6

Is it possible to download code and execute / inject it when application is executed?

I want to keep my .exe small and up2date without using an updater.

Been searching google for a while, but couldn't find anything execpt for just downloading other .exe's which always triggers Antivir's.

Marius Prollak
  • 368
  • 1
  • 7
  • 22
  • 2
    No. You can send new packages or DLLs and load them dynamically, but you can't just arbitrarily download and run the majority of your code on the fly. This [similar question about plugins](http://stackoverflow.com/q/1560878/62576) might help. – Ken White Jan 21 '13 at 22:50
  • What kind of code is it that you're updating? If it's business logic (as opposed to, say, UI code), perhaps you should consider a design that uses some form of web services. – 500 - Internal Server Error Jan 21 '13 at 23:04
  • An updater downloads code and saves it for reuse. If you don't want to use an updater, but still want to download code, then you're going to have to download code anew each time the program runs. Users won't like that in a desktop program. If you're going to download code each time, you may as well just write a Web app so uses' expectations will be set better. – Rob Kennedy Jan 22 '13 at 04:38
  • Learn how to write viri and exploits - they use in-memory payload. Since u gonna bypass OS-provided file loader, you would have to make all those function by hands: relocations, fixups... – Arioch 'The Jan 22 '13 at 07:09

2 Answers2

7

You should put your business logic in dll(s) and only the update logic in the exe. Each time you start the application it should check for updates. If it needs to, it will download new dll(s) and update its functionality.

By making the dll(s) to be dynamically loaded, you need not even restart the application when an update is performed IF you check for updates the first thing after your exe starts.

The process inside the exe would be the following: 1. Start small exe 2. Check for updates. If needed, download dll(s) in the specific location for dll(s). 3. Load dll(s) from that specific location

Of course, for ease in working with it, you should not allow multiple instances because if you already have it started and you start another instance, you will have another case to handle: you try to make an update but the files you need to overwrite are in use...

GeorgeVremescu
  • 1,253
  • 7
  • 12
4

There is a way in which you can run an exe, injecting it in other process's address space. But for sure your software will be marked as malware by heuristic av's.

Here is the unit that does the trick if you are interested about the concept.

Rob Kennedy
  • 161,384
  • 21
  • 275
  • 467
opc0de
  • 11,557
  • 14
  • 94
  • 187