DeltaRocked Posted November 10, 2011 Share Posted November 10, 2011 (edited) Hello , I have been trying to use Themida with the following code but I just dont seem to get it right. I am using XBundler with the attached configuration. ExtractType[1]="Never write to disk" ExtractType[2]="Never write to disk" FileName[1]="D:\tools\psexec.exe" FileName[2]="D:\tools\POC.exe" Below are the two scripts which are being used. This code is being protected by Themida #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_UseUpx=n #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #include<file.au3> #include<array.au3> $array = _FileListToArray(@ScriptDir) _ArrayDisplay($array) $var = RunWait(@ComSpec & " /c psexec.exe /accepteula -s -i -d POC.exe", @ScriptDir, @SW_SHOW) MsgBox(0, '1', $var & @CRLF & @error) $var = RunWait(@ComSpec & " /c poc.exe", @ScriptDir, @SW_SHOW) MsgBox(0, '2', $var & @CRLF & @error) This Code is called by the protected exe , whose conf has been displayed above. #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_outfile=D:\tools\POC.exe #AutoIt3Wrapper_Compression=4 #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** $var1=Run(@ComSpec & " /c calc", @ScriptDir, @SW_SHOW) FileWriteLine('c:\ac.log',$var1) Can anyone help me in resolving this issue. as I need to execute the exe's which are a part of XBundler. Regards DeltaRocked [EDIT/UPDATE] It seems ShellExecute, ShellExecuteWait, Run and RunWait are unable to find the file which has been bundled by XBundler. But _FileListtoArray is able to view the files. I think , opening the file in read mode and then executing it directly in memory will do the trick... hmmmm ... writing my thoughts aloud --- I think there is a UDF available.... need to find it... and understand how to use it.... No Shortcuts... [EDIT/UPDATE] Found the UDF .... its by TranceXX runBinary.au3 .... but struggling with the code execution from within Themida .... Any Help ? Edited November 10, 2011 by deltarocked Link to comment Share on other sites More sharing options...
rcmaehl Posted November 10, 2011 Share Posted November 10, 2011 Well I skimmed the Themida/XBundler Trial help files. The help files didn't help me understand how Themida/XBundler work exactly although a virtual machine was mentioned. If you can tell me exactly how the code is "protected" I could probably help or you can try using Sysinternals/NirSoft tools. Also, why isn't obfuscator (included in the full SciTe4autoit good enough? My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.My Projects WhyNotWin11Cisco Finesse, Github, IRC UDF, WindowEx UDF Link to comment Share on other sites More sharing options...
DeltaRocked Posted November 11, 2011 Author Share Posted November 11, 2011 (edited) The code is not protected but the exe is.... Why is the code not protected ? because code protection is available for C C++ Delphi etc and not for autoit . [EDIT/UPDATE] XBundler will bundle up DLLs and Other files but not exe's . So I have to find some other way .... Edited November 11, 2011 by deltarocked Link to comment Share on other sites More sharing options...
DeltaRocked Posted November 22, 2011 Author Share Posted November 22, 2011 It seems, there is no way to execute an exe created with Autoit in memory .... and my troubles are far from over.... Link to comment Share on other sites More sharing options...
joakim Posted March 3, 2012 Share Posted March 3, 2012 You can protect autoit programs too if you manipulate the exe a little. Steps required:Compile the script to an exe.Extract the encoded script which is found right after the end of the resource section, and save it.Delete the encoded script from the exe.Open the exe in a PE editor and add the encoded script as a new section.Protect the exe with Themida.Recommended PE editor; http://www.cgsoftlabs.ro/studpe.htmlI verified this working with a 3 year old version of Themida. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now