0

I write a very tiny TSR program (passwordmanager.exe) and have two very small files of records.

Actually i save all files (exe, data) to one USB-Stick the user always transports, wherat the data contains sensible data.

Is there any technique to modify the internal resource of the passwordmanager.exe itself that is currently running? As far as i know the exe is copied to the RAM, so the passwordmanager.exe may have no write lock and i am able to let the passwordmanager.exe grow if the user enters new Passwords.

Why do i think this may work? Years ago i had a MSDOS program who asks for the password but unfortunatelly the user has forgotten his password. As i printed the contents of the MSDOS-Program to the console the user luckily found his password in the machine-code!

Question: How can i store the two very small files of records into the exe?

Grim
  • 1,938
  • 10
  • 56
  • 123
  • 3
    I don't find storing data to the binary itself *more secure* anyhow. The user may still notice that the file is growing and copy it as well as they could if it was in a separate file. Also you may upset some antiviral programs. – TLama Aug 21 '14 at 09:34
  • Its crypted, its ok. Yes the antiviral program will get upset, i dont care. – Grim Aug 21 '14 at 09:37
  • Its not a full duplicate, i will never find a answer in the duplicate you suggest. – Grim Aug 21 '14 at 09:40
  • 1
    @PeterRader You can't write to a running executable. That's what the other question and answers should make clear. – Jens Mühlenhoff Aug 21 '14 at 09:42
  • 1
    @Jens, that's a different question, [`this one`](http://stackoverflow.com/q/11319805/960757) is a bit closer (Remy has covered also the case of running application in his answer). Peter, also if you're going to install your app into folder like program files, you'll need to elevate your process on systems with enabled UAC, which might be annoying. – TLama Aug 21 '14 at 09:43
  • @TLama yea, this is a question more like mine. I think what Jens has been marked as a duplicate is a *you-cant-*answer in my eyes. – Grim Aug 21 '14 at 09:46
  • @TLama Oh, you are right. I missed to specify the conditions of the Security-Rules the user has. I edited the question, the situation is more like a poor-man's dongle. – Grim Aug 21 '14 at 09:55
  • @PeterRader Why don't you / your customer encrypt the USB drive? There are lots of solutions for that. – Jens Mühlenhoff Aug 21 '14 at 10:05
  • @Jens This is a good idea, so we can use .txt-files. But encrytion is not the problem. Or do you have a new idea? – Grim Aug 21 '14 at 10:12
  • @PeterRader What is the actual problem then? If you encrypt the drive or the data (you could just encrypt the .txt file using a standard encryption method) the sensible data is only visible to the user that has the decryption key. Are you trying to implement some sort of steganography? – Jens Mühlenhoff Aug 21 '14 at 11:30
  • @JensMühlenhoff The question is: *How can i store the two very small files of records into the exe?* – Grim Aug 26 '14 at 09:38
  • @PeterRader The answer to that is: "As long as the executable is still running, you can not." – Jens Mühlenhoff Aug 26 '14 at 10:36

3 Answers3

3

In your comments you wrote "Yes the antiviral program will get upset, i dont care" Well, if you don't care that your program might be blocked. and you have write permissions to that USB device, I can think of a pattern like this:

Copy your running.EXE (Application.ExeName) to a patch.EXE (via CopyFile) - or generate that patch.EXE from a Resource (Antivirus would NOT like this!).

running.EXE Execute/Create new process patch.EXE with parameters e.g.
patch.EXE /update /your_record_parameters /pid:running_process_id

patch.EXE will start and check for /update; Signal running.EXE to shutdown; Wait for it to shut down; patch running.EXE; Execute running.EXE /patch_done; Shut down itself.

Finally, running.EXE could clean up now by checking the /patch_done and Delete patch.EXE

kobik
  • 21,001
  • 4
  • 61
  • 121
1

On NTFS, you could use alternate file streams:

http://support.microsoft.com/kb/105763

(I remember round about when Win2K first came out, seeing a magazine article (UK PC Pro) which showed how to use Notepad to store a secondary stream in an .Exe and was astonished that any OS with pretensions of security would provide this facility, but there you go.)

A tool for viewing them:

http://www.nirsoft.net/utils/alternate_data_streams.html

MartynA
  • 30,454
  • 4
  • 32
  • 73
0

Is there any technique to modify the internal resource of the passwordmanager.exe itself that is currently running?

No there is not. When a process is started its executable file is locked exclusively and so cannot be modified.

David Heffernan
  • 601,492
  • 42
  • 1,072
  • 1,490
  • 1
    What is a possible dos attack? – David Heffernan Aug 21 '14 at 19:22
  • A DoS attack is a *Denial of Service* attack. – Grim Aug 26 '14 at 09:42
  • @peter I know what DoS means. I just didn't see the relevance in the original, now deleted comment. I also don't see how DOS TSR's relate to Windows. Or did you mean something else with that acronym. Your downvote appears to be poorly cast. – David Heffernan Aug 26 '14 at 09:50
  • TSR do not work on DOS only, it works on Windows,Linux,Mac too. Assume i am administrator, like to format the USB-Stick: If a user run the exe-file, the formatation will be denied - a *Denial of Formatation*-Attack, you know? – Grim Aug 26 '14 at 09:52
  • @Peter TSRs don't exist on Windows. The answer I wrote is technically accurate. I can't understand your downvote. – David Heffernan Aug 26 '14 at 10:06
  • I followed this tutorial and it works great (looks strange, i have a .exe in the services-tab in the task-manager) http://www.nova.pc.pl/modtsr.pdf – Grim Aug 26 '14 at 10:19
  • @PeterRader Technically there is no such thing as a "terminated" process that is still running, in the tutorial you linked to the author describes a normal Windows GUI application with a hidden main window. – Jens Mühlenhoff Aug 26 '14 at 10:32
  • @Peter There are no TSRs on Windows. What I state in my answer is accurate. – David Heffernan Aug 26 '14 at 10:45
  • But i can delete the exe while its running. I can even unplug the stick, but i cant save then. Do you like to have the exe? I will share it on github if you like. Anyway, the question is different: *How can i store the two very small files of records into the exe?* – Grim Aug 26 '14 at 11:43
  • I answered the quoted part of your question. That you downvoted and started talking about tsrs on windows suggests that you aren't really here for advice. Why would I continue to try to help you? – David Heffernan Aug 26 '14 at 11:46
  • You answered "DO can i store the two very small files of records into the exe?" not "HOW can i store the two very small files of records into the exe?". – Grim Aug 26 '14 at 11:50
  • Never mind. You seem to know better than me. I'm sure you can solve the problem yourself. With your windows tsr. – David Heffernan Aug 26 '14 at 12:04
  • Even windows8.1 works great. – Grim Jan 06 '15 at 10:48