Reputation: 229
Writing to program memory in hex editor and reading programmatically
Well I have .exe application and some other file. What I want to do is to write this other file to the end of .exe file. .exe file should find the address of this file in its memory, read it from there and do some stuff.
I was able to get to the address of the file I wrote to the memory before but when I try reading from there I get access denied exception. How can I read from there?
Basically I just want to have one self-unpacking PE file. Yes, I know, I can just make self-extracting archive but that's not what I want because I need both .exe and .dll but self-extracting archive can be only .exe so it looks the only way is to make my application self-extracting itself. Here's the code:
int main(void)
{
HMODULE hBegin = GetModuleHandle(NULL);
PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)hBegin;
PIMAGE_NT_HEADERS ntHeaders = (PIMAGE_NT_HEADERS)((PBYTE)hBegin + dosHeader->e_lfanew);
PIMAGE_SECTION_HEADER pSectionTable = (PIMAGE_SECTION_HEADER)(ntHeaders + 1);
// get size of each section
DWORD dwSize = 0;
for(int i = 0; i < ntHeaders->FileHeader.NumberOfSections; i++)
{
dwSize += pSectionTable[i].SizeOfRawData;
}
//get size of PE headers
dwSize += ntHeaders->OptionalHeader.SizeOfHeaders;
WCHAR lpszSfxPath[MAX_PATH];
GetModuleFileNameW(NULL, lpszSfxPath, MAX_PATH);
HANDLE hFile = CreateFileW(lpszSfxPath,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
SetFilePointer(hFile, dwSize, NULL, FILE_BEGIN);
BYTE BUF[10];
if(!ReadFile(hFile,BUF,sizeof(BYTE),NULL,NULL))
printf("FAIL!\n");
printf("HELLO WORLD\n");
getchar();
return 0;
}
After calling SetFilePointer file pointer points just after the end of file where my packed file is stored, but I'm not able to read from ther
Upvotes: 2
Views: 1315
Answers (2)
Reputation: 1649
Microsoft's PE executable binary files contain a separate section for resources which can be placed within the file - as in, resources are used to ship data within the executable files. This is where you most probably want to place your data in.
Take a look: http://www.devsource.com/c/a/Architecture/Resources-From-PE-I/
Upvotes: 5
Reputation: 409356
A possible other solution would be to store a header structure last in the file, containing offset into the file where the data starts, and the length of the data. Then your program can easily seek to the end of the file (minus the size of the header), and read the position and length of the data.
What you do is take your executable file, write it to a second file, possibly write padding, write the data, write possible more padding, and finally write the length of the data and the position of the data in the file.
The file will look (on disk) something like:
+-------------+ | Executable | | Program | +-------------+ | Padding | +-------------+ | Data | +-------------+ | Padding | +-------------+ | Data length | | Data pos. | +-------------+
Now the executable can open the file as a regular file, read-only. Seek to the end minus the size of the data length and data position fields (typically sizeof(DWORD) (times two)). Read the two fields for length and position. Now you can seek to the actual position of where the data is (data pos.) and read data length bytes to read the actual data.
Upvotes: 1
Related Questions
- How to write and executable Windows .exe manually (machine code with Hex editor)?
- Writing hex to a file
- How to hex edit an exe file safely?
- How to read EXE bytes, store into a char array, and then write the bytes into a new EXE file?
- How to run an outside program, passing it memory addresses to read/write into?
- C++/CPP Reading an added hex address
- Insert a value in buffer in hex format
- removing code from an exe file with hex editor possible? (c++)
- Hex editing with C++
- Writing hex data to an executable not working? C++