Sign in to follow this  
Followers 0
tntteam

Check the validity of a executable file

19 posts in this topic

Hi !

I am looking for a way to silently run an exe file that would not output any warning message from WINDOWS.

Example :

-I put a 64bits .exe file on my 32bits o/s

-I run this program from autoit

-Bim a big WINDOWS error "not a valid 32 bits file".

This is ONE of many errors that could happen.

So I need a way to TRY to run this file without any error message.

Any ideas ?

Thanks !!

Share this post


Link to post
Share on other sites

Learn how to use Olly Debugger.

Share this post


Link to post
Share on other sites

Remove any messages he wants to not appear. Unless there is indeed an easier way to do this in AutoIt.

Share this post


Link to post
Share on other sites

Remove any messages he wants to not appear. Unless there is indeed an easier way to do this in AutoIt.

So you suggest to modify an AutoIt3 script with Ollydebug to avoid this error messages or should he patch windows with it?

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Perhaps I misread the original post. I was under the assumption that he wanted to remove messages from non-AutoIt executables, meaning any other .exe file, in which case he could use OllyDBG to change around code in the executable.

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Perhaps I misread the original post. I was under the assumption that he wanted to remove messages from non-AutoIt executables, meaning any other .exe file, in which case he could use OllyDBG to change around code in the executable.

I read it that he wants to check if the EXE he is about to run is valid for the OS, avoiding the error you would get when you shell a X64 program on a x86 OS. Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

These clues tell me that these are not AutoIt exe files...

way to silently run an exe file

-I put a 64bits .exe file on my 32bits o/s -I run this program from autoit

This is ONE of many errors that could happen

I don't think AutoIt can suppress errors on it's own, but if you know what to expect, AutoIt can look for these specific windows and close them as soon as they pop up so there would only be a flicker of the window on the screen.


010101000110100001101001011100110010000001101001011100110010000

001101101011110010010000001110011011010010110011100100001

My Android cat and mouse game
https://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek

We're gonna need another Timmy!

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

You can look at the PE format to determine whether its a 32-bit or x64 executable. I've created a UDF that returns information that will allow you to determine that and more (if its an actual executable, or a DLL file, etc). You just need to check the returned array and do bit-tests on the Characteristics part (BitAnd()).

_FileCheckWinPEFormat

Example (also in the UDF [commented-out], and on the site):

;~ $sFileToTest=@WindowsDir&"\notepad.exe"
$sFileToTest=@SystemDir&"\user32.dll"
$iTimer=TimerInit()
$aPEData=_FileCheckWinPEFormat($sFileToTest)
If Not @error Then
    ConsoleWrite("Time to execute:"&TimerDiff($iTimer)&" ms"&@CRLF)
    MsgBox(0,"PE file information","For file '"&$sFileToTest&"', PE information retrieved:"&@CRLF& _
        "Machine target: 0x"&Hex($aPEData[0])&", PE File Characteristics: 0x"&Hex($aPEData[1])&@CRLF)
EndIf

*edit: While I include the basic values and bits from the most recent pecoff specification, here's a link to the Microsoft site for more on the PE format:

Microsoft Portable Executable and Common Object File Format Specification

*edit: To check for 32-bit PE files, just check array[0] for '0x14c'. 64-bit files are '0x8664' (x64) or '0x200' (IA64 )

Edited by Ascend4nt

Share this post


Link to post
Share on other sites

Thanks for the ideas.

I'm trying your FileCheckWinPEFormat function with no success yet but I don't think it's going to give the result I wish.

Let me explain a bit more :

I'm not looking for a specific 64bits/32bits test, but more what kaotkbliss said : I want to suppress any error message that would pop when I try to run an .exe file, like adding a '@' : @function() would suppress error messages on PHP.

The problem is the program I run is external to my script so the script can't tell him 'silent !'.

I really don't know how I could do this, and I think it's not possible yes :\

Share this post


Link to post
Share on other sites

Ahh well, just 'any' error can't be suppressed since the O/S will most likely be giving you error messages when trying to execute something.

I gave you at least one method to suppress messages for .EXE files that aren't meant to run on the O/S (by checking that the format is valid before executing it). For other file types, you'd most likely have to check the files first also.

Share this post


Link to post
Share on other sites

Thanks for the ideas.

I'm trying your FileCheckWinPEFormat function with no success yet but I don't think it's going to give the result I wish.

Let me explain a bit more :

I'm not looking for a specific 64bits/32bits test, but more what kaotkbliss said : I want to suppress any error message that would pop when I try to run an .exe file, like adding a '@' : @function() would suppress error messages on PHP.

The problem is the program I run is external to my script so the script can't tell him 'silent !'.

I really don't know how I could do this, and I think it's not possible yes :\

Do this:
$iOldMode = _SetErrorMode(1) ; SEM_FAILCRITICALERRORS
Run("Invalid.exe")
_SetErrorMode($iOldMode)


Func _SetErrorMode($iMode)
    Local $aCall = DllCall("kernel32.dll", "dword", "SetErrorMode", "dword", $iMode)
    If @error Then Return SetError(1, 0, 0)
    Return $aCall[0]
EndFunc

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Nice find, trancexx! The 'reroute' of error messages makes one wonder where they can be captured by the application though. Not that I can think of a good reason to do such a thing at the moment..

Share this post


Link to post
Share on other sites

Nice find, trancexx! The 'reroute' of error messages makes one wonder where they can be captured by the application though. Not that I can think of a good reason to do such a thing at the moment..

GetLastError of course.

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Do this:

$iOldMode = _SetErrorMode(1) ; SEM_FAILCRITICALERRORS
Run("Invalid.exe")
_SetErrorMode($iOldMode)


Func _SetErrorMode($iMode)
    Local $aCall = DllCall("kernel32.dll", "dword", "SetErrorMode", "dword", $iMode)
    If @error Then Return SetError(1, 0, 0)
    Return $aCall[0]
EndFunc

You rocks =)

It's perfect (but I don't understand all what it does, I guess it ask kernel32.dll to change the errormode to be silent, so kernel32.dll controls every .exe calls ?)

Thanks :idea:

Share this post


Link to post
Share on other sites

No edit button ?

Anyway, I just noticed something : your script worked for me because it use "run" and I was using "shellexecute".

I tried by using only "run" and without your code, and any error message is hidden (not found, not authorized, not win32 app, etc.).

So the solution is "use Run" :idea:

Share this post


Link to post
Share on other sites

#17 ·  Posted (edited)

In SMF I use the following function to determine exe-type...

Func _GetBinaryType($file)
    ;http://msdn.microsoft.com/en-us/library/aa364819(VS.85).aspx
    ;Local Const $ERROR_BAD_EXE_FORMAT = 193

    If Not FileExists($file) Then Return SetError(1, 0, 0)

    Local $stType = DllStructCreate("dword;")

    $aRet = DllCall("kernel32.dll", "hwnd", "GetBinaryTypeW", "wstr", $file, "ptr", DllStructGetPtr($stType))
    ; http://msdn.microsoft.com/en-us/library/aa364819%28VS.85%29.aspx
    If $aRet[0] = 0 Then Return "Not an executable file"
    #cs
        If $aRet[0] = 0 Then
        ConsoleWrite($file & @TAB & _WinAPI_GetLastError() & @CRLF)
        If _WinAPI_GetLastError() = 193 Then
        Return "DLL file"
        Else
        Return "Not an executable file"
        EndIf
        EndIf
    #ce

    ; Local Const $SCS_32BIT_BINARY = 0 ; A 32-bit Windows-based application
    ; Local Const $SCS_DOS_BINARY = 1 ; An MS-DOS – based application
    ; Local Const $SCS_WOW_BINARY = 2 ; A 16-bit Windows-based application
    ; Local Const $SCS_PIF_BINARY = 3 ; A PIF file that executes an MS-DOS – based application
    ; Local Const $SCS_POSIX_BINARY = 4 ; A POSIX – based application
    ; Local Const $SCS_OS216_BINARY = 5 ; A 16-bit OS/2-based application
    ; Local Const $SCS_64BIT_BINARY = 6 ; A 64-bit Windows-based application

    Switch DllStructGetData($stType, 1)
        Case 0
            Return "32-bit Windows-based application"
        Case 1
            Return "MS-DOS – based application"
        Case 2
            Return "16-bit Windows-based application"
        Case 3
            Return "PIF file that executes an MS-DOS – based application"
        Case 4
            Return "POSIX – based application"
        Case 5
            Return "16-bit OS/2-based application"
        Case 6
            Return "64-bit Windows-based application"
    EndSwitch
EndFunc   ;==>_GetBinaryType

Could be easily used in a wrapper to check against OSArch...

Edited by KaFu

Share this post


Link to post
Share on other sites

Another good find, KaFu. Dang, there's so many good API functions I miss!

Share this post


Link to post
Share on other sites

What should he do with Ollydebug?

I used that to get my game to work without CD

LOL

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0