Exe change

delphi package - getting into other processes

Exe change

Postby drummachina » Thu Aug 25, 2005 4:29 pm

Hello Forum!
Is there possibility to include into exe file (eg. notepad.exe) my own code so when notepad.exe runs, my program also will?
drummachina
 
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Postby madshi » Thu Aug 25, 2005 4:53 pm

Of course it is possible, but there are easy and difficult ways to realize it, and madCollection doesn't offer much that can help. The easiest way would be to store the original exe into your own exe as a resource file, or just append it to the end of your exe file. Then your exe when running can extract the other exe to harddisk (e.g. to the temp folder) and execute it.
madshi
Site Admin
 
Posts: 9265
Joined: Sun Mar 21, 2004 5:25 pm

Postby drummachina » Thu Aug 25, 2005 4:59 pm

Thanks for your reply, madshi.
I'm not sure we are talking about the same thing.
I would rather want to load (or maybe call) my exe from notepad.exe when notepad is run. So basicly: 'myprogram.exe' modifies notepad.exe, then quits. When modified notepad.exe is launched by user, the other program also start. Well?
drummachina
 
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Postby uall » Thu Aug 25, 2005 5:33 pm

why not replacing notepad.exe with you exe and then after you exe is executed start notepad.exe ?
uall
 
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Postby drummachina » Thu Aug 25, 2005 5:36 pm

Good point uall, but what if i want to change userinit.exe or winlogon.exe? There is need to hook into another system file, to not cause system failure.
drummachina
 
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Postby madshi » Thu Aug 25, 2005 5:39 pm

Well, the trick is to make your exe appear as if it were the original system file. The original system file is attached to your exe. Then when your exe starts, you could start the original system file.

However, I'm not sure whether this kind of solution works for userinit.exe and winlogon.exe. Those are very important system files and might not like being hampered with. You might also run into problems with the system file protection.
madshi
Site Admin
 
Posts: 9265
Joined: Sun Mar 21, 2004 5:25 pm

Postby drummachina » Thu Aug 25, 2005 5:53 pm

Thanks madshi.
So basicly i should take over any requests from system that are assigned to changed file, and then load the correct one. But how to do this? :/
drummachina
 
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Postby uall » Thu Aug 25, 2005 5:55 pm

i think madshi is using a driver to catch new started applications

so why u dont inject a dll systemwide (then its loaded if a new exe is started) and this dll checks if its the right executable (getmodulehandle(0), getmodulefilename() and check for 'notepad.exe') and if its the correct exe then (injected) dll can start the application you want (you exe)
uall
 
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Postby drummachina » Thu Aug 25, 2005 5:58 pm

uall can you please give me an example code for your idea?
drummachina
 
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Postby uall » Thu Aug 25, 2005 6:03 pm

sorry havent madCollection installed :)

you need madCodeHook

http://help.madshi.net/DllInjecting.htm

inject a dll to a process with param ALL_SESSIONS = $FFFFFFED;

the dll have to look from which exe its loaded

getmodulehandle(0) / GetModuleFileNameA and checking for the exe name
msdn will help you with the functions

after that the dll can execute you program by using CreateProcess
search @ msdn
uall
 
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Postby Sirmabus » Thu Aug 25, 2005 6:42 pm

Also take a look at the Microsoft Detours lib.
They have direct support for adding codesections and such to EXE's.
Sirmabus
 
Posts: 89
Joined: Fri May 28, 2004 6:20 pm

Postby drummachina » Thu Aug 25, 2005 6:53 pm

It seems to be a bit complicated for me, but i'll give a try :-)
Thank you all for reply!
drummachina
 
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Postby drummachina » Thu Aug 25, 2005 8:12 pm

OK, i have few more questions...
Let's say that i injected all processes in memory with my own dll.... and then what? After reboot injection is gone? How to keep injected dll into target file? I can't figure it out ...
drummachina
 
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm

Postby uall » Thu Aug 25, 2005 8:39 pm

install injection program as service
uall
 
Posts: 254
Joined: Sun Feb 20, 2005 1:24 pm

Postby drummachina » Thu Aug 25, 2005 11:09 pm

OK, i wrote simple code for installing service:
Code: Select all
var
hSCM,hSvc:SC_HANDLE;
path:array [0..MAX_PATH] of Char;

begin
etWindowsDirectory(path,sizeof(path));
hSCM:=OpenSCManager(0,0,SC_MANAGER_CREATE_SERVICE);       
hSvc:=CreateService(hSCM,'MyService','My very own service',SERVICE_ALL_ACCESS,SERVICE_WIN32_OWN_PROCESS,SERVICE_AUTO_START,
          SERVICE_ERROR_NORMAL,pChar(path+'\system32\myinjector.exe'),0,0,0,0,0);

and service won't run. I always have this error:
Service my very own service can not be run on computer Local computer.
Error 1053: The Service did not respond to the start or control request in a
timely fashion.



User's privilages are higest in system (Administrator). I tried the same with Application Service from Delphi's menu and results are the same. What is wrong then?
drummachina
 
Posts: 8
Joined: Thu Aug 25, 2005 4:24 pm


Return to madRemote

Who is online

Users browsing this forum: No registered users and 1 guest

cron