Is there any way to let a process write some bytes to itself's PE file?
-
I have a PE file a.exe, I hope that during a.exe is running, it can write some bytes to a.exe's .rdata block. If you have any idea helpful to me, please tell me, thanks a lot.:-O
Why would you want to do that? The PE header is only used for the initialization of the process, once the main thread has started execution it is not used anymore. What are you trying to do exactly, perhaps there is another method?
Waldermort
-
I have a PE file a.exe, I hope that during a.exe is running, it can write some bytes to a.exe's .rdata block. If you have any idea helpful to me, please tell me, thanks a lot.:-O
So you want to modify the file while it's being used? I don't believe this is possible.
Steve
-
Why would you want to do that? The PE header is only used for the initialization of the process, once the main thread has started execution it is not used anymore. What are you trying to do exactly, perhaps there is another method?
Waldermort
-
I am writting register part of my software. When user enter the right register code, I want to modify some Bytes in the a.exe file's to remember this. And it means I need write some bytes to the a.exe file when it is running.
I don't believe it is possible to modify an exe while it's running, but what you can do is use a second exe to launch the first in a suspended state, modify what you need, then set it running.
Waldermort
-
I am writting register part of my software. When user enter the right register code, I want to modify some Bytes in the a.exe file's to remember this. And it means I need write some bytes to the a.exe file when it is running.
You first need to reserve space in the EXE for this, and be able to locate it code-wise, either by offset or by special signature bytes (I presume you have already done this). I do not believe that you can modify the EXE file while it is mapped into memory (i.e. running). You should have read-only access to the EXE file, so your executable can make a copy of itself and launch that copy passing it a special command line parameter (which means
run, do not copy yourself) so that it does the real launching. I think you can then mark that copy-of-yourself with the Delete On Close flag, so that it cleans itself up when it exits. The process would work like this: 1: When launched, check for therun, do not copy yourselfparameter 2a: If found, the application runs normally 2b: If not found, copy yourself (the EXE file) to a temporary location 3: Launch the temporary copy passing therun, do not copy yourselfparameter 4: Flag the temporary copy for delete-on-close (lookup theFILE_FLAG_DELETE_ON_CLOSEflag) 5: Exit Once you do this, your application's copy can modify the original EXE on disk, and whatever you change will have an effect the next time it is started. This is also a way to handle automatic updates without a satellite or worker/helper application handling the replacing of files that are in use. Be sure to give the temporary copy a meaningful filename, and document it, so that users do not worry when they see an unknown executable filename in Task Manager. Peace!-=- James
Please rate this message - let me know if I helped or not! * * *If you think it costs a lot to do it right, just wait until you find out how much it costs to do it wrong!
Avoid driving a vehicle taller than you and remember that Professional Driver on Closed Course does not mean your Dumb Ass on a Public Road!
See DeleteFXPFiles