Split binary file(.exe) via delimiter

[Coukapecker]

Hi,


Basically what im trying to do is to split up a special 'test.exe' that contains secret messages added on to the end of the file, and extract the secret messages from the file. The 'secret messages' are strings added on to the binary data after compilation by another program.

Ex:
Binary View of file:
Delimiter '--CB--' is used in this example

Code:

aksjpgewoagjreaperiasdgaerwgerjapojaweybeyneeyna
ayueune5nueuaaketperovuerpvieruphvriuphvuraipheriv
asgwaeggggggggggggggggggggggggggggggggggggggg
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaahaer
ahuvpehroihaeruhpevampeaherpa--CB--SECRET MSG 1--CB--
SECRETMSG 2--CB--SECRET MSG 3--CB--SECRET MSG 4

The only way I can think of achieving something like this in C is by reading each character one by one through the binary file and using IF statements to determine when it reaches a delimmiter. Unfrotunately, as you can see below this gets kind of messy and ugly and preferably not the way I want to go.

Code:

#include <stdio.h>

using namespace std;

int main(int argc, char *argv[]) {

	const char * delimit = "--CB--";
	FILE * testFile;

	testFile = fopen ("text.exe", "rb");




	if (testFile==NULL) perror ("Error opening file");
	else {
		char c;
		do {
			/*If Maddness... Would it be possible for me to use a switch for these?*/
			c = fgetc (testFile);
			if (c == '-') {
				c = fgetc (testFile);
				if (c == '-') {
					c = fgetc (testFile);
					if (c == 'C') {
						c = fgetc (testFile);
						if (c == 'B') {
							c = fgetc (testFile);
							if (c == '-') {
								c = fgetc (testFile);
								if (c == '-') {
									do
										/*How would I create a string array here?*/
									while (c != EOF && c != '-')
								}
							}
						}
					}
				}
			}
		} while (c != EOF);
		fclose (pFile);
	}
  return 0;

}

Is there any other way of acheving what im trying to do without reading the file one character at a time?

thanks, Zeph.

[CommonTater]

look up strstr() search for a string in a string. Load the file as character data and search for your delimiter.

You might want to produce a more complex delimeter, something unlikely to appear in a regular file... "!**--SecretMessage--**!" or such.

[brewbuck]

You might want to produce a more complex delimeter, something unlikely to appear in a regular file... "!**--SecretMessage--**!" or such.

Yes, make the secret message stand out as much as possible

[CommonTater]

Yes, make the secret message stand out as much as possible

No... you can use "dsfghgewest4r" for all it matters... what you want is a sequence characters that will almost certainly not occur anywhere else in the file to search for. The more unique the string the more reliable your search.

[brewbuck]

No... you can use "dsfghgewest4r" for all it matters... what you want is a sequence characters that will almost certainly not occur anywhere else in the file to search for.

Yeah, a unique sequence that occurs nowhere else in the file sure doesn't stand out.

[CommonTater]

Yeah, a unique sequence that occurs nowhere else in the file sure doesn't stand out.

Ok... then use something that will fit right in like 00 as your search key... Now, how many false finds are you getting?

Do try to think before arguing...

[msh]

Mm.

Why do you want to delimit? Just tack it on as a footer, to the end of the file, and, since it is a "secret" message, let the recipient know its length in bytes. Then they can start reading at that offset from the end. Or have the last byte in the file actually contain this offset. Not sure how "secret" it's gonna be, tho.

Never done anything like this myself, just throwing some ideas out.

[brewbuck]

Ok... then use something that will fit right in like 00 as your search key... Now, how many false finds are you getting?

Do try to think before arguing...

I have thought about it. In fact, I've thought about it so much that I have a job at a steganography company.

Hiding data is difficult. You certainly don't do it by making it stand out.

[Coukapecker]

Hmm, I suppose "secret message" was a bad word to use...

The purpose of this program is to be the 'outline' for a diffrent program (i dont know the right word for it).

What a diffrent program is going to do, is take this entire exe's compiled code(binary), and store it within a longggg string built into the program itself. This program(the builder) will then add in some strings to the string stored program (this program writen in C, the outline) separating the actual code from the passed on string by a delimiter string.

The outline file itself is run, it will use the string stored by the buillding program and append it to a diffrent text file, saying message.txt

The builder program will be writen in vb.net (to have a nice fancy GUI) and the outline file will be writen in something compact and efficient (like C). The problem is vb is my native language and C is giving me troubles ... ;\.

I used the strstr() suggestion and I think it will do the job quite nicely, thanks .

My code right now:

Code:

#include <stdio.h>
#include <string.h>

using namespace std;

int main(int argc, char *argv[]) {

	const char * delimit = "-!-a09fj209j2-!-";
	char * stringToAppend;
	int fileEnd;
	FILE * meFile;
	FILE * outFile;

	meFile = fopen (argv[0], "rb");
	outFile = fopen ("messages.txt", "a");//This already exists

	fileEnd = strstr(meFile,delimit); //Finding the position of the delimiter
	fileEnd += strlen(delimit); //Adding on the delimiter string length to set us at the beginning of the secret msg
	fsetpos(meFile,fileEnd); //Actually setting the position to this location

	do {
		c = getc (pFile);
		stringtoAppend += c; //appends all characters from the new set position to the end of the file: the entire secret msg
    } while (c != EOF);

	
	fputs(stringtoAppend,outFile); //Actually appends the secret msg to the secretmsg.txt

	fclose(meFile);
	fclose(outFile);

	return 0;
}

For some reason it's not compiling... Then I was thinking perhaps i need to manually add in memory for the variables using malloc to get it to compile, but I'm not sure how to do this.

Could anyone shed some light on this issue?

any help would be appriciated,

Coukapecker

[CommonTater]

If you're just inserting strings into files, why don't you edit the file's resources? You would then be able to display, or extract the string by it's numerical reference.

For an example of external resource editing take a look at this...

Resource Hacker

You'll be surprised what you can do....

[Adak]

strstr returns a pointer, not an integer. This leaves me scratching my head, it's not appending a char to a string.

Code:

stringtoAppend += c;

stringtoAppend is a pointer, and it's value is an address. Adding the char onto the address of a pointer isn't going to work.

You may want to subtract the address strstr returns, from an EOF address ( using fseek ), to get the size of the remaining data to be appended. Then malloc the memory you need to match it.


I'd make it a one time malloc of a large size array, if you had a lot of these to do. Repeatedly allocating memory of various sizes, over and over, seems wasteful. You would have to count the number of bytes you were putting into it, in this case.

This is how to use strstr

Code:

#include <stdio.h>
#include <string.h>

int main(void)
{
   char *str1 = "Borland International", *str2 = "nation", *ptr;

   ptr = strstr(str1, str2);
   printf("The substring is: %s\n", ptr);
   return 0;
}