expected to run (or be restarted) sometime in the near future. The print spooler has been a common target since it can usually be stopped and restarted without the user noticing and runs with high permissions no matter who is logged on.

As I said earlier there is no good way to change a running executable in modern operating systems.
When you run an executable, much of the code is loaded into RAM and Windows will lock both the hard disk space where the exe is stored and the RAM which it is using so that no other programs can mess with it. You would have to get around this built in protection in order to do what you ask.

If you tell us why you even want to do this, it is likely that we can help come up with a suitable solution that does not involve hacking past Windows' memory protection structures. What are you trying to accomplish by adding these integers?
0
 

Author Comment

by:Dragonseer
ID: 36597628
I don't really have a good reason. I just want to see if it can be done. It would make for some interesting coding. I'd like to implement something like this in some AI concepts that I have. Like I said, its really just an experiment.

You say that the code is loaded into RAM. A program, using pointers can modify its own RAM can't it? (The point it to have my code modify its own binary).

And how does a virus attach its own code to something without damaging the file itself? I would imagine that an executable is generated in a very specific format and that changing anything with it would break the whole thing.
0
 
LVL 37

Assisted Solution

by:TommySzalapski
TommySzalapski earned 300 total points
ID: 36599719
A program, using pointers can modify its own RAM can't it?
A program can modify it's own RAM that it is using from declared variables but not from the codespace. The RAM where the code is loaded is different from the RAM where the variables are stored. You can do anything you want with your variables.

And how does a virus attach its own code to something without damaging the file itself?
You are correct that it would be very difficult to insert code into an executable. There's an easier way though.
The general idea is to build a wrapper. It creates a program that runs its virus code and then runs the original executable. So they basically embed the entire original exe into their own program and replace the exe file with that. So they don't really modify the original code at all. Much easier.
0
 
LVL 37

Assisted Solution

by:TommySzalapski
TommySzalapski earned 300 total points
ID: 36599732
The RAM where the code is loaded is locked by the operating system so even if you could point a pointer at it, it would throw an error if you tried to change it.

There are, of course, ways to get around this but they are very technical and complicated and generally involve running multiple operating systems on the same disk space.
0
 
LVL 86

Accepted Solution

by:
jkr earned 150 total points
ID: 36600349
A single integer will be difficult, but you can inject DLLs - see http://www.codeproject.com/KB/threads/completeinject.aspx ("A More Complete DLL Injection Solution Using CreateRemoteThread")
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question