How to change the exe file by itself?
Posted on 2006-01-11 02:52:54 by firefly2k
Hi firefly2k.

I think it's only one way to make "selfpatching" executable in ring3 - changing content of physical sectors on your HDD :)
It's easyest way (if you don't like Kernel Mode Drivers ;)

Regards...
Posted on 2006-01-11 04:48:40 by Bohdan
firefly2k, the only really reliable method is to put a copy of your exe in %TEMP%, call this exe with special parameters, close your main exe, have the copy patch the mainexe, then terminate, call the mainexe again with other special parameters that delete the temp-exe.

There are various other methods like unmapping your file or injecting code into other processes, but these methods aren't reliable.
Posted on 2006-01-11 05:58:23 by f0dder
f0dder, would you like introduce unmapping your file or injecting code into other processes?
Thanks.
Posted on 2006-01-11 21:48:23 by firefly2k

f0dder, would you like introduce unmapping your file or injecting code into other processes?
Thanks.


Injection is a rather taboo subject on these forums for their obvious connection to malicious code development. Ask around on IRC or other forums please.
Posted on 2006-01-11 22:35:32 by SpooK
firefly2k, it's rather useless - the unmapping trick doesn't work on all windows versions, and the code injection way of doing things is pretty dirty. And add SpooK's words ontop of that :)
Posted on 2006-01-12 07:35:19 by f0dder
Thanks everyone.
Posted on 2006-01-13 21:53:10 by firefly2k