Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Run binary


  • Please log in to reply
179 replies to this topic

#41 IchBistTod

IchBistTod

    Universalist

  • Active Members
  • PipPipPipPipPip
  • 257 posts

Posted 14 August 2009 - 08:05 AM

Well i tried reading it as binary and converting it to binary, i tried reading it in normal mode and converting that to binary and got nothing. I  also tried using the first post to directly put the exe binary code into the script as a variable and once again with no error or result.

=]








#42 Xenobiologist

Xenobiologist

    Xx Code~Mega xX

  • MVPs
  • 4,849 posts

Posted 14 August 2009 - 09:35 AM

Hi,

I treid notepad.exe and some others (e.g: Autoit Scripts) with no luck. Error 6

Mega

Scripts & functions Organize Includes Let Scite organize the include files *new

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times


#43 toxicvn

toxicvn

    Wayfarer

  • Active Members
  • Pip
  • 94 posts

Posted 14 August 2009 - 09:50 AM

i try with autoit script but it crash >_< :( :(

#44 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,149 posts

Posted 14 August 2009 - 10:49 AM

@toxicvn, can you show me the code you run

Btw...
Current rating of this thread is 4. That would be 4, 5, 5, 5, 3.

I find that to be fascinating - as some of you could imagine! Far beyond my expectations.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#45 monoceres

monoceres

    asdf

  • MVPs
  • 4,023 posts

Posted 14 August 2009 - 02:12 PM

Btw...
Current rating of this thread is 4. That would be 4, 5, 5, 5, 3.

I find that to be fascinating - as some of you could imagine! Far beyond my expectations.

Yeah, what kinda person would give this a 3?!

Broken link? PM me and I'll send you the file!


#46 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,149 posts

Posted 14 August 2009 - 03:33 PM

Yeah, what kinda person would give this a 3?!

Well, average AutoIt (forum) user would give 4. That's also saying something.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#47 spudw2k

spudw2k

    passionately misinformed

  • Active Members
  • PipPipPipPipPipPip
  • 1,278 posts

Posted 14 August 2009 - 04:17 PM

Hi,

I treid notepad.exe and some others (e.g: Autoit Scripts) with no luck. Error 6

Mega


I had the same issue. I tried with notepad first, but I simply copied the console output and pasted into another file. No workie. >_< I didn't notice till later that there is a clipput command in the script to capture the bin data. When I simply pasted from the clipboard notepad worked fine for me.

#48 IchBistTod

IchBistTod

    Universalist

  • Active Members
  • PipPipPipPipPip
  • 257 posts

Posted 14 August 2009 - 05:06 PM

Just wondering if anyone could tell me why this wouldnt be working for me... even on XP.

Also is there ANY way to get it to work on vista?

=]


#49 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,149 posts

Posted 15 August 2009 - 09:02 AM

Just wondering if anyone could tell me why this wouldnt be working for me... even on XP.

Also is there ANY way to get it to work on vista?

Why are you refusing to open your eyes and read what's written to you.

I think I was pretty clear on the way I'm gonna give the solution. Why? Because method posted here is dangerous. In combination with AutoIt it's a bomb. (Construction of these sentences is meant to be the clue)

If you want to use it you will also have to use your head. And that's going for anyone else.
All is posted and all is said. If you can't find it then you have to ask your self, what's wrong? How come you don't see what's obvious for some others.

I hope you wouldn't take too personal what I wrote here. It wasn't meant to be. Average AutoIt user is addressed (abusers not included).

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#50 IchBistTod

IchBistTod

    Universalist

  • Active Members
  • PipPipPipPipPip
  • 257 posts

Posted 16 August 2009 - 03:25 AM

Sorry for having been hit on the head just a few days ago and not being able to think completely straight.

People fucking amaze me...

=]


#51 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,149 posts

Posted 20 August 2009 - 08:10 PM

People fucking amaze me...

People juggling amaze me.
Gonna learn that too some day. It's on my to-learn list.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#52 davidkim

davidkim

    Adventurer

  • Active Members
  • PipPip
  • 112 posts

Posted 21 August 2009 - 06:24 AM

Global $bBinary = "0x4D5A6C000100000002000000FFFF000000000000110000004000000000000000" & _
"57696E33322050726F6772616D210D0A24B409BA0001CD21B44CCD2160000000" & _
--------------------

Global $iNewPID = _RunExeFromMemory($bBinary)
If @error Then
MsgBox(48, 'Error occurred', "Error number: " & @error)
Else
ConsoleWrite($iNewPID & @CRLF)
EndIf
>_<
this code......
Global $iNewPID = _RunExeFromMemory($bBinary & " " & $option1 & " " & $option2 & ....)
use how too?

exe(upx compress)(11kb) -> convert binary(non upx/decompress)(25kb) -> _RunExeFromMemory(non upx) -> runtime error

binary(compress) use how too?

Edited by davidkim, 21 August 2009 - 06:32 AM.

I interest am many quite in AutoitScript.From that is [http://cafe.naver.com/autoitscript] Korea of cafe(blog) to be operating, English cannot well.Many help it requests.To read, it stands it thanks.

#53 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,149 posts

Posted 21 August 2009 - 05:15 PM

Global $bBinary = "0x4D5A6C000100000002000000FFFF000000000000110000004000000000000000" & _
"57696E33322050726F6772616D210D0A24B409BA0001CD21B44CCD2160000000" & _
--------------------

Global $iNewPID = _RunExeFromMemory($bBinary)
If @error Then
MsgBox(48, 'Error occurred', "Error number: " & @error)
Else
ConsoleWrite($iNewPID & @CRLF)
EndIf
>_<
this code......
Global $iNewPID = _RunExeFromMemory($bBinary & " " & $option1 & " " & $option2 & ....)
use how too?

exe(upx compress)(11kb) -> convert binary(non upx/decompress)(25kb) -> _RunExeFromMemory(non upx) -> runtime error

binary(compress) use how too?

Could you ask one question at a time. I have troubles understanding what you wrote.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#54 Mobius

Mobius

    Disassembling the fantasy

  • Active Members
  • PipPipPipPipPipPip
  • 887 posts

Posted 21 August 2009 - 05:49 PM

Global $bBinary = "0x4D5A6C000100000002000000FFFF000000000000110000004000000000000000" & _         "57696E33322050726F6772616D210D0A24B409BA0001CD21B44CCD2160000000" & _ Global $iNewPID = _RunExeFromMemory($bBinary) If @error Then     MsgBox(48, 'Error occurred', "Error number: " & @error) Else     ConsoleWrite($iNewPID & @CRLF) EndIf ; Ermmm. ; this code...... Global $iNewPID = _RunExeFromMemory($bBinary & " " &  $option1 & " " & $option2 & ....) ;use how too?

If I might have a crack at a translate....
The above code the dude is asking how he might use your method, similar to the Run() function,
ie) by passing the memory executable commandline switches.
_RunExeFromMemory($bExe,"/switch1  /switch2 /etc")

I might be wrong on this though...

exe(upx compress)(11kb) -> convert binary(non upx/decompress)(25kb) -> _RunExeFromMemory(non upx) -> runtime error
binary(compress) use how too?

This portion I believe he wants to know...
why is it when you pack a binary, then convert the packed file to a binhex dump (script variable) and execute it from memory,
how come the packers loader does not magically recognize the situation it is being executed in and proceed, instead of breaking down.

Edited by Mobius, 21 August 2009 - 08:47 PM.

AutoCamo Another Aut2Exe wrapper*

Signature words of wisdom
Spoiler

#55 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,149 posts

Posted 21 August 2009 - 06:52 PM

Switches are passed to CreateProcess function (second parameter). Like this maybe:


Packers shouldn't cause problems because entry point is adjusted prior real execution. Though, I can imagine situation where there could be problems with some imaginary packer that would read unloaded-self, therefore read wrong self (i.e. @AutoItExe).
This situation is with AutoIt3.exe btw, but shouldn't be happening with packers. If so it would indicate poor job, or poor packer, in my opinion.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#56 davidkim

davidkim

    Adventurer

  • Active Members
  • PipPip
  • 112 posts

Posted 21 August 2009 - 07:39 PM

If I might have a crack at a translate....
The above code the dude is asking how he might use your method, similar to the Run() function,
ie) by passing the memory executable commandline switches. :(.

_RunExeFromMemory($bExe,"/switch1  /switch2 /etc")


>_<
Thanks Mobius


I might be wrong though

This portion I believe he wants to know...
why is it when you pack a binary, then convert the packed file to a binhex dump (script variable) and execute it from memory,
how come the packers loader does not magically recognize the situation it is being executed in and proceed, instead of breaking down.

:(

run(@scriptdir & '\sample.exe /option1 /option2) -> test ok (sample.exe is upx compress saving files,ex:15kb)
_RunExeFromMemory($bExe,"/option1 /option2") -> test fail (sample.exe is binary converting/non upx/decompress files,ex:30kb)


I interest am many quite in AutoitScript.From that is [http://cafe.naver.com/autoitscript] Korea of cafe(blog) to be operating, English cannot well.Many help it requests.To read, it stands it thanks.

#57 davidkim

davidkim

    Adventurer

  • Active Members
  • PipPip
  • 112 posts

Posted 21 August 2009 - 07:48 PM

Switches are passed to CreateProcess function (second parameter). Like this maybe:


Packers shouldn't cause problems because entry point is adjusted prior real execution. Though, I can imagine situation where there could be problems with some imaginary packer that would read unloaded-self, therefore read wrong self (i.e. @AutoItExe).
This situation is with AutoIt3.exe btw, but shouldn't be happening with packers. If so it would indicate poor job, or poor packer, in my opinion.

>_<

RUNFromMemory_ping.au3 (Global $sModule = @SystemDir & '\ ping.exe' -> Global $sModule = @scriptdir & '\ mysample.exe') test fail ......

mysample.exe compression program is run.
But after converting to binary mysample.exe size increases.
This increased size is actually an error in memory silhaengdoelttae.

please......

Edited by davidkim, 21 August 2009 - 07:50 PM.

I interest am many quite in AutoitScript.From that is [http://cafe.naver.com/autoitscript] Korea of cafe(blog) to be operating, English cannot well.Many help it requests.To read, it stands it thanks.

#58 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,149 posts

Posted 21 August 2009 - 09:30 PM

Your problem is not even remotely related to this thread.
Direct your question to Tom Ehlert, author of that software.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#59 davidkim

davidkim

    Adventurer

  • Active Members
  • PipPip
  • 112 posts

Posted 21 August 2009 - 10:12 PM

>_<
Thanks trancexx
I interest am many quite in AutoitScript.From that is [http://cafe.naver.com/autoitscript] Korea of cafe(blog) to be operating, English cannot well.Many help it requests.To read, it stands it thanks.

#60 Digisoul

Digisoul

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 330 posts

Posted 22 August 2009 - 10:29 AM

Hello trancexx,

Why the AU3 exe are not supported by your function ?
Its working well with other programs like notepad.

Its Give me error "Unable to open the script file."
Mostly this error occurs when any virus infect AU3 exe or any AV try to clean that file.
In case of infection normally virus change the AOEP & use realocations; which will become a corrupted exe file.

In your UDF i am not seeing any thing like that which makes any changes in exe data, its virtually execute the Binary data, why its giving this error ? >_<


I got my Answer http://www.autoitscript.com/forum/index.php?showtopic=100609

Edited by Digisoul, 22 August 2009 - 12:11 PM.

73 108 111 118 101 65 117 116 111 105 116 Posted Image




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users