Leaderboard

It's about running exe from memory as it's often called. So you have some binary data that you want to embed in your script and run afterward like some additional program. In this post I will try to explain how to do it. First to deal with mentioned binary as that's, in spite of the plainness of retrieving it, often insuperable. To avoid questions about that this is one way of getting it: Global $sModule = "E:Program filesGUIDGenGUIDGEN.EXE" ; change to yours wanted Global $hModule = FileOpen($sModule, 16) If @error Then Exit Global $bBinary = FileRead($hModule) FileClose($hModule) Global Const $MAX_LINESIZE = 4095 Global $iNewLine, $j Global $iChinkSize = 32 Global $sBinary For $i = 1 To BinaryLen($bBinary) Step $iChinkSize $j += 1 If 4*($j * $iChinkSize) > $MAX_LINESIZE - 129 Then $iNewLine = 1 EndIf If $iNewLine Then $iNewLine = 0 $j = 0 $sBinary = StringTrimRight($sBinary, 5) $sBinary &= @CRLF & '$bBinary &= "' & StringTrimLeft(BinaryMid($bBinary, $i, $iChinkSize), 2) & '" & _' & @CRLF ContinueLoop EndIf If $i = 1 Then $sBinary &= '$bBinary = "' & BinaryMid($bBinary, $i, $iChinkSize) & '" & _' & @CRLF Else $sBinary &= ' "' & StringTrimLeft(BinaryMid($bBinary, $i, $iChinkSize), 2) & '" & _' & @CRLF EndIf Next $sBinary = StringTrimRight($sBinary, 5) ClipPut($sBinary) ConsoleWrite($sBinary)Now for what's really important... Executable file causes a computer to perform indicated tasks according to encoded instructions. Files that we talk about are in PE format. When exe file is run special loader reads it and performs act of loading. That's how that particular exe gets in touch with a processor. Processor then executes different actions described by the opcodes. Main requirement for any PE file required by the loader is for it to actually exist. To be written on the drive. It can't be in the air. That's not allowed and when you think of it it's only logical. So how to run from memory? I'm gonna fool the system. It will think that all works as it should and will have no idea that it plays my game. There is more than way of doing that. Method described here has been used by different peoples before. When doing research for this post I have encountered many implementations. And I must say that I was very disappointed seeing that even the writers of the code often lack understanding of it. It's kind of pathetic when you see some code used and when asking author what's this or that you get answer "I don't know". And if you ask for the code to be explained by words (any fucking human language) coders fail terribly. How can you write code if you can't explain it?!? Anyway, this is the procedure: Start your script Create new process using CreateProcess function with CREATE_SUSPENDED flag Use GetThreadContext function to fill CONTEXT structure Read and interpret passed binary Allocate enough memory for the new module inside the victim process Simulate loader. Construct the new module (load) in place of allocated space. Make use of mentioned CONTEXT structure. Change entry point data and ImageBaseAddress data. Resume execution If all that went well windows should now be running not the original module but the new, saved in script as a variable. The script: RunBinary.au3 Script is well commented so it shouldn't be too hard to get a grip. New script is taking all possible advantages of PE format. That means if your module (embedded) has relocation directory it will run for sure.If not it could fail. When it will fail? Modules with no reloc directory (IMAGE_DIRECTORY_ENTRY_BASERELOC) ought to be loaded at precise address (stored within module; IMAGE_OPTIONAL_HEADER ImageBase). If for some reason not enough space can be allocated at that address within victim's memory space, function will fail. Thing is system makes rules, if we are not allowed to some memory space of a process there is nothing to do then to try again. So, try again if it fails. Maybe change the 'victim'. edit: 64bit support added. That means you can embed either x64 or x86 modules. If your AutoIt is x64 you embed x64 modules. If AutoIt is x86 embed x86. x64 AutoIt could also use embedded x86 modules but I don't like that because needed structures would have to be changed to something that's not meeting aesthetics standards .

I modified this from the _ExcelWriteFormula function to read the formula used in the B1 cell and return it. There's a ConsoleWrite of the returned value(s). ; *************************************************************** ; Example 1 - Write to a Cell using a Loop, after opening a workbook and returning its object identifier. Then enters a Forumula. ; ***************************************************************** #include <Excel.au3> Local $oExcel = _ExcelBookNew() ;Create new book, make it visible For $i = 0 To 20 ;Loop _ExcelWriteCell($oExcel, $i, $i, 1) ;Write to the Cell Next _ExcelWriteFormula($oExcel, "=Average(R1C1:R20C1)", 1, 2) ;Uses R1C1 referencing ConsoleWrite(_ExcelReadFormula($oExcel, 1, 2) & @CRLF) ;Uses R1C1 referencing ConsoleWrite(_ExcelReadFormula($oExcel, "B1") & @CRLF) MsgBox(0, "Exiting", "Press OK to Save File and Exit") _ExcelBookSaveAs($oExcel, @TempDir & "Temp.xls", "xls", 0, 1) ; Now we save it into the temp directory; overwrite existing file if necessary _ExcelBookClose($oExcel) ; And finally we close out Func _ExcelReadFormula($oExcel, $sRangeOrRow, $iColumn = 1) If Not IsObj($oExcel) Then Return SetError(1, 0, 0) If Not StringRegExp($sRangeOrRow, "[A-Z,a-z]", 0) Then If $sRangeOrRow < 1 Then Return SetError(2, 0, 0) If $iColumn < 1 Then Return SetError(2, 1, 0) Return $oExcel.Activesheet.Cells($sRangeOrRow, $iColumn).FormulaR1C1 Else Return $oExcel.Activesheet.Range($sRangeOrRow).Formula EndIf EndFunc ;==>_ExcelWriteFormulaEDIT: There was an extra consolewrite in the function that I was using for debugging, it's been removed.

nullshritt, I really don't have enough time to dig into your 450+kb code, nor into your multiple threads with incomplete code to run. But what I can say is that you should clarify your request: If you expect comments/advices about your homebrew algorithm, say so (but expose it in understandable form first). You would learn a lot doing so, even from the little I've seen. If you have a problem with math (seems to be around the dot product), just say so and you'll get advices too. If you have a problem with a specific operation done by AutoIt code (e.g. dot product of matrices giving unexpected result), please post the simplest standalone reproducer possible and you'll get productive answers as well. For now, the most useful advice I can give you is to stop dreaming of making your own "secure" algorithm and use one instead of the canned solutions proven effective by the security community, both in terms of speed and strength. Everyone can come up within minutes with his/her own encryption algorithm that he can't find a way to break. That doesn't make said algorithm any more secure than ROT13. Security and especially encryption is incredibly difficult to get right and can very easily have subtle fatal flaws (in algorithm and/or implementation) and there is a good reason why serious algorithms are deeply mathematically involved and scrutinized for years by worldwide experts. Why not use proven solutions?

Islmike, Please take care in future to post in the correct section of the forum. This section is for useful example scripts and is not, as the banner at the top clearly states, "a general support forum!". I will move this thread to the section that in fact is! M23