I do not intend to deeply explain Portable Executable structure so, only P.E. The main advantage of using compiled code to inject is that we can build more complex routines - of course a good assembly programmer can do the same. We only use CFF Explorer from the Explorer Suite.Īs I said, the purpose of this article is to demonstrate that we can build a C application and with some effort, we can inject the compiled code as a new section of any executable. Previous versions of IDA Pro will work too but they can present different behavior.
I wrote this article by using IDA Pro version 5.0.0.
So, you should download at least these two tools: However, there are some steps you must understand to get there. You might try to understand what I did by just reading this article and studying the source code. What Tools You Need to Understand this Article But, if codeinject.exe loads all executables to memory before injecting code then, there should be a limit.Ģ.
The first screen shot in this article shows how to use codeinject.exe. I advice that you always test on copies, never use it on the original files. I packed a copy of notepad.exe and calc.exe for you to test with codeinject.exe. It is a console application and is very simple to use. The application that performs code injection is named as codeinject.exe.
4.2 Step 2: Enumerating all Required Strings, Functions Names and DLL Names.4.1 Step 1: Planning What You Want to Inject and Coding a Sample Program.Injection of Compiled Code - Prerequisites.3.1 Step 1: Choosing a Compiler and Making the First Test.What Tools You Need to Understand this Article.I will not be responsible for the bad usage of techniques you learn here. It also gives you better ideas about how a compiler generates assembly code. It might help you understand how virus corrupts files injecting malicious code. The purpose of this article is purely educational. There is a lot of information you can find on the Internet related to portable executable structure. It states some basic information about it. If the user does not know the password, notepad.exe is not executed. Thus, every time a user starts that executable, a password dialog will be popped up asking for the right password ( inject01 in this case). In the picture above, you can see what I'm going to demonstrate to you: codeinject.exe injects a password dialog routine into a portable executable ( notepad.exe in that case). I'm going to show how to make C++ compiler create the assembly code you want to inject. In fact, you need basic knowledge about certain concepts to understand the entire process. In this article that I want to demonstrate, you don't need to be an assembly expert to inject a complex routine in a host program. Besides, most of the times, the injected code does nothing more than show a message box. However, they seem to require you have high skills in assembly programming. There are many articles explaining how to inject assembly code into a portable executable (host application).