PHP/C++: Inject values into EXE file [closed]

Question

I would like to inject a value into an EXE file on the fly.

A company I have dealt with in the past have given me a EXE "stub" which I can use PHP to inject a value into on the fly before the user downloads it.

I can't find anything on Google as I don't know the name of this process, can anyone point me in the right direction? Ideally it would be C++/PHP but can be flexible, or even just information of the general process of how this would work would be a great start.

They even did this with an EXE they sent me, I signed with my certificate, they then "padded" the file, and I was able to inject values on the fly.

Unfortunately they won't share their secrets with me...

Answer 1

I can suggest a few different approaches:

• Include a magic string in your executable e.g. static const char magic[] = "magic marker goes here"'. You will have to reference this from somewhere else in your code so it doesn't get optimised out. You can then open the .exe from php and search for the magic string and overwrite it with whatever you like, within the size limit.
• If you want to insert multiple values a more structured approach is to use PE resources within the executable. There is a nice Python module for parsing PE resources, maybe there is a PHP equivalent.
• Changing anything in the executable will break any codesigning. One thing which is excluded from the authenticode hash is the PE checksum (explanation here). The PE checksum is at a fixed offset in the executable, so you could find that within your PHP script and patch it to be whatever. Patching this value will not break the authenticode signature.