xroot Posted August 20, 2009 Posted August 20, 2009 My wrapper runbin.dll can run exe's from memory in two ways. First, you can run the exe file name itself.Second, by loading the exe into my wrapper runbin.dll with "ResHacker.exe".You can download ResHacker Here it's free.ResHacker is real easy to use checkout the help.The example shows how to use both ways.expandcollapse popupFunc OnAutoItStart() Global $OUT=@ScriptDir&"\RunBin.dll," $RH="C:\ResHack\ResHacker -add " $REG=@SystemDir&"\regsvr32 /s " RunWait($REG&StringLeft($OUT,StringLen($OUT)-1)) ;Register RunBin.DLL RunWait($RH&$OUT&$OUT&@SystemDir&"\notepad.exe,Exe,Npad,") ;Load Exe's to RunBin.Dll RunWait($RH&$OUT&$OUT&@SystemDir&"\calc.exe,Exe,Calc,") RunWait($RH&$OUT&$OUT&@SystemDir&"\taskmgr.exe,Exe,TaskM,") EndFunc Func OnAutoItExit() $RH="C:\ResHack\ResHacker -delete " Run($RH&$OUT&$OUT&"Exe,,") ;Remove Exe's From RunBin.Dll EndFunc $RB=ObjCreate("RunBin.RunBinC") ;Load RunBin.dll GUICreate("Run From Memory",250,135) GUISetBkColor(0xDEB887) GUISetFont(10,800) GUICtrlCreateLabel("(Notepad,Calc,Taskmgr.Exe)",25,0,220,17) $Radio=GUICtrlCreateRadio("Run From Exe File",25,20,160,41) GUICtrlCreateRadio("Run From Stored Resource",25,50,220,41) $Button1=GUICtrlCreateButton("Run Memory",120,96,95,25) $Button2=GUICtrlCreateButton("Quit",26,96,73,25) GUICtrlSetState($Radio,1) GUISetState() While True Switch GUIGetMsg() Case -3,$Button2 Exit Case $Button1 If GUICtrlRead($Radio)=1 Then $RB.RunBin(Hex(FileRead(FileOpen(@SYSTEMDIR&"\notepad.exe",16)))) $RB.RunBin(Hex(FileRead(FileOpen(@SYSTEMDIR&"\calc.exe",16)))) $RB.RunBin(Hex(FileRead(FileOpen(@SYSTEMDIR&"\taskmgr.exe",16)))) ELse $RB.RunBin("Npad","Exe") $RB.RunBin("Calc","Exe") $RB.RunBin("TaskM","Exe") EndIf Exit EndSwitch WEndRunBin.dll
strikeraid Posted August 21, 2009 Posted August 21, 2009 This is a very interesting script. Is it possible to embed an exe, say an autoit script, into the dll so that you don't have to load it? Dunno if i'm even making any sense. Hahaha.
xroot Posted August 21, 2009 Author Posted August 21, 2009 This is a very interesting script. Is it possible to embed an exe, say an autoit script, into the dll so that you don't have to load it? Dunno if i'm even making any sense. Hahaha.I just ran an au3 exe and it would not open??I will check it out.Thanks
Mobius Posted August 22, 2009 Posted August 22, 2009 (edited) I just ran an au3 exe and it would not open?? I will check it out. Thanks Best of luck trying to Execute an Au3 binary from memory, it needs direct read access to the A3x section that is appended to the tail of the interpreter (or elsewhere in the binary >_<). It does not matter if you somehow manage to get this overlay into memory along with the interpreter when you execute it, since it needs to read this data from within the executable itself (raw read) or as another file. 80% of the 'Cannot locate script' error messages are due to this. I am not saying it cannot be done, because it can, just trying to throw some light on the subject for those that might be trying to execute an Au3 exe from memory. [unrelated] Oh yeah, and don't even get me started on why Running one Au3 exe in the memory space of another Au3 exe ain't gonna happen under normal circumstances. [/unrelated] Vlad Ed: 95% tad overkill. n00b reference was pretty arrogant sorry. Oh yeah I forgot... nice Lib dude. Edited August 26, 2009 by Mobius
IchBistTod Posted August 24, 2009 Posted August 24, 2009 sorry if im nto talking straight i have a lot going on right now. Could you show an example of how to use this to execute binary code from memory in an autoit script. Please? [center][/center][center]=][u][/u][/center][center][/center]
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now