Thread: Altering The Program's Executable?

  1. #1
    Registered User
    Join Date
    Dec 2002
    Posts
    162

    Altering The Program's Executable?

    Hi all,

    Let us presume a program knows its own filename and path, either gotten it during run-time or has it as a constant. Now is it possible for the program to alter the data in its own executable program file, the "EXE" meaning? I presume that it won’t get write access but I can’t understand why, when the program is running from the memory it shouldn’t affect it self during run-time and therefore shouldn’t affect the OS, so whats the problem? Is there a function that could give access for altering an executed program file, that is or isn’t the calling program's own executable file? I other words, is it possible for a program to alter the data in its own executable program file or another already executed program's executable file?
    We haven't inherited Earth from our parents; instead we have borrowed her from our children - old Indian saying.

  2. #2
    Its not rocket science vasanth's Avatar
    Join Date
    Jan 2002
    Posts
    1,683
    Hmm very intresting problem.. How about you write a program that will display a source code.. You take this source code and run it.. it should display the same output agaian.. The same thing should be possible N number of times.. No using files notin.. Just a single EXE....

  3. #3
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793

    Re: Altering The Program's Executable?

    Originally posted by Aidman
    Hi all,

    Let us presume a program knows its own filename and path, either gotten it during run-time or has it as a constant. Now is it possible for the program to alter the data in its own executable program file, the "EXE" meaning? I presume that it won’t get write access but I can’t understand why, when the program is running from the memory it shouldn’t affect it self during run-time and therefore shouldn’t affect the OS, so whats the problem? Is there a function that could give access for altering an executed program file, that is or isn’t the calling program's own executable file? I other words, is it possible for a program to alter the data in its own executable program file or another already executed program's executable file?
    With Windows, when you run an exe, the system creates a memory map for the execuatble file (basically mapping the bytes in the file to a region of virutal memory)...while this map is in place, the system denies other threads and processes from opening a "write" access handle to the mapped file.......that's why you cant alter it.....as soon as the running program has completed, the exe file can be altered just as any binary file - but beware! - messing around with an exe can easilly corrupt it unless you know exactly what you are doing

  4. #4
    Registered User
    Join Date
    Dec 2002
    Posts
    162

    Question reply

    So it isn't possible to alter a already started exe file, even if it is the program's own executable file? But then how do game and program autoupgradeings work, are they seperate from the main program that needs to be upgraded? And what about partition manager programs like fdisk or paritition magic, how can they delete their own exe file when formating a harddrive?
    We haven't inherited Earth from our parents; instead we have borrowed her from our children - old Indian saying.

  5. #5
    Registered User
    Join Date
    Dec 2002
    Posts
    162

    Smile me again

    And another question... how do unistall programs delete them selfs?

    Sorry for the many qeustions, but it seems so strange that a program can even delete it self
    We haven't inherited Earth from our parents; instead we have borrowed her from our children - old Indian saying.

  6. #6
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793

    Re: reply

    Originally posted by Aidman
    So it isn't possible to alter a already started exe file, even if it is the program's own executable file? But then how do game and program autoupgradeings work, are they seperate from the main program that needs to be upgraded? And what about partition manager programs like fdisk or paritition magic, how can they delete their own exe file when formating a harddrive?
    Upgradings these days dont usually alter the exe file....more likely they would alter a settings file or replace a dll..

    as for Format and stuff like that - well they can hardly be reliant on Win32 methods of running processes to run as their job destroys the OS itself!



    Originally posted by Aidman
    And another question... how do unistall programs delete them selfs?

    Sorry for the many qeustions, but it seems so strange that a program can even delete it self
    Either with a seperate process after the main process has ended, or more commonly by adding a command to the RunOnce key of the registry...the installer then asks to reebot, and the file is deleted when the system starts up again

  7. #7
    Registered User
    Join Date
    Dec 2002
    Posts
    162

    Unhappy reply...

    Thanks for the exeplanation
    But it is really strange, I mean a program can modify it self and others during run time through memmory access, like vTables and etc. But that type of altering only affects the main program in run time, not the real executable program file. So if Windows permits a progam to alter it self in memory, wich can totaly crash the program or worse, then it must also premit deleting it self druing run time... there must be a way...
    We haven't inherited Earth from our parents; instead we have borrowed her from our children - old Indian saying.

  8. #8
    &TH of undefined behavior Fordy's Avatar
    Join Date
    Aug 2001
    Posts
    5,793

    Re: reply...

    Originally posted by Aidman
    Thanks for the exeplanation
    But it is really strange, I mean a program can modify it self and others during run time through memmory access, like vTables and etc. But that type of altering only affects the main program in run time, not the real executable program file. So if Windows permits a progam to alter it self in memory, wich can totaly crash the program or worse, then it must also premit deleting it self druing run time... there must be a way...
    There are essentially 3 ways to open a memory map in windows - write, readonly and writecopy....

    write access allows canges in the map to be saved to file...read-only is well "read-only" and write copy allows changes to the data in memory, but these are not reflected as changes in the file when the process ends.

    Windows uses a writecopy map when is loads an executable......if you are interested in this stuff, then try to read "Advanced Windows" by Jeff Richter as that is a goldmine of info

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 3
    Last Post: 04-10-2009, 12:57 AM
  2. Loading a DLL that is not in the same directory as the executable
    By starcatcher in forum Windows Programming
    Replies: 10
    Last Post: 12-13-2008, 07:05 AM
  3. Recommend upgrade path for C programs
    By emanresu in forum C Programming
    Replies: 3
    Last Post: 11-22-2007, 07:32 AM
  4. CreateProcess with Resource of executable, not the Filename
    By Ktulu in forum Windows Programming
    Replies: 4
    Last Post: 11-04-2006, 01:07 AM
  5. POSIX/DOS programs?
    By nickname_changed in forum C++ Programming
    Replies: 1
    Last Post: 02-28-2003, 05:42 AM