topten

Reading Exe file first 10000 bytes and then writing them to another binary file

20 posts in this topic

How can I Read .Exe file(autoit)  first 10000 bytes and then write them to another binary file

1 person likes this

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

You can't, AutoIt does not allow you decompile the script and this type of threads are prohibited in the forum :naughty:. Please read Forum Rules

Oops Sorry :P

Edited by TheDcoder

AutoIt.4.Life Clubrooms - Life is like a Donut (secret key)

Spoiler

My contributions to the AutoIt Community

Some messages & Apologizes:

If I hurt you, Please accept my apologies, I never (regardless of the situation) mean to hurt anybody!!!

Also, I am very busy with my project so I will appear in the last row of the online list, if you want to contact me: Email@TheDcoder.xyz

Or you can have a nice chat with me in freenode, I use the same nick on freenode too!

3fHNZJ.gif

PLEASE JOIN ##AutoIt AND HELP THE IRC AUTOIT COMMUNITY!

Share this post


Link to post
Share on other sites

How can I Read .Exe file(autoit)  first 10000 bytes and then write them to another binary file

 

Why?

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

@TheDcoder

What part of the OPs post led you to make yours?

@topten

Assuming you haven't already done so, check out the FileOpen functions section in the help file.

It might be helpful to post what you have tried so far, which might improve the support you recieve and assist others understanding of what you are trying to achieve.

Vlad

Share this post


Link to post
Share on other sites

Thanx for your comments!

@TheDcoder   :ILA3:

@Mobius

I know that I can write into binary file 4 bytes

$hFile = FileOpen("test.bin", BitOR(16, 1)) 
FileWrite($hFile, Binary(547)) ;should write 4 bytes 
FileClose($hFile)

But How can I know exactly that I've read from another .exe file N bytes?

@Jos

I am trying to make an utility which can help editing/adding/deleting hex data

Share this post


Link to post
Share on other sites

@Jos

I am trying to make an utility which can help editing/adding/deleting hex data

.... that much a gathered from your question but that doesn't explain what your real goal is.

Why poke around with hex data of a compiled program?

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

@Jos:   The fisherman wont tell the fish why he needs worms :)

 

If seriously, I have an idea of creating autoit based av, which can analyze the code of malware by the bytes of code

1 person likes this

Share this post


Link to post
Share on other sites

 

@TheDcoder   :ILA3:

 Me too, I love Linux & AutoIt :)


AutoIt.4.Life Clubrooms - Life is like a Donut (secret key)

Spoiler

My contributions to the AutoIt Community

Some messages & Apologizes:

If I hurt you, Please accept my apologies, I never (regardless of the situation) mean to hurt anybody!!!

Also, I am very busy with my project so I will appear in the last row of the online list, if you want to contact me: Email@TheDcoder.xyz

Or you can have a nice chat with me in freenode, I use the same nick on freenode too!

3fHNZJ.gif

PLEASE JOIN ##AutoIt AND HELP THE IRC AUTOIT COMMUNITY!

Share this post


Link to post
Share on other sites

up the topic

Share this post


Link to post
Share on other sites

topten,

I have an idea of creating autoit based av, which can analyze the code of malware by the bytes of code

If I were you, I would find another idea - AutoIt is not really suited for such a task. ;)

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

@Melba23. To be honest I've made a lot of products, using Autoit, and I am sure about the abilities of this language and I am proud of AutoIt. I know AutoIt has gained some negative comments, because of being used by malware creators. I have an idea which will lead AutoIt onto a new level

Share this post


Link to post
Share on other sites

The problem is that AutoIt isn't really a language suited for such a program. It's too slow for one thing, who wants their AV software bogging down their system every time they touch a file?


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

@

BrewManNH 

It is a long story to explain how I got this idea. But accordingly to my experience AutoIt is much smarter and It is much quicker and much more elegant way doing certain operations than other languages do. 

Btw is it really big secret  "How can I know exactly that I've read from another .exe file N bytes?"  :)

Share this post


Link to post
Share on other sites

FileRead with a number in the Count parameter. Use FileOpen with the Binary setting first.

How are you planning on updating this, what type of signature file(s) are you planning on using?

Still think no one is going to trust a scripting language to do AV work, especially when said scripts can't be effectively secured from hackers.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Btw is it really big secret  "How can I know exactly that I've read from another .exe file N bytes?"  :)

Think opening the Helpfile should have given you most of the pointers already as it is well documented ... so no secrets here. ;)

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Thank you, people for you support

Forgive me please for offtopic, I am answering to this part

"Still think no one is going to trust a scripting language to do AV work, especially when said scripts can't be effectively secured from hackers."

It is the question of trust really.  If you read this article http://www.nthelp.com/av_software_spying_on_you.htm you will understand that many AVs can be spying on your systems and that "googleupdate" processes sitting in your trays etc.

So as a result- we are a part of big world where everyone (companies, AV companies)  everywhere are competing with each other try to persuade users that "software A is good and software B is bad. Who will win this competition? I think no one- but if I persuade 300 of users to use AUTOIT based AV- it will be a small viktory for me

Share this post


Link to post
Share on other sites

@topten

I'm been a user of autoit for like 3years and for file operations it isn't the best bet, try C#, python,,,you can do what you want but will be terribly slow (as already pointed)

 

"Still think no one is going to trust a scripting language to do AV work, especially when said scripts can't be effectively secured from hackers."

You think compiled languages are effectively secured from hackers?


Heroes, there is no such thing

One day I'll discover what IE.au3 has of special for so many users using it.
C'mon there's InetRead and WinHTTP, way better
happy.png

Share this post


Link to post
Share on other sites
Kyan ,

1) It is the question of preferences. You say "it isn't the best bet, try C#, python,,,", but inspite of all those facts- You are HERE :) It means that for some reason- you are using Autoit not them :)

2) Fast or slow? hmm- when you come to the dentist You wont care- will he do it fast or slow, You would care if it would be done without pain :) Common users, believe me are not so choosy as programmers and they dont even know the difference. I will be the best friend of those of them who just start using the av and continue doing their things as usual.

Share this post


Link to post
Share on other sites

When so many others try to dissuade you and yet you persist, hell that's the kind of stubbornness I can respect. ;)

If you must try and write an Antivirus in AutoIt dude just be careful the damned thing doesn't flag or try to delete itself. :lol:

4 people like this

Share this post


Link to post
Share on other sites

LOL. Respect.

To tell the truith- I was not going to innitiate this type of discussion- I just asked a silly question. The answer was "Think opening the Helpfile should have given you most of the pointers already as it is well documented ... so no secrets here. ;)"

Anyway, I appreciate very much all your posts people :thumbsup:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now