Jump to content

_SelfDestruct(), AddResToMe()

trancexx

By trancexx,
in AutoIt Example Scripts

 Share

Recommended Posts

trancexx Universalist

trancexx

Posted
Posted (edited)

While running executable modules are locked in a manner that you can't edit them. Accessible for reading, but not for writing.

This means that in order to modify them you must wait till they are done, start a new process to do a modifications and do what ever you want (if you have enough rights).

Ability to do that without additional module (take this conditionally) improves security of an application and makes it more portable. For example, script in this post deletes itself (compiled or not) after it's done. Script from few posts down (link) adds files dropped on executable to its resource section.

Another example would be to add/update configuration data of the module that is stored within it (attached or as a resource), or to add a sort of hash check with ability to update it.

How to do it?

The idea is this (it's actually very obvious): - make a new process that will wait for the main process to exit and then do desired modifications on the main module.

AutoIt's executables are specific. When you run AutoIt, it will look for the script to interpret and if it finds is it will try to run it, and if not it will exit.

Built-in feature of every AutoIt executable is /AutoIt3ExecuteScript command line switch. It tells interpreter to interpret a script of our desire. I will use that.

Another key moment is creating another process. Writing to hard drive is out of the question (because of the lack of coolness and new problems that could arrive upon that). Solution is much more advanced. I already explained the procedure before (link). It's running executables from memory.

I will, in script that follows, start another process (of my wish) and rewrite its memory space in order for it to act as another interpreter. Another AutoIt interpreter. That new interpreter will execute the same script as the original one, but (and here is the catch) under changed circumstances.

Script is written to initially check for the count of a specific Semaphore object. In case it exists it will execute part of the script that actually does the destruction.

Semaphores are used widely before, there is nothing new to say about them.

Not to quibble more, here's the script:

SelfDestruct.au3

edit: New intro. It was pointed out to me from the different directions that the old one was kind of shitty.

Edited by trancexx

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
Manko Prodigy

Manko

Posted
Posted

That is really cool!

I can't help but feel we ought to have a simpler method... but your's is really high-tech! ;)

/Manko

Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
  • Author
Posted (edited)

I dont think a standard batch file runs in a vdm. the VDM is for 16-bit dos apps. However this is pretty cool.

You are absolutely right.

To make it up I wrote another script. This one will add any file you drop on compiled script to its resource section. Look for type RT_RCDATA, name 1 (you can use for example this script to verify).

AddResToMe.au3

New functions are not commented.

I .bet no .bat can do that.

Edited by trancexx

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
FuryCell Universalist

FuryCell

Posted
Posted

You are absolutely right.

To make it up I wrote another script. This one will add any file you drop on compiled script to its resource section. Look for type RT_RCDATA, name 1 (you can use for example this script to verify).

AddResToMe.au3

New functions are not commented.

I .bet no .bat can do that.

Now thats cool. 5 stars.
HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.
Link to comment
Share on other sites
spudw2k Universalist

spudw2k

Posted
Posted

That AddResToMe script looks very promising, but I can't figure out how to use it properly. After I add a file to the compiled script, it no longer runs.

Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetrieve SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites
spudw2k Universalist

spudw2k

Posted
Posted

Don't use UPX.

Yep, that did it. Thanks. I was thinking of making a self-contained archive(like) app. Are there means to remove resources from a compiled script?
Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetrieve SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
  • Author
Posted

Yep, that did it. Thanks. I was thinking of making a self-contained archive(like) app. Are there means to remove resources from a compiled script?

Of course.

But there could be dependencies between resources. The best advice I can give you is find ResourcesViewerAndCompiler.au3 and _ResDelete() function. That function covers all possible cases.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
spudw2k Universalist

spudw2k

Posted
Posted (edited)

Sweet, thnx. Is there any way to drag multiple files into the compiled script?

edit: Clarification....drag multiple files into a compiled script at once.

Edited by spudw2k
Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetrieve SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites
trancexx Universalist

trancexx

Posted
  • Author
Posted

Sweet, thnx. Is there any way to drag multiple files into the compiled script?

edit: Clarification....drag multiple files into a compiled script at once.

Just grab as many files as you like and drop them. Then parse $CmdLine, both in _Do() and _CheckForThingsToDo() functions. That's trivial.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites
spudw2k Universalist

spudw2k

Posted
Posted (edited)

I would've thought so too, but my element count in the $CmdLine doesn't seem to change if I drag more than one file.

edit: Nevermind. I was checking the $CmdLine array after the _CheckForThings... func and it changes the array. Thanks.

Edited by spudw2k
Spoiler

Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of CardsHideItICUIcon FreezerIpod EjectorJunos Configuration ExplorerLink DownloaderMD5 Folder EnumeratorPassGen ◊ Ping ToolQuick NICRead OCRRemoteITSchTasksGuiSpyCamSystem Scan Report ToolSystem UpTimeTransparency Machine VMWare ESX Builder
Misc Code Snippets: ADODB ExampleCheckHover ◊ Detect SafeModeDynEnumArrayGetNetStatData ◊ HashArrayIsBetweenDates Local AdminsMake ChoiceRecursive File ListRemove Sizebox StyleRetrieve PNPDeviceIDRetrieve SysListView32 ContentsSet IE Homepage Tickle Expired PasswordTranspose Array
Projects: Drive Space Usage GUI ◊ LEDkITPlasma_kIt ◊ Scan Engine BuilderSpeeDBurnerSubnetCalc
Cool Stuff: AutoItObject UDF Extract Icon From ProcGuiCtrlFontRotateHex Edit FuncsRun binaryService_UDF

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...