Sign in to follow this  
Followers 0
Ward

Locate the executable file

3 posts in this topic

This function simply find what file will launch when you just type the file name in command line. It match file extension defined in %PATHEXT% and search in working directory and %PATH%.

This is a my new trial of binary code. Obviously, this function need windows API, but you can't find any API except CallWindowProc. In fact, the binary code locate and store API address by itself, even on different system.

I already tested on winxp and win7. If it crash on some system, please let me know, thanks.

#Include <Memory.au3>
 
ConsoleWrite(WhereIs("cmd") & @CRLF)
ConsoleWrite(WhereIs("notepad") & @CRLF)
ConsoleWrite(WhereIs("explorer") & @CRLF)
ConsoleWrite(WhereIs("services") & @CRLF)
 
Func WhereIs($File)
    Static $CodePtr
    If Not $CodePtr Then
        If @AutoItX64 Then Exit MsgBox(16, "AutoIt Error", "AutoIt x64 not supported !!")
        Local $Code = "0x5589E5FF7508E8260500005DC2100053555657E8000000005D81ED1D1040003E83BDE416400000740B8D853C1740005F5E5D5BC36A013E8F85E4164000E81702000089C68DBD3C174000B85A11400001E850FF1689C3B86711400001E85053FF56048907B87311400001E85053FF5604894704B88411400001E85053FF5604894708B89111400001E85053FF560489470CB89B11400001E85053FF5604894710B8A411400001E85053FF5604894714B8AD11400001E85053FF5604894718B8BC11400001E85053FF560489471CB8CF11400001E85053FF5604894720B8E711400001E85053FF5604894724B8FC11400001E85053FF5604894728B80D12400001E850FF1689C3B81812400001E85053FF560489472CB81F12400001E850FF1689C3B82B12400001E85053FF5604894730B83B12400001E85053FF5604894734B84E12400001E85053FF560489473889F85F5E5D5BC36B65726E656C33322E646C6C00467265654C696272617279004765744C6F6E67506174684E616D6557005365744572726F724D6F6465006C737472636D706957006C73747263707957006C7374726C656E57004C6F61644C696272617279457857004765744D6F64756C6546696C654E616D655700476574456E7669726F6E6D656E745661726961626C65570047657443757272656E744469726563746F7279570047657446756C6C506174684E616D6557006D73766372742E646C6C007763736368720073686C776170692E646C6C005061746846696C6545786973747357005061746846696E64457874656E73696F6E57005061746846696E644F6E50617468570053555657E8000000005D81ED671240008DB578174000C706651F4405C74604828240C7836608006A04565731C9648B71308B760C8B761C8B46088B7E208B3666394F1875F25F5E89C603403C89F30358788B4B1889F7037B1C5789F7037B248B5B2001F35189F003035689C631D2AC84C0750489D0EB0BB107F6E130C2C1C20CEBEC5E8D8D7817400080390074233911751A8B5424040FB707C1E0028B040201F08901FF4C2408750359EB0D8D4904EBD88D5B04474759E2AB83C4088D85781740005F5E5D5BC351E8000000005981E92B13400001C859C3E8D9FCFFFFFF602CE8D1FCFFFFFF20E8CAFCFFFFFF6004E8C2FCFFFFFF6008E8BAFCFFFFFF600CE8B2FCFFFFFF6010E8AAFCFFFFFF6014E8A2FCFFFFFF6018E89AFCFFFFFF601CE892FCFFFFFF6020E88AFCFFFFFF6024E882FCFFFFFF6028E87AFCFFFFFF6030E872FCFFFFFF6034E86AFCFFFFFF6038535657B8E8164000E86BFFFFFF89C6833E0074068B065F5E5BC368FF7F0000B884174000E84FFFFFFF50B874144000E844FFFFFF50E896FFFFFF85C0751BB884144000E830FFFFFF50B884174000E825FFFFFF50E857FFFFFFB884174000E815FFFFFF50E84FFFFFFF8D480101C951B884174000E8FFFEFFFF5901C1B8E8164000E8F2FEFFFF89C6890E89CEB884174000E8E2FEFFFF89C731C9893C8E516A3B57E8E3FEFFFF89C383C4085985DB75074183248E00EB0A668323008D7B0241EBD989F05F5E5BC3700061007400680065007800740000002E0043004F004D003B002E004500580045003B002E004200410054003B002E0043004D0044003B002E005600420053003B002E005600420045003B002E004A0053003B002E004A00530045003B002E005700530046003B002E005700530048003B002E004D005300430000005589E5535657FF7508E89FFEFFFF89C366833B2E740431C0EB25E89EFEFFFF89C731F68B0CB785C974135153E834FEFFFF85C0750531C040EB0546EBE631C05F5E5B5DC20400C80800005356578B750866833E00750789F0E98D010000FF7508E840FEFFFF85C074496800800000B8841F4100E8BDFDFFFF50FF7508E8D4FDFFFF6A00B8841F4200E8A8FDFFFF506800800000B8841F4100E898FDFFFF50E8FAFDFFFFB8841F4200E888FDFFFFE938010000B8841F4100E879FDFFFF506800800000E8CEFDFFFFB8841F4100E864FDFFFF8945F88365FC00FF7508E820FFFFFF85C0743AFF7508B8841F4200E844FDFFFF50E876FDFFFF8D45F850B8841F4200E830FDFFFF50E8AAFDFFFF85C0740FB8841F4200E81CFDFFFFE9CC000000FF7508B8841F4200E80AFDFFFF50E83CFDFFFFB8841F4200E8FAFCFFFF50E834FDFFFF89C301DBB8841F4200E8E6FCFFFF01C3E867FDFFFF89C731F68B0CB785C9742E5153E805FDFFFF8D45F850B8841F4200E8BFFCFFFF50E839FDFFFF85C0740CB8841F4200E8ABFCFFFFEB5E46EBCBB881144000E89CFCFFFF89C76A01E8BBFCFFFF89C66A016A00FF7508E8CDFCFFFF89C385DB742C6800800000B8841F4100E870FCFFFF5053E8B9FCFFFF85C0740CB8841F4100E85BFCFFFF89C753E86CFCFFFF56E875FCFFFF89F85F5E5BC9C20400000000000000000000000000000000"
        $Code = Binary($Code)
        $CodePtr = _MemVirtualAlloc(0, BinaryLen($Code) + 200000, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)
        If $CodePtr = 0 Then Exit MsgBox(16, "AutoIt Error", "Out of memory !!")
        Local $Buffer = DllStructCreate("byte[" & BinaryLen($Code) & "]", $CodePtr)
        DllStructSetData($Buffer, 1, $Code)
    EndIf
    Local $Ret = DllCall("user32.dll", "wstr", "CallWindowProc", "ptr", $CodePtr, _
                                                "wstr", $File, _
                                                "int", 0, _
                                                "int", 0, _
                                                "int", 0)
    Return $Ret[0]
EndFunc


新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了

 

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

What about PathSearchAndQualify()?

#Include <WinAPIEx.au3>
 
ConsoleWrite(_WinAPI_PathSearchAndQualify('cmd.exe', 1) & @CR)
ConsoleWrite(_WinAPI_PathSearchAndQualify('notepad.exe', 1) & @CR)
ConsoleWrite(_WinAPI_PathSearchAndQualify('explorer.exe', 1) & @CR)
ConsoleWrite(_WinAPI_PathSearchAndQualify('services.exe', 1) & @CR)
Edited by Yashied

Share this post


Link to post
Share on other sites

Different. For example, "services" is "services.msc", not .exe.

新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0