maandag 2 januari 2012

Infecting an exe file

Hello viewer,

Today i will be blogging something more interesting, but not for the casual..
I decided to try to learn more about malware, since i already know loads about game "mods" and techniques (just theory) i might aswell try something myself.

I will be posting a guide/tutorial/whateveritwillbecome on writing a program that injects something, or possibly part of its own code into an executable, neato eh?


First of all lets start with the information i know, an exe file contains a header with important information, and mapable sections (people who have dabbled with reverse engineering know what i mean :-D)
my initial goal is to modify the EP (entry point) to point to my "evil" code, wich will return to the real origin after its done being evil.



after some quick googling i found a nice picture displaying the exe format in a simplistic way, the PE address is located in the Optional header (aka PE header) and is a RVA (relative virtual adress) so this needs to be converted to a usable address.

after our program has has collected the necasary data, we can begin to infect the file, i will be either searching for some unused space or somehow create my own, i am not sure of this but im sure that this will be resolved when im at the stage of writing the code :).



 This blog is just a bit of preperation on my side, i will be writing actual code soon when i feel like.

Hope i wasnt too technical.

16 opmerkingen:

  1. but what do you mean by "infect" you mean injecting a code that you choose before infecting or..?
    like, hide a .bat file inside an exe?

    BeantwoordenVerwijderen
  2. I think he's talking about writing a piece of malware that is capable of (1) data collection and (2) modifying existing EXE files (say, a program file that is otherwise "innocent").

    I'll be interested to see what you come up with!

    BeantwoordenVerwijderen
  3. I'm very interested in what you're going to do with this! When you continue this infection, I'll definitely have it on my radar!

    BeantwoordenVerwijderen
  4. Interested to see where this leads too.. Good luck mate!

    BeantwoordenVerwijderen
  5. going to keep an eye on this, see if I learn something useful

    BeantwoordenVerwijderen
  6. interesting, but definitely out of my depth

    BeantwoordenVerwijderen
  7. i dont understand this at all. maybe i could understand if i read more, now following!

    BeantwoordenVerwijderen
  8. Very interesting, I'll be sure to check back to see your progress :)

    BeantwoordenVerwijderen
  9. iunno, software isnt really my thing. I enjoy the hardware part of computers more.

    BeantwoordenVerwijderen
  10. I remember trying to be an 'uber l33t h4ck3r' back when I was younger. I felt like such a boss.

    Weird Interesting News

    BeantwoordenVerwijderen
  11. This is very interesting! I followed you! Thanks for the tips!

    BeantwoordenVerwijderen
  12. Now this is an interesting blog! Not messed around with code since i had to cobble together a calculator in vb6 a long long time ago for college! Following :)

    BeantwoordenVerwijderen
  13. Interesting topic. Awaiting the code :)

    BeantwoordenVerwijderen