Jump to content

Securun+Memorydll+zlibUDF

JRSmile

By JRSmile
in AutoIt Example Scripts

 Share

Recommended Posts

JRSmile Universalist

JRSmile

Posted
Posted (edited)

Hi there, i am very proud to release my proof of concept about including dlls into autoit sourcecode.

the attached zip includes the sourcecode of my well known securun udf paired with the "run from memory udf" and the "zlib udf" the concept is the following.

if you have to use a dll in your scripts you can convert it into a binary string and the run it from memory with the memory udf...

i added the zlib udf zu shrink the size of the dll you want to use so if you now execute securun it will do the following things:

start

generate the zlib dll with the help of the memory udf into memory

use the zlib dll to extract the winlockdll into memory

call some functions of it (the stuff you see)

remove the dll from memory.

remove the zlib dll from memory.

stop

in addition i added a generator for creating your own zlibed dlls.

it uses the hardcoded zlib dll, but if you want you can combine the generated code with the last function in the securun.au3 to run your own zipped dlls from memory.

Ps: packed dlls that run in memory are hardly recogniced by antivirus programs, if you had problems with api hooking for example, this is good to know :)

www.behead.de/dll_include.zip

Best regards,

J.

Edited by JRSmile 
$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
wraithdu Universalist

wraithdu

Posted
Posted (edited)

Will this method (which I thought about today after seeing the zlib thread :)) further reduce a dll binary (in included au3 string form) that has previously been UPX'd?

Edited by wraithdu
JRSmile Universalist

JRSmile

Posted
  • Author
Posted (edited)

hmm nice question didn't test so far, just try to use the generator on an upxd dll and a non upxd dll (should be the same dll) and count the filesize :)

but remember it has to be a big dll/may dlls, to make the overhead of the included not shrinked zlib dll not useless....

Edited by JRSmile 
$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
wraithdu Universalist

wraithdu

Posted
Posted (edited)

Did a quick test on the Zlib dll itself.

Normal - 59904 bytes

Zlib'd - 33766 bytes

UPX'd - 35840 bytes

Zlib'd - 32954 bytes

So, not much is saved over UPX'ing the original DLL. Unless you're compressing A LOT of DLLs for your project, as you mentioned enough to overcome the Zlib overhead, it seems better to just UPX it.

Edited by wraithdu
JRSmile Universalist

JRSmile

Posted
  • Author
Posted

Nice thank you for your statistic, for my projects that are in the planning phase, it is perfect, including a 12Mb dll with resource icons shrinks to 2Mb :-)

and a 2,4 Mb exe is much more accepted then a 12 mb one :)

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
JRSmile Universalist

JRSmile

Posted
  • Author
Posted

  wraithdu said:

What's the size of your 12Mb dll if you just UPX it?

12mb ... don't know why it is not compresset, cause its only a binary string.

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
wraithdu Universalist

wraithdu

Posted
Posted

I'm not sure what you mean by that statement.

For my example, I UPX'd the DLL before turning it into a binary string, then used monocere's example to see how much more zlib could compress the string. As it turns out, not much. UPX'ing the whole script with your 12Mb string won't have the same results. Try UPX'ing your DLL as it is in DLL form, then create the binary string, then see how much more zlib can squeeze out of it. I'm guessing not too much more.

JRSmile Universalist

JRSmile

Posted
  • Author
Posted

  Quote

I'm guessing not too much more.

every single bit is worth the work. :-)

i need it as small as possible to have space for additions because it has to fit on a high capacity formated floppy disk.. why floppy? cause there are still pcs without usb port...

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
  • 4 weeks later...
JRSmile Universalist

JRSmile

Posted
  • Author
Posted (edited)

oh sorry forgot that i have reinvented my Website....

http://my-trac.assembla.com/jrsmile/browser/SECURUN_ZLIB.rar

you have to request beeing a team member of my svn repository to get access.

its just for my securety to track who has downladed it and when.

just register at assembla.com and hand me your e-mail address.

Edited by JRSmile 
$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
JRSmile Universalist

JRSmile

Posted
  • Author
Posted

  b1naryatr0phy said:

Security against what, might i ask?

to let me sleep well cause i know who has done what with the archive.

there are several guys out there which don't follow any ethnical rules...

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)
  • 1 month later...
ProgAndy Universalist

ProgAndy

Posted
Posted

Here is a working link: http://my-svn.assembla.com/svn/jrsmile/SECURUN_ZLIB.rar

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

JRSmile Universalist

JRSmile

Posted
  • Author
Posted

didn't know you can directly link the fileto here ... so no svn registration at all :D

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")
For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)
Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI"
Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;
MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...