Introduction
In this article, I will give a brief information on how to create self-extracted executable.
Understanding executables
When the operating system is executing an executable file, it knows how to execute it due to the PE header which is a big table that holds all the information regarding the executable and what it holds (the different sections) in the beginning of the file.
Because we're not allowed to modify executable itself (we don't want to cause harm), our starting point will be the end of the file.
In order that both the attaching method and the detaching method will talk the same language we need to set a format:
| |
Constant Size |
| Executable |
|
| Filename length |
X |
| Filename |
|
| File Content |
|
| Pointer to Filename Length |
X |
| Signature |
X |
Using this format we're not constrained to a specific size of the filename or the file content.
To be clear, when we're detaching a file from the merged file ( executable + attached) the end of file is the new end of file, that's why it's very important that the end will be in constant size and will give us information about the attached file. In the above table the constant section is the "Pointer to Filename Length" & "Signature" sections.
Implementation
In order to implement such a task we need two basic methods:
attachFile - appending file to a self-extracted executable.
detachFile - taking appended file and writing it to disk.
Additional method can be implemented for convenience:
checkSignature - checking if the file has a file attached to it.
Using the above methods, it's very easy to create a self-extracted executable.
Example (Using SelfExtract class)
In order to create one executable for attaching and detaching we need the help of checkSignature method.
Using this method we can decide the mode of operation. If we've file attached we're in detaching mode and if don't have file attached we're in attaching mode.
In order to use the tool more then one time, every time we're attaching a file we'll not attach file to the calling executable, but we'll duplicate it using the CopyFile API.
The easiest way to understand is, to look at the following example (can be downloaded at the top of the page):
int _tmain(int argc, _TCHAR* argv[])
{
SelfExtract self;
if (self.checkSignature())
{
puts("Detaching internal file, please wait...");
char *outDir = 0;
if (argc > 1)
{
outDir = argv[1];
}
char detached[MAX_PATH];
self.detachFile(outDir, detached, MAX_PATH);
printf("file %s detached successfully.\n", detached);
return 0;
}
else
{
if (argc < 3)
{
puts("SelfExtract class example utility, by Nir Dremer");
printf("Usage: %s resultFile attacheFile\n", argv[0]);
puts("resultFile is executable you
want to create that will be self extracted.");
puts("attacheFile is the file
you want to attach to resultFile.");
return 0;
}
printf("Creating %s, please wait..", argv[1]);
CopyFile(argv[0], argv[1], true);
self.setFilename(argv[1]);
self.attachFile(argv[2]);
printf("Process completed, execute %s to detach.", argv[1]);
}
return 0;
}
Advanced Issues
The SelfExtract class support only attaching/detaching of one file. I believe that this is enough due to the fact that, if you want more then one file it will be good idea to compress the files first (there are many open-source compression libraries) and to attach the compressed file.
