Embed Exe In Jpg



NakedDonna.jpg ( lots of space, deleted when posting this answer).exe then, in the email - you'll find the end of the filename is truncated, and all you see is 'nakedDonna.jpg'. Because MOST windows users are stupid enough to open email whilst running as Administrators, they will click to open the email.

  1. Embed Exe In Jpg

AKA: Alternate Data Streams – An introduction…

One of the members of a technical forum to which I belong had a virus detected in a dll that he could not find anywhere on his computer. In the end, it was discovered that the file was embedded as Alternate Data Stream (ADS) attached to his System32 directory. The full path to the file was something simlar to c:windowssystem32:dhht.dll.

I was not familiar with using streams in this manner; so I looked it up. In short, any file or directory on an NTFS drive can any number of files piggy-backed onto it without affecting its reported file size. These files remain intact through normal file copying and renaming actions as long as the file remains on an NTFS drive (or compatible archiver).

I’d never come across this before and thought I would share.
Summary/Demo…. (adjust paths as necessary)

Exe
  1. EDIT: So in your case, you are embedding 1.gif and 2.gif in your executable from 'C:Script', and trying to put them in 'C:Scripts' on any machine the executable is run on, but you didn't first check to see if 'C:Scripts' exists before trying to drop the files there.
  2. For JPG lossless rotation purpose (see Various menu) in case rotation is needed when embedding JPG image into raw image file. If you think you might need this GUI feature, then copy both files into Windows directory -otherwise, both files can be deleted. Note: To check if everything is ready, use menu ProgramAbout.
  1. Create a directory off the root called test
    From the command prompt in your test directory type:
    [DOS]Echo a>test.txt[/DOS]
    That will create a nice 3 byte text file.
  2. Now type:
    [DOS]type c:Windowssystem32notepad.exe>test.txt:notepad.exe[/DOS]
  3. Get another directory listing and notice that the size of test.txt remains 3 bytes though an additional ~70kb has been added to it. The time has changed but that could be set back.
  4. Now, from the command prompt in your test directory, execute the hidden stream:
    [DOS]start testtest.txt:Notepad.exe[/DOS]
    (You must use include the path to test.txt)

You are now running an exe that was hidden in 3 byte text file!
As far as Windows is concerned, that file takes up only enough space for three characters. Yet it’s got this hidden back end on it. That txt file could be taking up any amount of space. Perhaps it is storing 5 gigs of pictures in it. Who knows?
Windows supplies no tools to display this. The zip file referenced in this article, includes an exe that does.
The Task Manager shows the running proces in different ways depending upon your Windows version. In SP2, the executable is listed as test.txt:Notepad.exe. However, in earlier versions of windows, only the host file is listed. So, if you’d embeded Notepad.exe in calc.exe, calc.exe would be in the task list even though you’d be running Notepad. Nifty huh?
Of course, you’ll have to find a transport/archiver that supports these streams, if you want to distribute them. Outlook and WinZip do not seem to do so.
Apparently ADS are there for backwards compatibility with a Macintosh file system (HFS), but I’m not sure why we’d want/need that… Some Windows apps use it for other things. For example when you download an exe file through IE, MS helpfully edits the file for you and attaches an ADS that stores the Zone under which the file was downloaded. As a result you are NEVER getting the same file that was on the internet. Developers should be aware of this when they deploy software via a website.

Embed Exe In Jpg

In short, while Alternative Data Streams do add some flexibility to the operating system, the incomplete implementation of the feature makes ADS more of an avenue for abuse than a feature.