Sign in to follow this  
Followers 0
Manko

ProDLLer: Unknown code running? Befriend or Kill!

100 posts in this topic

#41 ·  Posted (edited)

@trancexx: Thanks for the vote of confidence, but I don't have the slightest idea how to work with bios/cmos. I saw some 16-bit code and some explanations that was WAY above my level... (Hurt my brains...) Also... Your thought for wraithdus dllcalls... My code is full of such things... (Not proud!) And ascendants recent discovery is likely due to such shortcuts... Or something worse... :)

@wraithdu: Thanks for the update! I will use it! ;P

@ascendant: Hey, man! Nice to see you! And MANY thanks for reporting an error! A rare occurance... Moore please!

...but you misunderstand, the sanitation part is getting rid of all my crappy and potentially dangerous code... ;)

It's most likely the arrayghost.... Can you give me info for duplicating the issue or can you run code through scite and give me error?

About detecting crashed app.... It's only Prodller itself that checks if it's deadlocked, when you use "Suspend all", so you won't end up with the whole computer frozen....

I'm glad your research/development is progressing! :)

/Manko [EDIT: Must show gratitude! Reporting errors rarely happen!]

Edited by Manko

Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...

Share this post


Link to post
Share on other sites



@trancexx: Thanks for the vote of confidence, but I don't have the slightest idea how to work with bios/cmos. I saw some 16-bit code and some explanations that was WAY above my level... (Hurt my brains...) Also... Your thought for wraithdus dllcalls... My code is full of such things... (Not proud!) And ascendants recent discovery is likely due to such shortcuts... Or something worse... :)

...

That's ok, I know how to work with cmos.

That 16 bit code that you mention is not what's important (it even almost makes no sense saying it's 16 bit code). What's important is that code is run through virtual dos machine where there is no distinction between kernel and user mode. That's why it's working. It's the same code but compiled to .com (not .exe).

And if you run it as it would normaly be run on 32 bit systems it would cause crash because it's not allowed from where you are (user mode). Privileged instruction is attempted and signaled in that case and application terminated.

My question was how to go around that without the driver used for that purposes.

About DllCall()... @error check must follow every DllCall() function because of returned array. That's the law. Otherwise you are risking unwanted termination every time you try to access that array.


 

.

eMyvnE

Share this post


Link to post
Share on other sites

BSoD on Windows 7 when GlobalHook pressed. Posted Image

Share this post


Link to post
Share on other sites

Seems to work fine now! Thanks.

Share this post


Link to post
Share on other sites

Manko that's bullshit.

(middle part is ok though)


 

.

eMyvnE

Share this post


Link to post
Share on other sites

New Version!

"Force Terminate!" is finalized.

Terminate with extreme prejudice!

Check out the other cool features too!

Most Recent changes...
; 0.494
; Change: Skipped fileinstall of driver. Some anti-virus reported it as suspicious behaviour... sigh...
; Change: Finally converted to 3.3.6.1. Had to change 3 things...
; Added: Kernel function for iterating threads. "Force Terminate!" is finalized.
; Fixed: Small bugfix...
; 0.493
; Added: More info on systemthreads.
; Added: "Force Terminate!" system threads!
; Added: Stop new procs from running! New processes are terminated before they have a chance to run any code.
; Added: Partial implementation of "kernel notification callbacks"-viewing/disabling... not all... yet... and only xp, now...
; Added: Set KernelService-starttype to "System" or "Boot" also.
; Change: "Ensure new processes visible" was VERY irritating, stopped it.
; Added: View Service-dependencies... Good for deciding if services are critical...
; Fixed: "Thread-list" - Choosing List Modules in context menu, did nothing... Now works for dlls... Maybe fix others?
; Fixed: Speedup of driver itteration, would crash in some cases. Redundancy of checking established.
; Fixed: Fix some functions forcing us out of "suspendall".

Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...

Share this post


Link to post
Share on other sites

Hey man, good to see you're still developing this nice system utility. Looks pretty nice.

Only, there's a little bug on my system.. When I click the 'Threads' button, the right listview panel begins to populate but freezes partway into it. I'm running it on Windows XP+SP3, tried running both the executable and the AutoIT script separately - both with the same deadlock. I have to End-Task the thing unfortunately.

By the way - when are you gonna put 'tip' text on the Buttons (GUICtrlSetTip)? I still don't touch most because I haven't the slightest idea of what will happen if I click them :mellow:

Share this post


Link to post
Share on other sites

#48 ·  Posted (edited)

So... we meet again. Will you be shooting me soon?

Go figures you'd find a bug I can't readily reproduce?! Again! :P

I do XPsp3 too... And it works here...

Are you using any funky security apps that might be interfering?

If so I could install and see...

Does it atleast get past the systemthreads?

Well you are right again... I should do tips... No knowing which button blows up your puter otherwise. :mellow:

/Manko

Edited by Manko

Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...

Share this post


Link to post
Share on other sites

Okay, I tracked down the issue. It has to do with this function call:

$mlret = DllCall($hDll, "str*", "GetModuleNameFromAddress", "int", $threads[$i][1], "int", $threads[$i][4])

It *only* locks up when the Process ID # for the process 'CTxfispi.exe' is reached. This appears to be an audio driver for my SB X-FI PCI-Express sound card.

When I put in a test for the Process ID, and avoided the function call for that specific process, everything else populated correctly.

Share this post


Link to post
Share on other sites

New Version!

G'day Manko

Love the program it's helped me out many many times when I'm hunting for virus on computers.

I'm getting an error with this version though. :P

It keeps giveing me

" Could not aquire DRIVER handle! "

BTW Can I suggest you make this a "msgbox" as the first few times I missed it as I was doign other things. Also it's a critical error that stops the program so deserves something better than a tool tip. :mellow:

The same error orrcurs if I run your precompiled version, one I've compiled or from SciTE.

I did do a little error checking but I have no idea what to look at in this area.

$test1 = My_Service_Create("skeleton", "Skeleton Driver", @ScriptDir & "\skeleton.sys", $SERVICE_KERNEL_DRIVER, $SERVICE_DEMAND_START, $SERVICE_ERROR_IGNORE, 0)
$test2 = _Service_Start("skeleton")
MsgBox(0,"Start Service", "Test1 = " & $test1 & @CR & "Test2 = " & $test2)
$hColdBoot = DllCall("kernel32.dll", "int", "CreateFile", "str", "\\.\skeleton", "dword", 0xc0000000, _
        "dword", 0, "dword", 0, "dword", 3, "dword", 0, "dword", 0)
If $hColdBoot[0] < 1 Then
    ToolTip(@LF & "   Could not aquire DRIVER handle!   " & @LF)
    Sleep(3000)
    Exit
Else
    $hColdBoot = $hColdBoot[0]
EndIf

The Msgbox returns

Test1 = 1

Test2 = 0

Not sure if that helps.

Any ideas or things you can suggest I check.

Thanks

Share this post


Link to post
Share on other sites

Ascend4nt: Wow! Yet again you come to the rescue! I'll check into it. I'll download and see if I can check. Otherwise I'll beg for a copy... :mellow:

storme: I had to skip fileinstalling the "skeleton.sys"-driver cause some anti-virus complained of suspicious behaviour.

Now you have to manually copy all files to the same dir. Especially the .exe, .dll and .sys has to be in same dir even though it's compiled.

Still got problems?

And yes, I will make them msgboxes again. I changed all msgboxes because they don't work if one suspends certain procs...

...but as these notifications occur before that scenario, it should not be a problem.

Thanks!

/Manko


Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...

Share this post


Link to post
Share on other sites

#52 ·  Posted (edited)

storme: I had to skip fileinstalling the "skeleton.sys"-driver cause some anti-virus complained of suspicious behaviour.

Now you have to manually copy all files to the same dir. Especially the .exe, .dll and .sys has to be in same dir even though it's compiled.

Still got problems?

Yep saw the comment about that. It is a shame. :party:

All I did to start with was extract the files from your zip file and click the EXE file.

I.E. everything that you supplied was there in the one directory. :party:

Actually becauce I don't trust EXE files I used your source first then when it didn't work I tried the pre-compiled version. :mellow:

I also tried it from my laptop and it gives the same error.

And yes, I will make them msgboxes again. I changed all msgboxes because they don't work if one suspends certain procs...

...but as these notifications occur before that scenario, it should not be a problem.

I understand. :P Edited by storme

Share this post


Link to post
Share on other sites

#53 ·  Posted (edited)

@storme:I think I might have fixed tghe issue you reported. Try it! (As a sideeffect it seems you can run multiple copies of ProDLLer now. Don't know if that is good...)

Also I have changed to Messageboxes. :mellow:

@Ascend4nt:I have done tooltips for the buttons now. Hope you'all won't be afraid to test them now! :P

I have been unsuccessful at repeating your problem as of yet. Though I have tried 6 copies of the file you mentioned...

/Manko

; 0.494
; Fixed: Skeleton service not loading properly under unknown circumstances... Reported by storme. Fixed?
; Added: Tooltips for buttons. Hope it enboldens users. There is no selfdestruct... almost... Muahhahahaha!
Edited by Manko

Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...

Share this post


Link to post
Share on other sites

I hope 64bit version will be available somewhere in the future. I would really love to try new versions :mellow:


 

.

eMyvnE

Share this post


Link to post
Share on other sites

on win 7 x64

Line 12378  (File "C:\Users\rain\Desktop\lol\ProDLLer.exe"):


Error: Variable used without being declared.

Did u make dll and exe yourslf?


edited

Share this post


Link to post
Share on other sites

I made dll and all but the skeleton of the driver myself, yes, in assembler, and that is the problem... the assembler i use does not support 64-bit. There is a 64-bit version of masm, but there are problems...

Hmm... You're not even supposed to be able to run it in 64-bit...

@trancexx: I'm sorry. That day is sadly far off right now...

/Manko


Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...

Share this post


Link to post
Share on other sites

does yourprogram inject that dll in sme process?


edited

Share this post


Link to post
Share on other sites

Manko, thanks for those much-needed tooltips :mellow:

Hopefully the driver I directed your way will help.. though I don't know how you could actually test it effectively without loading it into memory. Or are you able to load it? (I figured it wouldn't load without the actual soundcard present).

If you still can't find the issue on you're own, you're gonna have to give me some sort of debug output version of the DLL (at least for that function) so we could see where things are going.

I just did a test myself on the driver with my NTQuery experimental module, and was able to read most everything I've been experimenting with, except I was unable to get TEB/TIB basic info for 22 of 27 threads (even with SEDEBUG privilege).

Things I tested successfully: Traversing through memory using VirtualQueryEx to find DLL/EXE load locations, Reading and interpreting PEB, LDR_DATA, MODULE_INFO_NODE's and other minor misc data.

Share this post


Link to post
Share on other sites

#59 ·  Posted (edited)

Well, Manko.. turns out the problem had to do with a deadlocked/crashed driver!! I rebooted my machine and re-ran ProDLLer, and it worked flawlessly this time.

I'm also able to get info on all the threads now through NtQuery* functions. (I suppose there may have been a few threads still working when it crashed?)

Anyhow, I reproduced the problem and the issue arose again. As odd as it sounds, TrueCrypt crashes the audio driver when I dismount a drive. Its weird because all the programs that rely on audio run flawlessly even afterwards.

So, the only real 'problem' with ProDLLer is that it somehow does something in that DLL that tries to access a hung/crashed executable. I've seen this problem before, if you recall, with my Full-Screen Crash Recovery program. (I had to figure out which functions and operations were safe to perform on a hung application.)

Since I was still able to get all the information about modules, heaps, and other stuff from the process memory, I'm guessing the issue might have to do with the (crashed) threads (the ones that weren't reporting back basic info (0) when I used 'NtQueryInformationThread'). I'm not sure if you use something similar in your DLL, but whatever you are using, you might need to either add error checking (not that I'd ever accuse you of not using such things :mellow:), or somehow check for problem threads..?

*oh, and another thing - I couldn't terminate the darn audio driver either, through task manager, with ProDLLer, or 'DTaskManager'. A reboot worked though *shrug*

Edited by Ascend4nt

Share this post


Link to post
Share on other sites

@storme:I think I might have fixed tghe issue you reported. Try it! (As a sideeffect it seems you can run multiple copies of ProDLLer now. Don't know if that is good...)

Also I have changed to Messageboxes. :P

Sorry, not fixed but different. :mellow:

Now I get a message "Couldn't start skeleton.sys so I can not aquire DRIVER handle!" :party:

If I can help in anyway let me know.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Similar Content

    • UEZ
      _GDIPlus_BitmapApplyFilter v0.9.5 build 2016-07-14 beta
      By UEZ
      Since I disovered FreeBasic I decided to create a DLL to implement much faster image processing functionality to AutoIt.
      Following functions are implemented yet:
      _GDIPlus_BitmapApplyFilter_Cartoon1 _GDIPlus_BitmapApplyFilter_ColorAccent _GDIPlus_BitmapApplyFilter_Convolution_AnotherBlur _GDIPlus_BitmapApplyFilter_Convolution_BoxBlur _GDIPlus_BitmapApplyFilter_Convolution_EdgeDetection1 _GDIPlus_BitmapApplyFilter_Convolution_EdgeDetection2 _GDIPlus_BitmapApplyFilter_Convolution_EdgeDetection3 _GDIPlus_BitmapApplyFilter_Convolution_EdgeDetection4 _GDIPlus_BitmapApplyFilter_Convolution_EdgeDetection5 _GDIPlus_BitmapApplyFilter_Convolution_EdgeDetection6 _GDIPlus_BitmapApplyFilter_Convolution_Emboss1 _GDIPlus_BitmapApplyFilter_Convolution_Emboss45Degree _GDIPlus_BitmapApplyFilter_Convolution_EmbossTopLeftBottomRight _GDIPlus_BitmapApplyFilter_Convolution_Gaussian3x3 _GDIPlus_BitmapApplyFilter_Convolution_Gaussian5x5_1 _GDIPlus_BitmapApplyFilter_Convolution_Gaussian5x5_2 _GDIPlus_BitmapApplyFilter_Convolution_GaussianBlur _GDIPlus_BitmapApplyFilter_Convolution_IntenseEmboss _GDIPlus_BitmapApplyFilter_Convolution_Kirsch _GDIPlus_BitmapApplyFilter_Convolution_Laplace1 _GDIPlus_BitmapApplyFilter_Convolution_Laplace2 _GDIPlus_BitmapApplyFilter_Convolution_Laplace3 _GDIPlus_BitmapApplyFilter_Convolution_LaplacianOfGaussian _GDIPlus_BitmapApplyFilter_Convolution_ManualMatrix _GDIPlus_BitmapApplyFilter_Convolution_MotionBlur _GDIPlus_BitmapApplyFilter_Convolution_Outline3x3 _GDIPlus_BitmapApplyFilter_Convolution_Prewitt _GDIPlus_BitmapApplyFilter_Convolution_Sharpen1 _GDIPlus_BitmapApplyFilter_Convolution_Sharpen2 _GDIPlus_BitmapApplyFilter_Convolution_Sobel _GDIPlus_BitmapApplyFilter_Convolution_SovelVsPrewitt _GDIPlus_BitmapApplyFilter_Convolution_TriangleBlur _GDIPlus_BitmapApplyFilter_Convolution_Unsharp _GDIPlus_BitmapApplyFilter_Convolution_Unsharp5x5 _GDIPlus_BitmapApplyFilter_Dilatation _GDIPlus_BitmapApplyFilter_DistortionBlur _GDIPlus_BitmapApplyFilter_Edges _GDIPlus_BitmapApplyFilter_Erosion _GDIPlus_BitmapApplyFilter_FishEye _GDIPlus_BitmapApplyFilter_Jitter _GDIPlus_BitmapApplyFilter_Kuwahara _GDIPlus_BitmapApplyFilter_Linellism _GDIPlus_BitmapApplyFilter_Median _GDIPlus_BitmapApplyFilter_Median2 _GDIPlus_BitmapApplyFilter_OilPainting _GDIPlus_BitmapApplyFilter_PenSketch _GDIPlus_BitmapApplyFilter_PenSketch2 _GDIPlus_BitmapApplyFilter_Pixelate _GDIPlus_BitmapApplyFilter_Pointillism _GDIPlus_BitmapApplyFilter_RadialBlur _GDIPlus_BitmapApplyFilter_Raster _GDIPlus_BitmapApplyFilter_Swirl _GDIPlus_BitmapApplyFilter_SymmetricNearestNeighbour _GDIPlus_BitmapApplyFilter_TiltShift _GDIPlus_BitmapApplyFilter_TimeWarp _GDIPlus_BitmapApplyFilter_Wave _GDIPlus_BitmapApplyFilter_XRay  
      Since I am absolutely a newbie in FreeBasic, the DLL may contain errors.  Please report any bug.
       
      To do:
      add function headers with descriptions speed-up FB code -> partly done add more filters -> ongoing  
      Credits to:
      Jakub Szymanowski rdc Dewald Esterhuizen Santhosh G_  Christian Graus www.gutgames.com  
      Have fun.
       
      Download link: 

       
      You can compare the speed with AutoIt version:
      #AutoIt3Wrapper_Version=b #include <Array.au3> #include <GDIPlus.au3> Global $sFile = FileOpenDialog("Select an image", "", "Images (*.jpg;*.png;*.gif;*.bmp)") If @error Then Exit _GDIPlus_Startup() Global Const $STM_SETIMAGE = 0x0172 Global Const $hImage = _GDIPlus_ImageLoadFromFile($sFile) Global Const $iW = _GDIPlus_ImageGetWidth($hImage), $iH = _GDIPlus_ImageGetHeight($hImage) Global Const $hGUI = GUICreate("GDI+ Image Filters", $iW * 2, $iH) Global $fProg = 0, $iEnd = $iW * $iH - 1 AdlibRegister("Progress", 490) Global $t = TimerInit() Global Const $hGDIBitmap = _GDIPlus_BitmapApplyFilter_Median($hImage, 4) ConsoleWrite(Round(TimerDiff($t) / 1000, 2) & " s / " & Round(TimerDiff($t) / 60000, 2) & " min" & @CRLF) Global Const $iPic = GUICtrlCreatePic("", 0, 0, $iW - 1, $iH - 1) Global Const $iPic_o = GUICtrlCreatePic("", $iW, 0, $iW - 1, $iH - 1) _WinAPI_DeleteObject(GUICtrlSendMsg($iPic, $STM_SETIMAGE, $IMAGE_BITMAP, $hGDIBitmap)) Global Const $hGDIBitmap2 = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hImage) _WinAPI_DeleteObject(GUICtrlSendMsg($iPic_o, $STM_SETIMAGE, $IMAGE_BITMAP, $hGDIBitmap2)) GUISetState() AdlibUnRegister("Progress") ToolTip("") Do Until GUIGetMsg() = -3 _GDIPlus_ImageDispose($hImage) _WinAPI_DeleteObject($hGDIBitmap) _WinAPI_DeleteObject($hGDIBitmap2) _GDIPlus_Shutdown() Exit Func Progress() ToolTip(Int($fProg / $iEnd * 100) & " % / " & Round(TimerDiff($t) / 60000, 2) & " min", MouseGetPos(0) + 30, MouseGetPos(1) + 30) EndFunc #Region Symmetric Nearest Neighbour Func _GDIPlus_BitmapApplyFilter_SymmetricNearestNeighbour($hImage, $fRadius = 2, $bGDI = True) ;no alpha channel implemented yet Local Const $iW = _GDIPlus_ImageGetWidth($hImage), $iH = _GDIPlus_ImageGetHeight($hImage) Local Const $hBitmap_Dest = _GDIPlus_BitmapCreateFromScan0($iW, $iH) Local Const $tBitmapData_Dest = _GDIPlus_BitmapLockBits($hBitmap_Dest, 0, 0, $iW - 1, $iH - 1, $GDIP_ILMWRITE, $GDIP_PXF32ARGB) Local Const $iScan0_Dest = DllStructGetData($tBitmapData_Dest, "Scan0") Local Const $tPixel_Dest = DllStructCreate("int[" & $iW * $iH & "];", $iScan0_Dest) Local Const $tBitmapData = _GDIPlus_BitmapLockBits($hImage, 0, 0, $iW - 1, $iH - 1, $GDIP_ILMREAD, $GDIP_PXF32ARGB) Local Const $iScan0 = DllStructGetData($tBitmapData, "Scan0") Local Const $tPixel = DllStructCreate("int[" & $iW * $iH & "];", $iScan0) Local $iRowOffset, $iX, $iY, $c, $k, $sumR, $sumG, $sumB, $iCount, $xx, $yy, $iR, $iG, $iB, $iR1, $iG1, $iB1, $iR2, $iG2, $iB2, $x, $y For $iY = 0 To $iH - 1 $iRowOffset = $iY * $iW For $iX = 0 To $iW - 1 $sumR = 0 $sumG = 0 $sumB = 0 $iCount = 0 $c = DllStructGetData($tPixel, 1, $iRowOffset + $iX) $iR = BitShift(BitAND(0x00FF0000, $c), 16) $iG = BitShift(BitAND(0x0000FF00, $c), 8) $iB = BitAND(0x000000FF, $c) For $yy = -$fRadius To $fRadius For $xx = -$fRadius To $fRadius $k = $iX + $xx $x = $k < 0 ? 0 : $k > $iW - 1 ? $iW - 1 : $k $k = $iY + $yy $y = $k < 0 ? 0 : $k > $iH - 1 ? $iH - 1 : $k $c = DllStructGetData($tPixel, 1, $y * $iW + $x) $iR1 = BitShift(BitAND(0x00FF0000, $c), 16) $iG1 = BitShift(BitAND(0x0000FF00, $c), 8) $iB1 = BitAND(0x000000FF, $c) $k = $iX - $xx $x = $k < 0 ? 0 : $k > $iW - 1 ? $iW - 1 : $k $k = ($iY - $yy) $y = $k < 0 ? 0 : $k > $iH - 1 ? $iH - 1 : $k $c = DllStructGetData($tPixel, 1, $y * $iW + $x) $iR2 = BitShift(BitAND(0x00FF0000, $c), 16) $iG2 = BitShift(BitAND(0x0000FF00, $c), 8) $iB2 = BitAND(0x000000FF, $c) If __DeltaE($iR, $iG, $iB, $iR1, $iG1, $iB1) < __DeltaE($iR, $iG, $iB, $iR2, $iG2, $iB2) Then $sumR += $iR1 $sumG += $iG1 $sumB += $iB1 Else $sumR += $iR2 $sumG += $iG2 $sumB += $iB2 EndIf $iCount += 1 Next Next DllStructSetData($tPixel_Dest, 1, 0xFF000000 + Int($sumR / $iCount) * 0x10000 + Int($sumG / $iCount) * 0x100 + Int($sumB / $iCount), $iRowOffset + $iX) $fProg += 1 Next Next _GDIPlus_BitmapUnlockBits($hImage, $tBitmapData) _GDIPlus_BitmapUnlockBits($hBitmap_Dest, $tBitmapData_Dest) _GDIPlus_ImageSaveToFile($hBitmap_Dest, @ScriptDir & "\Filter_SNN" & $fRadius & "_" & @YEAR & @MON & @MDAY & @MIN & @SEC & ".png") If $bGDI Then Local $hGDIBitmap = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hBitmap_Dest) _GDIPlus_BitmapDispose($hBitmap_Dest) Return $hGDIBitmap EndIf Return $hBitmap_Dest EndFunc Func __DeltaE($iR1, $iG1, $iB1, $iR2, $iG2, $iB2) Return Sqrt(($iR1 - $iR2) * ($iR1 - $iR2) + ($iG1 - $iG2) * ($iG1 - $iG2) + ($iB1 - $iB2) * ($iB1 - $iB2)) EndFunc #EndRegion #Region Jitter Func _GDIPlus_BitmapApplyFilter_Jitter($hImage, $iAmount = 20, $bGDI = True) Local Const $iW = _GDIPlus_ImageGetWidth($hImage), $iH = _GDIPlus_ImageGetHeight($hImage) Local Const $hBitmap_Dest = _GDIPlus_BitmapCreateFromScan0($iW, $iH) Local Const $tBitmapData_Dest = _GDIPlus_BitmapLockBits($hBitmap_Dest, 0, 0, $iW - 1, $iH - 1, $GDIP_ILMWRITE, $GDIP_PXF32ARGB) Local Const $iScan0_Dest = DllStructGetData($tBitmapData_Dest, "Scan0") Local Const $tPixel_Dest = DllStructCreate("int[" & $iW * $iH & "];", $iScan0_Dest) Local Const $tBitmapData = _GDIPlus_BitmapLockBits($hImage, 0, 0, $iW - 1, $iH - 1, $GDIP_ILMREAD, $GDIP_PXF32ARGB) Local Const $iScan0 = DllStructGetData($tBitmapData, "Scan0") Local Const $tPixel = DllStructCreate("int[" & $iW * $iH & "];", $iScan0) Local $iX, $iY, $iRowOffset, $fNX, $fNY For $iY = 0 To $iH - 1 $iRowOffset = $iY * $iW + 1 For $iX = 0 To $iW - 1 $fNX = $iX + Int((Random() - 0.5) * $iAmount) $fNX = $fNX < 1 ? 1 : $fNX > $iW - 1 ? $iW - 1 : $fNX $fNY = ($iY + Int((Random() - 0.5) * $iAmount)) $fNY = $fNY < 1 ? 1 : $fNY > $iH - 1 ? $iH - 1 : $fNY $fNY *= $iW DllStructSetData($tPixel_Dest, 1, DllStructGetData($tPixel, 1, $fNY + $fNX), $iRowOffset + $iX) $fProg += 1 Next Next _GDIPlus_BitmapUnlockBits($hImage, $tBitmapData) _GDIPlus_BitmapUnlockBits($hBitmap_Dest, $tBitmapData_Dest) _GDIPlus_ImageSaveToFile($hBitmap_Dest, @ScriptDir & "\Filter_Jitter" & $iAmount & "_" & @YEAR & @MON & @MDAY & @MIN & @SEC & ".png") If $bGDI Then Local $hGDIBitmap = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hBitmap_Dest) _GDIPlus_BitmapDispose($hBitmap_Dest) Return $hGDIBitmap EndIf Return $hBitmap_Dest EndFunc #EndRegion #Region Median Func _GDIPlus_BitmapApplyFilter_Median($hImage, $fRadius = 3, $bGDI = True) Local Const $iW = _GDIPlus_ImageGetWidth($hImage), $iH = _GDIPlus_ImageGetHeight($hImage) Local Const $hBitmap_Dest = _GDIPlus_BitmapCreateFromScan0($iW, $iH) Local Const $tBitmapData_Dest = _GDIPlus_BitmapLockBits($hBitmap_Dest, 0, 0, $iW - 1, $iH - 1, $GDIP_ILMWRITE, $GDIP_PXF32ARGB) Local Const $iScan0_Dest = DllStructGetData($tBitmapData_Dest, "Scan0") Local Const $tPixel_Dest = DllStructCreate("int[" & $iW * $iH & "];", $iScan0_Dest) Local Const $tBitmapData = _GDIPlus_BitmapLockBits($hImage, 0, 0, $iW - 1, $iH - 1, $GDIP_ILMREAD, $GDIP_PXF32ARGB) Local Const $iScan0 = DllStructGetData($tBitmapData, "Scan0") Local Const $tPixel = DllStructCreate("int[" & $iW * $iH & "];", $iScan0) Local $iX, $iY, $iRowOffset For $iY = 0 To $iH - 1 $iRowOffset = $iY * $iW + 1 For $iX = 0 To $iW - 1 DllStructSetData($tPixel_Dest, 1, __Median_Value($iX, $iY, $fRadius, $tPixel, $iW, $iH), $iRowOffset + $iX) $fProg += 1 Next Next _GDIPlus_BitmapUnlockBits($hImage, $tBitmapData) _GDIPlus_BitmapUnlockBits($hBitmap_Dest, $tBitmapData_Dest) _GDIPlus_ImageSaveToFile($hBitmap_Dest, @ScriptDir & "\Filter_Median" & $fRadius & "_" & @YEAR & @MON & @MDAY & @MIN & @SEC & ".png") If $bGDI Then Local $hGDIBitmap = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hBitmap_Dest) _GDIPlus_BitmapDispose($hBitmap_Dest) Return $hGDIBitmap EndIf Return $hBitmap_Dest EndFunc Func __Median_Value($iPosX, $iPosY, $fRadius, $tPixel, $iW, $iH) Local $iX, $iY, $aColors[1000], $iColors = 0, $iSize = $iW * $iH - 1, $iOff, $e For $iX = $iPosX - $fRadius To $iPosX + $fRadius For $iY = $iPosY - $fRadius To $iPosY + $fRadius $iOff = 1 + $iY * $iW + $iX $aColors[$iColors] = DllStructGetData($tPixel, 1, $iOff < 1 ? 1 : $iOff > $iSize ? $iSize : $iOff) $iColors += 1 Next Next ReDim $aColors[$iColors] ;~ _ArraySort($aColors, 0) $e = $iColors - 1 __ArrayQuickSort1D($aColors, 0, $e) Local $iMid = Floor($iColors / 2), $iMedian If BitAND($iColors, 1) Then $iMedian = Int($aColors[$iMid + 1]) Else $iMedian = Int(($aColors[$iMid] + $aColors[$iMid + 1]) / 2) EndIf Return $iMedian EndFunc #EndRegion  
    • nuhan
      How to use Winlicense SDK.dll in Autoit GUI
      By nuhan
      Hi,
      I have written some code for a GUI. When user clicks install button in My GUI then it will run a winlicense protected exe application.
      At this moment I want to know that,
      How to use Custom WinlicenseSDK.dll functions in my AutoIT GUI?
      Link this Custom WinlicenseSDK.dll with my winlicense protected exe application?
      Retrieve the hardware id of HDD, CPU, BIOS and made a combined machine ID through CustomWinlicenseSDK.dll?
      Based on provided machine ID how to install the license key to the computer through the protected application.
      This is my humble request to all Autoit expert that “Please give me an Example Script”. I am a new coder and I like this forum because this place is very very helpful. I have completed my GUI without any person’s direct help, which has been happened because I have got enough friendly post in this forum. Now I am in last stage also it seems too much complex to me. and in my country very few people have knowledge about AutoIT. So please help me regarding this matter. I asked my questions to Winlicense support  team. The answer is written below. But I cannot realize it completely. So please give me an example script. 
      Here are my protected EXE and Winlicense SDK.
      https://drive.google.com/file/d/0Bx3JhZJEsjjBenRfN3hXTV9EeWc/view?usp=drive_web
       
      "" Hi Nurul,
       
      As AutoIt is running as interpreted code, we don't have a direct way to call the SDK via function names for AutoIt applications. You can use a different approach to call the SDK using the "GetEnvironmentVariable" bridge as we present to .NET applications. 
      In order to enable the SDK via the "GetEnvironmentVariable", you have to enable the option "EnvironmentSDK" in the SecureEngine Config panel (please, read at the end of this email to see how to enable that panel).
      Please, refer to the Help File and the Trial-Registration (.NET) example (in the WinlicenseSDK/Examples subfolder) so you can see how the SDK is called via the GetEnvironmentVariable.
      If you have any problems or questions, let us know please.
      If you don't see the "SecureEngine Config" panel, please, edit your WinLicense.ini file (in the same folder as Winlicense.exe) and add the entry "ShowSecureEngineOptions = yes" under the "[General]" tab. After that, restart Winlicense.exe again (the "SecureEngine Config" link should appear on the left panel)
      Please, check the following screenshot with the entry “ShowSecureEngineOptions” added in the Winlicense.ini file."""
       

    • Vivi
      manual mapping possible with autoit?
      By Vivi
      hey guys,
      i wonder if manual mapping is possible with autoit ?

      i only found ways to inject a dll with loadlibaryA

      would be great if you guys can help me out   best regards,   vivi
    • Wicked_Caty
      DLL tutorial
      By Wicked_Caty
      I finally gave a look into DLLs and want to make use of them in Autoit.
      I know that a DLL is basically a library with some code, that can be used by several other programs at the same time to get some advantages.
      Yet, I need to know how they are properly used. Also it might be helpful to know what DLL is doing what task. Can you provide some resources?
      Thanks!
    • BetaLeaf
      [Solved] How do I launch an app as it's own parent process?
      By BetaLeaf
      I have 3 processes that I am trying to work with:
      The ControlCenter (Cannot Edit) and handles the other 2 processes. The ControlCenter will launch and close processes as requested by the user.
      The Launcher (Can Edit) and launches an installer.
      The Script (Can Edit) and automates the above installer.
       
      My issue is, ControlCenter will terminate the Launcher and all of it's child processes. I need the script to continue running after the Launcher has been closed by the ControlCenter. How do I get the Launcher to launch the script in it's own parent process so it does not get terminated when the ControlCenter terminates the launcher and all child processes?
       
      Sorry if this is confusing. I am terrible at explaining things. Autism can be a pain to deal with sometimes.