trancexx

_SelfDestruct(), AddResToMe()

26 posts in this topic

#1 ·  Posted (edited)

While running executable modules are locked in a manner that you can't edit them. Accessible for reading, but not for writing.

This means that in order to modify them you must wait till they are done, start a new process to do a modifications and do what ever you want (if you have enough rights).

Ability to do that without additional module (take this conditionally) improves security of an application and makes it more portable. For example, script in this post deletes itself (compiled or not) after it's done. Script from few posts down (link) adds files dropped on executable to its resource section.

Another example would be to add/update configuration data of the module that is stored within it (attached or as a resource), or to add a sort of hash check with ability to update it.

How to do it?

The idea is this (it's actually very obvious): - make a new process that will wait for the main process to exit and then do desired modifications on the main module.

AutoIt's executables are specific. When you run AutoIt, it will look for the script to interpret and if it finds is it will try to run it, and if not it will exit.

Built-in feature of every AutoIt executable is /AutoIt3ExecuteScript command line switch. It tells interpreter to interpret a script of our desire. I will use that.

Another key moment is creating another process. Writing to hard drive is out of the question (because of the lack of coolness and new problems that could arrive upon that). Solution is much more advanced. I already explained the procedure before (link). It's running executables from memory.

I will, in script that follows, start another process (of my wish) and rewrite its memory space in order for it to act as another interpreter. Another AutoIt interpreter. That new interpreter will execute the same script as the original one, but (and here is the catch) under changed circumstances.

Script is written to initially check for the count of a specific Semaphore object. In case it exists it will execute part of the script that actually does the destruction.

Semaphores are used widely before, there is nothing new to say about them.

Not to quibble more, here's the script:

SelfDestruct.au3

edit: New intro. It was pointed out to me from the different directions that the old one was kind of shitty.

Edited by trancexx
2 people like this

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites



That is really cool!

I can't help but feel we ought to have a simpler method... but your's is really high-tech! ;)

/Manko


Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...

Share this post


Link to post
Share on other sites

Yeah, the code isn't very elegant, but I can't argue with the results. Great job!


[font="Verdana"] [size="2"]"[/size][/font]Failure is not an option -- it comes packaged with Windows"[font="Verdana"][size="2"] Gecko Web Browser[/size][/font][font="Verdana"][size="2"], [/size][/font][font="Verdana"][size="2"]Yahtzee![/size][/font][font="Verdana"][size="2"], Toolbar Launcher (like RocketDock)[/size][/font][font="Verdana"][size="2"]Internet Blocker, Simple Calculator, Local Weather, Easy GDI+ GUI [/size][/font][font="Verdana"][size="2"]Triangle Solver, TCP File Transfer, [/size][/font][font="Verdana"][size="2"]Valuater's Autoit Wrappers[/size][/font][font="Verdana"][size="3"][size="2"][size="2"]OOP In AutoIt[/size][/size][/size][/font][font="Verdana"][size="2"][size="1"]Using Windows XP SP3, 1GB RAM, AMD Athlon Processor @ 2.1 GHzCheck me out at gadgets.freehostrocket.com[/size][/size][/font]

Share this post


Link to post
Share on other sites

Thanks.

... and I would need your definition of an elegant code. ;)

@Manko, I'm open for ideas.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

I already explained it before (link). It's running executables from memory.

Fascinating read. I can't say I understand it all, but it's definately very cool. ;)

Share this post


Link to post
Share on other sites

Fascinating read. I can't say I understand it all, but it's definately very cool. ;)

I just reread it, I should work on my English.

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

I dont think a standard batch file runs in a vdm. the VDM is for 16-bit dos apps. However this is pretty cool.

You are absolutely right.

To make it up I wrote another script. This one will add any file you drop on compiled script to its resource section. Look for type RT_RCDATA, name 1 (you can use for example this script to verify).

AddResToMe.au3

New functions are not commented.

I .bet no .bat can do that.

Edited by trancexx

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Awesome script trancexx Posted Image, 5 stars from me.


73 108 111 118 101 65 117 116 111 105 116

Share this post


Link to post
Share on other sites

84 104 97 110 107 115

...your sig style.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

You are absolutely right.

To make it up I wrote another script. This one will add any file you drop on compiled script to its resource section. Look for type RT_RCDATA, name 1 (you can use for example this script to verify).

AddResToMe.au3

New functions are not commented.

I .bet no .bat can do that.

Now thats cool. 5 stars.

HKTunes:Softpedia | GoogleCodeLyricToy:Softpedia | GoogleCodeRCTunes:Softpedia | GoogleCodeMichtaToolsProgrammer n. - An ingenious device that turns caffeine into code.

Share this post


Link to post
Share on other sites

I just reread it, I should work on my English.

I thought English was your first language. ;)

Share this post


Link to post
Share on other sites

That AddResToMe script looks very promising, but I can't figure out how to use it properly. After I add a file to the compiled script, it no longer runs.

Share this post


Link to post
Share on other sites

Don't use UPX.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Don't use UPX.

Yep, that did it. Thanks. I was thinking of making a self-contained archive(like) app. Are there means to remove resources from a compiled script?

Share this post


Link to post
Share on other sites

Yep, that did it. Thanks. I was thinking of making a self-contained archive(like) app. Are there means to remove resources from a compiled script?

Of course.

But there could be dependencies between resources. The best advice I can give you is find ResourcesViewerAndCompiler.au3 and _ResDelete() function. That function covers all possible cases.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#17 ·  Posted (edited)

Sweet, thnx. Is there any way to drag multiple files into the compiled script?

edit: Clarification....drag multiple files into a compiled script at once.

Edited by spudw2k

Share this post


Link to post
Share on other sites

Sweet, thnx. Is there any way to drag multiple files into the compiled script?

edit: Clarification....drag multiple files into a compiled script at once.

Just grab as many files as you like and drop them. Then parse $CmdLine, both in _Do() and _CheckForThingsToDo() functions. That's trivial.

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#19 ·  Posted (edited)

I would've thought so too, but my element count in the $CmdLine doesn't seem to change if I drag more than one file.

edit: Nevermind. I was checking the $CmdLine array after the _CheckForThings... func and it changes the array. Thanks.

Edited by spudw2k

Share this post


Link to post
Share on other sites

I would love to see what will you come up with.

Don't forget to post when ( ;) ) it's done.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now