pOWer
So, i've been doing some socket programming lately, pretty fun stuff, and I decided to make my own FTP protocol. Success. It's pretty awesome, but while I was playing around with my code I noticed something.
With the ability to load a file's binary data into a buffer comes the ability to combine files, I noticed this and gave it a try. Well I combined two EXE's the executable in front worked (as I expected) and the second stayed dormant (as is obvious)
However I'm wondering, say I wanted to (not that I do) override the first assembly instruction of the first file to a jmp to the second program which then repairs the piggybacked executable and runs it. I would simply have to disassemble the original program, which could be done programmatically correct?
I'm pretty excited with this whole process, haha I don't know why, I'm thinking of a lot of malicious code, but friendly code isn't coming as easily!
What are some possible benign uses for this knowledge? I can think of installers and such... but this seems. Too easy. And too powerful..
With the ability to load a file's binary data into a buffer comes the ability to combine files, I noticed this and gave it a try. Well I combined two EXE's the executable in front worked (as I expected) and the second stayed dormant (as is obvious)
However I'm wondering, say I wanted to (not that I do) override the first assembly instruction of the first file to a jmp to the second program which then repairs the piggybacked executable and runs it. I would simply have to disassemble the original program, which could be done programmatically correct?
I'm pretty excited with this whole process, haha I don't know why, I'm thinking of a lot of malicious code, but friendly code isn't coming as easily!
What are some possible benign uses for this knowledge? I can think of installers and such... but this seems. Too easy. And too powerful..
closed account (3hM2Nwbp)
Well...that's sort of how software protection is bypassed. Pretty much, the cracker loads an executable into their debugger (see Ollydbg) and feeds the protection what it wants to see until the first instruction of the program (OEP) is hit. The binary is then dumped and the imports are fixed to bypass the protector. With an unprotected executable, finding the key generating algorithm is then just a matter of tracing through the assembly instructions.
*Not that I've done this
*Not that I've done this
Last edited on
That's not benign =)
Haha I've done a little research on the subject, it looks fairly straightforward, I'm just wondering if I should just let my code die, I'm sure anyone with sufficient knowledge programming in any language could do what I'm doing, but I'm not sure any Skiddies would have that kind of knowledge. Basically I'm still wondering if there are any benevolent uses for combining files like this.. there have to be a few!
Haha I've done a little research on the subject, it looks fairly straightforward, I'm just wondering if I should just let my code die, I'm sure anyone with sufficient knowledge programming in any language could do what I'm doing, but I'm not sure any Skiddies would have that kind of knowledge. Basically I'm still wondering if there are any benevolent uses for combining files like this.. there have to be a few!
Something I'm interested in trying which is semi-related to combining two executable files is a program which copies another file into its executable image when run in "insert" mode, and extracts the file when run in "extract" mode. It'd be a kind of self-extracting archive.
Topic archived. No new replies allowed.