Solved

Attach Binary To A Running Executable

Posted on 2011-09-25
10
187 Views
Last Modified: 2012-05-12
Hello all.

I am working on an experimental project for a new concept and I'm wondering if someone could give suggestions for possible ways to add binary to the end of an executable that is running. I don't want to modify any binary, just add some at the end, ideally without damaging the executable that is running.

I am currently working in C#/.Net but if it's possible else where, I can move languages.
0
Comment
Question by:Dragonseer
10 Comments
 
LVL 37

Expert Comment

by:TommySzalapski
ID: 36597129
What do you mean by 'add binary to a running executable'? Do you just mean to add some data? You could do that with a .dat file. Or do you mean binary as in a binary file (which is also called an executable)?
0
 

Author Comment

by:Dragonseer
ID: 36597133
Yes, permanently add binary to a running executable, no secondary files.
0
 
LVL 37

Expert Comment

by:TommySzalapski
ID: 36597183
That didn't really answer my question. Are you trying to be able to upgrade a version of your program without having users need to close all running instances of the program?

There is no good way to change a running executable, but depending on what you want to accomplish there are several options. I list a few of them here: http:Q_27276974.html#a36441282
You just have to have one executable for each version.
0
 

Author Comment

by:Dragonseer
ID: 36597196
No, none of those solutions work.

The idea is to attach some extra binary, an int for example to the end of my program. That's it. No versions, no text files. Nothing else. Just the single executable.

It is possible if viruses can attach their code to running programs, no? I am trying to create a program that is a single exe that contains its own data which can be changed rather than having to rely on secondary files.
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 50 total points
ID: 36597331
That's not a 'new' concept.  In the "old days" we used to do things like that in assembly language and C.  A little arithmetic error can trash your exe when you do that.  I'm not sure that .NET managed code will allow you to do that.  One post I saw said that 'exe's would be read only files.  Windows does a lot these days to prevent certain kinds of code.  It's do-able in the basic sense.  Whether you would be allowed to do it now is another question.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 37

Assisted Solution

by:TommySzalapski
TommySzalapski earned 300 total points
ID: 36597438
No. In general, viruses attach their code to executables that are currently not running (or can be stopped) but are expected to run (or be restarted) sometime in the near future. The print spooler has been a common target since it can usually be stopped and restarted without the user noticing and runs with high permissions no matter who is logged on.

As I said earlier there is no good way to change a running executable in modern operating systems.
When you run an executable, much of the code is loaded into RAM and Windows will lock both the hard disk space where the exe is stored and the RAM which it is using so that no other programs can mess with it. You would have to get around this built in protection in order to do what you ask.

If you tell us why you even want to do this, it is likely that we can help come up with a suitable solution that does not involve hacking past Windows' memory protection structures. What are you trying to accomplish by adding these integers?
0
 

Author Comment

by:Dragonseer
ID: 36597628
I don't really have a good reason. I just want to see if it can be done. It would make for some interesting coding. I'd like to implement something like this in some AI concepts that I have. Like I said, its really just an experiment.

You say that the code is loaded into RAM. A program, using pointers can modify its own RAM can't it? (The point it to have my code modify its own binary).

And how does a virus attach its own code to something without damaging the file itself? I would imagine that an executable is generated in a very specific format and that changing anything with it would break the whole thing.
0
 
LVL 37

Assisted Solution

by:TommySzalapski
TommySzalapski earned 300 total points
ID: 36599719
A program, using pointers can modify its own RAM can't it?
A program can modify it's own RAM that it is using from declared variables but not from the codespace. The RAM where the code is loaded is different from the RAM where the variables are stored. You can do anything you want with your variables.

And how does a virus attach its own code to something without damaging the file itself?
You are correct that it would be very difficult to insert code into an executable. There's an easier way though.
The general idea is to build a wrapper. It creates a program that runs its virus code and then runs the original executable. So they basically embed the entire original exe into their own program and replace the exe file with that. So they don't really modify the original code at all. Much easier.
0
 
LVL 37

Assisted Solution

by:TommySzalapski
TommySzalapski earned 300 total points
ID: 36599732
The RAM where the code is loaded is locked by the operating system so even if you could point a pointer at it, it would throw an error if you tried to change it.

There are, of course, ways to get around this but they are very technical and complicated and generally involve running multiple operating systems on the same disk space.
0
 
LVL 86

Accepted Solution

by:
jkr earned 150 total points
ID: 36600349
A single integer will be difficult, but you can inject DLLs - see http://www.codeproject.com/KB/threads/completeinject.aspx ("A More Complete DLL Injection Solution Using CreateRemoteThread")
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
topping3 challenge 14 49
.NET Error 7 42
silent install of security banner via msiexec command 4 48
Path to Python 9 39
This is about my first experience with programming Arduino.
Whether you’re a college noob or a soon-to-be pro, these tips are sure to help you in your journey to becoming a programming ninja and stand out from the crowd.
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now