Caiol

What? I'm not doing a malicious program and nothing related. I'm just doing a opposite program, a GAME ANTI HACK... If someone can help... thanks...

Hey everybody... How i was saying in my other topics, i have a game antihack script. Today a hacker posted in a hack community a way, using process manager, to suspend my auxiliar process, the principal process and hack the game... So, i've been thinking if it's possible to run the auxiliar process in memory, without create a new process, to monitore the antihack process and close the game if it's closed. Testing the script, i've got an error when i try to run the compiled auxiliar executable. AutoIt Error: "Unable to open script file" Someone have an ideia that can i do? And something, more one time, to hide process? Thanks!!

Thanks for the reply, man!! Thanks for the ideia, i'll do it. Someone knows something more to "hide process" or don't close the game antihack process? And about the module unload? Thanks a lot!

Hello everybody! I have a script that is supposed to be a Game Anti hack and i'm searching for possibilities to nothing close the antihack process until the game is running. Actualy i'm using some newbie codes that block de windows task manager, but the process can be close using anothers task manager. I'm not doing a malware or malicious program... if someone can help-me, just send a private message to don't let the explicit answer/code. Searching i've found this: http://allapi.mentalis.org/apilist/RegisterServiceProcess.shtml It's a function that can hide the process from task manager, but the function RegisterServiceProcess() isn't at the Kernel32.dll in Windows XP+... If someone knows something related, i'll be grateful... ------------------------------------------------------------------- Another question: At the same game anti hack script, i've done a DLL comparation and if it find a strange module, it closes the game and show an error. I've found some script that can 'unload' the module... have problem if i unload some program module or no hacking module? Thanks! Sorry for my english...

Thanks Jos!! I've tryed before to use ignore directive, but it didn't works... now it's working perfectly.

Hello! I'm doing a server/client connection and i've used the TCP UDF: The thing is that when i'm obfuscating the script, it's getting erros related to the Call() function, in the UDF. Have something that can i do to replace the function call? Have another may to do the connections? Thanks!

Hello!! I'm doing a server script and it's supposed to reiceve connections with data like "~~command;info1;info2;infox". The client script do four connections with this server, send the data, reiceve the response and 'close the connect'*. *Close the connect: Server side after sends the data: "TCPCloseSocket($ConnectedSocket); $ConnectedSocket = -1"; but after it, the TCP isn't restarting and isn't accepting new connections with new commands... What can it be? OBS: I've used the TCPCloseSocket Server Script to make my script, doing changes. Thanks!!

That is a part of my scrypt that is supposed to protect a game executable from hacking: The majority of the variables like $variable[0][0] is already read in other files. Some variables are in portuguese, i'm brazilian. Edited! @EDIT: Thanks bogQ!!!

It's possible, but if I put the functions in a normal loop, it will be confusing... Because i have a lot of "For... to", for example: For $i=1 to $hack[0][0] if WinExists($hack[$i][1]) Then WinKill($hacks[$i][1]) EndIf Next But isn't a unique "To 'num'", is more or less 5 diferent comparations: Window name, process, systems checks, modules checks... Any ideia?

Hello.. I have a game anti cheating script and i'm using AdLibRegister() with functions to check if some hack program are executing, but the script is becoming too low... I've been thinking about and reading the help file. The AdLibRegister() must be with non blocking functions, like While, For; but i'm using it to list an array with the hackers and check it... Can someone give me an ideia to do the script faster? Another way to check the arrays with the hackers without 'blocking' the script or do it lower? Thanks! Sorry for my english...

Up...

Hello everybody!! I'm making a Game anti cheating and in my actual script, i'm using _ProcessGetLoadedModules() to get all the game process modules and compare it to an array with good modules, but the exceptions list is becoming too big... I've searched in the forum and found a script named by "ModuleSpy", that can read, inject and unload a module from an executable, but when do I unload an malicious module previrously injected, the game crashes and exit... Have a way to unload the module without get a game exit? Or have a way to change something in the function to it don't get unnecessary modules? Thanks!! EDIT: Sorry for my english... The script of 'ModuleSpy' that i want to do a "module unload" without game executable exit. #NoTrayIcon #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_icon=ModuleSpy.ico #AutoIt3Wrapper_Compression=4 #AutoIt3Wrapper_Res_Comment=View and unload modules in a process, or inject a module into a process. #AutoIt3Wrapper_Res_Description=ModuleSpy #AutoIt3Wrapper_Res_Fileversion=1.0.0.1 #AutoIt3Wrapper_Res_LegalCopyright=by Erik Pilsits #AutoIt3Wrapper_Res_Language=1033 #AutoIt3Wrapper_Res_requestedExecutionLevel=asInvoker #AutoIt3Wrapper_Run_Obfuscator=y #Obfuscator_Parameters=/striponly #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** Opt("MustDeclareVars", 1) Opt("GUIOnEventMode", 1) Opt("GUICloseOnESC", 0) #include <GuiListView.au3> #include <WindowsConstants.au3> #include <GuiConstantsEx.au3> #include <GUITooltip.au3> _GetPrivilege_SEDEBUG() Global $PSAPI = DllOpen("psapi.dll") Global $g_aProcs, $g_aMods Global $g_LoadLibraryA, $g_FreeLibrary Global $LV_tooltiptext = DllStructCreate("char[1024]") ; structure for LV tooltips Global $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy, (Debug)}!\\.\root\cimv2") Global $borderoffset = _WinAPI_GetSystemMetrics(4) + _WinAPI_GetSystemMetrics(32) ; SM_CYCAPTION + SM_CXSIZEFRAME Global $gui = GUICreate("ModuleSpy", 900, 600, -1, -1, BitOR($GUI_SS_DEFAULT_GUI, $WS_SIZEBOX)) ; listviews Global $hLV1 = _GUICtrlListView_Create($gui, "Process|PID", 4, 4, 220, 563, BitOR($LVS_SHOWSELALWAYS, $LVS_SINGLESEL, $LVS_NOSORTHEADER, $LVS_REPORT), $WS_EX_CLIENTEDGE) _GUICtrlListView_SetExtendedListViewStyle($hLV1, BitOR($LVS_EX_GRIDLINES, $LVS_EX_DOUBLEBUFFER, $LVS_EX_FULLROWSELECT, $LVS_EX_INFOTIP, $LVS_EX_LABELTIP), _ BitOR($LVS_EX_GRIDLINES, $LVS_EX_DOUBLEBUFFER, $LVS_EX_FULLROWSELECT, $LVS_EX_INFOTIP, $LVS_EX_LABELTIP)) _GUICtrlListView_SetColumnWidth($hLV1, 0, 150) _GUICtrlListView_SetColumnWidth($hLV1, 1, $LVSCW_AUTOSIZE_USEHEADER) Global $hLV2 = _GUICtrlListView_Create($gui, "Module|Base Address|Path", 228, 4, 668, 563, BitOR($LVS_SHOWSELALWAYS, $LVS_SINGLESEL, $LVS_NOSORTHEADER, $LVS_REPORT), $WS_EX_CLIENTEDGE) _GUICtrlListView_SetExtendedListViewStyle($hLV2, BitOR($LVS_EX_GRIDLINES, $LVS_EX_DOUBLEBUFFER, $LVS_EX_FULLROWSELECT, $LVS_EX_INFOTIP, $LVS_EX_LABELTIP), _ BitOR($LVS_EX_GRIDLINES, $LVS_EX_DOUBLEBUFFER, $LVS_EX_FULLROWSELECT, $LVS_EX_INFOTIP, $LVS_EX_LABELTIP)) _GUICtrlListView_SetColumnWidth($hLV2, 0, 150) _GUICtrlListView_SetColumnWidth($hLV2, 1, $LVSCW_AUTOSIZE_USEHEADER) _GUICtrlListView_SetColumnWidth($hLV2, 2, $LVSCW_AUTOSIZE_USEHEADER) ; buttons Global $LV1Refresh = GUICtrlCreateButton("Refresh", 4, 571, 50, 25) GUICtrlSetResizing(-1, BitOR($GUI_DOCKLEFT, $GUI_DOCKWIDTH, $GUI_DOCKBOTTOM, $GUI_DOCKHEIGHT)) Global $LV2Refresh = GUICtrlCreateButton("Refresh", 228, 571, 50, 25) GUICtrlSetResizing(-1, BitOR($GUI_DOCKLEFT, $GUI_DOCKWIDTH, $GUI_DOCKBOTTOM, $GUI_DOCKHEIGHT)) Global $UnloadModule = GUICtrlCreateButton("Unload Module", 282, 571, 85, 25) GUICtrlSetResizing(-1, BitOR($GUI_DOCKLEFT, $GUI_DOCKWIDTH, $GUI_DOCKBOTTOM, $GUI_DOCKHEIGHT)) Global $InjectModule = GUICtrlCreateButton("Inject Module", 371, 571, 85, 25) GUICtrlSetResizing(-1, BitOR($GUI_DOCKLEFT, $GUI_DOCKWIDTH, $GUI_DOCKBOTTOM, $GUI_DOCKHEIGHT)) GUIRegisterMsg($WM_NOTIFY, "_MY_WM_NOTIFY") GUIRegisterMsg($WM_SIZING, "_MY_WM_SIZE") GUISetOnEvent($GUI_EVENT_CLOSE, "_Exit") GUICtrlSetOnEvent($LV1Refresh, "_RefreshProcs") GUICtrlSetOnEvent($LV2Refresh, "_RefreshMods") GUICtrlSetOnEvent($UnloadModule, "_UnloadModule") GUICtrlSetOnEvent($InjectModule, "_InjectModule") _GetOffsets() _UpdateProcs() ; get values for resizing Global $GUIpos = WinGetPos($gui) Global $LV1pos = ControlGetPos($gui, "", $hLV1) Global $LV2Pos = ControlGetPos($gui, "", $hLV2) GUISetState() While 1 Sleep(1000) WEnd Func _Exit() DllClose($PSAPI) Exit EndFunc Func _GetOffsets() ; get LoadLibraryA and FreeLibrary offsets from kernel32.dll base address Local $hKernel32 = _WinAPI_LoadLibrary("kernel32.dll") $g_LoadLibraryA = _GetProcAddress($hKernel32, "LoadLibraryA") - $hKernel32 $g_FreeLibrary = _GetProcAddress($hKernel32, "FreeLibrary") - $hKernel32 _WinAPI_FreeLibrary($hKernel32) EndFunc Func _MY_WM_NOTIFY($hWnd, $iMsg, $iwParam, $ilParam) Local $tNMHDR = DllStructCreate($tagNMLVGETINFOTIP, $ilParam) Local $hWndFrom = HWnd(DllStructGetData($tNMHDR, "hWndFrom")) ;~ Local $iIDFrom = DllStructGetData($tNMHDR, "IDFrom") Local $iCode = DllStructGetData($tNMHDR, "Code") Local $LVN_GETINFOTIP Switch $hWndFrom Case $hLV1 Switch $iCode Case $NM_CLICK Local $idx = _GUICtrlListView_GetSelectedIndices($hLV1) If $idx <> "" Then _UpdateMods(Number($idx)) Else _GUICtrlListView_DeleteAllItems($hLV2) EndIf Case $LVN_GETINFOTIP Local $oProc Local $ttip = "n/a" Local $colProcs = $oWMI.ExecQuery("SELECT ExecutablePath,CommandLine FROM Win32_Process WHERE ProcessId = " & $g_aProcs[DllStructGetData($tNMHDR, "Item")][0]) If IsObj($colProcs) Then For $oProc In $colProcs If $oProc.ExecutablePath Then Local $desc = FileGetVersion($oProc.ExecutablePath, "FileDescription") If $desc == "" Then $desc = "(No Description)" $ttip = $desc & @CRLF & "--------------------" & @CRLF & $oProc.ExecutablePath EndIf If $oProc.CommandLine Then $ttip &= @CRLF & $oProc.CommandLine Next EndIf DllStructSetData($LV_tooltiptext, 1, $ttip) DllStructSetData($tNMHDR, "Flags", 1) ; LVGIT_UNFOLDED DllStructSetData($tNMHDR, "Text", DllStructGetPtr($LV_tooltiptext)) EndSwitch Case $hLV2 Switch $iCode Case $LVN_GETINFOTIP Local $modpath = $g_aMods[DllStructGetData($tNMHDR, "Item")][2] Local $ttip = FileGetVersion($modpath, "FileDescription") If $ttip == "" Then $ttip = "(No Description)" Local $ver = FileGetVersion($modpath, "FileVersion") If $ver <> "" Then $ttip &= @CRLF & $ver DllStructSetData($LV_tooltiptext, 1, $ttip) DllStructSetData($tNMHDR, "Flags", 1) ; LVGIT_UNFOLDED DllStructSetData($tNMHDR, "Text", DllStructGetPtr($LV_tooltiptext)) EndSwitch EndSwitch Return $GUI_RUNDEFMSG EndFunc Func _MY_WM_SIZE($hWnd, $iMsg, $iwParam, $ilParam) ; resize owner controls Local $tRECT = DllStructCreate($tagRECT, $ilParam) Local $newheight = DllStructGetData($tRECT, "Bottom") - DllStructGetData($tRECT, "Top") Local $newwidth = DllStructGetData($tRECT, "Right") - DllStructGetData($tRECT, "Left") ; original control height/width + difference in new GUI height/width Local $controlheight = $LV1pos[3] + ($newheight - $GUIpos[3]) ; same for both listviews ControlMove($gui, "", $hLV1, $LV1pos[0], $LV1pos[1], $LV1pos[2], $controlheight) ControlMove($gui, "", $hLV2, $LV2pos[0], $LV2pos[1], $LV2Pos[2] + ($newwidth - $GUIpos[2]), $controlheight) EndFunc Func _UpdateProcs() _GUICtrlListView_BeginUpdate($hLV1) _GUICtrlListView_DeleteAllItems($hLV1) $g_aProcs = _EnumProcesses() If IsArray($g_aProcs) Then _ArraySort($g_aProcs, 0, 0, 0, 1) For $i = 0 To UBound($g_aProcs) - 1 _GUICtrlListView_AddItem($hLV1, $g_aProcs[$i][1]) _GUICtrlListView_AddSubItem($hLV1, $i, $g_aProcs[$i][0], 1) Next EndIf _GUICtrlListView_EndUpdate($hLV1) EndFunc Func _EnumProcesses() ; enumerate processes and build array Local $aProc Local $pids = DllStructCreate("dword[1024]") Local $ret = DllCall($PSAPI, "int", "EnumProcesses", "ptr", DllStructGetPtr($pids), "dword", DllStructGetSize($pids), "dword*", 0) If $ret[3] > 0 Then Local $numpids = $ret[3] / 4 ; number of pids Local $aProc[$numpids][2] For $i = 1 To $numpids $aProc[$i - 1][0] = DllStructGetData($pids, 1, $i) ; process pid $aProc[$i - 1][1] = "System" ; process name ; open the process and get the filename Local $hProcess = _GetProcHandle(DllStructGetData($pids, 1, $i)) If $hProcess Then Local $name = _GetModuleBaseNameW($hProcess) If $name Then $aProc[$i - 1][1] = $name _WinAPI_CloseHandle($hProcess) EndIf Next EndIf $pids = 0 Return $aProc EndFunc Func _GetModuleBaseNameW($hProcess, $hModule = 0) Local $name = "" Local $ret = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", $hModule, "wstr", "", "dword", 260) If $ret[0] Then $name = $ret[3] EndIf Return $name EndFunc Func _GetModuleFileNameW($hProcess, $hModule = 0) Local $path = "" Local $ret = DllCall($PSAPI, "dword", "GetModuleFileNameExW", "ptr", $hProcess, "ptr", $hModule, "wstr", "", "dword", 260) If $ret[0] Then $path = $ret[3] EndIf Return $path EndFunc Func _UpdateMods($idx) _GUICtrlListView_BeginUpdate($hLV2) _GUICtrlListView_DeleteAllItems($hLV2) $g_aMods = _EnumModules($g_aProcs[$idx][0]) If IsArray($g_aMods) Then _ArraySort($g_aMods, 0, 0, 0, 1) For $i = 0 To UBound($g_aMods) - 1 _GUICtrlListView_AddItem($hLV2, $g_aMods[$i][1]) _GUICtrlListView_AddSubItem($hLV2, $i, $g_aMods[$i][0], 1) _GUICtrlListView_AddSubItem($hLV2, $i, $g_aMods[$i][2], 2) Next EndIf _GUICtrlListView_EndUpdate($hLV2) EndFunc Func _EnumModules($process) ; enumerate all modules in a process Local $aMods Local $hProcess = _GetProcHandle($process) If $hProcess Then Local $modules = DllStructCreate("ptr[1024]") Local $ret = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($modules), "dword", DllStructGetSize($modules), "dword*", 0) If $ret[4] > 0 Then Local $nummods = $ret[4] / 4 Local $aMods[$nummods][3] For $i = 1 To $nummods $aMods[$i - 1][0] = DllStructGetData($modules, 1, $i) ; base address $aMods[$i - 1][1] = "n/a" ; module name $aMods[$i - 1][2] = "n/a" ; module path Local $name = _GetModuleBaseNameW($hProcess, Ptr($aMods[$i - 1][0])) If $name Then $aMods[$i - 1][1] = $name Local $path = _GetModuleFileNameW($hProcess, Ptr($aMods[$i - 1][0])) If $path Then $aMods[$i - 1][2] = $path Next EndIf _WinAPI_CloseHandle($hProcess) $modules = 0 EndIf Return $aMods EndFunc Func _RefreshProcs() _GUICtrlListView_DeleteAllItems($hLV2) _UpdateProcs() EndFunc Func _RefreshMods() Local $idx = _GUICtrlListView_GetSelectedIndices($hLV1) If $idx <> "" Then _UpdateMods(Number($idx)) EndFunc Func _InjectModule() Local $err = 0, $hModule = 0 Local $procidx = _GUICtrlListView_GetSelectedIndices($hLV1) If $procidx == "" Then $err = 1 Else Local $dllpath = FileOpenDialog("Inject Module into " & $g_aProcs[Number($procidx)][1] & "...", @ScriptDir, "Modules (*.dll)", 3, "", $gui) If @error Then $err = 2 Else If StringRight($dllpath, 4) <> ".dll" Then $err = 3 Else Local $hProcess = _GetProcHandle($g_aProcs[Number($procidx)][0]) If Not $hProcess Then $err = 4 Else ; allocate memory in remote process for dll path Local $pMem = _MemVirtualAllocEx($hProcess, 0, 260, $MEM_COMMIT, $PAGE_READWRITE) If Not $pMem Then $err = 5 Else ; write dll path to remote process Local $ret = DllCall("kernel32.dll", "int", "WriteProcessMemory", "ptr", $hProcess, "ptr", $pMem, "str", $dllpath, "uint", 260, "uint*", 0) If $ret[5] <> 260 Then $err = 6 Else ; get LoadLibraryA address and call the remote thread with a pointer to the dll path Local $kernelidx = _ArraySearch($g_aMods, "kernel32.dll", 0, 0, 0, 0, 1, 1) If $kernelidx == -1 Then $err = 7 Else Local $LoadLibraryA = $g_aMods[$kernelidx][0] + $g_LoadLibraryA ; add offset to base address $ret = DllCall("kernel32.dll", "ptr", "CreateRemoteThread", "ptr", $hProcess, "ptr", 0, "uint", 0, "ptr", $LoadLibraryA, "ptr", $pMem, "dword", 0, "ptr", 0) If Not $ret[0] Then $err = 8 ; create remote thread failed Else Local $hThread = $ret[0] _WinAPI_WaitForSingleObject($hThread) ; wait for thread to finish ; get thread return value, which is the HMODULE (base address) of the injected dll $ret = DllCall("kernel32.dll", "int", "GetExitCodeThread", "ptr", $hThread, "dword*", 0) $hModule = Ptr($ret[2]) _WinAPI_CloseHandle($hThread) ; close thread handle EndIf EndIf EndIf _MemVirtualFreeEx($hProcess, $pMem, 260, $MEM_DECOMMIT) ; release memory for dll path EndIf _WinAPI_CloseHandle($hProcess) EndIf EndIf EndIf EndIf _RefreshMods() Return SetError($err, 0, $hModule) EndFunc Func _UnloadModule() Local $err = 0, $return = 0 Local $procidx = _GUICtrlListView_GetSelectedIndices($hLV1) If $procidx == "" Then $err = 1 Else Local $modidx = _GUICtrlListView_GetSelectedIndices($hLV2) If $modidx == "" Then $err = 2 Else Local $hModule = $g_aMods[Number($modidx)][0] Local $hProcess = _GetProcHandle($g_aProcs[Number($procidx)][0]) If Not $hProcess Then $err = 3 Else ; get FreeLibrary address and call the remote thread with a pointer to hModule Local $kernelidx = _ArraySearch($g_aMods, "kernel32.dll", 0, 0, 0, 0, 1, 1) If $kernelidx == -1 Then $err = 4 Else Local $FreeLibrary = $g_aMods[$kernelidx][0] + $g_FreeLibrary ; add offset to base address Local $ret = DllCall("kernel32.dll", "ptr", "CreateRemoteThread", "ptr", $hProcess, "ptr", 0, "uint", 0, "ptr", $FreeLibrary, "ptr", $hModule, "dword", 0, "ptr", 0) If Not $ret[0] Then $err = 4 ; create remote thread failed Else _WinAPI_WaitForSingleObject($ret[0]) ; wait for thread to finish _WinAPI_CloseHandle($ret[0]) ; close thread handle EndIf EndIf _WinAPI_CloseHandle($hProcess) EndIf EndIf EndIf _RefreshMods() If $err Then $return = 1 Return SetError($err, 0, $return) EndFunc Func _GetProcAddress($module, $function) Local $call = DllCall("kernel32.dll", "ptr", "GetProcAddress", "ptr", $module, "str", $function) Return $call[0] EndFunc Func _GetProcHandle($process) Local $hProcess = 0 Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE If IsInt($process) Then If $process > 0 Then Local $ret = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $process) If $ret[0] Then $hProcess = $ret[0] EndIf EndIf EndIf Return $hProcess EndFunc Func _GetPrivilege_SEDEBUG() Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes" Local $count = 1 Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]" ; count of LUID structs * sizeof LUID struct Local $TOKEN_ADJUST_PRIVILEGES = 0x20 Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", _WinAPI_GetCurrentProcess(), "dword", $TOKEN_ADJUST_PRIVILEGES, "ptr*", "") Local $hToken = $call[3] $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", Chr(0), "str", "SeDebugPrivilege", "int64*", "") Local $iLuid = $call[3] Local $TP = DllStructCreate($tagTOKENPRIVILEGES) Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB")) DllStructSetData($TP, "PrivilegeCount", $count) DllStructSetData($LUID, "Luid", $iLuid) DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED) $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "ptr", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", Chr(0), "ptr", Chr(0)) Return ($call[0] <> 0) ; $call[0] <> 0 is success EndFunc ;==>_GetPrivilege_SEDEBUG The function _ProcessGetLoadedModules() that i'm using and are getting a lot of unnecessary modules: #Include <WinAPI.au3> ; #FUNCTION#;=============================================================================== ; ; Name...........: _ProcessGetLoadedModules ; Description ...: Returns an array containing the full path of the loaded modules ; Syntax.........: _ProcessGetLoadedModules($iPID) ; Parameters ....: ; Return values .: Success - An array with all the paths ; : Failure - -1 and @error=1 if the specified process couldn't be opened. ; Author ........: Andreas Karlsson (monoceres) & ProgAndy ; Modified.......: ; Remarks .......: ; Related .......: ; Link ..........; ; Example .......; No ; ;;========================================================================================== Func _ProcessGetLoadedModules($iPID) Local Const $PROCESS_QUERY_INFORMATION=0x0400 Local Const $PROCESS_VM_READ=0x0010 Local $aCall, $hPsapi=DllOpen("Psapi.dll") Local $hProcess, $tModulesStruct $tModulesStruct=DllStructCreate("hwnd [200]") Local $SIZEOFHWND = DllStructGetSize($tModulesStruct)/200 $hProcess=_WinAPI_OpenProcess(BitOR($PROCESS_QUERY_INFORMATION,$PROCESS_VM_READ),False,$iPID) If Not $hProcess Then Return SetError(1,0,-1) $aCall=DllCall($hPsapi,"int","EnumProcessModules","ptr",$hProcess,"ptr",DllStructGetPtr($tModulesStruct),"dword",DllStructGetSize($tModulesStruct),"dword*","") If $aCall[4]>DllStructGetSize($tModulesStruct) Then $Dimensions = $aCall[4] / $SIZEOFHWND If $Dimensions <= 0 Then $Dimensions = 1 ;just an example ;~ Local $aReturn[$Dimensions] ;This way, you will not get an error $tModulesStruct=DllStructCreate("hwnd ["&$dimensions&"]") $aCall=DllCall($hPsapi,"int","EnumProcessModules","ptr",$hProcess,"ptr",DllStructGetPtr($tModulesStruct),"dword",$aCall[4],"dword*","") EndIf $Dimensions = $aCall[4] / $SIZEOFHWND If $Dimensions <= 0 Then $Dimensions = 1 ;just an example Local $aReturn[$Dimensions] ;This way, you will not get an error For $i=0 To Ubound($aReturn)-1 $aCall=DllCall($hPsapi,"dword","GetModuleFileNameExW","ptr",$hProcess,"ptr",DllStructGetData($tModulesStruct,1,$i+1),"wstr","","dword",65536) $aReturn[$i]=$aCall[3] Next _WinAPI_CloseHandle($hProcess) DllClose($hPsapi) Return $aReturn EndFunc

Thanks!! I've used: #AutoIt3Wrapper_Res_File_Add=dll\test.dll, MY_DLL Instead: #AutoIt3Wrapper_Res_File_Add=dll\test.dll, rt_rcdata, MY_DLL

Hello!! I want to save a DLL that is at the resources (AutoItWrapper). I've used Resources UDF, but the function _ResourceSaveToFile() isn't working... What parameters of the function should I use? > $ResType, $ResLang....?? _ResourceSaveToFile($FileName, $ResName, $ResType = 10, $ResLang = 0, $CreatePath = 0, $DLL = -1) Thanks!!

It's a possibility... but the configs/logs that are created, will be sended to an email at the end of the script, and it isn't possible to recreate it, the information will be lost...

Hello!! I'm making a script that made some logs files and inis with parameters and configs of the script and if a user change something or delete this files, interfere in the script execution... I've done FileSetAttrib with atributes RHS, but it also can be deleted if the dir configuration is to allow to see these files. Somenone knows another way to block file delete and to not read it too? Thanks!! OBS: It isn't a malicious script...

Thanks! I'll try it!

That's weird... I've compiled the script a lot and the changes wasn't at the fileinstall... I'll try, thanks, but if someone have another ideia... @EDIT: After change to full path, i've get a blank error: "Invalid FileInstall() Function:" And at the obfuscator, i've get 2 errors: -###2 Obfuscation Error: Found Execute() statement which will lead to problems running your obfuscated script. >### current Func: _WinAPI_SetLayeredWindowAttributes C:\Program Files\AutoIt3\include\WinAPI.au3(5364,1) Warning for line:$i_transcolor = Execute('0x00' & StringMid($i_transcolor, 5, 2) & StringMid($i_transcolor, 3, 2) & StringMid($i_transcolor, 1, 2)) -###2 Obfuscation Error: Found Execute() statement which will lead to problems running your obfuscated script. >### current Func: Main Script D:\Arquivos Guilherme\Area de Trabalho\Auto It Projetos\Arcade Protector\Anti Hacker Beta.au3(196,1) Warning for line:$dirnormal[$d] = (Execute($dirnormal[$d]))

Hello! After make some changes at my script, i've got an error when i'm compiling with AutoItWrapper: "Invalid FileInstall() Function: splash.jpg"; Someone knows what can it be? Thanks!! @EDIT: The function; FileInstall("splash.jpg",@TempDir & "splash.jpg")

Sorry, i've solved the problem and isn't posted. Thanks Jos...

Hello, i'm getting an error and i need urgent help. Error: ==> The requested action with this object has failed.: $objEmail.Send $objEmail.Send^ ERROR OBS: I've declarated all the varibles needed to the function... And i'm using Gmail SMTP user and settings.. Function Script: ; The UDF Func _INetSmtpMailCom($s_SmtpServer, $s_FromName, $s_FromAddress, $s_ToAddress, $s_Subject = "", $as_Body = "", $s_AttachFiles = "", $s_CcAddress = "", $s_BccAddress = "", $s_Importance="Normal", $s_Username = "", $s_Password = "", $IPPort = 25, $ssl = 0) Global $oMyRet[2] Local $objEmail = ObjCreate("CDO.Message") $objEmail.From = '"' & $s_FromName & '" <' & $s_FromAddress & '>' $objEmail.To = $s_ToAddress Local $i_Error = 0 Local $i_Error_desciption = "" If $s_CcAddress <> "" Then $objEmail.Cc = $s_CcAddress If $s_BccAddress <> "" Then $objEmail.Bcc = $s_BccAddress $objEmail.Subject = $s_Subject If StringInStr($as_Body, "<") And StringInStr($as_Body, ">") Then $objEmail.HTMLBody = $as_Body Else $objEmail.Textbody = $as_Body & @CRLF EndIf If $s_AttachFiles <> "" Then Local $S_Files2Attach = StringSplit($s_AttachFiles, ";") For $x = 1 To $S_Files2Attach[0] $S_Files2Attach[$x] = _PathFull($S_Files2Attach[$x]) ;~ ConsoleWrite('@@ Debug : $S_Files2Attach[$x] = ' & $S_Files2Attach[$x] & @LF & '>Error code: ' & @error & @LF) ;### Debug Console If FileExists($S_Files2Attach[$x]) Then ConsoleWrite('+> File attachment added: ' & $S_Files2Attach[$x] & @LF) $objEmail.AddAttachment($S_Files2Attach[$x]) Else ConsoleWrite('!> File not found to attach: ' & $S_Files2Attach[$x] & @LF) SetError(1) Return 0 EndIf Next EndIf $objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 $objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = $s_SmtpServer If Number($IPPort) = 0 then $IPPort = 25 $objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = $IPPort ;Authenticated SMTP If $s_Username <> "" Then $objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1 $objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusername") = $s_Username $objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendpassword") = $s_Password EndIf If $ssl Then $objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = True EndIf ;Update settings $objEmail.Configuration.Fields.Update ; Set Email Importance Switch $s_Importance Case "High" $objEmail.Fields.Item ("urn:schemas:mailheader:Importance") = "High" Case "Normal" $objEmail.Fields.Item ("urn:schemas:mailheader:Importance") = "Normal" Case "Low" $objEmail.Fields.Item ("urn:schemas:mailheader:Importance") = "Low" EndSwitch $objEmail.Fields.Update ; Sent the Message $objEmail.Send If @error Then SetError(2) Return $oMyRet[1] EndIf $objEmail="" EndFunc ;==>_INetSmtpMailCom ; ; ; Com Error Handler Func MyErrFunc() Global $oMyRet[2] Global $oMyError = ObjEvent("AutoIt.Error", "MyErrFunc") $HexNumber = Hex($oMyError.number, 8) $oMyRet[0] = $HexNumber $oMyRet[1] = StringStripWS($oMyError.description, 3) ConsoleWrite("### COM Error ! Number: " & $HexNumber & " ScriptLine: " & $oMyError.scriptline & " Description:" & $oMyRet[1] & @LF) SetError(1); something to check for when this function returns Return EndFunc ;==>MyErrFunc Help????

Yes... whatever I do, they will be able to hack the game... i know it... So, Thanks everyone!

Bump..

It isn't malicious... i've write in the majority of my topics, sorry... I'm making a game anti hack/cheating and i want to block the original executable from copys and others... and i've find the _Crypt_EncryptFile, but i don't know if its possible to run without save in the user/player computer... With resources can i run it without save? I've been searching about it, but i don't found an alternative. Sorry for my english... EDIT: I've find what System238 said, but the function "RunBinary" isn't working with my executable... The Topic: Someone helps?