Run binary

[marko001]

Hvala!

And what about embedding? It's correct to use res_file_add?

M.

[Edit] Solved - _RunBinary(_ImgConverterexe_Inline(),$string)

M.

Edited August 12, 2011 by marko001

[Magellan]

Hello Trancexx (and everyone),

Sorry to bother you :-s

I'm "fighting" with my "injection" script for a few days and I can't find a solution.

I read all the post of this thread with hope, but my script still fail...

My problem is about X86 and X64.

You say your script (on the first page) works on both.

1/XP - 32 bits.

I inject "write.exe" in memory with your excellent "RunBinary.exe" (compiled on the XP-32bits platform) and it works great.

2/W7 - 64 bits.

I take the 32bits' write.exe and the 32bits' RunBinary.exe and copy them on the W7-64bits platform. Try to run my injection script and nothing happens :-(

What is wrong ?

The final goal is to inject in memory a 32bits EXE with an injection program that works on both environnment.

Thanks for your help.

Mag.

Edited August 17, 2011 by Magellan

[trancexx]

Hello Trancexx (and everyone),

Sorry to bother you :-s

I'm "fighting" with my "injection" script for a few days and I can't find a solution.

I read all the post of this thread with hope, but my script still fail...

My problem is about X86 and X64.

You say your script (on the first page) works on both.

1/XP - 32 bits.

I inject "write.exe" in memory with your excellent "RunBinary.exe" (compiled on the XP-32bits platform) and it works great.

2/W7 - 64 bits.

I take the 32bits' write.exe and the 32bits' RunBinary.exe and copy them on the W7-64bits platform. Try to run my injection script and nothing happens :-(

What is wrong ?

The final goal is to inject in memory a 32bits EXE with an injection program that works on both environnment.

Thanks for your help.

Mag.

You are not providing enough information.

[Magellan]

You are not providing enough information.

I don't know what I did last night.

Actually, your script works very well !....

I was certainly tired ! lol !

Sorry to disturb you.

Thanks.

Mag.

[Skitty]

Local $aCall = DllCall("kernel32.dll", "bool", "CreateProcessW", _
"wstr", $sExeModule, _
"wstr", $sCommandLine, _
"ptr", 0, _
"ptr", 0, _
"int", 0, _
"dword", 4, _
"ptr", 0, _
"ptr", 0, _
"ptr", DllStructGetPtr($tSTARTUPINFO), _
"ptr", DllStructGetPtr($tPROCESS_INFORMATION))

Where in the _RunBinary() function can I set the process show/hide parameters?

It seems I can't set them in this dll call...

And also, I read comments about setting the working directory but I don't exactly know how to do it, should it be some kind of dll structure or something?

Edit: lol, I need to be more observant, a solution was presented

Edited September 4, 2011 by THAT1ANONYMOUSEDUDE

[NoD]

Hello,

Wonderfull script. It works like a charm.

To hide the runnig binary, I add

DllStructSetData($tSTARTUPINFO,'Flags',0x1)
DllStructSetData($tSTARTUPINFO,'ShowWindow',@SW_HIDE)

after $tSTARTUPINFO struct creation

Thanks!

[ricky]

Hello,

Thanks for your source...

I tried the source code posted in #1 on windows XP-SP3, but it doesn't work, why?

[trancexx]

Hello,

Thanks for your source...

I tried the source code posted in #1 on windows XP-SP3, but it doesn't work, why?

It's rather hard to answer that question considering there is more than one code in that post.

[ricky]

Ok, I read all the codes but i didn't find a working code.

I will change my question, who can post a working source?

[trancexx]

Ok, I read all the codes but i didn't find a working code.

I will change my question, who can post a working source?

That question is worst than the one you had before.

[ricky]

Why?

[trancexx]

Why?

Because the answer to that question will not give the answer to your real question (that you have troubles articulating). You need to be more precise and show a bit more healthy reasoning. If you can't find answer to your questions by yourself and still have need to ask them in such a plain way then maybe you shouldn't be using the code from this thread as it clearly demands higher understanding of relevant programming elements than you actually have.

[ricky]

Thanks for your very useful help!

[ricky]

I do a new try. I took the source code in the first topic, I select the notepad.exe on windir and it works.

I compile an autoit script with this line "MSGBOX(16,"Test","Test a program in memory.")" but I have a message "AutoIt Error. Unable to open the script file.". What is wrong?

[trancexx]

Complied script is specific type of executable. For script interpreter it's vital that complete image is accessible at run-time to what exhibited memory manipulation contradicts.

Draw conclusions yourself.

[DeltaRocked]

.... any other way out ? for Autoit Compiled execs...?

[trancexx]

Contemplating further using deductive reasoning one could easily conclude that using this metod for complied scripts is senseless.

Try it, you'll be "Damn, what a rush!"

[Skitty]

I compile an autoit script with this line "MSGBOX(16,"Test","Test a program in memory.")" but I have a message "AutoIt Error. Unable to open the script file.". What is wrong?

When you compile the script, load it into memory and run it in another binaries memory space, the script interpreter running from memory is trying to read the script from the image on your hard drive (i.e., the image you're attempting to impersonate.), but guess what, it's not there, herp.

[DeltaRocked]

can anything be done with .a3x ?

[wraithdu]

Just. Stop. No one likes where this is going. If you're doing this FROM AutoIt, then you have no legitimate reason to want or need to run an additional hidden script from memory.