Jump to content

Recommended Posts

I am looking for a way to set up either VIRTUAL_PROTECT or PAGE_GUARD for memory protection. I currently don't know how to do this, I have made the encryption for my EXE Protector, the RunPE module, and basically everything that I need. I also have made an advanced obfuscation tool, which I might release here on the forums in the future, to make sure the code is impossible to be understood. However, people can dump the original EXE from memory when I am injecting it. So how would I implement VIRTUAL_PROTECT, PAGE_GUARD or other methods of protecting memory?

Share this post


Link to post
Share on other sites

lmao this all sounds malicious af m8

at this point why not use a language like C++ or something lol

Share this post


Link to post
Share on other sites

giangnguyen,

Quote

people can dump the original EXE from memory when I am injecting it

From the forum rules:

Do not ask for help with AutoIt scripts, post links to, or start discussion topics on the following subjects:
[...]
•Running or injecting any code (in any form) intended to alter the original functionality of another process.

So please explain why I should not close this thread - and it had best be very good!

M23 


Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

It is not intended to alter the original functionality of another process. It just injects code into itself using RunPE. @ScriptFullPath, not @ComSpec or "C:\Windows\Explorer.exe". Therefore it is not injecting code intended to alter the original functionality of another process. 

If I am making something malicious, why would I be interested in Page Guard? I would be more focused in obfuscating and hiding the script if I am a malware writer. Just sayen.

2 hours ago, Skitty said:

lmao this all sounds malicious af m8

at this point why not use a language like C++ or something lol

 

It is not malicious, that is the first thing

And I am only learning, and I don't know C++/C yet. Intending to learn them in a few months time.

Share this post


Link to post
Share on other sites

giangnguyen,

However, doing so is against the spirit of the rules and so I am going to close this thread. Please continue your education elsewhere.

M23


Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Similar Content

    • By Colduction
      Q1) How to do GUIDelete() while using the script when a specific process starts?
      Q2) How to change (X) "Close"button behavior? 
      Q3) I am VPS Retailer and i want to control my Users that uses bad programs, such as Port Scanners and so on... I had created script to tell me what are they doing, but they removes my script from Windows Registry Startup paths, Common Startup paths, Task Schedules and so on... How to make my script protect itself from being closed and start as main process of windows at startup? 
    • By ManualIT
      Guys, i need help on creating a script that restarts a program once it starts using more than 1GB of memory.
      No idea how to start on the script, i don't know which functions i should use for process memory reading.
       
      My mind is in total blank at the moment, so i need a kick start
    • By Pricehacker
      Hello!
      Im wondering if it is possible to 'empty' the variable value to save memory, for example i often use variable as a onetime use thing and would prefer to 'forget' it after is is used
      Maybe it is just as easy as to setting $vVar = Null, but i wanted to make sure that this is the case
    • By CarlD
      Is there a reliable way to ensure that data assigned to variables in a script is overwritten or deleted when the script exits? I have scripts that encrypt/decrypt data and would like to ensure, if possible, that the encryption keys and decrypted data do not stay in memory after the script exits. Thanks.
    • By Tersion
      Here test example of a dummy program with random added controls to the main form:
      If #include <GuiListView.au3> is commented out, then this simple program uses around 3,5 MB of RAM. When #include <GuiListView.au3> NOT commented out - RAM usage is around 13-14 MB.
      How can I reduce memory usage? Even if I'm not using GuiListView.au3 - 3,5 MB quite a bit for a such dummy program!
      I found out that using this DLLCall in main loop:
      DllCall("psapi.dll", "int", "EmptyWorkingSet", "long", -1) Significantly reduces RAM usage (even with GuiListView.au3 included, from 13-14 MB to 600 KB !!! ) but I'm not sure if it's doesn't have any impact to common workflow of a program...
      So, give me any advice about that, please.
×
×
  • Create New...