Search This Blog

Sunday, March 25, 2018

Executable Binding

Recently, I researched how files are binded. Although this technique is often used maliciously, it can also be quite useful sometimes.  It also helped me learn a lot more about some programming techniques related to C.  After a few hours, I came up with my own file binder called Mendax Binder.  You can check it out here. Although honestly, the main challenge for me was writing the GUI with Win32 API and rc files while also using only MinGW because my Visual Studio broke for me.

This program always binds itself to the two other files (while placing a symbol in it to note the binding).  This way, when the binded application runs, the program first checks if the application is correctly binded.  If it is, it runs the two applications.  Upon running, it creates two file names in System32 called exec1 and exec2 respectively.  When scanning for whether it is binded, it checks for the start of the binded files by hunting for three asterisks in a row.  Then, it takes those two executables and writes them to the target destination in System32.  Once written, it will execute both files.  If it is not binded, then it takes in two files and creates a new file with the format above.  Surprisingly, this simple idea actually bypasses many antivirus solutions... up your game antivirus companies!