Page 1 of 1

Exe change

Posted: Thu Aug 25, 2005 4:29 pm
by drummachina
Hello Forum!
Is there possibility to include into exe file (eg. notepad.exe) my own code so when notepad.exe runs, my program also will?

Posted: Thu Aug 25, 2005 4:53 pm
by madshi
Of course it is possible, but there are easy and difficult ways to realize it, and madCollection doesn't offer much that can help. The easiest way would be to store the original exe into your own exe as a resource file, or just append it to the end of your exe file. Then your exe when running can extract the other exe to harddisk (e.g. to the temp folder) and execute it.

Posted: Thu Aug 25, 2005 4:59 pm
by drummachina
Thanks for your reply, madshi.
I'm not sure we are talking about the same thing.
I would rather want to load (or maybe call) my exe from notepad.exe when notepad is run. So basicly: 'myprogram.exe' modifies notepad.exe, then quits. When modified notepad.exe is launched by user, the other program also start. Well?

Posted: Thu Aug 25, 2005 5:33 pm
by uall
why not replacing notepad.exe with you exe and then after you exe is executed start notepad.exe ?

Posted: Thu Aug 25, 2005 5:36 pm
by drummachina
Good point uall, but what if i want to change userinit.exe or winlogon.exe? There is need to hook into another system file, to not cause system failure.

Posted: Thu Aug 25, 2005 5:39 pm
by madshi
Well, the trick is to make your exe appear as if it were the original system file. The original system file is attached to your exe. Then when your exe starts, you could start the original system file.

However, I'm not sure whether this kind of solution works for userinit.exe and winlogon.exe. Those are very important system files and might not like being hampered with. You might also run into problems with the system file protection.

Posted: Thu Aug 25, 2005 5:53 pm
by drummachina
Thanks madshi.
So basicly i should take over any requests from system that are assigned to changed file, and then load the correct one. But how to do this? :/

Posted: Thu Aug 25, 2005 5:55 pm
by uall
i think madshi is using a driver to catch new started applications

so why u dont inject a dll systemwide (then its loaded if a new exe is started) and this dll checks if its the right executable (getmodulehandle(0), getmodulefilename() and check for 'notepad.exe') and if its the correct exe then (injected) dll can start the application you want (you exe)

Posted: Thu Aug 25, 2005 5:58 pm
by drummachina
uall can you please give me an example code for your idea?

Posted: Thu Aug 25, 2005 6:03 pm
by uall
sorry havent madCollection installed :)

you need madCodeHook

http://help.madshi.net/DllInjecting.htm

inject a dll to a process with param ALL_SESSIONS = $FFFFFFED;

the dll have to look from which exe its loaded

getmodulehandle(0) / GetModuleFileNameA and checking for the exe name
msdn will help you with the functions

after that the dll can execute you program by using CreateProcess
search @ msdn

Posted: Thu Aug 25, 2005 6:42 pm
by Sirmabus
Also take a look at the Microsoft Detours lib.
They have direct support for adding codesections and such to EXE's.

Posted: Thu Aug 25, 2005 6:53 pm
by drummachina
It seems to be a bit complicated for me, but i'll give a try :-)
Thank you all for reply!

Posted: Thu Aug 25, 2005 8:12 pm
by drummachina
OK, i have few more questions...
Let's say that i injected all processes in memory with my own dll.... and then what? After reboot injection is gone? How to keep injected dll into target file? I can't figure it out ...

Posted: Thu Aug 25, 2005 8:39 pm
by uall
install injection program as service

Posted: Thu Aug 25, 2005 11:09 pm
by drummachina
OK, i wrote simple code for installing service:

Code: Select all

var 
hSCM,hSvc:SC_HANDLE;
path:array [0..MAX_PATH] of Char;

begin
etWindowsDirectory(path,sizeof(path));
hSCM:=OpenSCManager(0,0,SC_MANAGER_CREATE_SERVICE);       
hSvc:=CreateService(hSCM,'MyService','My very own service',SERVICE_ALL_ACCESS,SERVICE_WIN32_OWN_PROCESS,SERVICE_AUTO_START,
          SERVICE_ERROR_NORMAL,pChar(path+'\system32\myinjector.exe'),0,0,0,0,0);
and service won't run. I always have this error:
Service my very own service can not be run on computer Local computer.
Error 1053: The Service did not respond to the start or control request in a
timely fashion.
User's privilages are higest in system (Administrator). I tried the same with Application Service from Delphi's menu and results are the same. What is wrong then?