将数据附加到 exe

发布于 11-03 11:24 字数 1200 浏览 10 评论 0原文

这个问题是我之前问题的答案之一的扩展: 如何在exe中保存用户注册...(C#)

这个想法本身对我来说仍然很新,但似乎很有道理。我第一次尝试简单地将字符串附加到不同应用程序内部的 exe 中,但没有成功。然后变得聪明一点并尝试附加字节。还是没有运气。

我找到了有关 Windows 可移植可执行文件的各种文档:

http://en.wikipedia.org/wiki/Portable_Executable

http://msdn.microsoft.com/en-us/magazine/bb985997.aspx

http://msdn.microsoft.com/en-us/windows/hardware/gg463125

坦白说,我了解得很少,它们对我来说没有多大用处。更有用的是,我找到了一个delphi教程,它描述了向可执行文件添加“有效负载”的想法。它接着说,要做到这一点,你需要让 exe 知道,并且能够跟踪你把它放在哪里......或者类似的东西。除了我可以从代码本身猜测之外,我对delphi一无所知。 http://www.delphidabbler.com/articles?article=7&part=2

最有用的只是如何在可执行文件中添加和检索一小段信息的示例或链接。我想要在 Linux 服务器上作为 php 脚本运行的 C# 表单应用程序上执行此操作。我认为接受信息作为参数的独立 C++ 应用程序应该能够做到这一点。

我也对其他想法持开放态度。

谢谢。

This question extensions from one of the answers to my earlier question: how to save user registration in the exe... (C#).

The idea itself is still very new to me, but it seems plausible. My first attempt of simply appending a string to the exe from inside a different application didn't work. Then got a little smarter and tried appending bytes. Still no luck.

I've found various documentations on Windows Portable Executable files:

http://en.wikipedia.org/wiki/Portable_Executable

http://msdn.microsoft.com/en-us/magazine/bb985997.aspx

http://msdn.microsoft.com/en-us/windows/hardware/gg463125

Frankly, I understand so little that they're not of much use to me. Of more use I was able to find a delphi tutorial that describes the idea of adding a "payload" to the executable. It goes on to say that to do this, you need to let the exe know and also be able to track where you put it... or something to that effect. I have no knowledge of delphi other than what I can guess from the code itself. http://www.delphidabbler.com/articles?article=7&part=2

What would be most useful is just an example or a link of how to add and retrieve a short piece of information onto the executable. I am going to want to have this operation performed on a C# Forms Application from a linux server ran as a php script.. I figure a standalone C++ application which accepts information as arguments should be able to do the trick.

I am open to other ideas, too.

Thank you.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

木落2024-11-10 11:24:48

是的,您将数据附加到定义的 PE 映像的末尾/末尾。如果您不想处理 PE 标头,您可以进行简单的串联。

例如,“echo abcd >> myprogram.exe”将起作用,导致“abcd”附加到“myprogram.exe”的末尾。 Myprogram.exe 可以正常运行。然后,您只需要编写一种方法来查找附加数据(例如,通过查找最后一部分的末尾来遍历标头以查找定义图像的末尾,或者在 EXE 中的某个位置存储静态偏移量,您稍后可以读取)。例如,您可以将保存数据的偏移量存储在文件的最后 4 个字节中。那么你总是知道静态偏移位于 EOF-4。

或者,如果您希望在进程加载时将附加数据加载到虚拟内存中,您实际上可以扩展 PE 映像的最后一部分并将数据放在那里。

注意最后一部分的文件对齐,您需要扩展到下一个文件对齐(通常为 0x200 或 0x1000),然后添加您的内容。

作为见过一些奇怪的 PE 的可执行压缩器的作者,我要说的是,没有固定的规则表明节表中定义的最后一个节是映像中的最后一个节(它们可能是无序的)。也就是说,它们可能会出现故障。然而,它们在 99% 的情况下都是有序的,除非由某些奇怪的链接器创建或使用某些外部实用程序进行修改。

我的打包程序(PECompact)对“覆盖/额外数据模拟”BTW 提供测试版支持 - 这意味着它实际上可以压缩该数据与 EXE 一起放在末尾,然后在对 EXE 文件执行 I/O 时在内存中模拟其未压缩的形式。或者,它可以将额外数据/覆盖保留在文件外部并压缩其余部分,但调整读取和写入,以便物理偏移量不会改变。这是必要的,因为如此多的安装程序和 SFX 存档实际上通过静态偏移引用附加数据,而不是通过遍历 PE 标头在运行时正确计算其位置。

David Hall 的链接的作用比您需要做的多一点,除非您想保留签名。该方法确实允许保存/使用数字签名,将数据插入文件末尾的扩展证书区域。

如果您不想,则根本不需要处理标头,并且不关心保留代码签名!

Yes, you append the data outside/after the end of the defined PE image. You can do a simple concatenation if you don't want to deal with the PE header.

For instance "echo abcd >> myprogram.exe" would work, resulting in 'abcd' appended to the end of 'myprogram.exe'. Myprogram.exe would run fine. Then you'd just need to code a way to find your appended data (e.g. traverse header to find end of defined image by finding end of last section, or store a static offset somewhere in the EXE you can later read). For instance, you could store the offset you saved the data at in the last 4 bytes of the file. Then you always know the static offset is at EOF-4.

Alternatively, if you wanted your appended data to get loaded into virtual memory when the process loads, you could actually extend the last section of the PE image and put your data there.

Watch for file alignment on last section, you'll want to expand to next file alignment (0x200 or 0x1000 usually), then add your stuff.

As the author of an executable compressor who has seen some weird PEs, let me say there is no steadfast rule that the last section defined in the section table is the last in the image (they could be out of order). That is to say, they can be out of order. However, they are in order 99% of the time unless made by some weird linker or modified with some external utility.

My packer (PECompact) has beta support for 'overlay/extra-data emulation' BTW - meaning it can actually compress this data slapped on the end along WITH the EXE, then emulate its uncompressed form in memory when you do I/O on the EXE file. Alternatively, it can leave the extra-data/overlay on the outside of the file and compress the rest, but adjust reads and writes so the physical offset won't have changed. This is necessary because SO MANY installers and SFX archives actually reference the appended data by a static offset, instead of properly computing its location at runtime by traversing the PE header.

David Hall's link does a little more than you need to do, unless you want to keep the signature. That method does allow preservation/use of digital signing, inserting your data into an expanded certificate area at the end of the file.

You have no need for dealing with the header at all if you don't want to, and don't care about preserving the code signing!

诗化ㄋ丶相逢2024-11-10 11:24:48

这是我用来将数据附加到 exe 的一段代码的链接。这专门用于在不破坏 exe 签名的情况下附加数据,但原则应该适用于仅附加到未签名的可执行文件。

http://blog.barthe.ph/2009/02/22/change-signed-executable /

Here is a link to a piece of code I've used to append data to an exe. This is specifically for appending data without breaking the signing of the exe, but the principle should hold for just appending to unsigned executables.

http://blog.barthe.ph/2009/02/22/change-signed-executable/

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文