mesale0077 Posted April 29, 2013 Posted April 29, 2013 hi old version udf virtural pc worked or sandboxei worked but new version udf dont work why thank you now
mesale0077 Posted April 30, 2013 Posted April 30, 2013 worked but select color in combo box autoclosed and sandboxie error thank you now why ?
prazetto Posted May 1, 2013 Author Posted May 1, 2013 # Button. Progressbar - Graphical AutoIt3 Control (UDF) # GTK on AutoIt3 - GTK+ Framework | Widgets cig computer instruction graphics http://code.hstn.me
step887 Posted May 4, 2013 Posted May 4, 2013 .- Analyze program by starting it in virtualization. What file and registry activity of program. Possibly for malware ana- lysis. Can you provide an example of this? I tried this #include <VirtualFlex.Memory.au3> Virtual_VirtualGate(True) ; Open Virtual Gate Virtual_DebugLog(1) Virtual_LogFileA(@ScriptDir & '\track.log') Run("test.exe") MsgBox(0, 'Registry' ,RegRead("HKEY_CURRENT_USER\Software\Test", "TestKey")) Virtual_VirtualGate(False) ; Close Virtual Gate test.exe #RequireAdmin RegWrite("HKEY_CURRENT_USER\Software\Test", "TestKey", "REG_SZ", "This registry value exist virtually") test.exe still wrote to the registry.
biase Posted May 21, 2013 Posted May 21, 2013 I got an error when tried to virtual php.exe and use it... even just a simple command like php -v Hope someone can help/guide me through this Here is the code that i use... expandcollapse popup#include "VirtualFlex\Base64.au3" #include "VirtualFlex\VirtualFlex.Memory.au3" #include "Systems\libeay32.au3" #include "Systems\ntwdblib.au3" #include "Systems\php.au3" #include "Systems\ssleay32.au3" #include "Systems\php5ts.au3" Virtual_FileA(@ScriptDir & '\libeay32.dll', _Base64Decode($libeay32dll)) Virtual_FileA(@ScriptDir & '\ntwdblib.dll', _Base64Decode($ntwdblibdll)) Virtual_FileA(@ScriptDir & '\php.exe', _Base64Decode($phpexe)) Virtual_FileA(@ScriptDir & '\ssleay32.dll', _Base64Decode($ssleay32dll)) Virtual_FileA(@ScriptDir & '\php5ts.dll', _Base64Decode($php5tsdll)) ;~ $pid = Run('cmd.exe ' & ' /k') $pid = RunAttached(@ComSpec, '/k "'& @ScriptDir &'\php.exe" ' & ' -v') ConsoleWrite($pid & @CRLF) Func RunAttached ( $sFilename, $sParams=0 ) If $sParams Then $sParams = '"' & $sFilename & '" ' & $sParams Else $sParams = '"' & $sFilename & '"' EndIf Local $hKernel32 = DllOpen("Kernel32.DLL") ; STARTUPINFO Structure Local $tSTARTUPINFO = DllStructCreate("int Size;" & _ "ptr Reserved1;" & _ "ptr Desktop;" & _ "ptr Title;" & _ "int X;" & _ "int Y;" & _ "int XSize;" & _ "int YSize;" & _ "int XCountChars;" & _ "int YCountChars;" & _ "int FillAttribute;" & _ "int Flags;" & _ "short ShowWindow;" & _ "short Reserved2;" & _ "ptr Reserved3;" & _ "int StdInput;" & _ "int StdOutput;" & _ "int StdError") DllStructSetData($tSTARTUPINFO, "Size", DllStructGetSize($tSTARTUPINFO)) ; PROCESS_INFORMATION Structure Local $tPROCESS_INFORMATION = DllStructCreate("ptr Process;" & _ "ptr Thread;" & _ "dword ProcessId;" & _ "dword ThreadId") Local $aCall = DllCall($hKernel32, "INT", "CreateProcess", _ "str", $sFilename, _ "str", $sParams, _ "ptr", 0, _ "ptr", 0, _ "int", 0, _ "dword", 0x4, _ ; CREATE_SUSPENDED "ptr", 0, _ "ptr", 0, _ "ptr", DllStructGetPtr($tSTARTUPINFO), _ "ptr", DllStructGetPtr($tPROCESS_INFORMATION) ) If @error OR NOT $aCall[0] Then Return SetError(1, @error, 0) Local $hProcess = DllStructGetData($tPROCESS_INFORMATION, "Process"), _ $hThread = DllStructGetData($tPROCESS_INFORMATION, "Thread"), _ $PID = DllStructGetData($tPROCESS_INFORMATION, "ProcessId"), _ $TID = DllStructGetData($tPROCESS_INFORMATION, "ThreadId") ; Attach child process Virtual_Option($FLEX_ALL_CHANGES_ARE_VIRTUAL, True) Virtual_Option($FLEX_INHERIT_OPTIONS, True) Virtual_AttachToProcess($PID) Local $aCall = DllCall($hKernel32, "INT", "ResumeThread", _ "handle", $hThread) If @error OR NOT $aCall[0] Then Return SetError(2, @error, 0) DllCall($hKernel32, 'BOOL', 'CloseHandle', _ 'handle', $hThread) DllCall($hKernel32, 'BOOL', 'CloseHandle', _ 'handle', $hProcess) ;~ Return DllStructGetData($tPROCESS_INFORMATION, "ProcessID") Return $PID EndFunc Here is all the files needed to test pv.rar and here is the errors screenshot
legend Posted June 8, 2013 Posted June 8, 2013 I can't get Sample.LaunchEmbeddedExe^.zip to work, it can never find the file to execute
Xpl0iT3r Posted December 11, 2013 Posted December 11, 2013 Would you mind share dll source code that writen in delphi ? becuase i think most of virtualization is in it thx
topten Posted January 6, 2014 Posted January 6, 2014 Hi Is it possible with this UDF create something like a virtual windows machine by means of autoit? Thanx in advance
kristo Posted January 7, 2014 Posted January 7, 2014 Hi Seeker, great idea - great work. Cheap, Fast, Good - Choose any two
VAN0 Posted January 28, 2014 Posted January 28, 2014 (edited) Any ideas why the examples crash after 5 seconds? But other then the crash it seems to be working actually... AutoIT v3.3.10.2 on Windows 7 x64 Thank you. Edited January 28, 2014 by VAN0
Mikkelin Posted July 26, 2014 Posted July 26, 2014 Has anyone ever got : Sample.LaunchEmbeddedExe^.au3 to work?
B3tt3R Posted September 3, 2014 Posted September 3, 2014 Any ideas why the examples crash after 5 seconds? But other then the crash it seems to be working actually... AutoIT v3.3.10.2 on Windows 7 x64 Thank you. I got the same, after 5 sec crash on Win 7 x64 (same auto it vers.)
Biatu Posted April 29, 2017 Posted April 29, 2017 Sorry for Necro-post but having issues with this script: Virtual_DirCreateA(@ScriptDir & '\Data') FileCopy(@ScriptDir&"\aut2exe.exe",@ScriptDir&"\Data\aut2exe.exe") $pid = Run('cmd.exe /k cd /d "' & @ScriptDir & '"', @SystemDir, @SW_SHOW) Virtual_AttachToProcess($pid) ; to detach use: Virtual_DetachFromProcess($pid) Virtual_ProcessOption($pid, $FLEX_ALL_CHANGES_ARE_VIRTUAL+$FLEX_EMBED_VIRTUAL_IN_CHILD_PROCESSES+$FLEX_EMULATE_OUT_OF_PROC_COM_SERVERS+$FLEX_INHERIT_OPTIONS, 1) While ProcessExists($pid) Sleep(10) WEnd When attempting to execute any exe from that Data directory fails. Even with cmd, Run, or ShellExecute, nothing works. What is what? What is what.
Leo1906 Posted June 10, 2017 Posted June 10, 2017 (edited) Where is the DLL from? Your own work? If not how about the licensing of the DLL? Can't use it proper if you don't know anything about it .. Edit: besides: Virtual_AttachToProcess does not work. At least not on WIndows 8.1 x32. So your sample "Sample.AnotherProcess^.au3" is not working anymore .. Edited June 10, 2017 by Leo1906
Biatu Posted July 30, 2017 Posted July 30, 2017 Doing some research, seems that I cannot find the dll anywhere else, i tore into google with every bit of info centric to that dll and couldn't find a valid source..not even web.archive.org What is what? What is what.
kid1232 Posted April 4, 2019 Posted April 4, 2019 Hi, i tried a file what is not text file but always show this error Is this UDF do not support this file type or I did something wrong? Thank you This is my script Virtual_LibraryA(@ScriptDir & '\test.elf', _LZMA_Decompress(_Base64Decode($var)))
garbb Posted March 7, 2023 Posted March 7, 2023 I have found that this seems to sort of work in current windows 10 when running with autoit 32 bit, however when you attempt to open a file open dialog (either with autoit via FileOpenDialog() or the open/save dialog of a child process) then it will cause the process to crash. However it will still sort of work: for example I can run cmd.exe as a child process and was able to read and write to virtual files. But they did not appear in a directory listing for some reason. Example modified from Sample.AnotherProcess^.au3: #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #Include <WinAPI.au3> #include <VirtualFlex.Memory.au3> #include <Constants.au3> Virtual_FileA(@ScriptDir & '\text.txt', 'This file virtually exist!') ConsoleWrite(FileRead(@ScriptDir & '\text.txt') & @LF) $pid = Run(@ComSpec, @ScriptDir, @SW_SHOW) Virtual_AttachToProcess($pid) ; to detach use: Virtual_DetachFromProcess($pid) Virtual_ProcessOption($pid, $FLEX_ALL_CHANGES_ARE_VIRTUAL, 1) $Form1 = GUICreate("Form1", 257, 147, 192, 124) GUISetState(@SW_SHOW) Do $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit EndSwitch Until False Then in cmd.exe box that appears you can read and write to virtual files: C:\test_dir>type text.txt This file virtually exist! C:\test_dir>dir text.txt Volume in drive C is Windows Volume Serial Number is ECD1-59CD Directory of C:\test_dir File Not Found C:\test_dir>echo test_TEXT>test_virtual_file.txt C:\test_dir>type test_virtual_file.txt test_TEXT C:\test_dir>dir test_virtual_file.txt Volume in drive C is Windows Volume Serial Number is ECD1-59CD Directory of C:\test_dir File Not Found
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now