==[0x00]==[Abstract]=

Nowdays lots of appliations and malwares ar intergrating executable code in the
application itself.For example the various programs from sysinternals. In this
article we outline the method involved.

==[0x01]==[Contents]=

0x02 Things you need
0x03 Implementation
0x04 Conlcusion


==[0x02]==[Things you need]=

o Th Mirosoft VC++ development environment
o MSDN Library
o I assume you are well used to the above mentioned things.


==[0x03]==[Implementation]=

o First you add a binary resource by perssing Ctrl+R or using the Insert Menu.

o In the follwing discussion i assume you have named the added resource type as BINRES and
the resource itself is named as TESTDLL.Otherwise you need to modify the code to reflect
the changes.Here we go

First we get a handle to the binary resource
hBinres=FindResource(hInst,MAKEINTRESOURCE(TESTDLL),"BINRES");

Then we load the resource and get its size
hRes=LoadResource(hInst,hBinres);
dwRes=SizeofResource(hInst,hBinres);

get the pointer to first byte of the resource
g_resData=(unsigned char*)LockResource(hRes);

Now we have the pointer to the resource bytes and its size with a few calls we create the required file
//create the file
hFile=CreateFile(g_szTempFile,GENERIC_WRITE,0,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_SYSTEM,NULL);
//Write the resource to the file
WriteFile(hFile,(LPCVOID)g_resData,dwSize,&dwWritten,NULL);

Now we are ready to use the file the way we like.

o We can give the above process more sleath by creating a temporary file.
See the complete example, http://warl0ck.cjb.net/bin_res.rar

==[0x04]==[Conclusion]=

o As i have shown the method is very easy to implement, also one can hide the applications
by encrypting them or compressing them.