Write data to EXE file
#1
How to attach data (sound, image, etc.) to EXE files has been shown here several times.
My only question is, can the actual program also write itself, or is that only possible with a separate program?

If a program is running, you can still open it for reading, but writing is denied.
So the system, with me Windows denied the write access when a program is running.
Here's the question, is there a way to bypass the system lock?


Example program, even started as an administrator does not work. ( Regtest.bas )
Code: (Select All)
'====================Declarirung fr die Registrirung==========================================================================================
Declare Dynamic Library "kernel32"
FUNCTION GetVolumeInformationA& (lpRootPathName$, lpVolumeNameBuffer$, BYVAL nVolumeNameSize~&, _
    lpVolumeSerialNumber~&, lpMaximumComponentLength~&, lpFileSystemFlags~&, lpFileSystemNameBuffer$, BYVAL nFileSystemNameSize&)
End Declare

Declare Library: Function GetDriveType& (d$): End Declare
Dim Shared DriveType As String, SERIALFOUND As String
Dim As _Float Regist
Dim As _Float FileSize
'========================Ende der Registrirung=================================================================================================

MyAppName$ = Mid$(Command$(0), _InStrRev(Command$(0), "\") + 1)
'If MyAppName$ <> "Register-3.exe" Then System

'Open ".\Register-3.exe" For Input As #1
'FileSize = LOF(1)
'Close #1
'If FileSize = 592187 Then Else System






'===========================Code fr die Registrirung==========================================================================================
Test% = 0
SERIALSSHOW:
For q = 1 To 26: X = GetFileInfo(q): 'If SERIALFOUND <> "!!!-!!!" Then Print " "; Chr$(64 + q) + ":    "; SERIALFOUND
    If SERIALFOUND <> "!!!-!!!" And Test% = 0 Then
        Temp$ = SERIALFOUND
        Test% = 1
    End If

Next q
'Print Temp$


'file$ = _OpenFileDialog$("Datei Öffnen", "", "*.EXE", "Programdatei", 0)
file$ = ".\Regtest.exe"
Open file$ For Binary As #1
FileSize = LOF(1)
t$ = "NR"
check$ = "  "
Color 3, 5
'Print FileSize

Get #1, FileSize - 1, check$
'check$ = _MK$(_Float, Regist)
'check$ = Left$(check$, 3)
'check$ = Right$(check$, 2)

'Print check1$

'Print check$
Regist = 0




Select Case UCase$(check$)
    Case "VC" 'verified copy.  All is good
        Get #1, FileSize - 10, Regist
        String1$ = _MK$(_Float, Regist)
        String1$ = Left$(String1$, 9)

        'Print String1$
        'Print Temp$
        If UCase$(String1$) = UCase$(Temp$) Then
            Print "You have a paid copy of this software.  All is good."
        Else
            Print " Illegaler Programm Aufruf !!!!!!!"
            _Delay 5
            Close #1
            System
        End If
    Case "NR" 'already has a timestamp, is a limited time test version.  Toss NAG Screen.

        Print "This is a trial version of the program."
        Registrierung$ = _InputBox$("Regtest Registrierung", "Geben sie bitte den Registrierungs Code ein:", "Demo")
        If Registrierung$ = Chr$(36) + Chr$(82) + Chr$(101) + Chr$(103) + Chr$(105) + Chr$(115) + Chr$(116) + Chr$(101) + Chr$(114) + Chr$(64) Then '$Register@

            Get #1, FileSize - 10, Regist
            String1$ = _MK$(_Float, Regist)
            Color 3, 6
            String1$ = Left$(String1$, 9)
            If UCase$(String1$) = UCase$(Temp$) Then
                Print "Programm wurde manipuliert"
            Else
                Print "Schreibe VC in Datei"
                Sleep 5
                Temp$ = Temp$ + "VC"
                Put #1, FileSize - 1, Temp$
                Print "Programm wurde Registriert "
                _NotifyPopup "Regtest", "Ihre Registrierung war Erfolgreich", "info" ' "info" , "warning" oder "error"
                Close #1
                _Delay .5
                'Open file$ For Binary As #1
                'FileSize = LOF(1)
                'Get #1, FileSize - 10, Regist
                'String1$ = _MK$(_Float, Regist)
                'Color 3, 6
                'String1$ = Left$(String1$, 9)
                'Print "RegTest " + String1$

                Sleep
                Close #1
            End If
        Else
            Print " Ihr Code ist Falsch "
            _NotifyPopup "Regtest", "Ihre Registrierung ist Fehlgeschlagen", "warning"
        End If

    Case Else 'first run.
        Print "Illegal copy of software!  Terminating Now!"
        Print " Schreibe NR in Datei"
        Sleep 5
        'Print check$
        Put #1, FileSize + 1, t$
        'Print t$
        Sleep
        Close #1
        End
End Select
Close #1

'=======================================Code ende Registrirung ====================================================================


'==================================Funtionen fr die Registrirung =================================================
Function GetFileInfo (D)
    SERIALFOUND = "!!!-!!!":
    If DRIVEEXISTS(D) <> 1 Then GetFileInfo = 0: Exit Function
    Dname$ = Chr$(D + 64) + ":\": Sname$ = Space$(260)
    R = GetVolumeInformationA(Dname$ + Chr$(0), Vname$, 260, serial~&, empty1~&, empty2~&, Sname$, 260)
    If R = 0 Then Exit Function
    Sname$ = Left$(Hex$(serial~&), 4) + "-" + Right$(Hex$(serial~&), 4)
    SERIALFOUND = "" + Sname$ + ""
    GetFileInfo = -1
End Function
'---
Function DRIVEEXISTS (V)
    DRIVEEXISTS = 0: varX$ = Chr$(V + 64) + ":\" + Chr$(0): VarX = GetDriveType(varX$): If VarX > 1 Then DRIVEEXISTS = 1
End Function
'===========================================Ende der Registrirung==========================
Reply
#2
A running EXE tends to lock itself from external changes.  You can read from it, or copy from it, but once it's running, you can't just alter it.  The only way you'd be able to do something like you're talking about would be to copy the EXE to a back-up file, write to that back-up EXE, then write a quick script for DOS to execute after you close the EXE (usually a SHELL _DONTWAIT "batch.bat" followed immediately with a SYSTEM will work just fine) which will delete the old EXE, rename the new backup EXE to the old name, and then restart with the changed EXE (if a restart is needed and you're doing the update when the program closes anyway).
Reply
#3
(05-14-2023, 05:41 PM)SMcNeill Wrote: A running EXE tends to lock itself from external changes.  You can read from it, or copy from it, but once it's running, you can't just alter it.  The only way you'd be able to do something like you're talking about would be to copy the EXE to a back-up file, write to that back-up EXE, then write a quick script for DOS to execute after you close the EXE (usually a SHELL _DONTWAIT "batch.bat" followed immediately with a SYSTEM will work just fine) which will delete the old EXE, rename the new backup EXE to the old name, and then restart with the changed EXE (if a restart is needed and you're doing the update when the program closes anyway).

Thank you for your quick response.
I was hoping that there would be another way, but that's the way it works.

Here is the revised example (Regtest2.bas)


Code: (Select All)
'====================Declarirung fr die Registrirung==========================================================================================
Declare Dynamic Library "kernel32"
FUNCTION GetVolumeInformationA& (lpRootPathName$, lpVolumeNameBuffer$, BYVAL nVolumeNameSize~&, _
    lpVolumeSerialNumber~&, lpMaximumComponentLength~&, lpFileSystemFlags~&, lpFileSystemNameBuffer$, BYVAL nFileSystemNameSize&)
End Declare

Declare Library: Function GetDriveType& (d$): End Declare
Dim Shared DriveType As String, SERIALFOUND As String
Dim As _Float Regist
Dim As _Float FileSize
'========================Ende der Registrirung=================================================================================================

MyAppName$ = Mid$(Command$(0), _InStrRev(Command$(0), "\") + 1)
'If MyAppName$ <> "Register-3.exe" Then System

'Open ".\Register-3.exe" For Input As #1
'FileSize = LOF(1)
'Close #1
'If FileSize = 592187 Then Else System






'===========================Code fr die Registrirung==========================================================================================
Test% = 0
SERIALSSHOW:
For q = 1 To 26: X = GetFileInfo(q): 'If SERIALFOUND <> "!!!-!!!" Then Print " "; Chr$(64 + q) + ":    "; SERIALFOUND
    If SERIALFOUND <> "!!!-!!!" And Test% = 0 Then
        Temp$ = SERIALFOUND
        Test% = 1
    End If

Next q
'Print Temp$


'file$ = _OpenFileDialog$("Datei Öffnen", "", "*.EXE", "Programdatei", 0)
file$ = ".\Regtest2.exe"
Open file$ For Binary As #1
FileSize = LOF(1)
t$ = "NR"
check$ = "  "
Color 3, 5
'Print FileSize

Get #1, FileSize - 1, check$
'check$ = _MK$(_Float, Regist)
'check$ = Left$(check$, 3)
'check$ = Right$(check$, 2)

'Print check1$

'Print check$
Regist = 0




Select Case UCase$(check$)
    Case "VC" 'verified copy.  All is good
        Get #1, FileSize - 10, Regist
        String1$ = _MK$(_Float, Regist)
        String1$ = Left$(String1$, 9)

        'Print String1$
        'Print Temp$
        If UCase$(String1$) = UCase$(Temp$) Then
            Print "You have a paid copy of this software.  All is good."
        Else
            Print " Illegaler Programm Aufruf !!!!!!!"
            _Delay 5
            Close #1
            System
        End If
    Case "NR" 'already has a timestamp, is a limited time test version.  Toss NAG Screen.

        Print "This is a trial version of the program."
        Registrierung$ = _InputBox$("Regtest Registrierung", "Geben sie bitte den Registrierungs Code ein:", "Demo")
        If Registrierung$ = Chr$(36) + Chr$(82) + Chr$(101) + Chr$(103) + Chr$(105) + Chr$(115) + Chr$(116) + Chr$(101) + Chr$(114) + Chr$(64) Then '$Register@

            Get #1, FileSize - 10, Regist
            String1$ = _MK$(_Float, Regist)
            Color 3, 6
            String1$ = Left$(String1$, 9)
            If UCase$(String1$) = UCase$(Temp$) Then
                Print "Programm wurde manipuliert"
            Else
                Print "Schreibe VC in Datei"
                Sleep 5
                Close #1
                Open "Regtest2.exe" For Binary As #1
                Open "Regtest3.exe" For Binary As #2
                Do Until EOF(1)
                    Get #1, , datei&
                    If Not (EOF(1)) Then Put #2, , datei&
                Loop

                Temp$ = Temp$ + "VC"
                Put #2, FileSize - 1, Temp$
                Print "Programm wurde Registriert "
                _NotifyPopup "Regtest", "Ihre Registrierung war Erfolgreich", "info" ' "info" , "warning" oder "error"
                Close #2
                _Delay .5
                'Open file$ For Binary As #1
                'FileSize = LOF(1)
                'Get #1, FileSize - 10, Regist
                'String1$ = _MK$(_Float, Regist)
                'Color 3, 6
                'String1$ = Left$(String1$, 9)
                'Print "RegTest " + String1$

                Sleep 3
                Close #1
                If _FileExists("rename.bat") Then
                    Shell _DontWait _Hide ".\rename.bat": System
                Else
                    Open "rename.bat" For Output As #3
                    Print #3, "timeout 3"
                    Print #3, "del Regtest2.exe"
                    Print #3, "ren Regtest3.exe Regtest2.exe"
                    Close #3
                End If
                Shell _DontWait _Hide ".\rename.bat": System
            End If
        Else
            Print " Ihr Code ist Falsch "
            _NotifyPopup "Regtest", "Ihre Registrierung ist Fehlgeschlagen", "warning"
        End If

    Case Else 'first run.
        Print "Illegal copy of software!  Terminating Now!"
        Print " Schreibe NR in Datei"
        Close #1
        Open "Regtest2.exe" For Binary As #1
        Open "Regtest3.exe" For Binary As #2
        Do Until EOF(1)
            Get #1, , datei&
            If Not (EOF(1)) Then Put #2, , datei&
        Loop
        Sleep 5

        'Print check$
        Put #2, FileSize + 1, t$
        'Print t$
        'Sleep
        Close #2
        If _FileExists("rename.bat") Then
            Shell _DontWait _Hide ".\rename.bat": System
        Else
            Open "rename.bat" For Output As #3
            Print #3, "timeout 3"
            Print #3, "del Regtest2.exe"
            Print #3, "ren Regtest3.exe Regtest2.exe"
            Close #3
        End If
        Shell _DontWait _Hide ".\rename.bat": System
        End
End Select
Close #1

'=======================================Code ende Registrirung ====================================================================


'==================================Funtionen fr die Registrirung =================================================
Function GetFileInfo (D)
    SERIALFOUND = "!!!-!!!":
    If DRIVEEXISTS(D) <> 1 Then GetFileInfo = 0: Exit Function
    Dname$ = Chr$(D + 64) + ":\": Sname$ = Space$(260)
    R = GetVolumeInformationA(Dname$ + Chr$(0), Vname$, 260, serial~&, empty1~&, empty2~&, Sname$, 260)
    If R = 0 Then Exit Function
    Sname$ = Left$(Hex$(serial~&), 4) + "-" + Right$(Hex$(serial~&), 4)
    SERIALFOUND = "" + Sname$ + ""
    GetFileInfo = -1
End Function
'---
Function DRIVEEXISTS (V)
    DRIVEEXISTS = 0: varX$ = Chr$(V + 64) + ":\" + Chr$(0): VarX = GetDriveType(varX$): If VarX > 1 Then DRIVEEXISTS = 1
End Function
'===========================================Ende der Registrirung==========================
Reply
#4
(05-14-2023, 05:18 PM)Steffan-68 Wrote: My only question is, can the actual program also write itself, or is that only possible with a separate program?

If a program is running, you can still open it for reading, but writing is denied.
So the system, with me Windows denied the write access when a program is running.
Here's the question, is there a way to bypass the system lock?

It might be possible to write to an EXE file on disk, by using some other program.

Otherwise what you want to discuss is a touchy subject and it's what some malware are made of. Not just self-modifying code, but any type that changes the executable file that was when it was executed. If you don't want Windows Defender or any other anti-virus thing deleting your EXE's where you don't expect, please don't insist further into this subject. What Steve suggested could work but it's going to be a hassle.

It is not permitted on MacOS nor Linux neither because there has to be a high emphasis on security and on integrity of files.

The thing is, if anything is going to be added to the end of an EXE created by a programming system, the header has to be adjusted, or some other place in the file, so it doesn't "ring a bell" with an anti-virus scanner. Because some Internet security software are known to look for "magic numbers" and have "heuristics" in case something is not done right. More or less it's known how "g++" creates executable files. Tacking on something at the end of an executable file then could be detected by the experts on the industry.

Sadly plagiarists abound and many people aren't interested in being original in their content. One has to deal with it, when supplying MP4, OGG, PNG and other such files. Attaching one of those files to an EXE file is going to make it even less attractive, since enough people are suspicious of downloading installers that come in EXE files. Even self-extracting 7-Zip or RAR. I would never download an EXE file anyhow. Long ago I used to offer EXE files for download because I was reluctant to show source code, because it was rather simple text-parsing stuff. This was before I discovered that things could get even worse with executable files being infected, and half the users trusting too much about it and the other half don't care.
Reply
#5
(05-14-2023, 10:31 PM)mnrvovrfc Wrote:
(05-14-2023, 05:18 PM)Steffan-68 Wrote: My only question is, can the actual program also write itself, or is that only possible with a separate program?

If a program is running, you can still open it for reading, but writing is denied.
So the system, with me Windows denied the write access when a program is running.
Here's the question, is there a way to bypass the system lock?

It might be possible to write to an EXE file on disk, by using some other program.

Otherwise what you want to discuss is a touchy subject and it's what some malware are made of. Not just self-modifying code, but any type that changes the executable file that was when it was executed. If you don't want Windows Defender or any other anti-virus thing deleting your EXE's where you don't expect, please don't insist further into this subject. What Steve suggested could work but it's going to be a hassle.

It is not permitted on MacOS nor Linux neither because there has to be a high emphasis on security and on integrity of files.

The thing is, if anything is going to be added to the end of an EXE created by a programming system, the header has to be adjusted, or some other place in the file, so it doesn't "ring a bell" with an anti-virus scanner. Because some Internet security software are known to look for "magic numbers" and have "heuristics" in case something is not done right. More or less it's known how "g++" creates executable files. Tacking on something at the end of an executable file then could be detected by the experts on the industry.

Sadly plagiarists abound and many people aren't interested in being original in their content. One has to deal with it, when supplying MP4, OGG, PNG and other such files. Attaching one of those files to an EXE file is going to make it even less attractive, since enough people are suspicious of downloading installers that come in EXE files. Even self-extracting 7-Zip or RAR. I would never download an EXE file anyhow. Long ago I used to offer EXE files for download because I was reluctant to show source code, because it was rather simple text-parsing stuff. This was before I discovered that things could get even worse with executable files being infected, and half the users trusting too much about it and the other half don't care.


I understand your concerns, but nobody here wants to program malware!
Besides, I'm not nearly good enough for it.
As you can see it works as SMcNeill described.
And it doesn't bother Windows Defender. I don't have any other anti virus programs.
In addition, this has already been done, I mean at a Christmas challenge. Just stop with two programs.
Of course, the reading and processing of the attached information has to be programmed beforehand in the program, but that's not that difficult.
Reply
#6
You can for instance use some space directly after the normal end of the exe, so to put same informations.
The exe himself can read theese informations, or modifiy them, if the exe program knows its own path.
Curious question... it seems to be a viral approach of programming... Big Grin
Why not yes ?
Reply
#7
(05-15-2023, 03:00 PM)euklides Wrote: You can for instance use some space directly after the normal end of the exe, so to put same informations.
The exe himself can read theese informations, or modifiy them, if the exe program knows its own path.
Curious question... it seems to be a viral approach of programming... Big Grin

Yes, that's exactly what my program example does.  Tongue
Just stop by detours.
And why not like this, for information that the program needs once, write it directly into the EXE instead of in a separate file.
In the example above, whether it is registered or not, and bound to an HDD.
There are no limits to the imagination.
Just an alternative to a separate file.
Reply
#8
To change an EXE file one have to decompile it or use a disassembler. There are free (for-free) programs for this like: Cutter(OS) or IDA 82. These also allows programs to be debugged.

The following program below in IDA:

Code: (Select All)
Option _Explicit

Declare Function ggt(zahl1, zahl2 as Long) as Long
Declare Function kgV(zahl1, zahl2, ggtErgebnis as Long) as Long

Dim zahl1, zahl2 As Long
Dim d1, d2 As Long

Print
Print "Berechnet den GGT und das kgV nach Euklid"
Print
Input "Geben Sie die erste Zahl ein : ", zahl1
Input "Geben Sie die zweite Zahl ein: ", zahl2

'd1/2 = dummy - Zuweisung als Wert (Value)
'Sonst wird per Referenz auf zahl1/2 zugegriffen,
'und natuerlich ihr veraenderter Wert uebergeben
d1 = (zahl1)
d2 = (zahl2)

Print: Print
Print Using "Der gemeinsame Teiler von ##### und ##### ist: ####"; zahl1, zahl2, ggt(zahl1, zahl2)

Print: Print
'Nur mit den dummies funktioniert es
Print Using "Das kleinste gemeinsame Vielfache von ##### und ##### ist: ###,#####"; d1, d2, kgV(d1, d2, ggt(zahl1, zahl2))

End 'Hauptprogramm

Function ggt (zahl1, zahl2 As Long)

  Dim temp As Long

  While (zahl1 > 0)
    If (zahl1 < zahl2) Then
      temp = zahl1: zahl1 = zahl2: zahl2 = temp
    End If
    zahl1 = zahl1 - zahl2
  Wend
  ggt = zahl2

End Function

Function kgV (zahl1, zahl2, ggtErgebnis As Long)

  Dim ergebnis As Long

  ergebnis = ((zahl1 * zahl2) / ggtErgebnis)
  kgV = ergebnis

End Function

First a warning:
[Image: Warnung2023-05-15-182348.jpg]

Debugging in IDA:
[Image: Debugging-2023-05-15.jpg]
Reply
#9
(05-15-2023, 05:21 PM)Kernelpanic Wrote: To change an EXE file one have to decompile it or use a disassembler. There are free (for-free) programs for this like: Cutter(OS) or IDA 82. These also allows programs to be debugged.

This is not about decompiling or disassembling an EXE file or changing the program code.
It's about hanging program parameters that change later on the EXE and the program then evaluates them without saving them in a separate file.
If you looked at the second example that does what I want you would understand.
It just takes longer because it has to copy the EXE as a temp file and then make the changes, delete the original file and rename the temp.
It would only be easier and faster if you could write it directly into the EXE.
Reply




Users browsing this thread: 10 Guest(s)