Ward Posted September 17, 2011 Posted September 17, 2011 This function simply find what file will launch when you just type the file name in command line. It match file extension defined in %PATHEXT% and search in working directory and %PATH%. This is a my new trial of binary code. Obviously, this function need windows API, but you can't find any API except CallWindowProc. In fact, the binary code locate and store API address by itself, even on different system. I already tested on winxp and win7. If it crash on some system, please let me know, thanks. Reveal hidden contents #Include <Memory.au3> ConsoleWrite(WhereIs("cmd") & @CRLF) ConsoleWrite(WhereIs("notepad") & @CRLF) ConsoleWrite(WhereIs("explorer") & @CRLF) ConsoleWrite(WhereIs("services") & @CRLF) Func WhereIs($File) Static $CodePtr If Not $CodePtr Then If @AutoItX64 Then Exit MsgBox(16, "AutoIt Error", "AutoIt x64 not supported !!") Local $Code = "0x5589E5FF7508E8260500005DC2100053555657E8000000005D81ED1D1040003E83BDE416400000740B8D853C1740005F5E5D5BC36A013E8F85E4164000E81702000089C68DBD3C174000B85A11400001E850FF1689C3B86711400001E85053FF56048907B87311400001E85053FF5604894704B88411400001E85053FF5604894708B89111400001E85053FF560489470CB89B11400001E85053FF5604894710B8A411400001E85053FF5604894714B8AD11400001E85053FF5604894718B8BC11400001E85053FF560489471CB8CF11400001E85053FF5604894720B8E711400001E85053FF5604894724B8FC11400001E85053FF5604894728B80D12400001E850FF1689C3B81812400001E85053FF560489472CB81F12400001E850FF1689C3B82B12400001E85053FF5604894730B83B12400001E85053FF5604894734B84E12400001E85053FF560489473889F85F5E5D5BC36B65726E656C33322E646C6C00467265654C696272617279004765744C6F6E67506174684E616D6557005365744572726F724D6F6465006C737472636D706957006C73747263707957006C7374726C656E57004C6F61644C696272617279457857004765744D6F64756C6546696C654E616D655700476574456E7669726F6E6D656E745661726961626C65570047657443757272656E744469726563746F7279570047657446756C6C506174684E616D6557006D73766372742E646C6C007763736368720073686C776170692E646C6C005061746846696C6545786973747357005061746846696E64457874656E73696F6E57005061746846696E644F6E50617468570053555657E8000000005D81ED671240008DB578174000C706651F4405C74604828240C7836608006A04565731C9648B71308B760C8B761C8B46088B7E208B3666394F1875F25F5E89C603403C89F30358788B4B1889F7037B1C5789F7037B248B5B2001F35189F003035689C631D2AC84C0750489D0EB0BB107F6E130C2C1C20CEBEC5E8D8D7817400080390074233911751A8B5424040FB707C1E0028B040201F08901FF4C2408750359EB0D8D4904EBD88D5B04474759E2AB83C4088D85781740005F5E5D5BC351E8000000005981E92B13400001C859C3E8D9FCFFFFFF602CE8D1FCFFFFFF20E8CAFCFFFFFF6004E8C2FCFFFFFF6008E8BAFCFFFFFF600CE8B2FCFFFFFF6010E8AAFCFFFFFF6014E8A2FCFFFFFF6018E89AFCFFFFFF601CE892FCFFFFFF6020E88AFCFFFFFF6024E882FCFFFFFF6028E87AFCFFFFFF6030E872FCFFFFFF6034E86AFCFFFFFF6038535657B8E8164000E86BFFFFFF89C6833E0074068B065F5E5BC368FF7F0000B884174000E84FFFFFFF50B874144000E844FFFFFF50E896FFFFFF85C0751BB884144000E830FFFFFF50B884174000E825FFFFFF50E857FFFFFFB884174000E815FFFFFF50E84FFFFFFF8D480101C951B884174000E8FFFEFFFF5901C1B8E8164000E8F2FEFFFF89C6890E89CEB884174000E8E2FEFFFF89C731C9893C8E516A3B57E8E3FEFFFF89C383C4085985DB75074183248E00EB0A668323008D7B0241EBD989F05F5E5BC3700061007400680065007800740000002E0043004F004D003B002E004500580045003B002E004200410054003B002E0043004D0044003B002E005600420053003B002E005600420045003B002E004A0053003B002E004A00530045003B002E005700530046003B002E005700530048003B002E004D005300430000005589E5535657FF7508E89FFEFFFF89C366833B2E740431C0EB25E89EFEFFFF89C731F68B0CB785C974135153E834FEFFFF85C0750531C040EB0546EBE631C05F5E5B5DC20400C80800005356578B750866833E00750789F0E98D010000FF7508E840FEFFFF85C074496800800000B8841F4100E8BDFDFFFF50FF7508E8D4FDFFFF6A00B8841F4200E8A8FDFFFF506800800000B8841F4100E898FDFFFF50E8FAFDFFFFB8841F4200E888FDFFFFE938010000B8841F4100E879FDFFFF506800800000E8CEFDFFFFB8841F4100E864FDFFFF8945F88365FC00FF7508E820FFFFFF85C0743AFF7508B8841F4200E844FDFFFF50E876FDFFFF8D45F850B8841F4200E830FDFFFF50E8AAFDFFFF85C0740FB8841F4200E81CFDFFFFE9CC000000FF7508B8841F4200E80AFDFFFF50E83CFDFFFFB8841F4200E8FAFCFFFF50E834FDFFFF89C301DBB8841F4200E8E6FCFFFF01C3E867FDFFFF89C731F68B0CB785C9742E5153E805FDFFFF8D45F850B8841F4200E8BFFCFFFF50E839FDFFFF85C0740CB8841F4200E8ABFCFFFFEB5E46EBCBB881144000E89CFCFFFF89C76A01E8BBFCFFFF89C66A016A00FF7508E8CDFCFFFF89C385DB742C6800800000B8841F4100E870FCFFFF5053E8B9FCFFFF85C0740CB8841F4100E85BFCFFFF89C753E86CFCFFFF56E875FCFFFF89F85F5E5BC9C20400000000000000000000000000000000" $Code = Binary($Code) $CodePtr = _MemVirtualAlloc(0, BinaryLen($Code) + 200000, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE) If $CodePtr = 0 Then Exit MsgBox(16, "AutoIt Error", "Out of memory !!") Local $Buffer = DllStructCreate("byte[" & BinaryLen($Code) & "]", $CodePtr) DllStructSetData($Buffer, 1, $Code) EndIf Local $Ret = DllCall("user32.dll", "wstr", "CallWindowProc", "ptr", $CodePtr, _ "wstr", $File, _ "int", 0, _ "int", 0, _ "int", 0) Return $Ret[0] EndFunc 新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了。
Yashied Posted September 18, 2011 Posted September 18, 2011 (edited) What about PathSearchAndQualify()? #Include <WinAPIEx.au3> ConsoleWrite(_WinAPI_PathSearchAndQualify('cmd.exe', 1) & @CR) ConsoleWrite(_WinAPI_PathSearchAndQualify('notepad.exe', 1) & @CR) ConsoleWrite(_WinAPI_PathSearchAndQualify('explorer.exe', 1) & @CR) ConsoleWrite(_WinAPI_PathSearchAndQualify('services.exe', 1) & @CR) Edited September 18, 2011 by Yashied My UDFs: Reveal hidden contents iKey | FTP Uploader | Battery Checker | Boot Manager | Font Viewer | UDF Keyword Manager | Run Dialog Replacement | USBProtect | 3D Axis | Calculator | Sleep | iSwitcher | TM | NetHelper | File Types Manager | Control Viewer | SynFolders | DLL Helper Animated Tray Icons UDF Library | Hotkeys UDF Library | Hotkeys Input Control UDF Library | Caret Shape UDF Library | Context Help UDF Library | Most Recently Used List UDF Library | Icons UDF Library | FTP UDF Library | Script Communications UDF Library | Color Chooser UDF Library | Color Picker Control UDF Library | IPHelper (Vista/7) UDF Library | WinAPI Extended UDF Library | WinAPIVhd UDF Library | Icon Chooser UDF Library | Copy UDF Library | Restart UDF Library | Event Log UDF Library | NotifyBox UDF Library | Pop-up Windows UDF Library | TVExplorer UDF Library | GuiHotKey UDF Library | GuiSysLink UDF Library | Package UDF Library | Skin UDF Library | AITray UDF Library | RDC UDF Library Appropriate path | Button text color | Gaussian random numbers | Header's styles (Vista/7) | ICON resource enumeration | Menu & INI | Tabbed string size | Tab's skin | Pop-up circular menu | Progress Bar without animation (Vista/7) | Registry export | Registry path jumping | Unique hardware ID | Windows alignment More...
Ward Posted September 18, 2011 Author Posted September 18, 2011 On 9/18/2011 at 12:10 AM, Yashied said: What about PathSearchAndQualify()?Different. For example, "services" is "services.msc", not .exe. 新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了。
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now