Jump to content

Subrogation


trancexx
 Share

Recommended Posts

This is a friendlier example of Subrogation than the XM Player :D

The awesome thing is, I'm understanding what is happening and how it works! I'm going to spend many hours playing with this. Now that I can subrogate the DLL I need into my new project, I can have everything I need from it.

Thanks trancexx!

James Posted Image

Link to comment
Share on other sites

This looks quite interesting, but I'm having trouble understanding how this is any different from MemoryDLL.

Subtitle says a lot.

Still, there are huge differences. For example, AutoIt is understood by many, opcodes only by some.

Is there a limit on what programs can be the Subrogor? Can I use the compiled script itself (@ScriptName) or svchost.exe?

If you can get module handle (_WinAPI_GetModuleHandle) of the subrogor than it can't/shouldn't be used.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites

  • 1 year later...
  • 4 years later...

Thank you TranceXX,

i did a lot of extensive testing with the memorydll.au3 - to no avail.

then, today, after some days, i found this thread by purpose, but i don't know how :-D ... and it works... it simply works.

thank you for saving my day(s)

 

rsRVpv.gif

Link to comment
Share on other sites

  • 9 months later...
3 hours ago, trancexx said:

Surely there is some executable available.

What system is that?

Well I will be running this in WinPE, so explorer.exe wont always be available. I tried other window's essentials like svchost, winload, cmd, rundll32, etc and no go, all return @Error 6. It seems that every thing I try gives that error.

What is what? What is what.

Link to comment
Share on other sites

16 minutes ago, Mugen said:

Try "winlogon.exe", it works here with Windows 7 and 10.

Ok thanks! That should do it.

Edit: Wait no, still error 6, im using build 10.0.14986

Edited by Biatu

What is what? What is what.

Link to comment
Share on other sites

Created this function to test it...
 

#Include "Subrogation.au3"
#Include <File.au3>
#Include <Array.au3>
$aArray=_FileListToArrayRec("C:\Windows\system32\","*.exe",1,0,0,0)
;_ArrayDisplay($aArray)
$vBin=BinDll("C:\windows\system32\kernel32.dll")
$iFailed=0
$iSuccess=0
For $i=1 To $aArray[0]
        $hDll=DllFromMemory($vBin,"C:\Windows\system32\"&$aArray[$i])
        If @error Then
            ConsoleWrite($aArray[$i]&",Error "&@Error&@CRLF)
            $iFailed+=1
        Else
            ConsoleWrite($aArray[$i]&",Success"&@CRLF)
            DllClose($hDll)
            $iSuccess+=1
        EndIf
    ;EndIf
Next
ConsoleWrite("-"&$iFailed&" Failed"&@CRLF)
ConsoleWrite("-"&$iSuccess&" Succedded"&@CRLF)
Sleep(10000)

 

What is what? What is what.

Link to comment
Share on other sites

  • 3 weeks later...

Hello,

I wrote a script which is  using SQLite3.dll , and I would like to embed the dll in the compiled exe file ,

Looks like your script is exactly what I need , I copied the code to my script and made the $sSubrogee  points to SQLite3.dll

and the $sSubrogor point to my compiled application

but it didn't work !

 

I am new to AutoIT , could you please point me to the right way to do this ?

Thanks

Edited by BisherSH
Link to comment
Share on other sites

On ‎9‎.‎2‎.‎2017‎. at 0:32 PM, BisherSH said:

I am able to make it work  if the dll file exist ,

But what I need actually is to embed the whole dll inside the exe file NOT the dll path, is it possible ?

How difficult could that be?? Did you try? Can you show the code?

Nobody is helping you much because it's trivial. There are scripts around that do the job for you. All you have to do is cherry pick.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites

10 hours ago, Mugen said:

Hi Trancexx,

One thing I wonder about, I use a dll that uses cdecl calling convention.
Well it works :)

But should I change the DllMain simulation accordingly to

If $iEntryPoint Then DllCallAddress("bool:cdecl", $pEntryFunc, "ptr", $pBaseAddress, "dword", 1, "ptr", 0) ; DLL_PROCESS_ATTACH

or does it not matters here?

You shouldn't. DllMain is always stdcall.

♡♡♡

.

eMyvnE

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...