Jump to content

Embed DLLs in script and call functions from memory (MemoryDll UDF)


Ward
 Share

Recommended Posts

Mmmmhhh, as far as I can remember, I just tested it before some month ago and it worked but I couldn't hear anything.

Current status is that AutoIt is crashing!

Maybe I tested it with an older MemoryDLL.au3 version!

Thanks anyway!

UEZ

Same problem here, Autoit crashes on loading the bassmod.dll to memory

Link to comment
Share on other sites

  • 1 year later...

Hiho,

i know this is a old thread but i've got a question:

I have c++ source code and compiled it with MS VC++ Express. MemoryDllOpen gives me a return value of 9220680. The DLL has no dependencies nor the /MD switch set on. The size of the DLL as a string ist 92162 bytes. Is this to much? When i run my script i get a "The instruction at 0x7c9236be referenced memory ...."

greetz

Sundance

PS: Using Windows XP SP2/SP3 as clients

Edited by Sundance
Link to comment
Share on other sites

  • 6 months later...

Someone sent me a message about MemoryDll crash on BASS.DLL. I know it, but I don't know why for a long time. These days, I dig it by ollydbg (thank to Oleh Yuschuk) and finally find out the reason. Please try the new version of MemoryDll. If there still some DLL make it crash, please let me know, thanks.

新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了

 

Link to comment
Share on other sites

  • 5 months later...

I updated this old UDF to support x86 and x64 DLL finally. All code are rewritten in AutoIt. Proving AutoIt is easy and powerful again.

新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了

 

Link to comment
Share on other sites

  • 3 weeks later...

I updated this old UDF to support x86 and x64 DLL finally. All code are rewritten in AutoIt. Proving AutoIt is easy and powerful again.

I love this udf, It would be greate if your udf supported SkinH_EL.dll.

But still, great work ward!

Edited by System238
Link to comment
Share on other sites

  • 5 months later...

Using MemoryDLL.au3 with BASSMOD.DLL I got a hard crash (0xC0000005) under WinXP when DEP is activate for all programs and services and the exe is not in the exclusion list.

The script is exactly crashing in function MemoryFuncCall() line $Ret = DllCall($_KERNEL32DLL, $RetType, $_MFHookApi, $Type1, $Param1, $Type2, $Param2, $Type3, $Param3) from Case 8.

Do you need more information?

Br,

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

This UDF still uses DllStucts to store the binary data for the loaded DLL. It should really use _MemVirtualAlloc with $PAGE_EXECUTE_READWRITE. Additionally, if using the beta, I'm pretty sure that DllCallAddress can be substituted in the MemFuncCall function somewhere.

Link to comment
Share on other sites

I forget to use VirtualProtect to change the protection option, or just use _MemVirtualAlloc as wraithdu said.

It is easy to modify, but I have no time for soon.

Thanks UEZ and wraithdu.

新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了

 

Link to comment
Share on other sites

@UEZ

I took a quick look at the UDF again... first try changing all existing calls to _MemVirtualAlloc to use $PAGE_EXECUTE_READWRITE. I'd have to look a little more closely to be sure, but I think all memory allocated in the DllStruct is moved to _MemVirtualAlloc memory already... just need to change the protection. If that doesn't fix it, then we can allocate the initial binary code memory as well.

Link to comment
Share on other sites

I already tried it but without any success. First I need to understand the construct of the code...

My current workaround is to add the exe to the exclusion list via

Run('rundll32.exe sysdm.cpl, NoExecuteAddFileOptOutList "' & @ScriptFullPath & '"', @SystemDir, @SW_HIDE)

To add the path to the registry only is unfortunately not working!

Br,

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

  • 3 months later...
  • 8 months later...

How can you simultaneously call?

Good question.

I suggest you don't use MemoryDLLOpen/...Call/...Close anymore, but the MemLib-functions contained in this UDF.

Something like this is better since we have DLLCallAddress:

$hMod = MemLib_LoadLibrary(...)
$pFunc = MemLib_GetProcAddress($hMod, "SomeFunc")
$aRet = DLLCallAddress("int", $pFunc, "str", "param1", ...)
MemLib_FreeLibrary($hMod)
Edited by ProgAndy

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Link to comment
Share on other sites

How can you simultaneously call?

I have two functions registered with GUIRegisterMsg and one adlib function. In these functions I used MemoryDllCall.

and sometimes when they are called simultaneously(by chance), things get messed up! :blink:

Try this with two adlib functions and see the result.

Something like this is better since we have DLLCallAddress:

$hMod = MemLib_LoadLibrary(...)
$pFunc = MemLib_GetProcAddress($hMod, "SomeFunc")
$aRet = DLLCallAddress("int", $pFunc, "str", "param1", ...)
MemLib_FreeLibrary($hMod)

Hmmm...

I'll look into it.

Thanks :P

Edited by n1maS
Link to comment
Share on other sites

  • 8 months later...

very very good, especially if you use the "File to Base64 String Code Generator by UEZ" to compress the DLL!

thanks for this work, it's a really nice job!

 

I have tried many combinations of trying to use the two scripts together - to no avail. Could you point me in the right direction? Thanks

My original DLL is 600K. Using MemoryDllGen.au3 creates a 1200K file. I wished teh resultant file was smaller , but - THIS WORKS!

I then tried to "use the "File to Base64 String Code Generator by UEZ" to compress the DLL" first - the resultant file was 730K - AWESOME - BUT - once MemoryDllGen.au3 gets done with it, the resultant script doesn't work. So, I then took the output from MemoryDllGen.au3 and assigned it to $DllString (in MemoryDllGen.au3 - remming everything above the assignment out (no file read necessary)) - but sadly that too doesn't work (and the resultant file is 2300K).

I am not asking to be spoon fed, but if someone can point me in the right direction, I'd appreciate it! Thanks!

Edited by innovate2000
Link to comment
Share on other sites

@innovate2000: I don't know how you did it (no source code published) but I showed an example at how to play an MP3 completely from memory which loads the DLL and the MP3 from memory and plays it.

Br,

UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

@innovate2000: I don't know how you did it (no source code published) but I showed an example at how to play an MP3 completely from memory which loads the DLL and the MP3 from memory and plays it.

Br,

UEZ

Dude - you're a monster (in the very best way possible)! Much Respect.

I did look at your examples, but (unless I was more tired than I thought (many late nights)) it looked like a departure from MemoryDLL - not than I can't go in a different direction, but golfinhu's post suggested that the two scripts would work together - but I couldn't get it to work.

Edit: I just re-read both posts - I didn't include the meat of the issue - SQLite. The MemoryDLL method included it's own replacement SQLite infrastucture for seamless integration. As previously stated, golfinhu's post suggested that the two scripts would work together so there's nothing more I'd need to do - but the resultant combo (at least the way I do it) cannot connect to SQLite. I will look at the examples again and see what I need to do.

I saw you included an example ([File to Base 64...] post #34) for FModExample.7z but 4shared requires registration, etc. Is it possible to include the file elsewhere (the more examples the better for me)?

Full disclosure: I am aware that KaFu (post #33 - you seem to second it in post #34) suggests that the [File to Base 64...] is better suited for static objects where MemoryDLL is better for DLL's. I don't know what to think about that as it appears that similar techniques are used in both solutions.

Bottom line, I'd like the embedables to be as small as possible - and I'd hoped that the combination of [File to Base 64...] and MemoryDLL would accomplish that. IF I were to trip across a solution, I'd write a combining script... (which I'd hoped golfinhu would post road markers since it was his/her comment that brought all this on for me - if (s)he actually got the combo to work (I fear (s)he *may* have been hypothesizing?))

In any case - I'd like to learn

Edited by innovate2000
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...