Geek Answers Handbook

How to add (and use) binary data for a compiled executable?

There are several questions regarding some aspects of this problem, but does not seem to answer all of this. The whole problem can be summarized as follows:

  • You have an already compiled executable (obviously awaiting use of this technique).
  • You want to add binary data of arbitrary size to it (not necessarily by itself, which would be another unpleasant problem to solve).
  • You want an already compiled executable to be able to access this added binary data.

My specific use case would be an interpreter in which I would like the user to be able to create one executable file from the interpreter binary code and the code that it supplies (binary translator is an executable file that needs to be fixed with the user entered code in the form of binary data) .

A similar case is self-extracting archives, where a program (archiving utility such as zip) is able to build such an executable file that contains a pre-built decompressor (an already compiled executable file) and data provided by the user (archive contents). Obviously, the compiler or linker is not involved in this process (thanks, Mathias for the note and specifying 7-zip ).

Using existing questions, a specific solution path is shown in the following examples:

Adding data to exe - This refers to the aspect of adding arbitrary data to arbitrary exes, not covering how to actually access it (basically a simple append usually works, also true in Unix ELF format).

Search for the current path of the executable without / proc / self / exe - In combination with the foregoing, this will allow you to get the file name for opening exe to access additional data. There are many more such questions, however, they do not focus primarily on the problem of obtaining a path suitable for actually getting a binary file open as a file (for which purpose it would be (easier) to fulfill (really) don't even need a path, only binary is open for reading).

Other, possibly more elegant, ways to solve this problem may arise than filling out a binary file and opening the file to read it. For example, an executable file can be executed, so that it becomes quite simple to fix it later with an arbitrary data size, so is it β€œinside” in some correct data segment? (I could not find anything on this, for data of a fixed size this should be trivial, although if the executable has some hash)

Can this be done quite well with a minimal deviation from standard C? More or less cross-platform? (At least in terms of service). Please note that it would be preferable that the program performing the addition of binary data does not rely on the compiler tools for this (which the user may have), but solutions requiring their use may also be useful.

Pay attention to the already compiled executable criterion (the first item in the list above), which requires a completely different approach than the solutions described in issues such as C / C ++ with GCC: statically add resource files to the executable file / library or SDL embed the image inside the program executable file , in which the implementation of compilation time is requested.

Additional notes:

The problems with the obvious approach outlined above and suggested in some comments that simply add to the binary and use them are as follows:

  • Opening the binary executable file of the program does not seem trivial (opening the executable file for reading is, but not looking for a way to submit the file to an open call, at least not based on cross-platform).
  • The method of obtaining the path can provide an attack surface that probably would not exist otherwise. This means that a potential attacker can trick the program into seeing various binary data (provided to them), which, in fact, have an executable file, exposing any vulnerability that may be in the data parser.
+7
c exe elf portable-executable
source share
1 answer

It depends on how you want other systems to see your binary.

Windows Digital Signature

The exe format allows you to verify that the file has not been modified since publication. This will allow you to: -

  • Compile file
  • Add data package
  • Sign the file and publish it.

The advantage of this system is that "everyone" agrees that your file has not been modified after signing.

The easiest way to achieve this scheme is to use a resource. Windows resources can be added after linking. They are digitally authenticated, and your program can extract resource data from itself.

It used to be possible to increase the signature to include binary data. Unfortunately, this was prohibited. There were binaries that used the data in the signature section. Unfortunately, this was used maliciously. Some details here msdn blog

Signature violation

If re-signing is not an option, then the result will be considered unsafe. It is worth noting here that the attached data is unsafe and can be changed without the ability to tell people, but also the code in your binary format.

Adding data to a binary file violates the digital signature and also means that the end user cannot determine if the code has been changed.

This means that any self-defense that you add to your code to ensure data security is still safe, will not prevent your code from being modified to remove the check.

Module launch

Windows GetModuleFileName allows you to find the path found.

Linux offers /proc/self or /proc/pid .

Unix doesn't seem to have a reliable method.

Reading data

The zip format approach is to have a directory written to the end of the file. This means that the data can be found at the end of the location, and then look back to start the data. The advantage here is that blob data is denoted from the end of the data, rather than a natural start.

+1
source share

More articles:


All Articles