View Full Version : exe code injection assignment

05-16-2007, 10:51 PM
we got a pretty tough assignment for this semester which we thought we could handle with ease but unfortunately its the exact oposite and now we are desperate.
we are supposed to make a virus-like thing that injects its code into .exe files in its working directory. the custom code should just display some kind of a messagebox and proceed with the stuff that the exe file does regularly. the other part of the assignment is to make a antivirus-like application that would just find and remove the code from altered exe files.
so we have to inject the code somewhere into the exe file and rewrite the addresses so that our code would be executed before the original stuff.
unfortunately, every single example of code injection we found online includes a pretty large amount of asm code (we are supposed to code it in C and/or C++) that we have no idea about.
is there any way to do this in C/C++? im not sure how hard is this to someone with a good knowledge of asm, but ive found a topic on a forum where a guy posted his asm code that was doing an advanced version of what we are trying to accomplish - the custom code didnt just display a message box, it also downloaded a gif file from internet. and the guy stated that he made it out of boredom. so i assume that this might not be a problem for someone with a proper knowledge of a problem.
im not directly asking someone to help us with it (even tho id appreciate if someone did), id just like to get some directions for clues that might help us.
the best thing probably would be if its possible to do it in C.

05-16-2007, 11:38 PM
C/C++ are turing complete, so of course it's possible. However, code injection modifies machine code. Assembly, depending a bit on which kind of assembly, is quite close to machine code, so writing a code injection mechanism in assembly is considerably easier than writing it in a higher level language where you don't really know what kind of machine code will be generated. In other words, the actual code injection mechanism is much tricker to write in C/C++.

Anyway, this is the type of thing that can really be abused, and I don't really want to see code for it in our archives. So, closing thread.