Run binary

[trancexx]

Hello trancexx,

Why the AU3 exe are not supported by your function ?

Its working well with other programs like notepad.

Its Give me error "Unable to open the script file."

Mostly this error occurs when any virus infect AU3 exe or any AV try to clean that file.

In case of infection normally virus change the AOEP & use realocations; which will become a corrupted exe file.

In your UDF i am not seeing any thing like that which makes any changes in exe data, its virtually execute the Binary data, why its giving this error ? >_<

I got my Answer http://www.autoitscript.com/forum/index.php?showtopic=100609

Okey dokey.

[7h331337]

i have been messing around with this for a couple of days and i love it i can run lots of exe's for mem but i have one question why can't i run autoit compiled scripts is it because of the memory allocation

thanks

[trancexx]

i have been messing around with this for a couple of days and i love it i can run lots of exe's for mem but i have one question why can't i run autoit compiled scripts is it because of the memory allocation

thanks

Digisoul asked the same. Look up.

[kwyking]

Global $bBinary = "0x4D5A6C000100000002000000FFFF000000000000110000004000000000000000" & _

"57696E33322050726F6772616D210D0A24B409BA0001CD21B44CCD2160000000" & _

Global $iNewPID = _RunExeFromMemory($bBinary)

If @error Then

MsgBox(48, 'Error occurred', "Error number: " & @error)

Else

ConsoleWrite($iNewPID & @CRLF)

EndIf

; Ermmm.

; this code......

Global $iNewPID = _RunExeFromMemory($bBinary & " " & $option1 & " " & $option2 & ....)

;ex) Run(@ScriptDir & "\dos.exe","",@SW_HIDE)

Global $iNewPID = _RunExeFromMemory($bBinary & " " & $option1 & " " & $option2 ,@SW_HIDE)

;@SW_HIDE use how too?

[trancexx]

Do something with that post. And I don't care if you don't know how.

It's a matter of courtesy.

[Splash]

Works on Windows XP SP3...

Someone know how to put this working on Windows Vista / 7 ???

Thanks in advance.

[trancexx]

I wrote a new loader function.

New loader takes advantages of the things that were often creating blocking effect for the old one. That means majority of the modules can be embed now.

Also, 'victim' module from which the new process is made can be any, including AutoIt.

Attached (first post) script is checking for all kinds of errors and reports them back to you, so you will now precisely when and if something fails.

edit: ah, I forgot. If you are on win 7 and try to run, for example, calc.exe don't ask why it's not working. It's working just fine, believe me.

Edited March 26, 2010 by trancexx

[spudw2k]

Great work trancexx, but your latest example (RunBinary.au3) fails on my machine. Windows XP Pro SP3. I've tried different exes that have worked in previous examples. Any thoughts?

[trancexx]

Great work trancexx, but your latest example (RunBinary.au3) fails on my machine. Windows XP Pro SP3. I've tried different exes that have worked in previous examples. Any thoughts?

There was a $fForceReloc parameter for the function that was used for the reversed logic but I attached script without it.

...will see what I've done after you say what's the error.

Edited March 26, 2010 by trancexx

[spudw2k]

...what's the error...

New process couldn't be created!

Check if the path is correct. <- which it should be since the example had me choose the file.

[trancexx]

New process couldn't be created!

Check if the path is correct. <- which it should be since the example had me choose the file.

I'll kill you if you say your AutoIt is not 3.3.6.0.

Nevertheless, there is a glitch, but that wouldn't be the error you'll get.

[spudw2k]

...I'll kill you if you say your AutoIt is not 3.3.6.0.

ew.

http://www.youtube.com/watch?v=ThN78n3y-rg

[Splash]

Notepad worked on Windows XP SP3.

[trancexx]

Notepad worked on Windows XP SP3.

When non-relocatable modules are embed you have to be prepared for possible failure. In that case just victimize some other module that is loaded at another base address.

By default, the victim is AutoIt. Choose another one (calc.exe loads at different address on my XP for example).

Anyway, I added 64bit option. You can embed both 64bit and 32bit modules now.

Believe or not, you would probably be one of the first people in the world to run 64bit modules from the memory.

World premiere.

Itanium is out of my reach (physically). If you have that architecture and want to try embedding there, let me know and I will write a test script. Out of the results of the test I'm almost certain I could make it work there too.

[monoceres]

Anyway, I added 64bit option. You can embed both 64bit and 32bit modules now.

Believe or not, you would probably be one of the first people in the world to run 64bit modules from the memory.

World premiere.

Astonishing. You getting 64 bit was the best thing that could happen.

You should write a code project article about your findings.

[trancexx]

Astonishing. You getting 64 bit was the best thing that could happen.

You should write a code project article about your findings.

Yes maybe.

But I don't like my badly written English. Writing articles in native language is one thing and in foreign is another. I don't feel comfortable enough in English.

[wraithdu]

I'm sure you can find plenty of native english speaking people on this forum willing to edit your article with you. I wouldn't let language be a barrier. I'll volunteer if that helps.

[trancexx]

I am aware of the obvious.

Thanks. I'll think about it.

[Skitty]

Why would any one rate this any lower than 5 stars?

Any way, this is absolutely incredible!

In example, I have an aspire d250 with just about 1GB left in storage and this script allows me to save a whole lot of disk space at only 304kb!

All I have to do is change my programs file extension from .exe to .png and upload it to an image hosting server and have this script read it from there and execute it after deleting the temp file created when "Inetread" is used! This saves me at least 200mb of storage already.

Now all I have to do is compile an executable for every 10-20mb application I have such as "process explorer" and related app's and I'm set!

Edited February 10, 2011 by System238

[trancexx]

Why would any one rate this any lower than 5 stars?

Any way, this is absolutely incredible!

In example, I have an aspire d250 with just about 1GB left in storage and this script allows me to save a whole lot of disk space at only 304kb!

All I have to do is change my programs file extension from .exe to .png and upload it to an image hosting server and have this script read it from there and execute it after deleting the temp file created when "Inetread" is used! This saves me at least 200mb of storage already.

Now all I have to do is compile an executable for every 10-20mb application I have such as "process explorer" and related app's and I'm set!

There are few stalkers around that don't like me calling them idiots.

I'm glad you like the script.

Btw, you think you could dance to this? I'm just doing it