Jump to content

Recommended Posts

Posted

Hello trancexx,

Why the AU3 exe are not supported by your function ?

Its working well with other programs like notepad.

Its Give me error "Unable to open the script file."

Mostly this error occurs when any virus infect AU3 exe or any AV try to clean that file.

In case of infection normally virus change the AOEP & use realocations; which will become a corrupted exe file.

In your UDF i am not seeing any thing like that which makes any changes in exe data, its virtually execute the Binary data, why its giving this error ? >_<

I got my Answer http://www.autoitscript.com/forum/index.php?showtopic=100609

Okey dokey. :(

♡♡♡

.

eMyvnE

Posted

i have been messing around with this for a couple of days and i love it :D i can run lots of exe's for mem but i have one question why can't i run autoit compiled scripts is it because of the memory allocation

thanks

Posted

i have been messing around with this for a couple of days and i love it :D i can run lots of exe's for mem but i have one question why can't i run autoit compiled scripts is it because of the memory allocation

thanks

Digisoul asked the same. Look up.

♡♡♡

.

eMyvnE

  • 5 months later...
Posted

Global $bBinary = "0x4D5A6C000100000002000000FFFF000000000000110000004000000000000000" & _

"57696E33322050726F6772616D210D0A24B409BA0001CD21B44CCD2160000000" & _

Global $iNewPID = _RunExeFromMemory($bBinary)

If @error Then

MsgBox(48, 'Error occurred', "Error number: " & @error)

Else

ConsoleWrite($iNewPID & @CRLF)

EndIf

; Ermmm.

; this code......

Global $iNewPID = _RunExeFromMemory($bBinary & " " & $option1 & " " & $option2 & ....)

;ex) Run(@ScriptDir & "\dos.exe","",@SW_HIDE)

Global $iNewPID = _RunExeFromMemory($bBinary & " " & $option1 & " " & $option2 ,@SW_HIDE)

;@SW_HIDE use how too? :mellow:

  • 1 month later...
  • 2 weeks later...
Posted (edited)

I wrote a new loader function.

New loader takes advantages of the things that were often creating blocking effect for the old one. That means majority of the modules can be embed now.

Also, 'victim' module from which the new process is made can be any, including AutoIt.

Attached (first post) script is checking for all kinds of errors and reports them back to you, so you will now precisely when and if something fails.

edit: ah, I forgot. If you are on win 7 and try to run, for example, calc.exe don't ask why it's not working. It's working just fine, believe me.

Edited by trancexx

♡♡♡

.

eMyvnE

Posted

Great work trancexx, but your latest example (RunBinary.au3) fails on my machine. Windows XP Pro SP3. I've tried different exes that have worked in previous examples. Any thoughts?

Posted (edited)

Great work trancexx, but your latest example (RunBinary.au3) fails on my machine. Windows XP Pro SP3. I've tried different exes that have worked in previous examples. Any thoughts?

There was a $fForceReloc parameter for the function that was used for the reversed logic but I attached script without it.

...will see what I've done after you say what's the error.

Edited by trancexx

♡♡♡

.

eMyvnE

Posted
Posted

New process couldn't be created!

Check if the path is correct. <- which it should be since the example had me choose the file.

I'll kill you if you say your AutoIt is not 3.3.6.0.

Nevertheless, there is a glitch, but that wouldn't be the error you'll get.

♡♡♡

.

eMyvnE

Posted

Notepad worked on Windows XP SP3. :(

When non-relocatable modules are embed you have to be prepared for possible failure. In that case just victimize some other module that is loaded at another base address.

By default, the victim is AutoIt. Choose another one (calc.exe loads at different address on my XP for example).

Anyway, I added 64bit option. You can embed both 64bit and 32bit modules now.

Believe or not, you would probably be one of the first people in the world to run 64bit modules from the memory.

World premiere.

Itanium is out of my reach (physically). If you have that architecture and want to try embedding there, let me know and I will write a test script. Out of the results of the test I'm almost certain I could make it work there too.

♡♡♡

.

eMyvnE

Posted

Anyway, I added 64bit option. You can embed both 64bit and 32bit modules now.

Believe or not, you would probably be one of the first people in the world to run 64bit modules from the memory.

World premiere.

Astonishing. You getting 64 bit was the best thing that could happen.

You should write a code project article about your findings.

Broken link? PM me and I'll send you the file!

Posted

Astonishing. You getting 64 bit was the best thing that could happen.

You should write a code project article about your findings.

Yes maybe.

But I don't like my badly written English. Writing articles in native language is one thing and in foreign is another. I don't feel comfortable enough in English.

♡♡♡

.

eMyvnE

Posted

I'm sure you can find plenty of native english speaking people on this forum willing to edit your article with you. I wouldn't let language be a barrier. I'll volunteer if that helps.

  • 10 months later...
Posted (edited)

Why would any one rate this any lower than 5 stars?

Any way, this is absolutely incredible!

In example, I have an aspire d250 with just about 1GB left in storage and this script allows me to save a whole lot of disk space at only 304kb!

All I have to do is change my programs file extension from .exe to .png and upload it to an image hosting server and have this script read it from there and execute it after deleting the temp file created when "Inetread" is used! This saves me at least 200mb of storage already.

Now all I have to do is compile an executable for every 10-20mb application I have such as "process explorer" and related app's and I'm set!

Edited by System238
Posted

Why would any one rate this any lower than 5 stars?

Any way, this is absolutely incredible!

In example, I have an aspire d250 with just about 1GB left in storage and this script allows me to save a whole lot of disk space at only 304kb!

All I have to do is change my programs file extension from .exe to .png and upload it to an image hosting server and have this script read it from there and execute it after deleting the temp file created when "Inetread" is used! This saves me at least 200mb of storage already.

Now all I have to do is compile an executable for every 10-20mb application I have such as "process explorer" and related app's and I'm set!

There are few stalkers around that don't like me calling them idiots.

I'm glad you like the script.

Btw, you think you could dance to this? I'm just doing it :)

♡♡♡

.

eMyvnE

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...