[BUG] Writing into running executable file

Started by fixer, April 02, 2018, 01:27:51 PM

Previous topic - Next topic

fixer

This question is asked a lot on the Internet. Can I write into running executable file? How can I do it? Let's talk about it.

Basically you can't write into running executable file. Because when file is running, it's opened in the kernel so any other application can't write into it. Makes sense since you probably don't want your file to suddenly change in the middle of execution. But there is a bug (or a feature?). If you try to open file requesting FILE_WRITE_DATA directly, you'll get sharing violation error. But if you request MAXIMUM_ALLOWED, the access you'll actually get will include FILE_WRITE_DATA. So yeah, you can overwrite running executable file.

This was tested and works on Windows 7 (fully patched), so probably older versions are also affected. Windows 8 and later versions seem to be patched.