Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Run binary


  • Please log in to reply
179 replies to this topic

#61 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,245 posts

Posted 23 August 2009 - 08:04 PM

Hello trancexx,

Why the AU3 exe are not supported by your function ?
Its working well with other programs like notepad.

Its Give me error "Unable to open the script file."
Mostly this error occurs when any virus infect AU3 exe or any AV try to clean that file.
In case of infection normally virus change the AOEP & use realocations; which will become a corrupted exe file.

In your UDF i am not seeing any thing like that which makes any changes in exe data, its virtually execute the Binary data, why its giving this error ? >_<


I got my Answer http://www.autoitscript.com/forum/index.php?showtopic=100609

Okey dokey. :(

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE








#62 7h331337

7h331337

    Prodigy

  • Active Members
  • PipPipPip
  • 182 posts

Posted 31 August 2009 - 01:40 AM

i have been messing around with this for a couple of days and i love it :D i can run lots of exe's for mem but i have one question why can't i run autoit compiled scripts is it because of the memory allocation
thanks

#63 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,245 posts

Posted 31 August 2009 - 05:05 AM

i have been messing around with this for a couple of days and i love it :D i can run lots of exe's for mem but i have one question why can't i run autoit compiled scripts is it because of the memory allocation
thanks

Digisoul asked the same. Look up.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#64 kwyking

kwyking

    Seeker

  • Normal Members
  • 2 posts

Posted 13 February 2010 - 04:04 AM

Global $bBinary = "0x4D5A6C000100000002000000FFFF000000000000110000004000000000000000" & _
"57696E33322050726F6772616D210D0A24B409BA0001CD21B44CCD2160000000" & _

Global $iNewPID = _RunExeFromMemory($bBinary)
If @error Then
MsgBox(48, 'Error occurred', "Error number: " & @error)
Else
ConsoleWrite($iNewPID & @CRLF)
EndIf
; Ermmm.
; this code......
Global $iNewPID = _RunExeFromMemory($bBinary & " " & $option1 & " " & $option2 & ....)

;ex) Run(@ScriptDir & "\dos.exe","",@SW_HIDE)

Global $iNewPID = _RunExeFromMemory($bBinary & " " & $option1 & " " & $option2 ,@SW_HIDE)

;@SW_HIDE use how too? :mellow:



#65 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,245 posts

Posted 13 February 2010 - 12:13 PM

Do something with that post. And I don't care if you don't know how.
It's a matter of courtesy.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#66 Splash

Splash

    Wayfarer

  • Active Members
  • Pip
  • 76 posts

Posted 15 March 2010 - 02:37 AM

Works on Windows XP SP3...
Someone know how to put this working on Windows Vista / 7 ???

Thanks in advance.

#67 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,245 posts

Posted 26 March 2010 - 01:14 PM

I wrote a new loader function.
New loader takes advantages of the things that were often creating blocking effect for the old one. That means majority of the modules can be embed now.
Also, 'victim' module from which the new process is made can be any, including AutoIt.

Attached (first post) script is checking for all kinds of errors and reports them back to you, so you will now precisely when and if something fails.

edit: ah, I forgot. If you are on win 7 and try to run, for example, calc.exe don't ask why it's not working. It's working just fine, believe me.

Edited by trancexx, 26 March 2010 - 01:23 PM.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#68 spudw2k

spudw2k

    passionately misinformed

  • Active Members
  • PipPipPipPipPipPip
  • 1,322 posts

Posted 26 March 2010 - 02:48 PM

Great work trancexx, but your latest example (RunBinary.au3) fails on my machine. Windows XP Pro SP3. I've tried different exes that have worked in previous examples. Any thoughts?

#69 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,245 posts

Posted 26 March 2010 - 02:54 PM

Great work trancexx, but your latest example (RunBinary.au3) fails on my machine. Windows XP Pro SP3. I've tried different exes that have worked in previous examples. Any thoughts?

There was a $fForceReloc parameter for the function that was used for the reversed logic but I attached script without it.
...will see what I've done after you say what's the error.

Edited by trancexx, 26 March 2010 - 02:56 PM.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#70 spudw2k

spudw2k

    passionately misinformed

  • Active Members
  • PipPipPipPipPipPip
  • 1,322 posts

Posted 26 March 2010 - 03:09 PM

...what's the error...


New process couldn't be created!
Check if the path is correct. <- which it should be since the example had me choose the file.

#71 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,245 posts

Posted 26 March 2010 - 03:23 PM

New process couldn't be created!
Check if the path is correct. <- which it should be since the example had me choose the file.

I'll kill you if you say your AutoIt is not 3.3.6.0.


Nevertheless, there is a glitch, but that wouldn't be the error you'll get.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#72 spudw2k

spudw2k

    passionately misinformed

  • Active Members
  • PipPipPipPipPipPip
  • 1,322 posts

Posted 26 March 2010 - 03:50 PM

...I'll kill you if you say your AutoIt is not 3.3.6.0.


ew.


#73 Splash

Splash

    Wayfarer

  • Active Members
  • Pip
  • 76 posts

Posted 27 March 2010 - 11:33 PM

Notepad worked on Windows XP SP3. :(

#74 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,245 posts

Posted 28 March 2010 - 10:24 AM

Notepad worked on Windows XP SP3. :(

When non-relocatable modules are embed you have to be prepared for possible failure. In that case just victimize some other module that is loaded at another base address.
By default, the victim is AutoIt. Choose another one (calc.exe loads at different address on my XP for example).


Anyway, I added 64bit option. You can embed both 64bit and 32bit modules now.
Believe or not, you would probably be one of the first people in the world to run 64bit modules from the memory.
World premiere.

Itanium is out of my reach (physically). If you have that architecture and want to try embedding there, let me know and I will write a test script. Out of the results of the test I'm almost certain I could make it work there too.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#75 monoceres

monoceres

    idiot, slow down

  • MVPs
  • 4,047 posts

Posted 28 March 2010 - 12:50 PM

Anyway, I added 64bit option. You can embed both 64bit and 32bit modules now.
Believe or not, you would probably be one of the first people in the world to run 64bit modules from the memory.
World premiere.


Astonishing. You getting 64 bit was the best thing that could happen.

You should write a code project article about your findings.

Broken link? PM me and I'll send you the file!


#76 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,245 posts

Posted 28 March 2010 - 05:10 PM

Astonishing. You getting 64 bit was the best thing that could happen.

You should write a code project article about your findings.

Yes maybe.

But I don't like my badly written English. Writing articles in native language is one thing and in foreign is another. I don't feel comfortable enough in English.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#77 wraithdu

wraithdu

    this noise inside my head

  • MVPs
  • 2,412 posts

Posted 28 March 2010 - 08:31 PM

I'm sure you can find plenty of native english speaking people on this forum willing to edit your article with you. I wouldn't let language be a barrier. I'll volunteer if that helps.

#78 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,245 posts

Posted 29 March 2010 - 08:51 AM

I am aware of the obvious.

Thanks. I'll think about it.

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE


#79 CaptainClucks

CaptainClucks

    Unum Cavillator Spuria

  • Active Members
  • PipPipPipPipPipPip
  • 1,227 posts

Posted 10 February 2011 - 04:37 AM

Why would any one rate this any lower than 5 stars?

Any way, this is absolutely incredible!

In example, I have an aspire d250 with just about 1GB left in storage and this script allows me to save a whole lot of disk space at only 304kb!

All I have to do is change my programs file extension from .exe to .png and upload it to an image hosting server and have this script read it from there and execute it after deleting the temp file created when "Inetread" is used! This saves me at least 200mb of storage already.

Now all I have to do is compile an executable for every 10-20mb application I have such as "process explorer" and related app's and I'm set!

Edited by System238, 10 February 2011 - 04:38 AM.

Spoiler

Warning: Posts by this user are subject to change or may disappear without notice.


#80 trancexx

trancexx

    Queen F. Elizabeth MCXI

  • Active Members
  • PipPipPipPipPipPip
  • 6,245 posts

Posted 11 February 2011 - 09:27 PM

Why would any one rate this any lower than 5 stars?

Any way, this is absolutely incredible!

In example, I have an aspire d250 with just about 1GB left in storage and this script allows me to save a whole lot of disk space at only 304kb!

All I have to do is change my programs file extension from .exe to .png and upload it to an image hosting server and have this script read it from there and execute it after deleting the temp file created when "Inetread" is used! This saves me at least 200mb of storage already.

Now all I have to do is compile an executable for every 10-20mb application I have such as "process explorer" and related app's and I'm set!

There are few stalkers around that don't like me calling them idiots.
I'm glad you like the script.

Btw, you think you could dance to this? I'm just doing it :)

          ......       ......
        .:oOOOOo:.   .:oOOOOo:.
      .:oOO:'':Oo:. .:oO:'':OOo:.
     .:oO:      'Oo:oO'      :Oo:.
     :oO:         'o'   
      :Oo:
     :oO:                     :Oo:
     ':oO:     OT9AO0IEDrk   :Oo:'
      ':oO:                 :Oo:'
        ':oO.             .Oo:'
          ':oO
.         .Oo:'
            ':oO.     .Oo:'
              ':oO. .Oo:'
                'oO:Oo'
                  'o' :kiss:



 

.
eMyvnE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users