Ascend4nt Posted February 11, 2011 Posted February 11, 2011 Btw, you think you could dance to this? I'm just doing it rofl. Reminds me of the Elaine dance My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code)
trancexx Posted February 11, 2011 Author Posted February 11, 2011 Ah, yes! Maybe that's why I like it, I was in love with her. ♡♡♡ . eMyvnE
Skitty Posted February 11, 2011 Posted February 11, 2011 (edited) There are few stalkers around that don't like me calling them idiots.I'm glad you like the script. Btw, you think you could dance to this? I'm just doing it lol, no. I'm not the dancer type.I have bad taste in music.I,e- one of my song'sBut yeah, I love this script, It must have been extremely painful to find all those dll functions etc.But as I discovered, its pretty buggy to retrieve the binary data over the internet, but still, this allows you to include several programs in binary format into a script and decide which one you'd like to run!So it's still pure awesome!!!Thank you Trancexx! Edited February 11, 2011 by System238
willichan Posted March 16, 2011 Posted March 16, 2011 This works amazingly well. I have started retooling many of my utilities to not install programs as temporary files. Combined with my inline binary file generator, this is about as easy as it gets. Thank you. My UDFs: Barcode Libraries, Automate creation of any type of project folder, File Locking with Cooperative Semaphores, Inline binary files, Continue script after reboot, WinWaitMulti, Name Aggregator, Enigma, CornedBeef Hash
dzlee Posted March 20, 2011 Posted March 20, 2011 thanks trancexx you make "Run bin" subject mor able to stand .
JScript Posted April 7, 2011 Posted April 7, 2011 @ trancexx Hello, again I need your valuable support! I've been trying redirect the output of a DOS program (hStdOutput), I've get to make the window to be hidden but still could not read data from the program's return. Here's the part I added to hide the window and redirect the output:DllStructSetData($tSTARTUPINFO, "Flags", BitOR(0x00000001, 0x00000100)) DllStructSetData($tSTARTUPINFO, "ShowWindow", 0) DllStructSetData($tSTARTUPINFO, "hStdOutput", $hMailSlot) I've searched on the web a way to redirect the output, but could not get much that could ever help me. You know how to redirect "ptr hStdOutput? http://forum.autoitbrasil.com/ (AutoIt v3 Brazil!!!) Somewhere Out ThereJames Ingram Download Dropbox - Simplify your life!Your virtual HD wherever you go, anywhere!
Gigglestick Posted May 5, 2011 Posted May 5, 2011 (edited) Very nice work, and I like the combination with InlineMe.It occurred to me that it might be possible to use an include file with an external compiled script to compile your script as 64-bit, then embed that into the script and recompile as 32-bit. Then check which platform the script is running on and run the 64-bit version from memory. Theoretically, all you would have to do is set a Run_Before directive in your script and all the magic would happen automatically.@trancexx mentioned it'd be necessary to change the structures when embedding a 64-bit program inside a 32-bit one, so that'd have to be done for this.Here's an early draft. In your script:#Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Run_Before=Compile64bit.exe /before "%in%" #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****Compile64bit.exe /before "%in%":Modify your script:...Disable #AutoIt3Wrapper_Run_Before=Compile64bit.exe /before "%in%"...Add #AutoIt3Wrapper_UseX64=yCompile your script as X64Modify your script:...Add #AutoIt3Wrapper_Run_After=Compile64bit.exe /after "%in%"...Remove #AutoIt3Wrapper_UseX64=y...Use InlineMe functions to convert the compiled script into a variable...Add the region belowExit and let your script compile normallyCompile64bit.exe /after "%in%":Modify your script:...Enable #AutoIt3Wrapper_Run_Before=Compile64bit.exe /before "%in%"...Remove #AutoIt3Wrapper_Run_After=Compile64bit.exe /after "%in%"Region added by Compile64bit.exe /before "%in%":#region ;**** Compile64bit **** #include <RunBinary.au3> $__sCompile64bitData = "" ; Compile64bit.exe uses InlineMe functions to generate the binary data If @AutoItX64 Then Exit _RunWaitBinary($__sCompile64bitData, $CmdLineRaw) ; Version of RunBinary that waits for the embedded program to finish, then issues the exit code generated by it EndIf #endregion ;**** Compile64bit ****Edit: Changed it from trying to do it all with an include file to just adding #AutoIt3Wrapper_Run_Before to your script and having Compile64bit.exe do all the work. Edited May 5, 2011 by c0deWorm My UDFs: ExitCodes
yoyolin8722 Posted June 27, 2011 Posted June 27, 2011 help me? on windows 7 x64 ,i do a lot test,the module is x64 bit,autoit is x64,and victim is also x64 bit,but i cann't run the script successful , i guess i didn't found the proper victim ,could anyone tell me a proper victim on windows x64?
ChristophX086 Posted July 18, 2011 Posted July 18, 2011 Very good work, trancexx. Could this also work with non-Pe-Format programs, like .com files coded in Assembly?
trancexx Posted July 18, 2011 Author Posted July 18, 2011 (edited) Very good work, trancexx.Could this also work with non-Pe-Format programs, like .com files coded in Assembly?Thanks.Your question is funny. Here's mine... I bet you are rather nice looking 50 years old guy. Married, two kids. Daughters. I'd say older one is 15-16. Bought a new computer. Installed win7 x64 on it. Right?I'm kidding. Edited July 18, 2011 by trancexx ♡♡♡ . eMyvnE
twitchyliquid64 Posted July 19, 2011 Posted July 19, 2011 This script is very dangerous. Already I imagine script kiddies are making crypters with it. ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search
twitchyliquid64 Posted July 19, 2011 Posted July 19, 2011 Very good work, trancexx.Could this also work with non-Pe-Format programs, like .com files coded in Assembly?Dont COM Files have predetermined ORG/Start Address, and offsets for everything, so it will only work if its loaded at the correct memory address? ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search
trancexx Posted July 19, 2011 Author Posted July 19, 2011 This script is very dangerous. Already I imagine script kiddies are making crypters with it.Yes it is.You think it should be removed? user4157124 1 ♡♡♡ . eMyvnE
ChristophX086 Posted July 19, 2011 Posted July 19, 2011 (edited) Thanks hyperzap for your good answer.I bet you are rather nice looking 50 years old guy. Married, two kids. Daughters. I'd say older one is 15-16. Bought a new computer. Installed win7 x64 on it. Right?@trancexx No, not really. Edited July 19, 2011 by ChristophX64
twitchyliquid64 Posted July 20, 2011 Posted July 20, 2011 (edited) Yes it is.You think it should be removed?Too late anyway. Fennek (handle, not username) has already make two priv8 crypters. Fortunately they are both shit.You cant stop these kids anyway. Fortunately they are all moving to VB.NET and all we are left with is the game automators (oh, and fennek).And most AV's now have proper detection schemes for Autoit (based on processing the tokens). This _could_ become detected though...If the AV's take a signature of this rather than the stub of the crypter.EDIT: Apparently my concerns are invalid.Dispite the obvious risks, no, It holds merit and I do not think it should be removed. Edited July 20, 2011 by hyperzap ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search
trancexx Posted July 20, 2011 Author Posted July 20, 2011 Too late anyway. Fennek (handle, not username) has already make two priv8 crypters. Fortunately they are both shit.You cant stop these kids anyway. Fortunately they are all moving to VB.NET and all we are left with is the game automators (oh, and fennek).And most AV's now have proper detection schemes for Autoit (based on processing the tokens). This _could_ become detected though...If the AV's take a signature of this rather than the stub of the crypter.I don't care if it's too late or too early. I don't care what someone do/does/did with the code. I don't care about AVs and their heuristic. I don't care about hax0rz nor about stopping anyone doing anything.The posted code is for educational purposes. It can teach a lot about inner workings of windows NT systems, particularly about loading PE files (executables). It can also teach AutoIt. If you want to talk about technical details, semantics and other similar things, I'm all for it. If you, or anyone, wants to preach (ethics and moral) then please just don't. I find that to be extremely boring here. ♡♡♡ . eMyvnE
marko001 Posted August 11, 2011 Posted August 11, 2011 Hi Trancexx, is it possible to add parameters at the running file? I tried launching a Command Line program that converts .bmp to .gif Usage is: bmp2gif.exe [/options] [input] [/format] [output] $iNewPID = _RunBinary($bBinary,"/convert " & @ScriptDir & "\image10.bmp" & " /gif " & @ScriptDir & "\image10.gif") Console results are: Try No1 !!!NOT RELOCATABLE MODULE. I WILL TRY BUT THIS MAY NOT WORK!!! New process sucessfully created. PID is: 6224 +>17:06:58 AutoIT3.exe ended.rc:0 >Exit code: 0 Time: 1.260 I didn't get any error excpet the fac that it didn't create the output file.. Thanks, Marco
trancexx Posted August 11, 2011 Author Posted August 11, 2011 (edited) Add space character in front of the command line. Edited August 11, 2011 by trancexx ♡♡♡ . eMyvnE
marko001 Posted August 12, 2011 Posted August 12, 2011 (edited) Yeah, now it works smoothly. I need two more hints from you, if possible: a ) Shall I use #AutoIt3Wrapper_Res_File_Add to add the .exe to the compiled script or other ways? b ) Is it possible to avoid the "flashing" command shell during the process execution? I used to run the program with RunWait($Converter_name & " /convert " & @ScriptDir & "\image10.bmp" & " /gif " & @ScriptDir & "\image10.gif,@ScriptDir,@SW_HIDE) and it runs completely hidden, I saw using _runbinary() the CLI flashes during execution. Thanks, M. Edited August 12, 2011 by marko001
trancexx Posted August 12, 2011 Author Posted August 12, 2011 Yeah, now it works smoothly. I need two more hints from you, if possible: a ) Shall I use #AutoIt3Wrapper_Res_File_Add to add the .exe to the compiled script or other ways? b ) Is it possible to avoid the "flashing" command shell during the process execution? I used to run the program with RunWait($Converter_name & " /convert " & @ScriptDir & "\image10.bmp" & " /gif " & @ScriptDir & "\image10.gif,@ScriptDir,@SW_HIDE) and it runs completely hidden, I saw using _runbinary() the CLI flashes during execution. Thanks, M. Of course you can hide the window. You just have to set proper fields of $tSTARTUPINFO. ;... Local $tSTARTUPINFO = DllStructCreate("dword cbSize;" & _ "ptr Reserved;" & _ "ptr Desktop;" & _ "ptr Title;" & _ "dword X;" & _ "dword Y;" & _ "dword XSize;" & _ "dword YSize;" & _ "dword XCountChars;" & _ "dword YCountChars;" & _ "dword FillAttribute;" & _ "dword Flags;" & _ "word ShowWindow;" & _ "word Reserved2;" & _ "ptr Reserved2;" & _ "ptr hStdInput;" & _ "ptr hStdOutput;" & _ "ptr hStdError") DllStructSetData($tSTARTUPINFO, "Flags", 1) ; STARTF_USESHOWWINDOW DllStructSetData($tSTARTUPINFO, "ShowWindow", @SW_HIDE) ;... ♡♡♡ . eMyvnE
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now