winzip icon

Pe-file infector

Email
Submitted on: 1/5/2015 8:57:00 AM
By: ffbbee (from psc cd)  
Level: Beginner
User Rating: By 4 Users
Compatibility: Microsoft Visual C++
Views: 1566
 
     This is an example how easy it is to manipulate the execution flow of an Pe-file (.exe) This little tool will patch a given file, to run the command 'cmd'. This example is not really usefull but as you can imagine that it is also posible to start a backdoor very stealth with this technic. How it works: 1. it will search for the last section of the exe 2. the it will search in the last section where are 69 NULL-bytes to paste your execution code 3. then it start to search for the position in the exe where the first 5 bytes of the code are. 4. save the bytes which will be overwritten (how much it will be u can define with the offset) 5. it will overwrite the bytes with a jump (E9) to the execution-code 6. generate the execution code thst it will look like this NOP + static code + WinExec address + saved bytes + back jump address 7. paste the exeution code at the postion of 2. End For question about this code please mail me.

 
winzip iconDownload code

Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come out every day, so no prevention program can catch 100% of them. For your own safety, please:
  1. Re-scan downloaded files using your personal virus checker before using it.
  2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.

If you don't have a virus scanner, you can get one at many places on the net including:McAfee.com


Other 3 submission(s) by this author

 


Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this code (in the Beginner category)?
(The code with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)
 

Other User Comments


 There are no comments on this submission.
 

Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular code, please click here instead.)
 

To post feedback, first please login.