Jump to content

Recommended Posts

Posted (edited)

Could we run the program being @SW_HIDE state directly? I have tried WinSetState but it appears on the screen a few seconds.

Great job.

Edited by Adele
  • 2 weeks later...
Posted

Good afternoon.

I'm trying to use it to run either rar.exe or 7z.exe to decompress from command line a few files, but I'm not able to pass arguments to those 2 executables using this command:

$iNewPID = _RunBinary($bBinary, " x test.rar")

The same structure to pass arguements to a command line executable works fine with other executables that I've tested, but there's something particular about these 2, which I don't know what it is, that makes them show me the parameters information (similar to running rar -help, for example).

Any ideas on how to solve them?

If for instance I load from memory cmd.exe and then call rar.exe, it works, but it's not what I'm intending to do.

Thanks.

  • 1 year later...
Posted
On 2/12/2015 at 8:21 PM, kadanefewi said:

Good afternoon.

I'm trying to use it to run either rar.exe or 7z.exe to decompress from command line a few files, but I'm not able to pass arguments to those 2 executables using this command:

$iNewPID = _RunBinary($bBinary, " x test.rar")

The same structure to pass arguements to a command line executable works fine with other executables that I've tested, but there's something particular about these 2, which I don't know what it is, that makes them show me the parameters information (similar to running rar -help, for example).

Any ideas on how to solve them?

If for instance I load from memory cmd.exe and then call rar.exe, it works, but it's not what I'm intending to do.

Thanks.

 

try this:
 

$iNewPID = _RunBinary($bBinary& " x test.rar")

 

What is what? What is what.

  • 4 weeks later...
Posted

Is there a problem with the forum, because I'm not able to load page 9 of this thread ..?
I would like to know if there has been solution to the stdout streams of the files executed, as requestet on page 8?

Would be really nice .. :):D

Posted
On 9/7/2016 at 3:00 PM, Leo1906 said:

Is there a problem with the forum, because I'm not able to load page 9 of this thread ..?
I would like to know if there has been solution to the stdout streams of the files executed, as requestet on page 8?

Would be really nice .. :):D

 

Page 9...same.

What is what? What is what.

  • 1 month later...
Posted

Hello @trancexx !

I try unRAR command line but unsuccessful :(

;.......script written by trancexx (trancexx at yahoo dot com)
; https://www.autoitscript.com/forum/topic/99412-run-binary/

; For this example just browse to some executable you wish to run from memory
;Global $sModule = FileOpenDialog("", "", "Executable modules (*.exe)")
;If @error Then Exit

Global $bBinary = FileRead(@ScriptDir & '\UnRAR.exe')
Global $iNewPID

; Try 10 times in case of failures
For $i = 1 To 10
    ConsoleWrite("Try No" & $i & @CRLF)
    $iNewPID = _RunBinary($bBinary, ' x ' & @ScriptDir & '\TestFile.rar -o+ -y "' & @DesktopDir & '"');, "", @SystemDir & "\calc.exe") ; if it fails on for example XP, try another 'victim'.
    If Not @error Then ExitLoop
Next

Can you help me?.

Thanks.

  • 2 months later...
  • 2 months later...
Posted

@trancexx, would you happen to have a solution for getting STD handles? I tried setting bInherentHandels flag, but still can't write to the STDIN.

I just trying to do something basic, like echo "Hello world" to cmd.exe as a test. in the end I'm looking for ways to pipe data from one program to another.

 

Thank you

What is what? What is what.

Posted

@trancexx, would you happen to have a solution for getting STD handles? I tried setting bInherentHandels flag, but still can't write to the STDIN.

I just trying to do something basic, like echo "Hello world" to cmd.exe as a test. in the end I'm looking for ways to pipe data from one program to another.

Edit:

Another solution I was looking into, is shared libraries. Can I use your Subrogation to load shared libraries that may be needed by X program being loaded with this function.

 

Thank you

What is what? What is what.

  • 1 month later...
Posted
English by google translator

How do I run a binary AUDIO using only _SoundOpen and _SoundPlay? I need to use these functions since I use winmm.dll to play video as well and would like to play videos in binary as well.
 

Example of running a sound in binary ( WinApi_PlaySound)
#include <APIMiscConstants.au3>
#include <GUIConstantsEx.au3>
#include <MsgBoxConstants.au3>
#include <WinAPIMisc.au3>

Local Const $sWav = @ScriptDir & '\Extras\Airplane.wav'

; Read Airplane.wav to memory
Local $dWav = FileRead($sWav)
If @error Then
    MsgBox(BitOR($MB_ICONERROR, $MB_SYSTEMMODAL), 'Error', 'Unable to read "' & $sWav & '"')
    Exit
EndIf
Local $tWav = DllStructCreate('byte[' & BinaryLen($dWav) & ']')
DllStructSetData($tWav, 1, $dWav)
Local $pWav = DllStructGetPtr($tWav)

; Create GUI
Local $hForm = GUICreate('Test ' & StringReplace(@ScriptName, '.au3', '()'), 200, 200)
Local $idButton = GUICtrlCreateButton('Play', 70, 70, 60, 60)
GUISetState(@SW_SHOW)

Local $bPlay = False
While 1
    Switch GUIGetMsg()
        Case $GUI_EVENT_CLOSE
            ExitLoop
        Case $idButton
            $bPlay = Not $bPlay
            If $bPlay Then
                _WinAPI_PlaySound($pWav, BitOR($SND_ASYNC, $SND_LOOP, $SND_MEMORY))
;~              _WinAPI_PlaySound($sWav, BitOR($SND_ASYNC, $SND_LOOP))
                GUICtrlSetData($idButton, 'Stop')
            Else
                _WinAPI_PlaySound('')
                GUICtrlSetData($idButton, 'Play')
            EndIf
    EndSwitch
WEnd

 
  • 4 months later...
Posted (edited)

Hi mates, tell me why my binary code does not start

Global $bBinary = "0x4D5A90000300000004000000FFFF0000B8000000000000004000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000080000000" & _
       "0E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F" & _
       "742062652072756E20696E20444F53206D6F64652E0D0D0A2400000000000000" & _
       "504500004C01030094D05C590000000000000000E00022000B01300000100000" & _
       "0008000000000000C22F00000020000000400000000040000020000000020000" & _
       "0400000000000000040000000000000000800000000200000000000002004085" & _
       "0000100000100000000010000010000000000000100000000000000000000000" & _
       "702F00004F000000004000008C05000000000000000000000000000000000000" & _
       "006000000C000000382E00001C00000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000020000008000000" & _
       "0000000000000000082000004800000000000000000000002E74657874000000" & _
       "C80F000000200000001000000002000000000000000000000000000020000060" & _
       "2E727372630000008C0500000040000000060000001200000000000000000000" & _
       "00000000400000402E72656C6F6300000C000000006000000002000000180000" & _
       "0000000000000000000000004000004200000000000000000000000000000000" & _
       "A42F000000000000480000000200050084210000FC0B00000100000004000006" & _
       "802D0000B8000000000000000000000000000000000000000000000000000000" & _
       "000000000000000000000000000000005E02147D0100000402281300000A0000" & _
       "022803000006002A133002002B0000000100001100032C0B027B0100000414FE" & _
       "032B01160A062C0E00027B010000046F1400000A00000203281500000A002A86" & _
       "0002731600000A7D010000040217281700000A000272010000706F1800000A00" & _
       "2A5600720D0000707237000070161F10281900000A262A2602281A00000A0000" & _
       "2A000000133002003900000002000011007E0200000414FE010A062C22007255" & _
       "000070D004000002281B00000A6F1C00000A731D00000A0B078002000004007E" & _
       "020000040C2B00082A000000133001000B00000003000011007E030000040A2B" & _
       "00062A22000280030000042A133001000B00000004000011007E040000040A2B" & _
       "00062A2202281E00000A002A56730A000006281F00000A740500000280040000" & _
       "042A000042534A4201000100000000000C00000076322E302E35303732370000" & _
       "000005006C00000020040000237E00008C040000E804000023537472696E6773"
$bBinary &= "00000000740900008C00000023555300000A0000100000002347554944000000" & _
       "100A0000EC01000023426C6F6200000000000000020000015715A20109010000" & _
       "00FA013300160000010000002700000005000000040000000B00000002000000" & _
       "1F00000015000000040000000200000003000000040000000100000003000000" & _
       "010000000000A70201000000000006001602DA0306008302DA0306004A01A803" & _
       "0F003004000006008B0140030600F90140030600DA01400306006A0240030600" & _
       "3602400306004F0240030600A201400306007701BB0306000801BB030600BD01" & _
       "40030A00F10259040E008A03BB0206008B04EA020600DA00EA020E0016017203" & _
       "06002D01A8030600ED00DA0306006203FA03060052032B030E00C500BB020E00" & _
       "5E01BB020E00A500160306004800EA020E008B03BB020A00D10259040A003A00" & _
       "59040A00DA0259040A00CD0459040A009E0459040A006E0459040A0007035904" & _
       "06007800EA0206005400EA020600DC0440030E00B00016030000000007000000" & _
       "00000100010001001000010095033D000100010080011000E202950345000200" & _
       "04000000100001043F044500020005000001100050043F046900040009000100" & _
       "800479001100F6027D0011009500810011002600850050200000000086189B03" & _
       "06000100682000000000C400BD00150001009F20000000008100AB0406000200" & _
       "C120000000009100020389000200D7200000000083189B0306000200E4200000" & _
       "000093085E038D0002002C210000000093087D00920002004321000000009308" & _
       "8900970002004C2100000000960892049D00030063210000000086189B030600" & _
       "03006C21000000009118A1038900030000000100B10200000100A10209009B03" & _
       "010011009B03060019009B030A0029009B03100031009B03100039009B031000" & _
       "41009B03100049009B03100051009B03100059009B03100061009B0315006900" & _
       "9B03100071009B03100091009B03060099009B031A00A1009B030600A9009B03" & _
       "0600C9009B03200079009B030600D900BD0006007900BD001500E1009B030600" & _
       "E90036002A00F900BF0410000101C804300089009B0306002101660046002101" & _
       "D8044F00B1009B035500D1009B03060039011900670029009300E2012E000B00" & _
       "B1002E001300BA002E001B00D9002E002300E2002E002B00ED002E003300ED00" & _
       "2E003B00ED002E004300E2002E004B00F3002E005300ED002E005B00ED002E00" & _
       "63000B012E006B00350149009300E20180007300420183007B00470183008300" & _
       "420183008B004201A3008B004201A3007B00880126003E005D00620004000100" & _
       "0500030000006203A20000009D00A70000009604AC0002000600030002000700"
$bBinary &= "0500010008000500020009000700048000000100000000000000000000000000" & _
       "9503000002000000000000000000000070001000000000000200000000000000" & _
       "0000000070005904000000000200000000000000000000007000EA0200000000" & _
       "00000000010000000B0400000000000000466F726D31003C4D6F64756C653E00" & _
       "6D73636F726C69620053796E6368726F6E697A65640064656661756C74496E73" & _
       "74616E6365007365745F4175746F5363616C654D6F64650049446973706F7361" & _
       "626C650052756E74696D655479706548616E646C65004765745479706546726F" & _
       "6D48616E646C650054797065006765745F43756C74757265007365745F43756C" & _
       "74757265007265736F7572636543756C74757265004170706C69636174696F6E" & _
       "53657474696E67734261736500446973706F736500456469746F7242726F7773" & _
       "61626C6553746174650053544154687265616441747472696275746500436F6D" & _
       "70696C657247656E657261746564417474726962757465004775696441747472" & _
       "69627574650047656E657261746564436F646541747472696275746500446562" & _
       "75676765724E6F6E55736572436F646541747472696275746500446562756767" & _
       "61626C6541747472696275746500456469746F7242726F777361626C65417474" & _
       "72696275746500436F6D56697369626C6541747472696275746500417373656D" & _
       "626C795469746C6541747472696275746500417373656D626C7954726164656D" & _
       "61726B41747472696275746500417373656D626C7946696C6556657273696F6E" & _
       "41747472696275746500417373656D626C79436F6E66696775726174696F6E41" & _
       "747472696275746500417373656D626C794465736372697074696F6E41747472" & _
       "696275746500436F6D70696C6174696F6E52656C61786174696F6E7341747472" & _
       "696275746500417373656D626C7950726F647563744174747269627574650041" & _
       "7373656D626C79436F7079726967687441747472696275746500417373656D62" & _
       "6C79436F6D70616E794174747269627574650052756E74696D65436F6D706174" & _
       "6962696C6974794174747269627574650076616C7565004572726F722E657865" & _
       "00646973706F73696E670053797374656D2E436F6D706F6E656E744D6F64656C" & _
       "00436F6E7461696E6572436F6E74726F6C0050726F6772616D0053797374656D" & _
       "00466F726D007265736F757263654D616E004D61696E004D657373616765426F" & _
       "7849636F6E0053797374656D2E436F6E66696775726174696F6E005379737465" & _
       "6D2E476C6F62616C697A6174696F6E0053797374656D2E5265666C656374696F" & _
       "6E0043756C74757265496E666F006765745F5265736F757263654D616E616765"
$bBinary &= "720053797374656D2E436F6465446F6D2E436F6D70696C65720049436F6E7461" & _
       "696E6572004572726F72002E63746F72002E6363746F720053797374656D2E44" & _
       "6961676E6F73746963730053797374656D2E52756E74696D652E496E7465726F" & _
       "7053657276696365730053797374656D2E52756E74696D652E436F6D70696C65" & _
       "7253657276696365730053797374656D2E5265736F7572636573004572726F72" & _
       "2E50726F706572746965732E5265736F75726365732E7265736F757263657300" & _
       "446562756767696E674D6F646573004572726F722E50726F7065727469657300" & _
       "53657474696E67730053797374656D2E57696E646F77732E466F726D73004D65" & _
       "7373616765426F78427574746F6E7300636F6D706F6E656E7473004F626A6563" & _
       "74006765745F44656661756C74004469616C6F67526573756C7400496E697469" & _
       "616C697A65436F6D706F6E656E74007365745F546578740053686F77004D6573" & _
       "73616765426F78006765745F417373656D626C7900000000000B46006F007200" & _
       "6D00310000294D0069007300730069006E00670020006D007300760063007200" & _
       "3100300030002E0064006C006C00001D43007200690074006900630061006C00" & _
       "20006500720072006F00720000354500720072006F0072002E00500072006F00" & _
       "70006500720074006900650073002E005200650073006F007500720063006500" & _
       "73000000C57F35046E31314B9464B5FC14FAFF08000420010108032000010520" & _
       "01011111042001010E0420010102052002010E0E052001011161030701020520" & _
       "010111790D00041180850E0E11808911808D0707030212591259080001128091" & _
       "118095052000128099072002010E128099040701125D04070112140800011280" & _
       "9D12809D08B77A5C561934E08903061241030612590306125D03061214030000" & _
       "010400001259040000125D05000101125D04000012140408001259040800125D" & _
       "04080012140801000800000000001E01000100540216577261704E6F6E457863" & _
       "657074696F6E5468726F7773010801000701000000000A0100054572726F7200" & _
       "0005010000000017010012436F7079726967687420C2A9202032303137000029" & _
       "01002435363462663537392D346666622D346130312D613663652D3163653463" & _
       "6663343936363500000C010007312E302E302E30000004010000004001003353" & _
       "797374656D2E5265736F75726365732E546F6F6C732E5374726F6E676C795479" & _
       "7065645265736F757263654275696C64657207342E302E302E3000005901004B" & _
       "4D6963726F736F66742E56697375616C53747564696F2E456469746F72732E53" & _
       "657474696E677344657369676E65722E53657474696E677353696E676C654669"
$bBinary &= "6C6547656E657261746F720831312E302E302E30000008010002000000000000" & _
       "B4000000CECAEFBE01000000910000006C53797374656D2E5265736F75726365" & _
       "732E5265736F757263655265616465722C206D73636F726C69622C2056657273" & _
       "696F6E3D322E302E302E302C2043756C747572653D6E65757472616C2C205075" & _
       "626C69634B6579546F6B656E3D62373761356335363139333465303839235379" & _
       "7374656D2E5265736F75726365732E52756E74696D655265736F757263655365" & _
       "7402000000000000000000000050414450414450B40000000000000094D05C59" & _
       "00000000020000001C010000542E0000541000005253445305C5361A4166D940" & _
       "9041D6E46D5E62BF01000000433A5C55736572735C676F726E6F5C446F63756D" & _
       "656E74735C56697375616C2053747564696F20323031355C50726F6A65637473" & _
       "5C4572726F725C4572726F725C6F626A5C44656275675C4572726F722E706462" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "00000000000000000000000000000000982F00000000000000000000B22F0000" & _
       "002000000000000000000000000000000000000000000000A42F000000000000" & _
       "0000000000005F436F724578654D61696E006D73636F7265652E646C6C000000" & _
       "0000FF2500204000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000020010000000200000801800000050000080" & _
       "0000000000000000000000000000010001000000380000800000000000000000" & _
       "0000000000000100000000008000000000000000000000000000000000000100" & _
       "010000006800008000000000000000000000000000000100000000008C030000" & _
       "90400000FC0200000000000000000000FC0234000000560053005F0056004500" & _
       "5200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100" & _
       "000001000000000000000100000000003F000000000000000400000001000000" & _
       "000000000000000000000000440000000100560061007200460069006C006500" & _
       "49006E0066006F00000000002400040000005400720061006E0073006C006100" & _
       "740069006F006E00000000000000B0045C020000010053007400720069006E00"
$bBinary &= "6700460069006C00650049006E0066006F000000380200000100300030003000" & _
       "3000300034006200300000001A000100010043006F006D006D0065006E007400" & _
       "730000000000000022000100010043006F006D00700061006E0079004E006100" & _
       "6D0065000000000000000000340006000100460069006C006500440065007300" & _
       "6300720069007000740069006F006E00000000004500720072006F0072000000" & _
       "300008000100460069006C006500560065007200730069006F006E0000000000" & _
       "31002E0030002E0030002E003000000034000A00010049006E00740065007200" & _
       "6E0061006C004E0061006D00650000004500720072006F0072002E0065007800" & _
       "650000004800120001004C006500670061006C0043006F007000790072006900" & _
       "670068007400000043006F0070007900720069006700680074002000A9002000" & _
       "2000320030003100370000002A00010001004C006500670061006C0054007200" & _
       "6100640065006D00610072006B00730000000000000000003C000A0001004F00" & _
       "72006900670069006E0061006C00460069006C0065006E0061006D0065000000" & _
       "4500720072006F0072002E0065007800650000002C0006000100500072006F00" & _
       "64007500630074004E0061006D006500000000004500720072006F0072000000" & _
       "340008000100500072006F006400750063007400560065007200730069006F00" & _
       "6E00000031002E0030002E0030002E0030000000380008000100410073007300" & _
       "65006D0062006C0079002000560065007200730069006F006E00000031002E00" & _
       "30002E0030002E00300000009C430000EA0100000000000000000000EFBBBF3C" & _
       "3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D22555446" & _
       "2D3822207374616E64616C6F6E653D22796573223F3E0D0A0D0A3C617373656D" & _
       "626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F6674" & _
       "2D636F6D3A61736D2E763122206D616E696665737456657273696F6E3D22312E" & _
       "30223E0D0A20203C617373656D626C794964656E746974792076657273696F6E" & _
       "3D22312E302E302E3022206E616D653D224D794170706C69636174696F6E2E61" & _
       "7070222F3E0D0A20203C7472757374496E666F20786D6C6E733D2275726E3A73" & _
       "6368656D61732D6D6963726F736F66742D636F6D3A61736D2E7632223E0D0A20" & _
       "2020203C73656375726974793E0D0A2020202020203C72657175657374656450" & _
       "726976696C6567657320786D6C6E733D2275726E3A736368656D61732D6D6963" & _
       "726F736F66742D636F6D3A61736D2E7633223E0D0A20202020202020203C7265" & _
       "71756573746564457865637574696F6E4C6576656C206C6576656C3D22617349"
$bBinary &= "6E766F6B6572222075694163636573733D2266616C7365222F3E0D0A20202020" & _
       "20203C2F72657175657374656450726976696C656765733E0D0A202020203C2F" & _
       "73656375726974793E0D0A20203C2F7472757374496E666F3E0D0A3C2F617373" & _
       "656D626C793E0000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "002000000C000000C43F00000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000" & _
       "0000000000000000000000000000000000000000000000000000000000000000"

Global $iNewPID


For $i = 1 To 10
    ConsoleWrite("Try No" & $i & @CRLF)
    $iNewPID = _RunBinary($bBinary)
    If Not @error Then ExitLoop
Next

Switch @error
    Case 0
        ConsoleWrite("New process sucessfully created. PID is: " & $iNewPID & @CRLF)
    Case 1
        MsgBox(48, "Error", "New process couldn't be created!" & @CRLF & "Check if the path is correct.")
    Case 2
        MsgBox(48, "Error", "Wrong AutoIt!" & @CRLF & "Should be x64 for x64 and x86 for x86.")
    Case 3
        MsgBox(48, "Error", "GetThreadContext function failed!" & @CRLF & "Something is wrong.")
    Case 4
        MsgBox(48, "Error", "Binary data seems to be corrupted!" & @CRLF & "MS-DOS header is wrong or missing.")
    Case 5
        MsgBox(48, "Error", "Binary data seems to be corrupted!" & @CRLF & "PE signature is wrong.")
    Case 6
        MsgBox(48, "Error", "Wrong AutoIt!" & @CRLF & "Should be x64 for x64 and x86 for x86.")
    Case 7
        MsgBox(48, "Error", "Internal error!" & @CRLF & "Failure while writting new module binary.")
    Case 8
        MsgBox(48, "Error", "Internal error!" & @CRLF & "Failure while filling PEB structure.")
    Case 9
        MsgBox(48, "Error", "Internal error!" & @CRLF & "Failure while changing base address.")
    Case 10
        MsgBox(48, "Error", "Internal error!" & @CRLF & "Failure with SetThreadContext function.")
    Case 11
        MsgBox(48, "Error", "Internal error!" & @CRLF & "Failure with ResumeThread function.")
    Case 101
        If @extended Then
            MsgBox(48, "Error", "Error!" & @CRLF & "Not enough space available at desired address. Try again maybe, or change the 'victim'.")
        Else
            MsgBox(48, "Error", "Error!" & @CRLF & "Executable you try to run is not relocatable. This lowers the possibility of running it in this fassion." & @CRLF & "Try again or find another 'victim', maybe you'll get lucky.")
        EndIf
    Case 102
        MsgBox(48, "Error", "Itanium architecture!" & @CRLF & "No solution. Sorry." & @CRLF & "How did you manage to end up here is beyond my comprehension.")
EndSwitch



; FUNCTION

Func _RunBinary($bBinaryImage, $sCommandLine = "", $sExeModule = @AutoItExe)

    #Region 1. DETERMINE INTERPRETER TYPE
    Local $fAutoItX64 = @AutoItX64

    #Region 2. PREDPROCESSING PASSED
    Local $bBinary = Binary($bBinaryImage) ; this is redundant but still...
    ; Make structure out of binary data that was passed
    Local $tBinary = DllStructCreate("byte[" & BinaryLen($bBinary) & "]")
    DllStructSetData($tBinary, 1, $bBinary) ; fill it
    ; Get pointer to it
    Local $pPointer = DllStructGetPtr($tBinary)

    #Region 3. CREATING NEW PROCESS
    ; STARTUPINFO structure (actually all that really matters is allocated space)
    Local $tSTARTUPINFO = DllStructCreate("dword  cbSize;" & _
            "ptr Reserved;" & _
            "ptr Desktop;" & _
            "ptr Title;" & _
            "dword X;" & _
            "dword Y;" & _
            "dword XSize;" & _
            "dword YSize;" & _
            "dword XCountChars;" & _
            "dword YCountChars;" & _
            "dword FillAttribute;" & _
            "dword Flags;" & _
            "word ShowWindow;" & _
            "word Reserved2;" & _
            "ptr Reserved2;" & _
            "ptr hStdInput;" & _
            "ptr hStdOutput;" & _
            "ptr hStdError")
    ; This is much important. This structure will hold very some important data.
    Local $tPROCESS_INFORMATION = DllStructCreate("ptr Process;" & _
            "ptr Thread;" & _
            "dword ProcessId;" & _
            "dword ThreadId")
    ; Create new process
    Local $aCall = DllCall("kernel32.dll", "bool", "CreateProcessW", _
            "wstr", $sExeModule, _
            "wstr", $sCommandLine, _
            "ptr", 0, _
            "ptr", 0, _
            "int", 0, _
            "dword", 4, _ ; CREATE_SUSPENDED ; <- this is essential
            "ptr", 0, _
            "ptr", 0, _
            "ptr", DllStructGetPtr($tSTARTUPINFO), _
            "ptr", DllStructGetPtr($tPROCESS_INFORMATION))
    ; Check for errors or failure
    If @error Or Not $aCall[0] Then Return SetError(1, 0, 0) ; CreateProcess function or call to it failed
    ; Get new process and thread handles:
    Local $hProcess = DllStructGetData($tPROCESS_INFORMATION, "Process")
    Local $hThread = DllStructGetData($tPROCESS_INFORMATION, "Thread")
    ; Check for 'wrong' bit-ness. Not because it could't be implemented, but besause it would be uglyer (structures)
    If $fAutoItX64 And _RunBinary_IsWow64Process($hProcess) Then
        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
        Return SetError(2, 0, 0)
    EndIf

    #Region 4. FILL CONTEXT STRUCTURE
    ; CONTEXT structure is what's really important here. It's processor specific.
    Local $iRunFlag, $tCONTEXT
    If $fAutoItX64 Then
        If @OSArch = "X64" Then
            $iRunFlag = 2
            $tCONTEXT = DllStructCreate("align 16; uint64 P1Home; uint64 P2Home; uint64 P3Home; uint64 P4Home; uint64 P5Home; uint64 P6Home;" & _ ; Register parameter home addresses
                    "dword ContextFlags; dword MxCsr;" & _ ; Control flags
                    "word SegCS; word SegDs; word SegEs; word SegFs; word SegGs; word SegSs; dword EFlags;" & _ ; Segment Registers and processor flags
                    "uint64 Dr0; uint64 Dr1; uint64 Dr2; uint64 Dr3; uint64 Dr6; uint64 Dr7;" & _ ; Debug registers
                    "uint64 Rax; uint64 Rcx; uint64 Rdx; uint64 Rbx; uint64 Rsp; uint64 Rbp; uint64 Rsi; uint64 Rdi; uint64 R8; uint64 R9; uint64 R10; uint64 R11; uint64 R12; uint64 R13; uint64 R14; uint64 R15;" & _ ; Integer registers
                    "uint64 Rip;" & _ ; Program counter
                    "uint64 Header[4]; uint64 Legacy[16]; uint64 Xmm0[2]; uint64 Xmm1[2]; uint64 Xmm2[2]; uint64 Xmm3[2]; uint64 Xmm4[2]; uint64 Xmm5[2]; uint64 Xmm6[2]; uint64 Xmm7[2]; uint64 Xmm8[2]; uint64 Xmm9[2]; uint64 Xmm10[2]; uint64 Xmm11[2]; uint64 Xmm12[2]; uint64 Xmm13[2]; uint64 Xmm14[2]; uint64 Xmm15[2];" & _ ; Floating point state (types are not correct for simplicity reasons!!!)
                    "uint64 VectorRegister[52]; uint64 VectorControl;" & _ ; Vector registers (type for VectorRegister is not correct for simplicity reasons!!!)
                    "uint64 DebugControl; uint64 LastBranchToRip; uint64 LastBranchFromRip; uint64 LastExceptionToRip; uint64 LastExceptionFromRip") ; Special debug control registers
        Else
            $iRunFlag = 3
            ; FIXME - Itanium architecture
            ; Return special error number:
            DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
            Return SetError(102, 0, 0)
        EndIf
    Else
        $iRunFlag = 1
        $tCONTEXT = DllStructCreate("dword ContextFlags;" & _ ; Control flags
                "dword Dr0; dword Dr1; dword Dr2; dword Dr3; dword Dr6; dword Dr7;" & _ ; CONTEXT_DEBUG_REGISTERS
                "dword ControlWord; dword StatusWord; dword TagWord; dword ErrorOffset; dword ErrorSelector; dword DataOffset; dword DataSelector; byte RegisterArea[80]; dword Cr0NpxState;" & _ ; CONTEXT_FLOATING_POINT
                "dword SegGs; dword SegFs; dword SegEs; dword SegDs;" & _ ; CONTEXT_SEGMENTS
                "dword Edi; dword Esi; dword Ebx; dword Edx; dword Ecx; dword Eax;" & _ ; CONTEXT_INTEGER
                "dword Ebp; dword Eip; dword SegCs; dword EFlags; dword Esp; dword SegSs;" & _ ; CONTEXT_CONTROL
                "byte ExtendedRegisters[512]") ; CONTEXT_EXTENDED_REGISTERS
    EndIf
    ; Define CONTEXT_FULL
    Local $CONTEXT_FULL
    Switch $iRunFlag
        Case 1
            $CONTEXT_FULL = 0x10007
        Case 2
            $CONTEXT_FULL = 0x100007
        Case 3
            $CONTEXT_FULL = 0x80027
    EndSwitch
    ; Set desired access
    DllStructSetData($tCONTEXT, "ContextFlags", $CONTEXT_FULL)
    ; Fill CONTEXT structure:
    $aCall = DllCall("kernel32.dll", "bool", "GetThreadContext", _
            "handle", $hThread, _
            "ptr", DllStructGetPtr($tCONTEXT))
    ; Check for errors or failure
    If @error Or Not $aCall[0] Then
        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
        Return SetError(3, 0, 0) ; GetThreadContext function or call to it failed
    EndIf
    ; Pointer to PEB structure
    Local $pPEB
    Switch $iRunFlag
        Case 1
            $pPEB = DllStructGetData($tCONTEXT, "Ebx")
        Case 2
            $pPEB = DllStructGetData($tCONTEXT, "Rdx")
        Case 3
            ; NEVER BE - Itanium architecture
    EndSwitch

    #Region 5. READ PE-FORMAT
    ; Start processing passed binary data. 'Reading' PE format follows.
    ; First is IMAGE_DOS_HEADER
    Local $tIMAGE_DOS_HEADER = DllStructCreate("char Magic[2];" & _
            "word BytesOnLastPage;" & _
            "word Pages;" & _
            "word Relocations;" & _
            "word SizeofHeader;" & _
            "word MinimumExtra;" & _
            "word MaximumExtra;" & _
            "word SS;" & _
            "word SP;" & _
            "word Checksum;" & _
            "word IP;" & _
            "word CS;" & _
            "word Relocation;" & _
            "word Overlay;" & _
            "char Reserved[8];" & _
            "word OEMIdentifier;" & _
            "word OEMInformation;" & _
            "char Reserved2[20];" & _
            "dword AddressOfNewExeHeader", _
            $pPointer)
    ; Save this pointer value (it's starting address of binary image headers)
    Local $pHEADERS_NEW = $pPointer
    ; Move pointer
    $pPointer += DllStructGetData($tIMAGE_DOS_HEADER, "AddressOfNewExeHeader") ; move to PE file header
    ; Get "Magic"
    Local $sMagic = DllStructGetData($tIMAGE_DOS_HEADER, "Magic")
    ; Check if it's valid format
    If Not ($sMagic == "MZ") Then
        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
        Return SetError(4, 0, 0) ; MS-DOS header missing.
    EndIf
    ; In place of IMAGE_NT_SIGNATURE
    Local $tIMAGE_NT_SIGNATURE = DllStructCreate("dword Signature", $pPointer)
    ; Move pointer
    $pPointer += 4 ; size of $tIMAGE_NT_SIGNATURE structure
    ; Check signature
    If DllStructGetData($tIMAGE_NT_SIGNATURE, "Signature") <> 17744 Then ; IMAGE_NT_SIGNATURE
        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
        Return SetError(5, 0, 0) ; wrong signature. For PE image should be "PE\0\0" or 17744 dword.
    EndIf
    ; In place of IMAGE_FILE_HEADER
    Local $tIMAGE_FILE_HEADER = DllStructCreate("word Machine;" & _
            "word NumberOfSections;" & _
            "dword TimeDateStamp;" & _
            "dword PointerToSymbolTable;" & _
            "dword NumberOfSymbols;" & _
            "word SizeOfOptionalHeader;" & _
            "word Characteristics", _
            $pPointer)
    ; I could check here if the module is relocatable
    ;    Local $fRelocatable
    ;    If BitAND(DllStructGetData($tIMAGE_FILE_HEADER, "Characteristics"), 1) Then $fRelocatable = False
    ; But I won't (will check data in IMAGE_DIRECTORY_ENTRY_BASERELOC instead)
    ; Get number of sections
    Local $iNumberOfSections = DllStructGetData($tIMAGE_FILE_HEADER, "NumberOfSections")
    ; Move pointer
    $pPointer += 20 ; size of $tIMAGE_FILE_HEADER structure
    ; In place of IMAGE_OPTIONAL_HEADER
    Local $tMagic = DllStructCreate("word Magic;", $pPointer)
    Local $iMagic = DllStructGetData($tMagic, 1)
    Local $tIMAGE_OPTIONAL_HEADER
    If $iMagic = 267 Then ; x86 version
        If $fAutoItX64 Then
            DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
            Return SetError(6, 0, 0) ; incompatible versions
        EndIf
        $tIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;" & _
                "byte MajorLinkerVersion;" & _
                "byte MinorLinkerVersion;" & _
                "dword SizeOfCode;" & _
                "dword SizeOfInitializedData;" & _
                "dword SizeOfUninitializedData;" & _
                "dword AddressOfEntryPoint;" & _
                "dword BaseOfCode;" & _
                "dword BaseOfData;" & _
                "dword ImageBase;" & _
                "dword SectionAlignment;" & _
                "dword FileAlignment;" & _
                "word MajorOperatingSystemVersion;" & _
                "word MinorOperatingSystemVersion;" & _
                "word MajorImageVersion;" & _
                "word MinorImageVersion;" & _
                "word MajorSubsystemVersion;" & _
                "word MinorSubsystemVersion;" & _
                "dword Win32VersionValue;" & _
                "dword SizeOfImage;" & _
                "dword SizeOfHeaders;" & _
                "dword CheckSum;" & _
                "word Subsystem;" & _
                "word DllCharacteristics;" & _
                "dword SizeOfStackReserve;" & _
                "dword SizeOfStackCommit;" & _
                "dword SizeOfHeapReserve;" & _
                "dword SizeOfHeapCommit;" & _
                "dword LoaderFlags;" & _
                "dword NumberOfRvaAndSizes", _
                $pPointer)
        ; Move pointer
        $pPointer += 96 ; size of $tIMAGE_OPTIONAL_HEADER
    ElseIf $iMagic = 523 Then ; x64 version
        If Not $fAutoItX64 Then
            DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
            Return SetError(6, 0, 0) ; incompatible versions
        EndIf
        $tIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;" & _
                "byte MajorLinkerVersion;" & _
                "byte MinorLinkerVersion;" & _
                "dword SizeOfCode;" & _
                "dword SizeOfInitializedData;" & _
                "dword SizeOfUninitializedData;" & _
                "dword AddressOfEntryPoint;" & _
                "dword BaseOfCode;" & _
                "uint64 ImageBase;" & _
                "dword SectionAlignment;" & _
                "dword FileAlignment;" & _
                "word MajorOperatingSystemVersion;" & _
                "word MinorOperatingSystemVersion;" & _
                "word MajorImageVersion;" & _
                "word MinorImageVersion;" & _
                "word MajorSubsystemVersion;" & _
                "word MinorSubsystemVersion;" & _
                "dword Win32VersionValue;" & _
                "dword SizeOfImage;" & _
                "dword SizeOfHeaders;" & _
                "dword CheckSum;" & _
                "word Subsystem;" & _
                "word DllCharacteristics;" & _
                "uint64 SizeOfStackReserve;" & _
                "uint64 SizeOfStackCommit;" & _
                "uint64 SizeOfHeapReserve;" & _
                "uint64 SizeOfHeapCommit;" & _
                "dword LoaderFlags;" & _
                "dword NumberOfRvaAndSizes", _
                $pPointer)
        ; Move pointer
        $pPointer += 112 ; size of $tIMAGE_OPTIONAL_HEADER
    Else
        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
        Return SetError(6, 0, 0) ; incompatible versions
    EndIf
    ; Extract entry point address
    Local $iEntryPointNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") ; if loaded binary image would start executing at this address
    ; And other interesting informations
    Local $iOptionalHeaderSizeOfHeadersNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "SizeOfHeaders")
    Local $pOptionalHeaderImageBaseNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "ImageBase") ; address of the first byte of the image when it's loaded in memory
    Local $iOptionalHeaderSizeOfImageNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "SizeOfImage") ; the size of the image including all headers
    ; Move pointer
    $pPointer += 8 ; skipping IMAGE_DIRECTORY_ENTRY_EXPORT
    $pPointer += 8 ; size of $tIMAGE_DIRECTORY_ENTRY_IMPORT
    $pPointer += 24 ; skipping IMAGE_DIRECTORY_ENTRY_RESOURCE, IMAGE_DIRECTORY_ENTRY_EXCEPTION, IMAGE_DIRECTORY_ENTRY_SECURITY
    ; Base Relocation Directory
    Local $tIMAGE_DIRECTORY_ENTRY_BASERELOC = DllStructCreate("dword VirtualAddress; dword Size", $pPointer)
    ; Collect data
    Local $pAddressNewBaseReloc = DllStructGetData($tIMAGE_DIRECTORY_ENTRY_BASERELOC, "VirtualAddress")
    Local $iSizeBaseReloc = DllStructGetData($tIMAGE_DIRECTORY_ENTRY_BASERELOC, "Size")
    Local $fRelocatable
    If $pAddressNewBaseReloc And $iSizeBaseReloc Then $fRelocatable = True
    If Not $fRelocatable Then ConsoleWrite("!!!NOT RELOCATABLE MODULE. I WILL TRY BUT THIS MAY NOT WORK!!!" & @CRLF) ; nothing can be done here
    ; Move pointer
    $pPointer += 88 ; size of the structures before IMAGE_SECTION_HEADER (16 of them).

    #Region 6. ALLOCATE 'NEW' MEMORY SPACE
    Local $fRelocate
    Local $pZeroPoint
    If $fRelocatable Then ; If the module can be relocated then allocate memory anywhere possible
        $pZeroPoint = _RunBinary_AllocateExeSpace($hProcess, $iOptionalHeaderSizeOfImageNEW)
        ; In case of failure try at original address
        If @error Then
            $pZeroPoint = _RunBinary_AllocateExeSpaceAtAddress($hProcess, $pOptionalHeaderImageBaseNEW, $iOptionalHeaderSizeOfImageNEW)
            If @error Then
                _RunBinary_UnmapViewOfSection($hProcess, $pOptionalHeaderImageBaseNEW)
                ; Try now
                $pZeroPoint = _RunBinary_AllocateExeSpaceAtAddress($hProcess, $pOptionalHeaderImageBaseNEW, $iOptionalHeaderSizeOfImageNEW)
                If @error Then
                    ; Return special error number:
                    DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
                    Return SetError(101, 1, 0)
                EndIf
            EndIf
        EndIf
        $fRelocate = True
    Else ; And if not try where it should be
        $pZeroPoint = _RunBinary_AllocateExeSpaceAtAddress($hProcess, $pOptionalHeaderImageBaseNEW, $iOptionalHeaderSizeOfImageNEW)
        If @error Then
            _RunBinary_UnmapViewOfSection($hProcess, $pOptionalHeaderImageBaseNEW)
            ; Try now
            $pZeroPoint = _RunBinary_AllocateExeSpaceAtAddress($hProcess, $pOptionalHeaderImageBaseNEW, $iOptionalHeaderSizeOfImageNEW)
            If @error Then
                ; Return special error number:
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
                Return SetError(101, 0, 0)
            EndIf
        EndIf
    EndIf
    ; If there is new ImageBase value, save it
    DllStructSetData($tIMAGE_OPTIONAL_HEADER, "ImageBase", $pZeroPoint)

    #Region 7. CONSTRUCT THE NEW MODULE
    ; Allocate enough space (in our space) for the new module
    Local $tModule = DllStructCreate("byte[" & $iOptionalHeaderSizeOfImageNEW & "]")
    ; Get pointer
    Local $pModule = DllStructGetPtr($tModule)
    ; Headers
    Local $tHeaders = DllStructCreate("byte[" & $iOptionalHeaderSizeOfHeadersNEW & "]", $pHEADERS_NEW)
    ; Write headers to $tModule
    DllStructSetData($tModule, 1, DllStructGetData($tHeaders, 1))
    ; Write sections now. $pPointer is currently in place of sections
    Local $tIMAGE_SECTION_HEADER
    Local $iSizeOfRawData, $pPointerToRawData
    Local $iVirtualAddress, $iVirtualSize
    Local $tRelocRaw
    ; Loop through sections
    For $i = 1 To $iNumberOfSections
        $tIMAGE_SECTION_HEADER = DllStructCreate("char Name[8];" & _
                "dword UnionOfVirtualSizeAndPhysicalAddress;" & _
                "dword VirtualAddress;" & _
                "dword SizeOfRawData;" & _
                "dword PointerToRawData;" & _
                "dword PointerToRelocations;" & _
                "dword PointerToLinenumbers;" & _
                "word NumberOfRelocations;" & _
                "word NumberOfLinenumbers;" & _
                "dword Characteristics", _
                $pPointer)
        ; Collect data
        $iSizeOfRawData = DllStructGetData($tIMAGE_SECTION_HEADER, "SizeOfRawData")
        $pPointerToRawData = $pHEADERS_NEW + DllStructGetData($tIMAGE_SECTION_HEADER, "PointerToRawData")
        $iVirtualAddress = DllStructGetData($tIMAGE_SECTION_HEADER, "VirtualAddress")
        $iVirtualSize = DllStructGetData($tIMAGE_SECTION_HEADER, "UnionOfVirtualSizeAndPhysicalAddress")
        If $iVirtualSize And $iVirtualSize < $iSizeOfRawData Then $iSizeOfRawData = $iVirtualSize
        ; If there is data to write, write it
        If $iSizeOfRawData Then
            DllStructSetData(DllStructCreate("byte[" & $iSizeOfRawData & "]", $pModule + $iVirtualAddress), 1, DllStructGetData(DllStructCreate("byte[" & $iSizeOfRawData & "]", $pPointerToRawData), 1))
        EndIf
        ; Relocations
        If $fRelocate Then
            If $iVirtualAddress <= $pAddressNewBaseReloc And $iVirtualAddress + $iSizeOfRawData > $pAddressNewBaseReloc Then
                $tRelocRaw = DllStructCreate("byte[" & $iSizeBaseReloc & "]", $pPointerToRawData + ($pAddressNewBaseReloc - $iVirtualAddress))
            EndIf
        EndIf
        ; Move pointer
        $pPointer += 40 ; size of $tIMAGE_SECTION_HEADER structure
    Next
    ; Fix relocations
    If $fRelocate Then _RunBinary_FixReloc($pModule, $tRelocRaw, $pZeroPoint, $pOptionalHeaderImageBaseNEW, $iMagic = 523)
    ; Write newly constructed module to allocated space inside the $hProcess
    $aCall = DllCall("kernel32.dll", "bool", _RunBinary_LeanAndMean(), _
            "handle", $hProcess, _
            "ptr", $pZeroPoint, _
            "ptr", $pModule, _
            "dword_ptr", $iOptionalHeaderSizeOfImageNEW, _
            "dword_ptr*", 0)
    ; Check for errors or failure
    If @error Or Not $aCall[0] Then
        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
        Return SetError(7, 0, 0) ; failure while writting new module binary
    EndIf

    #Region 8. PEB ImageBaseAddress MANIPULATION
    ; PEB structure definition
    Local $tPEB = DllStructCreate("byte InheritedAddressSpace;" & _
            "byte ReadImageFileExecOptions;" & _
            "byte BeingDebugged;" & _
            "byte Spare;" & _
            "ptr Mutant;" & _
            "ptr ImageBaseAddress;" & _
            "ptr LoaderData;" & _
            "ptr ProcessParameters;" & _
            "ptr SubSystemData;" & _
            "ptr ProcessHeap;" & _
            "ptr FastPebLock;" & _
            "ptr FastPebLockRoutine;" & _
            "ptr FastPebUnlockRoutine;" & _
            "dword EnvironmentUpdateCount;" & _
            "ptr KernelCallbackTable;" & _
            "ptr EventLogSection;" & _
            "ptr EventLog;" & _
            "ptr FreeList;" & _
            "dword TlsExpansionCounter;" & _
            "ptr TlsBitmap;" & _
            "dword TlsBitmapBits[2];" & _
            "ptr ReadOnlySharedMemoryBase;" & _
            "ptr ReadOnlySharedMemoryHeap;" & _
            "ptr ReadOnlyStaticServerData;" & _
            "ptr AnsiCodePageData;" & _
            "ptr OemCodePageData;" & _
            "ptr UnicodeCaseTableData;" & _
            "dword NumberOfProcessors;" & _
            "dword NtGlobalFlag;" & _
            "byte Spare2[4];" & _
            "int64 CriticalSectionTimeout;" & _
            "dword HeapSegmentReserve;" & _
            "dword HeapSegmentCommit;" & _
            "dword HeapDeCommitTotalFreeThreshold;" & _
            "dword HeapDeCommitFreeBlockThreshold;" & _
            "dword NumberOfHeaps;" & _
            "dword MaximumNumberOfHeaps;" & _
            "ptr ProcessHeaps;" & _
            "ptr GdiSharedHandleTable;" & _
            "ptr ProcessStarterHelper;" & _
            "ptr GdiDCAttributeList;" & _
            "ptr LoaderLock;" & _
            "dword OSMajorVersion;" & _
            "dword OSMinorVersion;" & _
            "dword OSBuildNumber;" & _
            "dword OSPlatformId;" & _
            "dword ImageSubSystem;" & _
            "dword ImageSubSystemMajorVersion;" & _
            "dword ImageSubSystemMinorVersion;" & _
            "dword GdiHandleBuffer[34];" & _
            "dword PostProcessInitRoutine;" & _
            "dword TlsExpansionBitmap;" & _
            "byte TlsExpansionBitmapBits[128];" & _
            "dword SessionId")
    ; Fill the structure
    $aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _
            "ptr", $hProcess, _
            "ptr", $pPEB, _ ; pointer to PEB structure
            "ptr", DllStructGetPtr($tPEB), _
            "dword_ptr", DllStructGetSize($tPEB), _
            "dword_ptr*", 0)
    ; Check for errors or failure
    If @error Or Not $aCall[0] Then
        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
        Return SetError(8, 0, 0) ; ReadProcessMemory function or call to it failed while filling PEB structure
    EndIf
    ; Change base address within PEB
    DllStructSetData($tPEB, "ImageBaseAddress", $pZeroPoint)
    ; Write the changes
    $aCall = DllCall("kernel32.dll", "bool", _RunBinary_LeanAndMean(), _
            "handle", $hProcess, _
            "ptr", $pPEB, _
            "ptr", DllStructGetPtr($tPEB), _
            "dword_ptr", DllStructGetSize($tPEB), _
            "dword_ptr*", 0)
    ; Check for errors or failure
    If @error Or Not $aCall[0] Then
        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
        Return SetError(9, 0, 0) ; failure while changing base address
    EndIf

    #Region 9. NEW ENTRY POINT
    ; Entry point manipulation
    Switch $iRunFlag
        Case 1
            DllStructSetData($tCONTEXT, "Eax", $pZeroPoint + $iEntryPointNEW)
        Case 2
            DllStructSetData($tCONTEXT, "Rcx", $pZeroPoint + $iEntryPointNEW)
        Case 3
            ; FIXME - Itanium architecture
    EndSwitch

    #Region 10. SET NEW CONTEXT
    ; New context:
    $aCall = DllCall("kernel32.dll", "bool", "SetThreadContext", _
            "handle", $hThread, _
            "ptr", DllStructGetPtr($tCONTEXT))

    If @error Or Not $aCall[0] Then
        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
        Return SetError(10, 0, 0) ; SetThreadContext function or call to it failed
    EndIf

    #Region 11. RESUME THREAD
    ; And that's it!. Continue execution:
    $aCall = DllCall("kernel32.dll", "dword", "ResumeThread", "handle", $hThread)
    ; Check for errors or failure
    If @error Or $aCall[0] = -1 Then
        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
        Return SetError(11, 0, 0) ; ResumeThread function or call to it failed
    EndIf

    #Region 12. CLOSE OPEN HANDLES AND RETURN PID
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess)
    DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hThread)
    ; All went well. Return new PID:
    Return DllStructGetData($tPROCESS_INFORMATION, "ProcessId")

EndFunc

Func _RunBinary_LeanAndMean()
    Local $aArr[18] = ["W", "r", "i", "t", "e", "P", "r", "o", "c", "e", "s", "s", "M", "e", "m", "o", "r", "y"], $sOut
    For $sChar In $aArr
        $sOut &= $sChar
    Next
    Return $sOut
EndFunc

Func _RunBinary_FixReloc($pModule, $tData, $pAddressNew, $pAddressOld, $fImageX64)
    Local $iDelta = $pAddressNew - $pAddressOld ; dislocation value
    Local $iSize = DllStructGetSize($tData) ; size of data
    Local $pData = DllStructGetPtr($tData) ; addres of the data structure
    Local $tIMAGE_BASE_RELOCATION, $iRelativeMove
    Local $iVirtualAddress, $iSizeofBlock, $iNumberOfEntries
    Local $tEnries, $iData, $tAddress
    Local $iFlag = 3 + 7 * $fImageX64 ; IMAGE_REL_BASED_HIGHLOW = 3 or IMAGE_REL_BASED_DIR64 = 10
    While $iRelativeMove < $iSize ; for all data available
        $tIMAGE_BASE_RELOCATION = DllStructCreate("dword VirtualAddress; dword SizeOfBlock", $pData + $iRelativeMove)
        $iVirtualAddress = DllStructGetData($tIMAGE_BASE_RELOCATION, "VirtualAddress")
        $iSizeofBlock = DllStructGetData($tIMAGE_BASE_RELOCATION, "SizeOfBlock")
        $iNumberOfEntries = ($iSizeofBlock - 8) / 2
        $tEnries = DllStructCreate("word[" & $iNumberOfEntries & "]", DllStructGetPtr($tIMAGE_BASE_RELOCATION) + 8)
        ; Go through all entries
        For $i = 1 To $iNumberOfEntries
            $iData = DllStructGetData($tEnries, 1, $i)
            If BitShift($iData, 12) = $iFlag Then ; check type
                $tAddress = DllStructCreate("ptr", $pModule + $iVirtualAddress + BitAND($iData, 0xFFF)) ; the rest of $iData is offset
                DllStructSetData($tAddress, 1, DllStructGetData($tAddress, 1) + $iDelta) ; this is what's this all about
            EndIf
        Next
        $iRelativeMove += $iSizeofBlock
    WEnd
    Return 1 ; all OK!
EndFunc

Func _RunBinary_AllocateExeSpaceAtAddress($hProcess, $pAddress, $iSize)
    ; Allocate
    Local $aCall = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", _
            "handle", $hProcess, _
            "ptr", $pAddress, _
            "dword_ptr", $iSize, _
            "dword", 0x1000, _ ; MEM_COMMIT
            "dword", 64) ; PAGE_EXECUTE_READWRITE
    ; Check for errors or failure
    If @error Or Not $aCall[0] Then
        ; Try differently
        $aCall = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", _
                "handle", $hProcess, _
                "ptr", $pAddress, _
                "dword_ptr", $iSize, _
                "dword", 0x3000, _ ; MEM_COMMIT|MEM_RESERVE
                "dword", 64) ; PAGE_EXECUTE_READWRITE
        ; Check for errors or failure
        If @error Or Not $aCall[0] Then Return SetError(1, 0, 0) ; Unable to allocate
    EndIf
    Return $aCall[0]
EndFunc

Func _RunBinary_AllocateExeSpace($hProcess, $iSize)
    ; Allocate space
    Local $aCall = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", _
            "handle", $hProcess, _
            "ptr", 0, _
            "dword_ptr", $iSize, _
            "dword", 0x3000, _ ; MEM_COMMIT|MEM_RESERVE
            "dword", 64) ; PAGE_EXECUTE_READWRITE
    ; Check for errors or failure
    If @error Or Not $aCall[0] Then Return SetError(1, 0, 0) ; Unable to allocate
    Return $aCall[0]
EndFunc

Func _RunBinary_UnmapViewOfSection($hProcess, $pAddress)
    DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", _
            "ptr", $hProcess, _
            "ptr", $pAddress)
    ; Check for errors only
    If @error Then Return SetError(1, 0, 0) ; Failure
    Return 1
EndFunc

Func _RunBinary_IsWow64Process($hProcess)
    Local $aCall = DllCall("kernel32.dll", "bool", "IsWow64Process", _
            "handle", $hProcess, _
            "bool*", 0)
    ; Check for errors or failure
    If @error Or Not $aCall[0] Then Return SetError(1, 0, 0) ; Failure
    Return $aCall[2]
EndFunc

 

Edited by colegero
Posted

What error are you getting?

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Posted

What is on page 9??  That is an amazing break of IPB, i want to see the code. :blink:

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

  • 8 months later...
  • 3 months later...
Posted

when i try execute x64 file said always MS-DOS header is wrong or missing

I compiled x86 and execute x86 msgbox Worked!

I compiled x64 and execute x64 msgbox No worked! (MS-DOS header is wrong or missing)

  • 3 months later...
  • Developers
Posted
5 minutes ago, Renderer said:

Does this also work for any other type of file (txt, png, etc.)? If yes, then what should be different in this code? 

 

How does running a binary apply to these file extensions?

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Posted
22 hours ago, Jos said:

How does running a binary apply to these file extensions?

Jos

I just wanted to know how could I run the data from inside of a file without having it saved on the disk. Something like File Open -> Retain Data -> File Delete -> Display the Retained Data

Posted

use fileopen with the proper flag --> instead of 'retain data' use fileread --> FileDelete --> msgbox  ??

 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...