builder-stub methods?

[3c2n90yt57489t3y8794]

Hello, I'm interested in builder stub methods, I did't find more than 2-3 blogs/threads around the web, most of them are old. I'm interested in learning what are the best ways (high level theory) to write information from the builder to the stub, so: what are the methods available, what are the best and why. I want to use C for both the builder and the stub.
I found two methods: writing in the EOF and using Resource, but I know there are others.

 

[0xfff]

There are several ways to write information from a builder to a stub in C, and the best method will depend on the specific requirements of your project. Here are a few commonly used methods:

Writing at the end of the file (EOF): This method involves appending the information to the end of the file using the fseek() function to move the file pointer to the end of the file, and then writing the data using the fwrite() function. This method is simple and easy to implement, but it can be less efficient if the file is large and the information needs to be frequently updated.

Using a resource: This method involves embedding the information as a resource in the executable file. The resource can be accessed using the Windows API function FindResource() and loaded using the LoadResource() function. This method is more efficient than writing to the EOF, but it can make the executable file larger and more complex.

Using a custom data structure: This method involves creating a custom data structure to store the information, and then including the data structure in both the builder and the stub. The builder would write the information to the data structure, and the stub would read the information from the data structure. This method is more efficient than writing to the EOF or using a resource, but it requires more work to implement.

Using a shared library: This method involves creating a shared library that contains the information and linking both the builder and the stub against this library. The builder would write the information to the shared library, and the stub would read the information from the shared library. This method is also efficient and allows for easy updates and maintenance of the information.

Overall, the best method to choose would depend on the specific requirements of your project. For example, if the information needs to be frequently updated, a custom data structure or shared library might be the best choice. If the information needs to be embedded in the executable file and not changed frequently, using a resource could be the best option.

 

[3c2n90yt57489t3y8794]

Thank you, it's a perfect starting point to dig more. The aim is to know if there are methods that are less detectable than others by antivirus. Maybe using winapi to read/write the resource file is not a great option

 

[Pernat1y]

Resource

You can have configuration stored in any part of your binary, not only resources section.
Just make a placeholder in stub and overwrite it with builder later on.

 

[runtim3]

You can have configuration stored in any part of your binary, not only resources section.
Just make a placeholder in stub and overwrite it with builder later on.

are there any resources that show how to do this ? any resources that explain methods to write builders will be appreciated

 

[Pernat1y]

are there any resources that show how to do this ? any resources that explain methods to write builders will be appreciated

Google for "how to patch binary file in <your language if choice>".

 

[h1z1]

There a lot of ways , 1 of the best is encrypting the stub and writing it in the image ( Section header ) .
if you are selling it you can make it web based builder and then you can encrypt also the stub and write it as raw data array inside the source the build the exe and you can finaly deliver it ,
you can add few steps are optional add the exe to zip and add password also programmatically not manual

 

[runtim3]

There a lot of ways , 1 of the best is encrypting the stub and writing it in the image ( Section header ) .
if you are selling it you can make it web based builder and then you can encrypt also the stub and write it as raw data array inside the source the build the exe and you can finaly deliver it ,
you can add few steps are optional add the exe to zip and add password also programmatically not manual

is it possible to include an article or sample code. if it is not then do not bother you have already been very helpful thank you.

 

[menekees]

You can also store the data inside image/audio/video files via some (pseudo) steganography methods, after that simply add the final file to PE resources.
Very simple basic examples here: mp3 jpg

This way security products can't detect the embedded resource, as it looks like an regular image/audio/video file.

 

[runtim3]

You can also store the data inside image/audio/video files via some (pseudo) steganography methods, after that simply add the final file to PE resources.
Very simple basic examples here: mp3 jpg

This way security products can't detect the embedded resource, as it looks like an regular image/audio/video file.

This is a simple guide that worked for me it demonstrates how to define a variable in the resource script file (.rc) of your program, compile the resource script file using a resource compiler such as rc.exe, and link the resulting binary resource file (.res) into your executable file:

1. Create a resource script file named myResource.rc with the following content:

STRINGTABLE BEGIN 1 "Hello World!" END

This resource script file defines a string table resource that contains a single string with the identifier 1 and the value "Hello World!".

2. Open a command prompt and navigate to the directory where you saved the myResource.rc file.

3. Run the rc.exe command to compile the resource script file into a binary resource file named myResource.res:

rc myResource.rc

This command will create a binary resource file named myResource.res in the same directory as the myResource.rc file.

4. In your C++ program, include the windows.h header file and use the FindResource, LoadResource, and LockResource functions to access the string table resource defined in the myResource.res file:

int main() { // Locate the string table resource HRSRC hRes = FindResource(NULL, MAKEINTRESOURCE(1), RT_STRING); if (hRes == NULL) { std::cerr << "Could not locate string table resource." << std::endl; return -1; } // Load the string table resource into global memory HGLOBAL hResLoad = LoadResource(NULL, hRes); if (hResLoad == NULL) { std::cerr << "Could not load string table resource." << std::endl; return -1; } // Lock the string table resource into global memory LPWSTR lpResLock = (LPWSTR)LockResource(hResLoad); if (lpResLock == NULL) { std::cerr << "Could not lock string table resource." << std::endl; return -1; } // Get the length of the first string in the string table int strLen = *lpResLock; // Get a pointer to the first string in the string table LPWSTR str = lpResLock + 1; // Print the first string in the string table std::wcout << std::wstring(str, strLen) << std::endl; return 0; }

This code uses the FindResource, LoadResource, and LockResource functions to locate and load the specified string table resource (resource name 1 and type `RT_STRING`), lock the string table resource into global memory, get the length of the first string in the string table, get a pointer to the first string in the string table, and print the first string in the string table.

5. When you compile your C++ program, make sure to link it with the myResource.res binary resource file. For example, if you are using Microsoft Visual C++, you can add the following line to your project's linker options:

/RES:myResource.res

This will link your executable file with the myResource.res binary resource file and include its resources in your executable file.

 

[h1z1]

is it possible to include an article or sample code. if it is not then do not bother you have already been very helpful thank you.

I Can't find one on google sorry but its no that hard

 

[runtim3]

I Can't find one on google sorry but its no that hard

no problem brother as u can see above, i have already solved the problem

 

[h1z1]

no problem brother as u can see above, i have already solved the problem

Good for you , if you need any help DM me