How to change the exe file by itself?
Hi firefly2k.
I think it's only one way to make "selfpatching" executable in ring3 - changing content of physical sectors on your HDD :)
It's easyest way (if you don't like Kernel Mode Drivers ;)
Regards...
I think it's only one way to make "selfpatching" executable in ring3 - changing content of physical sectors on your HDD :)
It's easyest way (if you don't like Kernel Mode Drivers ;)
Regards...
firefly2k, the only really reliable method is to put a copy of your exe in %TEMP%, call this exe with special parameters, close your main exe, have the copy patch the mainexe, then terminate, call the mainexe again with other special parameters that delete the temp-exe.
There are various other methods like unmapping your file or injecting code into other processes, but these methods aren't reliable.
There are various other methods like unmapping your file or injecting code into other processes, but these methods aren't reliable.
f0dder, would you like introduce unmapping your file or injecting code into other processes?
Thanks.
Thanks.
f0dder, would you like introduce unmapping your file or injecting code into other processes?
Thanks.
Injection is a rather taboo subject on these forums for their obvious connection to malicious code development. Ask around on IRC or other forums please.
firefly2k, it's rather useless - the unmapping trick doesn't work on all windows versions, and the code injection way of doing things is pretty dirty. And add SpooK's words ontop of that :)
Thanks everyone.