Jump to content

Recommended Posts

I am looking for a way to set up either VIRTUAL_PROTECT or PAGE_GUARD for memory protection. I currently don't know how to do this, I have made the encryption for my EXE Protector, the RunPE module, and basically everything that I need. I also have made an advanced obfuscation tool, which I might release here on the forums in the future, to make sure the code is impossible to be understood. However, people can dump the original EXE from memory when I am injecting it. So how would I implement VIRTUAL_PROTECT, PAGE_GUARD or other methods of protecting memory?

Share this post


Link to post
Share on other sites

lmao this all sounds malicious af m8

at this point why not use a language like C++ or something lol

Share this post


Link to post
Share on other sites

giangnguyen,

Quote

people can dump the original EXE from memory when I am injecting it

From the forum rules:

Do not ask for help with AutoIt scripts, post links to, or start discussion topics on the following subjects:
[...]
•Running or injecting any code (in any form) intended to alter the original functionality of another process.

So please explain why I should not close this thread - and it had best be very good!

M23 


Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

It is not intended to alter the original functionality of another process. It just injects code into itself using RunPE. @ScriptFullPath, not @ComSpec or "C:\Windows\Explorer.exe". Therefore it is not injecting code intended to alter the original functionality of another process. 

If I am making something malicious, why would I be interested in Page Guard? I would be more focused in obfuscating and hiding the script if I am a malware writer. Just sayen.

2 hours ago, Skitty said:

lmao this all sounds malicious af m8

at this point why not use a language like C++ or something lol

 

It is not malicious, that is the first thing

And I am only learning, and I don't know C++/C yet. Intending to learn them in a few months time.

Share this post


Link to post
Share on other sites

giangnguyen,

However, doing so is against the spirit of the rules and so I am going to close this thread. Please continue your education elsewhere.

M23


Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By SteveJM
      When I use DllStructCreate() to reserve a chunk of memory I would like to know if I can rely on that memory being initialized to zero. Experience suggests that it is, but I have been searching to try and find a definitive statement anywhere that this is the case. I apologise if I have missed somewhere. Part of the reason for this question is so that my next search (after my personal memory has dimmed) should yield a link to this post, hopefully with an answer.
      A number of DLLs I use have structs where a few parts have to be explicitly set and other parts are reserved with the instruction that they must be set to zero. Because DllStructCreate() appears to zero-initialise the memory, I tend to forget to do it explicitly and everything seems to work. I am wondering whether I have been lucky and am storing up trouble for myself. It seems likely that the OS has been asked for zeroed memory, but without a promise in the documentation for DllStructCreate(),  perhaps that could change? Perhaps the developers wish to reserve the right to change their minds?
    • By mLipok
      This UDF was created for give any kind of support for GDPR solutions in AutoIt.
       
      #include "GDPR.au3" #AutoIt3Wrapper_Run_AU3Check=Y #AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 -w 7 #Tidy_Parameters=/sort_funcs /reel ; #AutoIt3Wrapper_Run_Debug_Mode=Y _Example() Func _Example() _GDPR_Crypter_Wrapper(_Example_Crypter) Local $sText = 'AutoIt v3 is a freeware BASIC-like scripting language designed for automating the Windows GUI and general scripting.' MsgBox(0, @ScriptLineNumber, _GDPR_Anonymize_String($sText)) Local $dCrypted = _GDPR_Crypt_String($sText) MsgBox(0, @ScriptLineNumber, $dCrypted & @CRLF & @error & @CRLF & @extended) Local $sDecrypted = _GDPR_DeCrypt_AsString($dCrypted) MsgBox(0, @ScriptLineNumber, $sDecrypted & @CRLF & @error & @CRLF & @extended) _GDPR_Crypt_File(@ScriptFullPath, @ScriptFullPath & '.CRYPTED') If @error Then ConsoleWrite('! ---> @error=' & @error & ' @extended=' & @extended & ' : _GDPR_Crypt_File' & @CRLF) _GDPR_DeCrypt_File(@ScriptFullPath & '.CRYPTED', @ScriptFullPath & '.DECRYPTED.au3') If @error Then ConsoleWrite('! ---> @error=' & @error & ' @extended=' & @extended & ' : _GDPR_DeCrypt_File' & @CRLF) EndFunc ;==>_Example Func _Example_Crypter($dBinaryData, $bDataAlreadyEncrypted) _Crypt_Startup() ; Start the Crypt library. Local $dResult If $bDataAlreadyEncrypted Then $dResult = _Crypt_DecryptData($dBinaryData, 'securepassword', $CALG_3DES) ; Decrypt the data using the generic password string. The return value is a binary string. Else $dResult = _Crypt_EncryptData($dBinaryData, 'securepassword', $CALG_3DES) ; Encrypt the text with the new cryptographic key. EndIf _Crypt_Shutdown() ; Shutdown the Crypt library. Return $dResult EndFunc ;==>_Example_Crypter  
      Download link:
       
      WIKI:
      This UDF was added here:  https://www.autoitscript.com/wiki/User_Defined_Functions
       
       
    • By Chimp
      After watching this movie (https://www.youtube.com/watch?v=cPiDHXtM0VA) I wanted to try the test to see how much i could compete with that chimpanzee so i created this script.
      well, actually passing that test is a lot harder than it sounds. With the difficulty set to seven numbers and a display time of one second, I can only remember 2 or 3 numbers ... (what a disappointment)
      I can only do better if I reduce the slider to 5 numbers and increase the storage time to 2 seconds (the easyest level), a very poor performance. That chimpanzee is great.
      The script offers you a sequence of 10 random quizzes. At the end it gives you the percentage of your "level". The chimpanzee resolves on average 8 out of 10 (80%), so you can compare your performance to that of the chimpanzee.
      How to play:
      Run the script. At the beginning there are 2 sliders at the bottom of the screen where you can set the difficulty level by varying the memorization time and the amount of numbers to memorize as you like. After setting the difficulty, click the circle on the bottom left to get started. after the first move the sliders are no longer displayed until the next game, (the game lasts 10 attempts, there is a progress bar at the bottom of the screen to see where you are) between one test and the other of the ten, click on the circle to move on to the next test have fun.
      #include <GUIConstants.au3> #include <MsgBoxConstants.au3> #include <Array.au3> #include <WinAPIMisc.au3> ; HotKeySet("{ESC}", "_EndOfGame") Global $iNumbersToGuess = 7, $iExpositionTime = 1000, $iMatches = 10, $iMatchesWon Global $aNumbers[10] = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] Global $aButtons[10], $aControls[5] Global $iWinWidth = @DesktopWidth / 2, $iWinHeight = @DesktopHeight / 2, $iButtonXSide = Int($iWinWidth / UBound($aNumbers)), $iButtonYSide = Int($iWinHeight / UBound($aNumbers)), $sWinTitle = "Beat the Chimp" Global $aX[Int($iWinWidth / $iButtonXSide)], $aY[Int($iWinHeight / $iButtonYSide)], $iNdx = 0, $aPoints[3], $score, $GUIGetMsg, $iDockHeight = 50, $iProgrssHeight = 5 For $i = 0 To (Int($iWinWidth / $iButtonXSide) - 1) * $iButtonXSide Step $iButtonXSide $aX[$iNdx] = $i $iNdx += 1 Next $iNdx = 0 For $i = 0 To (Int($iWinHeight / $iButtonYSide) - 1) * $iButtonYSide Step $iButtonYSide $aY[$iNdx] = $i $iNdx += 1 Next Global Const $iDockLeftBorder = 200, $iForeColor = 0xFFFFFF, $iBackColor = 0x000000 Global $hGUI = GUICreate($sWinTitle, $iWinWidth, $iWinHeight + $iDockHeight + $iProgrssHeight, @DesktopWidth / 4, @DesktopHeight / 5) GUISetBkColor($iBackColor, $hGUI) ; the circle to continue playing $aControls[0] = GUICtrlCreateLabel(ChrW(0x25EF), 0, $iWinHeight + 1, 100, $iDockHeight, 0x01) ; GUICtrlSetTip(-1, "Click the circle," & @CRLF & "then click the squares" & @CRLF & "in numeric order.") GUICtrlSetFont(-1, 24, 900) GUICtrlSetColor(-1, $iForeColor) GUICtrlSetBkColor(-1, $iBackColor) ; slider for the amount of numbers to guess $aControls[2] = GUICtrlCreateSlider($iDockLeftBorder, $iWinHeight, $iWinWidth - $iDockLeftBorder, Int($iDockHeight / 2)) GUICtrlSetLimit(-1, 10, 5) ; 5 steps 5 (easy) to 10 (hard) GUICtrlSetData(-1, $iNumbersToGuess) ; label for the amount of quizzes $aControls[1] = GUICtrlCreateLabel("Numbers : " & GUICtrlRead($aControls[2]), 100, $iWinHeight + 1, 100) GUICtrlSetColor(-1, $iForeColor) ; slider for the exposition time $aControls[4] = GUICtrlCreateSlider($iDockLeftBorder, $iWinHeight + (Int($iDockHeight / 2)), $iWinWidth - $iDockLeftBorder, $iDockHeight / 2) GUICtrlSetLimit(-1, 8, 1) ; 8 steps (0f 250ms each) GUICtrlSetData(-1, $iExpositionTime / 250) ; label for the exposition time $aControls[3] = GUICtrlCreateLabel("ms to show : " & GUICtrlRead($aControls[4]) * 250, 100, $iWinHeight + 1 + (Int($iDockHeight / 2)), 100) GUICtrlSetColor(-1, $iForeColor) ; progress bar of the match Global $idProgressbar = GUICtrlCreateProgress(0, $iWinHeight + $iDockHeight, $iWinWidth, $iProgrssHeight) ; Create buttons For $i = 0 To 9 $aButtons[$i] = GUICtrlCreateLabel($i + 1, $iWinWidth + 5, $iWinHeight + $iDockHeight + $iProgrssHeight + 5, $iButtonXSide, $iButtonYSide, 0x01) GUICtrlSetFont($aButtons[$i], 24) GUICtrlSetColor($aButtons[$i], $iForeColor) GUICtrlSetBkColor($aButtons[$i], $iBackColor) Next GUISetState(@SW_SHOW) ; --- Main loop --- Do ; New game $iMatchesWon = 0 GUICtrlSetData($idProgressbar, 0) For $iRound = 1 To $iMatches ; the game lasts $iMatches rounds $iNdx = 0 ; reset pointer (index to the next correct answer) _HideControls(__get_IDs_by_indexes($aButtons, $aNumbers)) ; remove the numbers from the screen ; show the dock and wait (only in the first round are also shown the sliders) _ShowControls($iRound = 1 ? $aControls : $aControls[0]) ; display the dock's control(s) While 1 Switch GUIGetMsg() Case $aControls[0] ; The circle (play a new quiz) ExitLoop Case $aControls[2] ; slider to choose how many numbers to guess $iNumbersToGuess = GUICtrlRead($aControls[2]) GUICtrlSetData($aControls[1], "Numbers : " & $iNumbersToGuess) Case $aControls[4] ; slider to choose how long (milliseconds) to show the numbers $iExpositionTime = GUICtrlRead($aControls[4]) * 250 ; 8 steps of 250 milliseconds each GUICtrlSetData($aControls[3], "ms to show : " & $iExpositionTime) Case $GUI_EVENT_CLOSE _EndOfGame() EndSwitch WEnd _HideControls($aControls) ; hide the dock Sleep(750) ; wait a bit $aQuiz = _GenerateQuiz($iNumbersToGuess) ; generate random elements to guess _SpreadControls(__get_IDs_by_indexes($aButtons, $aQuiz)) ; scatter the numbers on the GUI _ShowControls(__get_IDs_by_indexes($aButtons, $aQuiz)) ; display the numbers Sleep($iExpositionTime) ; leave numbers visible for a short time _MaskControls(__get_IDs_by_indexes($aButtons, $aQuiz)) ; mask the numbers GUICtrlSetData($idProgressbar, Round($iRound / $iMatches * 100)) ; _ShowControls(__get_IDs_by_indexes($aButtons, $aQuiz)) ; <------------- keep numbers visible FOR DEBUG PURPOSE ONLY! While 1 ; wait for a move $GUIGetMsg = GUIGetMsg() If $GUIGetMsg = $GUI_EVENT_CLOSE Then _EndOfGame() ; scan all quiz buttons to check if one was pressed For $i = 0 To UBound($aQuiz) - 1 ; $aButtons) - 1 If $GUIGetMsg = $aButtons[$aQuiz[$i] - 1] Then If $i = $iNdx Then ; -------------------------- ; actions for a right move ; -------------------------- ; hide the guessed number _HideControls($aButtons[$aQuiz[$i] - 1]) ; --------------------------------- ; check if this round is complete ; --------------------------------- If $iNdx = (UBound($aQuiz) - 1) Then _WinAPI_PlaySound("SystemExclamation", Null, BitOR($SND_ALIAS, $SND_ASYNC)) $iMatchesWon += 1 ExitLoop 2 EndIf ; play a short ok sound ; _WinAPI_PlaySound("FaxBeep", Null, BitOR($SND_ALIAS, $SND_ASYNC)) ; "SystemAsterisk" $iNdx += 1 ; set index to next correct answer Else ; -------------------------- ; actions for a wrong move ; -------------------------- ; show all the right sequence _ShowControls(__get_IDs_by_indexes($aButtons, $aQuiz)) _WinAPI_PlaySound("DeviceFail", Null, BitOR($SND_ALIAS, $SND_ASYNC)) ; give a little time to the user to control it Sleep(1500) ; go to next step ExitLoop 2 EndIf EndIf Next WEnd ; loop till end of match $score = Round($iMatchesWon / $iMatches * 100, 2) ; percentage Select Case $score < 80 $sResult = "The chimp beat you!" Case $score > 80 $sResult = "You beat the chimp!" Case $score = 80 $sResult = "You tied the chimp." EndSelect Next ; next round ; game over? Until MsgBox($MB_YESNO + $MB_ICONINFORMATION + $MB_TASKMODAL + $MB_SETFOREGROUND, _ "Game over", _ "You got " & $score & "% correct." & @CRLF & _ "Ayumu averages 80% correct." & @CRLF & $sResult & @CRLF & @CRLF & _ "do you want to try again?") <> 6 Func _SpreadControls($aTemp) ; place the required numbers scattered on the GUI SRandom(@YEAR + @MON + @MDAY + @HOUR + @MIN + @SEC) _ArrayShuffle($aX) _ArrayShuffle($aY) ; first, place all buttons out of GUI For $i = 0 To UBound($aButtons) - 1 GUICtrlSetPos($aButtons[$i], $iWinWidth + 5, $iWinHeight + $iDockHeight + $iProgrssHeight + 5) GUICtrlSetState($aButtons[$i], $GUI_DISABLE) Next ; Then place only the numbers of this quiz in visible area For $i = 0 To UBound($aTemp) - 1 GUICtrlSetPos($aTemp[$i], $aX[$i], $aY[$i]) GUICtrlSetState($aTemp[$i], $GUI_ENABLE) Next EndFunc ;==>_SpreadControls Func _GenerateQuiz($iNumElements) ; generate an array of required random numbers SRandom(@YEAR + @MON + @MDAY + @HOUR + @MIN + @SEC) Local $aTemp[$iNumElements] _ArrayShuffle($aNumbers) For $i = 0 To $iNumElements - 1 $aTemp[$i] = $aNumbers[$i] Next _ArraySort($aTemp) Return $aTemp EndFunc ;==>_GenerateQuiz Func _ShowControls($aTemp) ; render controls visible (and enabled) $aTemp = _EnforceArray($aTemp) For $i = 0 To UBound($aTemp) - 1 GUICtrlSetState($aTemp[$i], $GUI_SHOW) GUICtrlSetColor($aTemp[$i], $iForeColor) GUICtrlSetBkColor($aTemp[$i], $iBackColor) Next EndFunc ;==>_ShowControls Func _MaskControls($aTemp) ; mask the controls $aTemp = _EnforceArray($aTemp) For $i = 0 To UBound($aTemp) - 1 GUICtrlSetColor($aTemp[$i], $iForeColor) GUICtrlSetBkColor($aTemp[$i], $iForeColor) Next EndFunc ;==>_MaskControls Func _HideControls($aTemp) ; hide the controls (implies disable) $aTemp = _EnforceArray($aTemp) For $i = 0 To UBound($aTemp) - 1 GUICtrlSetState($aTemp[$i], $GUI_HIDE) ; $GUI_DISABLE) ; GUICtrlSetColor($aButtons[$aTemp[$i] - 1], $iBackColor) ; GUICtrlSetBkColor($aButtons[$aTemp[$i] - 1], $iBackColor) Next EndFunc ;==>_HideControls Func _EnforceArray($vParam) ; if only one value is passed, turn it into an array of only 1 element If Not IsArray($vParam) Then Local $aTemp[1] = [$vParam] Return $aTemp EndIf Return $vParam EndFunc ;==>_EnforceArray Func __get_IDs_by_indexes(ByRef $aCtrls, ByRef $aNdxs) ; returns the handles of the controls pointed to by the indexes Local $aTemp[UBound($aNdxs)] For $i = 0 To UBound($aNdxs) - 1 $aTemp[$i] = $aCtrls[$aNdxs[$i] - 1] Next Return $aTemp EndFunc ;==>__get_IDs_by_indexes Func _EndOfGame() ; _WinAPI_PlaySound ("SystemExit" , Null, $SND_ALIAS) GUIDelete() Exit EndFunc ;==>_EndOfGame P.S. At this link (https://web.archive.org/web/20131006161544/http://games.lumosity.com/chimp.html) there is a Flash version of this game.
    • By RestrictedUser
      Q1) How to do GUIDelete() while using the script when a specific process starts?
      Q2) How to change (X) "Close"button behavior? 
      Q3) I am VPS Retailer and i want to control my Users that uses bad programs, such as Port Scanners and so on... I had created script to tell me what are they doing, but they removes my script from Windows Registry Startup paths, Common Startup paths, Task Schedules and so on... How to make my script protect itself from being closed and start as main process of windows at startup? 
    • By ManualIT
      Guys, i need help on creating a script that restarts a program once it starts using more than 1GB of memory.
      No idea how to start on the script, i don't know which functions i should use for process memory reading.
       
      My mind is in total blank at the moment, so i need a kick start
×
×
  • Create New...