I am trying to Attach a little PE (executable) on another, and code inside this program using the ollydbg.
My aim is to code inside the original PE, to detach the little PE (ON THE FLY) and copy it to a directory.
I know how to code but dont know how to attach / detach a program from another, is it possible? Is there ANY Windows API that could attach / detach the executable for me or i have to do it by hand?

Nitro

look for DebugActiveProcess() and DebugActiveProcessStop()

the detach function (DebugActiveProcessStop) is available only on newer os xp and >

in w2k the debuggee dies with debugger

You can learn quite a bit about what you asked If you search for "Cracking with Loaders" and "code injection" tuts and utilities.

Sorry to read the poor boy's mind, but my understanding of the question is that nitroglico rather wants to store one executable file inside another (like, append it or store as a PE resource), then make some patches to the code of this attached executable in-memory, and then drop it to disk as a standalone executable file. Is that correct nitroglico?

Yes dELTA, Exactly!

Master dELTA applies the Vulcan mind-meld maneuver, Again!

Hehe. Ok nitroglico, there is no all-in-one APIs for this. The easiest way I could see is the following:

To attach EXE2 to EXE1, simply append EXE2 to the end of EXE1 with normal file IO APIs (CreateFile, WriteFile, etc)

To modify it, simply let EXE1 read its own executable (CreateFile, ReadFile...), locate EXE2 in the end of the file, and read it all into a buffer in memory.

Patch it however you want inside the buffer, then dump the contents of the buffer to a new file (CreateFile, WriteFile), wherever you want on the disk.

Done!

For a bigger challenge, append a real PE section to EXE1 (requires patching of PE header in EXE1), and include EXE2 inside this one. Then it will already be loaded into memory when EXE1 starts executing, and there will be no need for EXE1 to buffer it manually from its own executable file on disk before patching/dropping it.

I'm still trying to figure out "why" he wants to attach something "on the fly" ??? Those things aren't very big and you can't attach very much and still expect them to buzz aroung.

Regards,

dELTA's method will certainly work, but I like to use the resource APIs (FindResource, LoadResource, LockResource) for this stuff. It provides a "clean" interface to the embedded binary, and C++ compilers do a great job of embedding resources.
BTW, I hope you're not planning on using this for anything malicious :\

sorry nitroglico and thanks dELTA

I'm sure the DoD would have some creative answers if you ask them the same question.

blabberer: Thanks for the reply
naides: Thanks! I will search for that tuts, especially the "cracking with loaders"
dELTA: Thanks, you really helped me!
JMI: I was coding inside an exe with the Ollydbg and just wondered how could i do that. I just want to learn how to do it.
disavowed:Just for learning, nothing malicious.

Thanks!

nitroglico:

My Reply was just a small attempt at "humour."

Sorry it didn't work for you.

It was just a "play on words." As in "physically" 'on the fly'. You know, the bug?

Nothing more.

Regards,