Popular Post trancexx Posted January 27, 2010 Popular Post Share Posted January 27, 2010 (edited) I finally have some more space in the attachments folder. In the past I've had to sacrifice, delete lots of scripts I posted to be able to post more. That was shit. So, what's the subrogation in this context? It's a technique of loading dll file embedded in your script as a string or perhaps stored on a remote server. Purpose is to be able to call functions from some dll without it needed to be written on the HD. As you will see in the script I'm attaching you choose some existing file (in my case I'm going with explorer.exe) then out of embedded dll you construct new fully functional module on the fundaments of the choosen. After that you call functions from embedded module but now (and that's the beauty) you call from subrogated. Pseudo/pseudo-expressed example from the script below would be: Subrogor = "explorer.exe" Subrogee = "kernel32.dll" Subrogate(byref Subrogor, Subrogee) DllCall(Subrogor, FunctionFromSubrogee) There are different problems with (only) some dlls to embed. It can be used both for 32 and 64 bit dlls with no difference. Script: Subrogation.au3 This technique (mild) is used in this script. edit: New script. Edited March 22, 2016 by trancexx UEZ, Leo1906, Skitty and 4 others 7 ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
James Posted January 27, 2010 Share Posted January 27, 2010 This is a friendlier example of Subrogation than the XM Player The awesome thing is, I'm understanding what is happening and how it works! I'm going to spend many hours playing with this. Now that I can subrogate the DLL I need into my new project, I can have everything I need from it.Thanks trancexx!James Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
trancexx Posted January 27, 2010 Author Share Posted January 27, 2010 This looks quite interesting, but I'm having trouble understanding how this is any different from MemoryDLL.Subtitle says a lot. Still, there are huge differences. For example, AutoIt is understood by many, opcodes only by some. Is there a limit on what programs can be the Subrogor? Can I use the compiled script itself (@ScriptName) or svchost.exe?If you can get module handle (_WinAPI_GetModuleHandle) of the subrogor than it can't/shouldn't be used. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
trancexx Posted January 28, 2010 Author Share Posted January 28, 2010 I've made an update. It should work on almost any dll now. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
JFX Posted September 15, 2011 Share Posted September 15, 2011 Works on Windows 8, with both interpreters, thanks. Link to comment Share on other sites More sharing options...
KnutJ Posted March 22, 2016 Share Posted March 22, 2016 Thank you TranceXX, i did a lot of extensive testing with the memorydll.au3 - to no avail. then, today, after some days, i found this thread by purpose, but i don't know how :-D ... and it works... it simply works. thank you for saving my day(s) Link to comment Share on other sites More sharing options...
Biatu Posted January 12, 2017 Share Posted January 12, 2017 Is there a way to use this UDF in tandem with RunBinary or simiar to preload dll's in memory required by the application? What is what? What is what. Link to comment Share on other sites More sharing options...
Biatu Posted January 17, 2017 Share Posted January 17, 2017 How can I use this if explorer.exe is not in the system? I've tried many others with no luck. What is what? What is what. Link to comment Share on other sites More sharing options...
trancexx Posted January 19, 2017 Author Share Posted January 19, 2017 On 18.1.2017. at 0:07 AM, Biatu said: How can I use this if explorer.exe is not in the system? I've tried many others with no luck. Surely there is some executable available. What system is that? ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Biatu Posted January 19, 2017 Share Posted January 19, 2017 3 hours ago, trancexx said: Surely there is some executable available. What system is that? Well I will be running this in WinPE, so explorer.exe wont always be available. I tried other window's essentials like svchost, winload, cmd, rundll32, etc and no go, all return @Error 6. It seems that every thing I try gives that error. What is what? What is what. Link to comment Share on other sites More sharing options...
Mugen Posted January 19, 2017 Share Posted January 19, 2017 Try "winlogon.exe", it works here with Windows 7 and 10. Link to comment Share on other sites More sharing options...
Biatu Posted January 19, 2017 Share Posted January 19, 2017 (edited) 16 minutes ago, Mugen said: Try "winlogon.exe", it works here with Windows 7 and 10. Ok thanks! That should do it. Edit: Wait no, still error 6, im using build 10.0.14986 Edited January 19, 2017 by Biatu What is what? What is what. Link to comment Share on other sites More sharing options...
Biatu Posted January 19, 2017 Share Posted January 19, 2017 Created this function to test it... #Include "Subrogation.au3" #Include <File.au3> #Include <Array.au3> $aArray=_FileListToArrayRec("C:\Windows\system32\","*.exe",1,0,0,0) ;_ArrayDisplay($aArray) $vBin=BinDll("C:\windows\system32\kernel32.dll") $iFailed=0 $iSuccess=0 For $i=1 To $aArray[0] $hDll=DllFromMemory($vBin,"C:\Windows\system32\"&$aArray[$i]) If @error Then ConsoleWrite($aArray[$i]&",Error "&@Error&@CRLF) $iFailed+=1 Else ConsoleWrite($aArray[$i]&",Success"&@CRLF) DllClose($hDll) $iSuccess+=1 EndIf ;EndIf Next ConsoleWrite("-"&$iFailed&" Failed"&@CRLF) ConsoleWrite("-"&$iSuccess&" Succedded"&@CRLF) Sleep(10000) What is what? What is what. Link to comment Share on other sites More sharing options...
BisherSH Posted February 9, 2017 Share Posted February 9, 2017 (edited) Hello, I wrote a script which is using SQLite3.dll , and I would like to embed the dll in the compiled exe file , Looks like your script is exactly what I need , I copied the code to my script and made the $sSubrogee points to SQLite3.dll and the $sSubrogor point to my compiled application but it didn't work ! I am new to AutoIT , could you please point me to the right way to do this ? Thanks Edited February 10, 2017 by BisherSH Link to comment Share on other sites More sharing options...
BisherSH Posted February 9, 2017 Share Posted February 9, 2017 I am able to make it work if the dll file exist , But what I need actually is to embed the whole dll inside the exe file NOT the dll path, is it possible ? Link to comment Share on other sites More sharing options...
Leo1906 Posted February 12, 2017 Share Posted February 12, 2017 Thanks for this nice function @trancexx It works really well with normally created dll's (using visual studio an c++). But I noticed that this won't work if you try to encrypt the dll using Themida for example. Why is that so? Is there a way to get crypted dll's to work? Link to comment Share on other sites More sharing options...
BisherSH Posted February 16, 2017 Share Posted February 16, 2017 Hi @Leo1906 , could you please give me an example of how to use the file inside my code ? Link to comment Share on other sites More sharing options...
trancexx Posted February 16, 2017 Author Share Posted February 16, 2017 On 9.2.2017. at 0:32 PM, BisherSH said: I am able to make it work if the dll file exist , But what I need actually is to embed the whole dll inside the exe file NOT the dll path, is it possible ? How difficult could that be?? Did you try? Can you show the code? Nobody is helping you much because it's trivial. There are scripts around that do the job for you. All you have to do is cherry pick. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Mugen Posted February 16, 2017 Share Posted February 16, 2017 Hi Trancexx, One thing I wonder about, I use a dll that uses cdecl calling convention. Well it works But should I change the DllMain simulation accordingly to If $iEntryPoint Then DllCallAddress("bool:cdecl", $pEntryFunc, "ptr", $pBaseAddress, "dword", 1, "ptr", 0) ; DLL_PROCESS_ATTACH or does it not matters here? Link to comment Share on other sites More sharing options...
trancexx Posted February 17, 2017 Author Share Posted February 17, 2017 10 hours ago, Mugen said: Hi Trancexx, One thing I wonder about, I use a dll that uses cdecl calling convention. Well it works But should I change the DllMain simulation accordingly to If $iEntryPoint Then DllCallAddress("bool:cdecl", $pEntryFunc, "ptr", $pBaseAddress, "dword", 1, "ptr", 0) ; DLL_PROCESS_ATTACH or does it not matters here? You shouldn't. DllMain is always stdcall. Mugen 1 ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now