Trojan project

Greetings /prog/, I'm from a neighboring board.

I'm on the last phases of a trojan project. I'm having a hard time finding the best way of hiding my malicious executable within another executable. I assume the best way of doing that would involve assembly? "Code caves" seem to be what I'm looking for, though there doesn't seem to be much tutorials for it. Any advice? Thanks in advance.

>>20
The could be anything, but you'd probably want to make sure the registers are preserved, so something along the lines of:

entrypoint:
pushad
call your_main
popad
jmp original_entrypoint

As for the actual code, I have no idea the shape of your code. If it's a DLL, I'd imagine you'd relocate it at the end of the real executable and just run it directly. If it's an executable, you'd have some stub which dumps the executable and runs it. If not, things get a bit more complicated.

I can't imagine you could do this without knowledge of assembly and the PE file format (I'm assuming you're on Win32, if not, learn ELF or w/e format you're working with). The reason I'm saying this is because while it's perfectly possible to write it all in C, your stub will look pretty bloated if you were to just relocate your executable at the end of the host and keep all the libc bloat that comes with the territory, a real "stub" written in assembly can be made in such a way as to not require any data and is just a small stream of bytes which can be copies anywhere and if coded in a certain way, it doesn't even require relocations.