?
Solved

Attach Binary To A Running Executable

Posted on 2011-09-25
10
Medium Priority
?
203 Views
Last Modified: 2012-05-12
Hello all.

I am working on an experimental project for a new concept and I'm wondering if someone could give suggestions for possible ways to add binary to the end of an executable that is running. I don't want to modify any binary, just add some at the end, ideally without damaging the executable that is running.

I am currently working in C#/.Net but if it's possible else where, I can move languages.
0
Comment
Question by:Dragonseer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 37

Expert Comment

by:TommySzalapski
ID: 36597129
What do you mean by 'add binary to a running executable'? Do you just mean to add some data? You could do that with a .dat file. Or do you mean binary as in a binary file (which is also called an executable)?
0
 

Author Comment

by:Dragonseer
ID: 36597133
Yes, permanently add binary to a running executable, no secondary files.
0
 
LVL 37

Expert Comment

by:TommySzalapski
ID: 36597183
That didn't really answer my question. Are you trying to be able to upgrade a version of your program without having users need to close all running instances of the program?

There is no good way to change a running executable, but depending on what you want to accomplish there are several options. I list a few of them here: http:Q_27276974.html#a36441282
You just have to have one executable for each version.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:Dragonseer
ID: 36597196
No, none of those solutions work.

The idea is to attach some extra binary, an int for example to the end of my program. That's it. No versions, no text files. Nothing else. Just the single executable.

It is possible if viruses can attach their code to running programs, no? I am trying to create a program that is a single exe that contains its own data which can be changed rather than having to rely on secondary files.
0
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 200 total points
ID: 36597331
That's not a 'new' concept.  In the "old days" we used to do things like that in assembly language and C.  A little arithmetic error can trash your exe when you do that.  I'm not sure that .NET managed code will allow you to do that.  One post I saw said that 'exe's would be read only files.  Windows does a lot these days to prevent certain kinds of code.  It's do-able in the basic sense.  Whether you would be allowed to do it now is another question.
0
 
LVL 37

Assisted Solution

by:TommySzalapski
TommySzalapski earned 1200 total points
ID: 36597438
No. In general, viruses attach their code to executables that are currently not running (or can be stopped) but are expected to run (or be restarted) sometime in the near future. The print spooler has been a common target since it can usually be stopped and restarted without the user noticing and runs with high permissions no matter who is logged on.

As I said earlier there is no good way to change a running executable in modern operating systems.
When you run an executable, much of the code is loaded into RAM and Windows will lock both the hard disk space where the exe is stored and the RAM which it is using so that no other programs can mess with it. You would have to get around this built in protection in order to do what you ask.

If you tell us why you even want to do this, it is likely that we can help come up with a suitable solution that does not involve hacking past Windows' memory protection structures. What are you trying to accomplish by adding these integers?
0
 

Author Comment

by:Dragonseer
ID: 36597628
I don't really have a good reason. I just want to see if it can be done. It would make for some interesting coding. I'd like to implement something like this in some AI concepts that I have. Like I said, its really just an experiment.

You say that the code is loaded into RAM. A program, using pointers can modify its own RAM can't it? (The point it to have my code modify its own binary).

And how does a virus attach its own code to something without damaging the file itself? I would imagine that an executable is generated in a very specific format and that changing anything with it would break the whole thing.
0
 
LVL 37

Assisted Solution

by:TommySzalapski
TommySzalapski earned 1200 total points
ID: 36599719
A program, using pointers can modify its own RAM can't it?
A program can modify it's own RAM that it is using from declared variables but not from the codespace. The RAM where the code is loaded is different from the RAM where the variables are stored. You can do anything you want with your variables.

And how does a virus attach its own code to something without damaging the file itself?
You are correct that it would be very difficult to insert code into an executable. There's an easier way though.
The general idea is to build a wrapper. It creates a program that runs its virus code and then runs the original executable. So they basically embed the entire original exe into their own program and replace the exe file with that. So they don't really modify the original code at all. Much easier.
0
 
LVL 37

Assisted Solution

by:TommySzalapski
TommySzalapski earned 1200 total points
ID: 36599732
The RAM where the code is loaded is locked by the operating system so even if you could point a pointer at it, it would throw an error if you tried to change it.

There are, of course, ways to get around this but they are very technical and complicated and generally involve running multiple operating systems on the same disk space.
0
 
LVL 86

Accepted Solution

by:
jkr earned 600 total points
ID: 36600349
A single integer will be difficult, but you can inject DLLs - see http://www.codeproject.com/KB/threads/completeinject.aspx ("A More Complete DLL Injection Solution Using CreateRemoteThread")
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question