How do I wrap a binary so it executes my code first then launches the original code in a separate process? purely the launching a buffered piece of data as a new process, I'm familiar with IO of course
Since you want separate processes, why not just run your code then dump the original executable and run it?
It's also possible to avoid writing the binary to disk and just running yourself, then deallocing all the memory in the process, then mapping your application by yourself, and doing the whole PE loading process yourself (IAT resolving, relocations, etc), and then just set the context appropriately and let the new application run.
However, if you're doing this for any kind of "protection" or "obscurity" reason, you should know this will fail. It's incredibly simple for such things to be defeated with minimum effort, much less effort than you'll spend making your manual PE loader.
However, if you just want to make an executable wrapper, look at simpler packers like UPX, MEW, FSG, yoda's Cryptor and many others.
I also forgot to mention that such wrappers already exist (even your new process + PE loader), and there are a few public packers which work using that principle (run self, deallocate all memory in process making an empty process, allocate memory according to sections and write the entire application, set the context and resume/run), howeever as I said, if you think this is of much use, you're mistaking.
I plan on writing a wrapper that performs encryption and maybe compression on the original binary, therefore I don't want to write to the disk. I'll look into the PE loaders mentioned, thanks :)
Name:
Anonymous2010-12-13 18:38
What about using this method for hiding/obfuscation? If you'd wrap all executables on a system with yours it would be very hard to remove I think
>>7
You'd have to wrap comodo.exe before it gets installed. It's not going to happen while it's running. Also obfuscation is a fool game, just like effective DRM.