当前位置: 文江博客话题详情

制作一个独立的 exe 来提取文件和其他命令

发布于 2024-10-30 07:56:48 字数 632 浏览 1 评论 0原文

我正在用 C 和 winPCAP 制作一个在每次启动时启动的过滤嗅探器。为此,我想制作一个自包含的exe文件,它将exe和DLL提取(不,不是压缩!)到一个新文件夹,并以静默方式执行其他命令(例如修改启动设置),而不显示任何窗口/终端。

因此

  1. 单个文件包含一个exe 和DLL。

  2. 执行时,它将文件复制到文件夹并执行其他命令

  3. 它默默地执行此操作,无需任何窗口或终端或用户干预

我强调沉默部分,所以我不能选择一些简单的安装程序。您能推荐一些生成此可执行文件的东西吗?

出于好奇:它是我大学项目的隐形数据包记录程序。 “隐形”部分将仅在具有 IE6 的 xp2 虚拟机上进行尝试(是的,老东西)。

编辑:回答评论者:它具有恶意软件特征。所以我在 virtualbox 中运行它,绝不松散。我只能从旧的安装磁盘上破坏带有 IE6 且没有防病毒软件的未打补丁的 xp 系统。这就是 IE css use after free 漏洞的范围,据我所知从未在野外见过。所以不存在不道德行为。

原文

I am making a filtering sniffer in C and winPCAP that starts on every boot. For this I want to make a self-contained exe file that extracts (no, not compression!) the exe and DLLs to a new folder and performs other commands (like modify startup settings) silently, without showing any window/terminal.

So

  1. The single file contains an exe and DLLs.

  2. When executed, it copies the files to a folder and does other commands

  3. It does it silently, without any windows or terminals or user intervention

I stress on the silent part, so I cant choose some easy installers. Can you reccomend something that generates this executable?

For the curious: its a stealth packet logger program for my college project. The "stealth" part will be tried out only on xp2 virtual machines with IE6 (yeah, old stuff).

EDIT: answering the commenters: it is of a malware character. So I am running it in virtualbox, never on the loose. And I can compromise only an unpatched xp systems with IE6, without antivirus, that is from an OLD install disk. Thats the scope of the IE css use after free vulnerability, AFAIK never seen in the wild. So there is no unethical behavior involved.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

轻拂→两袖风尘 2024-11-06 07:56:48

您可以通过使用编译器链接资源或使用特殊程序并检测 Windows API 来轻松嵌入资源。

大致如下:

char file_to_be_altered[] = "MyInstaller.exe"

HANDLE hUpdate = BeginUpdateResource( file_to_be_altered, FALSE );
UpdateResource( hUpdate, "MyResType", "MyResName1", 0, pData, data_len );
EndUpdateResource( hUpdate, FALSE );

然后,当可执行文件运行时,您将枚举资源并选择类型为“MyResType”的资源。

struct res_entry { BYTE* pData; unsigned int len; }

BOOL CALLBACK EnumNamesCB(
    HMODULE hModule,  // module handle
    LPCTSTR lpType,   // address of resource type
    LPTSTR lpName,    // address of resource name
    LONG_PTR lParam)      // 
{
    std::vector<res_entry>& lst = *(reinterpret_cast< std::vector<res_entry>* >( lParam ));
    HRSRC hRes = FindResource( hModule, lpName, lpType );
    if( hRes == 0 )     return TRUE;
    unsigned int len = SizeofResource( hModule, hRes );

    HGLOBAL hGlob = LoadResource( hModule, hRes );
    if( hGlob == 0 )    return TRUE;

    res_entry t;
    t.pData = LockResource( hGlob );
    t.len = len;


    lst.push_back( t );     // this is safe, because the resources are never deallocated
    return TRUE;
}

....

void enum_entries()
{
    std::vector<res_entry> lst;
    ::EnumResourceNames( hFileToQuery, "MyResType", &EnumNamesCB, reinterpret_cast<LONG_PTR>(&lst) );
}

您可以对这些数据执行任何您想要的操作,例如 CreateFile ...并将数据写入光盘。

注意:这是安装程序在 Windows 上执行此操作的方式,开发它是为了将文件提取到临时目录并从那里安装。

You can easily embed resources either by linking them in, with the compiler, or by using a special program and instrumenting the windows API.

Something along the lines of :

char file_to_be_altered[] = "MyInstaller.exe"

HANDLE hUpdate = BeginUpdateResource( file_to_be_altered, FALSE );
UpdateResource( hUpdate, "MyResType", "MyResName1", 0, pData, data_len );
EndUpdateResource( hUpdate, FALSE );

Then when your executable runs, you enumerate your resources and select those that have the type "MyResType".

struct res_entry { BYTE* pData; unsigned int len; }

BOOL CALLBACK EnumNamesCB(
    HMODULE hModule,  // module handle
    LPCTSTR lpType,   // address of resource type
    LPTSTR lpName,    // address of resource name
    LONG_PTR lParam)      // 
{
    std::vector<res_entry>& lst = *(reinterpret_cast< std::vector<res_entry>* >( lParam ));
    HRSRC hRes = FindResource( hModule, lpName, lpType );
    if( hRes == 0 )     return TRUE;
    unsigned int len = SizeofResource( hModule, hRes );

    HGLOBAL hGlob = LoadResource( hModule, hRes );
    if( hGlob == 0 )    return TRUE;

    res_entry t;
    t.pData = LockResource( hGlob );
    t.len = len;


    lst.push_back( t );     // this is safe, because the resources are never deallocated
    return TRUE;
}

....

void enum_entries()
{
    std::vector<res_entry> lst;
    ::EnumResourceNames( hFileToQuery, "MyResType", &EnumNamesCB, reinterpret_cast<LONG_PTR>(&lst) );
}

You can do whatever you want with this data, e.g. CreateFile ... and the write the data out to disc.

NB: This is how installers may do it on windows, and this was developed to extract files to the temp dir and install from there.

回复 原文
莫言歌 2024-11-06 07:56:48

最简单的方法是在程序中创建一个非常大的数组,并将要提取的数据存储在该数组中。执行时,程序会根据需要获取数组并将其写入一个或多个文件,然后在提取文件后执行您想要运行的文件。例如,请参阅 C 问题:如何存储数据在可执行文件内

程序编译完成后,您可以使用二进制编辑器替换 EXE 中的数据,将文件复制到位,而无需在每次更改负载时将文件转换为 C 数组或其他数据结构。

为了减小大小,主程序通常会解压缩数组并期望压缩数组。许多安装程序只是使用 zip,因为解压缩器会处理一个数组中的多个文件,并且您不必费力添加目录数组和引用数组 - 它都是内置的,并且命令行 zip 压缩器很常见且简单使用。

主程序是否打开终端取决于您对其进行编程的方式。我希望你需要它是一个 win32 程序,这样 Windows 就不会打开 DOS 终端,而且你也不会在你的程序中打开任何窗口。不过,这是一个单独的问题,因此请考虑将其作为一个新问题提出。

正如 David 指出的,这个过程通常在链接器阶段自动化。每个链接器都略有不同,但您可以查看使用 GCC 在 .exe 中嵌入资源 使用一种更常见的编译器的示例。

我假设您知道自己在做什么,但请记住,有很多未打补丁的库存 winxp sp2 系统 - 假设您不会伤害任何人,因为您不相信此类系统在线,这是一个糟糕的选择。请确定您的程序无法离开虚拟机。有多种方法,例如连接他们的网络而不允许机器访问互联网或您的计算机网络。请记住,莫里斯蠕虫是一个宠物项目,并不打算或预计会变得疯狂。

The trivial way to do it is to create a very large array inside your program, and store the data to be extracted inside that array. When executed the program takes the array and writes it out to a file or files as needed, then executes the file you want to run once the files are extracted. See, for example, C Question: How to store data inside the executable file.

Once the program is compiled you can replace the data in the EXE using a binary editor to copy your files in place without having to convert your files to a C array or some other data structure every time you change your payload.

In order to keep the size down the primary program typically decompresses the array and expects a compressed array. A lot of installers simply use zip as the decompressor takes care of multiple files in one array, and you don't have to fiddle with adding a directory array and reference array - it's all built in, and command line zip compressors are common and easy to use.

Whether the primary program opens a terminal depends on how you program it. I expect you'll need it to be a win32 program so windows doesn't open a DOS terminal, and you simply don't open any windows inside your program. That's a separate question, though, so consider asking it as a new question.

As David points out, this process is typically automated in the linker stage. Each linker is slightly different, but you can check out Embedding resources in .exe using GCC for an example using one of the more common compilers.

I assume you know what you are doing, but keep in mind that there are a lot of unpatched stock winxp sp2 systems out there - assuming that you won't hurt anyone because you don't believe such systems are online is a poor choice. Make certain that your program doesn't have the ability to leave the virtual machines. There are ways, for instance to connect their networks without allowing the machines access to the internet, or your computer's network. Keep in mind that the Morris worm was a pet project that wasn't intended or expected to go wild either.

回复 原文
~没有更多了~

关于作者

深海里的那抹蓝

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

1CH1MKgiKxn9p

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

JackDx

文章 0 评论 0

信远

文章 0 评论 0

yaoduoduo1995

文章 0 评论 0

霞映澄塘

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文