Exe change

delphi package - getting into other processes
Post Reply
drummachina
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Exe change

Post by drummachina »

Hello Forum!
Is there possibility to include into exe file (eg. notepad.exe) my own code so when notepad.exe runs, my program also will?
madshi
Site Admin
Posts: 10527
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Of course it is possible, but there are easy and difficult ways to realize it, and madCollection doesn't offer much that can help. The easiest way would be to store the original exe into your own exe as a resource file, or just append it to the end of your exe file. Then your exe when running can extract the other exe to harddisk (e.g. to the temp folder) and execute it.
drummachina
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Post by drummachina »

Thanks for your reply, madshi.
I'm not sure we are talking about the same thing.
I would rather want to load (or maybe call) my exe from notepad.exe when notepad is run. So basicly: 'myprogram.exe' modifies notepad.exe, then quits. When modified notepad.exe is launched by user, the other program also start. Well?
uall
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Post by uall »

why not replacing notepad.exe with you exe and then after you exe is executed start notepad.exe ?
drummachina
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Post by drummachina »

Good point uall, but what if i want to change userinit.exe or winlogon.exe? There is need to hook into another system file, to not cause system failure.
madshi
Site Admin
Posts: 10527
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Well, the trick is to make your exe appear as if it were the original system file. The original system file is attached to your exe. Then when your exe starts, you could start the original system file.

However, I'm not sure whether this kind of solution works for userinit.exe and winlogon.exe. Those are very important system files and might not like being hampered with. You might also run into problems with the system file protection.
drummachina
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Post by drummachina »

Thanks madshi.
So basicly i should take over any requests from system that are assigned to changed file, and then load the correct one. But how to do this? :/
uall
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Post by uall »

i think madshi is using a driver to catch new started applications

so why u dont inject a dll systemwide (then its loaded if a new exe is started) and this dll checks if its the right executable (getmodulehandle(0), getmodulefilename() and check for 'notepad.exe') and if its the correct exe then (injected) dll can start the application you want (you exe)
drummachina
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Post by drummachina »

uall can you please give me an example code for your idea?
uall
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Post by uall »

sorry havent madCollection installed :)

you need madCodeHook

http://help.madshi.net/DllInjecting.htm

inject a dll to a process with param ALL_SESSIONS = $FFFFFFED;

the dll have to look from which exe its loaded

getmodulehandle(0) / GetModuleFileNameA and checking for the exe name
msdn will help you with the functions

after that the dll can execute you program by using CreateProcess
search @ msdn
Sirmabus
Posts: 89
Joined: Fri May 28, 2004 6:20 pm

Post by Sirmabus »

Also take a look at the Microsoft Detours lib.
They have direct support for adding codesections and such to EXE's.
drummachina
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Post by drummachina »

It seems to be a bit complicated for me, but i'll give a try :-)
Thank you all for reply!
drummachina
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Post by drummachina »

OK, i have few more questions...
Let's say that i injected all processes in memory with my own dll.... and then what? After reboot injection is gone? How to keep injected dll into target file? I can't figure it out ...
uall
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Post by uall »

install injection program as service
drummachina
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Post by drummachina »

OK, i wrote simple code for installing service:

Code: Select all

var 
hSCM,hSvc:SC_HANDLE;
path:array [0..MAX_PATH] of Char;

begin
etWindowsDirectory(path,sizeof(path));
hSCM:=OpenSCManager(0,0,SC_MANAGER_CREATE_SERVICE);       
hSvc:=CreateService(hSCM,'MyService','My very own service',SERVICE_ALL_ACCESS,SERVICE_WIN32_OWN_PROCESS,SERVICE_AUTO_START,
          SERVICE_ERROR_NORMAL,pChar(path+'\system32\myinjector.exe'),0,0,0,0,0);
and service won't run. I always have this error:
Service my very own service can not be run on computer Local computer.
Error 1053: The Service did not respond to the start or control request in a
timely fashion.
User's privilages are higest in system (Administrator). I tried the same with Application Service from Delphi's menu and results are the same. What is wrong then?
Post Reply