1. E-Glue Application Merging executables in WIN32 environment By : Gil Arbeli, Ran Didi Instructor : Gal Badishi Softlab – June 2006

2. Problem  Adding functionality to a proprietary software.  Adding functionality to applications without the need to rewrite them.  Adding an ability to run sequentially two (or more) applications.

3. Problem example ( … )  An office management application + a backup component.  A cleanup component + application with private data.

4. Goals  Providing an elegant generic solution for “ Gluing ” two unrelated application together.  Producing a single executable while maintain both original applications ’ functionality.  Learn the “ behind the scenes ” of running application in windows environment

5. header imports sections resource PE data needed in order to execute the application Imported functions needed for the application Code and data of the application Additional data used by the application File Structure

6. Implementation Issues  Setting the environment for each application.  Merge the application in a smart way so the wont interrupt each other.

7. Solution approach  Both of the applications are in the same memory space.  Choosing in Runtime which of the applications will be executed.

8. First approach  Find and capture the exit points of the first application.  Not feasible to capture all the exit points of an application.

9. Accepted approach  Each application will run as a separate process.  Second application will wait until first one will terminate.  This approach omits the problem encountered in the previous one.

10. Problems encountered  Windows loader can be run only once.  Applications compiled to run alone.

11. What have we done We separated the solution into two main components:  Loader – setting the environment  Creator - Gluing them …

12. Gluing applications : Loader Sections Imports App.2 Imports Resources App.1 Code & Data Sections Imports Resources Code & Data Sections Imports Combined Imports Code & Data Sections Code & Data Sections App.1 Sections App.2 Sections Resources Imports

13. - Loader Flow diagram Start Set environment for first application Run first application Wait for first application to terminate Run second application Wait for second application to terminate End Set environment for second application End In a new process End

14. Drawbacks of solution  Not keeping the purpose of all sections (i.e. Export, reloc, Debug sections).  If the second applications uses command line arguments, the command line will not be forward (only to the first application).

15. Theoretical background  Understanding the structure of the Portable Executable (PE) format.  Loading process of a PE file.  DLL ’ s loading process in windows32 environment.  Inter-process synchronization.  Windows32 API ’ s.

16. Implementation and Tools  The creator module was written in C  The loader module was written in Assembly  Microsoft visual studio 2005  Masm32  Windbg (windows debugging tool)  Softlab people and facilities

17. Future development  Extend the E-glue idea to more operating system platforms.  Enhance the functionality of a glued application (e.g. arguments)

18. Educational revenue  Deep understanding of the Portable Executable file format, and Windows executables loading process.  Experience in using Reverse Engineering Techniques.  Writing small low-lever assembly code.  Using Windows APIs.

19. conclusion  Provide a proof of concept solution for an idea for the windows32 platform system.  Learn various fields within the scope of our project.

20. Thanks to …  Gal Badishi - our instructor, and the one that came up with the E-Glue idea.  The Soft-Lab staff, that was kindly enough to try and help us with a bunch of weird problems we encountered.