Write a value into PE file

时光怂恿深爱的人放手 提交于 2019-12-11 04:29:18

问题


I want to try the following:

I have a C# program which takes a file as input and calculate MD5 algorithm for these five MD5. My algorithm has a unique value for each file; this value is a 128 bit value, so I want to use this technique to protect my programs by saving the output value of md5 algorithm into a my PE file (let's say the value is X). The PE will calculate the MD5 value again (for itself) (let's say the value is Y) and then compare X with Y. If it's the same value it's ok and run; else, it'll exit.

My Question is: how do I write my Value into the PE file? Important notice : my algorithm has been written with C# so I want a way to write into PE file using C# language.


回答1:


One option is to simply append your value to the end of the file. Windows is quite happy for arbitrary data to be appended to executables - it's how self-extracting zip files work, for example.

Edit in response to Hany's comment: It works for me, using cmd.exe as an example:

C:\WINDOWS\system32>copy con rjh
This is a test!
^Z
        1 file(s) copied.

C:\WINDOWS\system32>copy /b cmd.exe + rjh cmdrjh.exe
cmd.exe
rjh
        1 file(s) copied.

C:\WINDOWS\system32>od -cv cmdrjh.exe | tail -4
1367760  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
1370000   T   h   i   s       i   s       a       t   e   s   t   !  \r
1370020  \n
1370021

C:\WINDOWS\system32>cmdrjh
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

(You did do the file operations in binary mode, didn't you?)




回答2:


Create an empty string resource data that is embedded and is at the end of the code/data segment, work out the offset where to write in the value into that empty spot where the resource location is.

But then again, what's the point in protecting your programs by yourself...?

I wouldn't go down that route, instead employ a commercial protection scheme for PE files (Native C/C++ code/libraries and .NET)...for instance, .NET executables which are a PE file also, and they are easily reversed engineered (think of reflector)...Look at a lot of these so called warez where the protection schemes were cracked and serial numbers used...What do you think? If you still insist on doing it yourself, then the first paragraph above in my answer should help you.

My 2 cents thought here... Best regards and Good luck in your protection scheme, Tom.




回答3:


You can use Alternate Data Streams . . . where you can open and write to filename like filename.exe:md5sig so that md5sig is the namespace of the signature. The original file (residing in the unamed default namespace) and its data are left alone. TheEruditeTroglodyte



来源:https://stackoverflow.com/questions/1780260/write-a-value-into-pe-file

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!