Execute from mem

[jpam]

would it be cool if your AutoIt compiled exe is wrapped into a small assembler program

and executed from memory ?

with only a few kB more !

Test program; executefrommem.zip

Execute From Mem Creator

efmc.zip

It has now Icon support

This little tool Creates a asm .exe and add's your autoit .exe file into it

when you run the new .exe file it execute the autoit .exe from memory

i made it to prevent decompiling autoit .exe file's

try'ed to add some encrypion to the program, but autoit .exe files don't like any encryption

when they are executed from mem ,

normal asm .exe files are running fine when they are encrypted.

still working for a solution for autoit files

http://prospeed-jan.xprofan.com/

happy newyear !

Edited January 30, 2009 by jpam

[trancexx]

This is fuc*king brilliant!

[trancexx]

It would be nice to have it translated to AutoIt.

It goes something like this:

CreateProcess -> GetThreadContext -> GetModuleHandle -> ZwUnmapViewOfSection -> VirtualAlloc(Ex) -> WriteProcessMemory -> SetThreadContext -> ResumeThread ...

BitDefender AV calls that "ProcessHijack" but nevertheless.

@FireFox, what's with you???

[jpam]

It goes something like this:

CreateProcess -> GetThreadContext -> GetModuleHandle -> ZwUnmapViewOfSection -> VirtualAlloc(Ex) -> WriteProcessMemory -> SetThreadContext -> ResumeThread ...

that's correct,

but i don't want to do that in autoit

i made it for not allow to decompile AutoIt exe files

@firefox;

i did not make any double post

[trancexx]

that's correct,

but i don't want to do that in autoit

i made it for not allow to decompile AutoIt exe files

Well, this is not gonna stop decompilation. Even though that bullshits are often written by idiots with low level of programing knowledge, if you look at the hex dump of your app, it can be seen that for example, you used upx for original program and more important, location of a3x is easily detected.

But running exe file from memory is, well... huge!!!

Be a pal and teach us.

@jpam

Perhaps not but Its the same website...

I thought that you could make 1post and regroup all your script to it wich using your website ....

Never mind, continue....

Cheers, FireFox.

[ProgAndy]

Does this work on vista too?

On XP, this works, but i think all anti-virus software will recognize this as Process Hijacking or other virus-like behaviour ;(

[MyDream]

Does this work on vista too?

On XP, this works, but i think all anti-virus software will recognize this as Process Hijacking or other virus-like behaviour ;(

I can live with that problem.

Theres a thread about someone asking about running autoit script or dll from memory sometime ago. Forgot which thread that was.

I will be waiting for your final product, jpam.

In the meantime, Happy New Year Everyone. :D

Edited December 31, 2008 by MyDream

[Xwolf]

Happy new year,every one. lol

Cheers

[trancexx]

Does this work on vista too?

On XP, this works, but i think all anti-virus software will recognize this as Process Hijacking or other virus-like behaviour ;(

Yes, it works on Vista.

About AV, apparently they don't, except mentioned BitDefender, but maybe even that could be dealt with if jpam would like to share his knowledge.

[Influx]

even if you wont share it would be cool as a command line app.

run_from_mem.exe program_in.exe program_out.exe

then program_out.exe being the app that runs the autoit exe from memory.

[jpam]

efmc.zip uploaded

This little tool Creates a asm .exe and add's your autoit .exe file into it

when you run the new .exe file it execute the autoit .exe from memory

i made it to prevent decompiling autoit .exe file's

try'ed to add some encrypion to the program, but autoit .exe files don't like any encryption

when they are executed from mem ,

normal asm .exe files are running fine when they are encrypted.

still working for a solution for autoit files

http://prospeed-jan.xprofan.com/list-all-downloads.php

[trancexx]

efmc.zip uploaded

This little tool Creates a asm .exe and add's your autoit .exe file into it

when you run the new .exe file it execute the autoit .exe from memory

i made it to prevent decompiling autoit .exe file's

try'ed to add some encrypion to the program, but autoit .exe files don't like any encryption

when they are executed from mem ,

normal asm .exe files are running fine when they are encrypted.

still working for a solution for autoit files

http://prospeed-jan.xprofan.com/list-all-downloads.php

I think that people are afraid of you.

That new app is creating executables that cannot be executed, at least not with me

If you need more informations about my system or whatever, say it.

[WolfWorld]

Test i get an app that does not have an icon and it has a few kb more.

[Influx]

yes it doesnt have a icon, and yes its a few kb more, this works perfect for me.

is there anyway you can make it accept command line? for example:

efmc in out encrypt

where in is the in file out is the fiel to create and encryption is 1 to encrypt and 0 to not encrypt?

[jpam]

I think that people are afraid of you.

That new app is creating executables that cannot be executed, at least not with me

If you need more informations about my system or whatever, say it.

Why should people be afraid for me ?

what os are you using ?

one thing to mention is that the destination dir must be the scriptdir, the savedialog points to that dir !

[jpam]

yes it doesnt have a icon, and yes its a few kb more, this works perfect for me.

is there anyway you can make it accept command line? for example:

efmc in out encrypt

where in is the in file out is the fiel to create and encryption is 1 to encrypt and 0 to not encrypt?

To add icon support is no problem.

i could exract the icon from the autoit app

or i can make it so that if you trow an icon in the scripdir, it automatic uses that icon.

It's no problem to add a commandline option too

but why do you want a commandline option ?

[trancexx]

Why should people be afraid for me ?

what os are you using ?

one thing to mention is that the destination dir must be the scriptdir, the savedialog points to that dir !

I don't know. How else would you explain something this good not to have desired attention?

Windows XP Professional 5.1.2600 Service Pack 3 Build 2600

I've tried everything, but just can't get it to work

New app is created but when I start it it just exit regardless of initial file. I even redownloaded EFMC from your site couple of times thinking that something is wrong there.

[MyDream]

#NoTrayIcon
MsgBox(4096, "Test", "This box will time out in 10 seconds", 10)=

This simple code wont run after wrapping with EFMC. Anyone knows why?

[jpam]

#NoTrayIcon
MsgBox(4096, "Test", "This box will time out in 10 seconds", 10)=

This simple code wont run after wrapping with EFMC. Anyone knows why?

there are more people having problems, i am trying to find the bug

it's probably the generated db file

[Influx]

I would like a command line option because I have made my own compiler that has lots of custom features, and i would like to add an "execute from memory" checkbox in. =]