PDA

View Full Version : Self modifying exe



VeryFirstSMP
05-13-03, 02:00 AM
Anyone have or know of any information relating to self modifying executables.

For example, imagine you have an exe which prints a number to the console. You need the exe to keep a count of the number of times it has run (this is the number it prints).

I've tried a few things, but all have hopelessly failed.

Anyone got any ideas? Im wanting to do this in C, but any information would assist.

XWRed1
05-13-03, 02:25 AM
A self modifying executable would probably need to be written in assembly. Thats where you can grab the instruction pointer and point it somewhere else or use it to replace instructions in your code segment. OS permitting, that is.

In C I don't think you can do that.

Krieger
05-13-03, 02:33 AM
you could always write it to a file and read in the number from the file everytime it runs, just keep updating the file.

XWRed1
05-13-03, 11:21 AM
Yea. Maybe I didn't understand what you wanted. When most people say self modifying executable, they mean it modifies itself in memory as it runs. If you just want to keep persistent information then you write it out to a data file or something.

macklin01
05-13-03, 01:19 PM
Yeah, that sounds like the way to go. Could also read up on modifying the registry with your program. ;)

(Or run a system("attrib -r filename") after you write the file to make it hidden. ;) )

-- Paul

VeryFirstSMP
05-13-03, 11:23 PM
you could always write it to a file and read in the number from the file everytime it runs, just keep updating the file.

I realise that I could do this, but I am wanting to know how an executable can modify itself. I used this increasing number as an example. Plus, if that file goes missing, the exe no longer knows how many times it has been run!!!


When most people say self modifying executable, they mean it modifies itself in memory as it runs.

This is the type of thing I am after. However, information about updating other exes would also help. Anything related to the topic in general!


A self modifying executable would probably need to be written in assembly.

Thats OK. I assume inline assembly will work fine? Suppose it depends on what the hell I try to do ay!!!


Yeah, that sounds like the way to go.

What way exactly? Assembly?

macklin01
05-13-03, 11:47 PM
Actually, I was thinking file I/O. Sure, there's the risk of the user deleting it, but you can minimize that by hiding the file, making it read only, etc.

As for using assembly to modify the actual executable while it's in memory as it goes, hmm, I'm not really sure. Could it also be possible to just append some bits somewhere in the code and do file I/O on the executable itself as it runs?

Interesting question! -- Paul

XWRed1
05-14-03, 03:15 AM
Modifying the executable in memory for what you want is pointless. Once your app is done the modifications are lost.

If you want to modify the executable on disk, thats doable, you just have to understand the binary format of the executable for whatever OS you're using. Windows won't let you do anything to the file of an executable that is resident in memory, though.

Christoph
05-14-03, 03:45 AM
If you wanted the file to significantly change its functionality, the program would have to be able to write executable code to a copy of itself, then replace the original copy on the HDD with the modified one. Writing some sort of script would allow you to do this, since scripts are "directly" executable (there's no compilation from the user or the script's perspective).
Another way would be to have the program write its source code to a file, change it and recompile it on the fly. This would be complex, as you'd probably want to include a minimal compiler in the program to avoid external dependencies. Alternately, you could have the program write new funcfions for itself, compile them and tack them to the end of it. This would save you the from copying the entire source code, but it might be tricky getting everything to work together.

XWRed1
05-14-03, 01:30 PM
The program wouldn't have to have a compiler in it. It can just open itself as a file and change the spot with the counter and write it back out. Obviously you're going to need to understand the binary format for your OS, and probably spend time figuring out the binary of your executable is its compiled.

klingens
05-14-03, 10:47 PM
You canīt do that in MS Windows: windows locks files it executes, no writing possible (not even opening).
Linux doesnīt lock files it currently executes, so you could do it there.

Christoph
05-14-03, 10:55 PM
I think that some of the more sophisticated viruses do this sort of thing to make themselves harder to detect. If you're interested in how to implement something like this, viruses might be a good place to look.
If that's against the forum policy, look for examples of self-replicating code. I know that back in the day, computer nerds used to compete to see who could come up with the smallest self-replicating or source-replicating program.

BTW, if you were only interested in how to make a program that does something like change a counter, sorry for going off the deep end. :D

F4
05-15-03, 07:30 PM
Instead of actually creating something that changes it's own source code, why not write an interpreter, that executes a script that you could change on the fly?

Would that accomplish what you're after?

elekt
05-15-03, 08:59 PM
im thinkning registry setting? thats not very easy to get messed up add a avalue to your registry for it.