Jump to content
Sign in to follow this  
JRSmile

Securun+Memorydll+zlibUDF

Recommended Posts

JRSmile

Hi there, i am very proud to release my proof of concept about including dlls into autoit sourcecode.

the attached zip includes the sourcecode of my well known securun udf paired with the "run from memory udf" and the "zlib udf" the concept is the following.

if you have to use a dll in your scripts you can convert it into a binary string and the run it from memory with the memory udf...

i added the zlib udf zu shrink the size of the dll you want to use so if you now execute securun it will do the following things:

start

generate the zlib dll with the help of the memory udf into memory

use the zlib dll to extract the winlockdll into memory

call some functions of it (the stuff you see)

remove the dll from memory.

remove the zlib dll from memory.

stop

in addition i added a generator for creating your own zlibed dlls.

it uses the hardcoded zlib dll, but if you want you can combine the generated code with the last function in the securun.au3 to run your own zipped dlls from memory.

Ps: packed dlls that run in memory are hardly recogniced by antivirus programs, if you had problems with api hooking for example, this is good to know :)

www.behead.de/dll_include.zip

Best regards,

J.

Edited by JRSmile

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])))''Chr("a")&"HI"Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Share this post


Link to post
Share on other sites
wraithdu

Will this method (which I thought about today after seeing the zlib thread :)) further reduce a dll binary (in included au3 string form) that has previously been UPX'd?

Edited by wraithdu

Share this post


Link to post
Share on other sites
JRSmile

hmm nice question didn't test so far, just try to use the generator on an upxd dll and a non upxd dll (should be the same dll) and count the filesize :)

but remember it has to be a big dll/may dlls, to make the overhead of the included not shrinked zlib dll not useless....

Edited by JRSmile

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])))''Chr("a")&"HI"Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Share this post


Link to post
Share on other sites
wraithdu

Did a quick test on the Zlib dll itself.

Normal - 59904 bytes

Zlib'd - 33766 bytes

UPX'd - 35840 bytes

Zlib'd - 32954 bytes

So, not much is saved over UPX'ing the original DLL. Unless you're compressing A LOT of DLLs for your project, as you mentioned enough to overcome the Zlib overhead, it seems better to just UPX it.

Edited by wraithdu

Share this post


Link to post
Share on other sites
JRSmile

Nice thank you for your statistic, for my projects that are in the planning phase, it is perfect, including a 12Mb dll with resource icons shrinks to 2Mb :-)

and a 2,4 Mb exe is much more accepted then a 12 mb one :)


$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])))''Chr("a")&"HI"Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Share this post


Link to post
Share on other sites
wraithdu

What's the size of your 12Mb dll if you just UPX it?

Share this post


Link to post
Share on other sites
JRSmile

What's the size of your 12Mb dll if you just UPX it?

12mb ... don't know why it is not compresset, cause its only a binary string.


$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])))''Chr("a")&"HI"Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Share this post


Link to post
Share on other sites
wraithdu

I'm not sure what you mean by that statement.

For my example, I UPX'd the DLL before turning it into a binary string, then used monocere's example to see how much more zlib could compress the string. As it turns out, not much. UPX'ing the whole script with your 12Mb string won't have the same results. Try UPX'ing your DLL as it is in DLL form, then create the binary string, then see how much more zlib can squeeze out of it. I'm guessing not too much more.

Share this post


Link to post
Share on other sites
JRSmile

I'm guessing not too much more.

every single bit is worth the work. :-)

i need it as small as possible to have space for additions because it has to fit on a high capacity formated floppy disk.. why floppy? cause there are still pcs without usb port...


$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])))''Chr("a")&"HI"Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Share this post


Link to post
Share on other sites
ZokNy

Sounds good, but I can't download. Can you reup?

Share this post


Link to post
Share on other sites
techbard

I can't download either. reup plz~~

Share this post


Link to post
Share on other sites
ZeR0

Cant Download, Please re-up!!!

Share this post


Link to post
Share on other sites
JRSmile

oh sorry forgot that i have reinvented my Website....

http://my-trac.assembla.com/jrsmile/browser/SECURUN_ZLIB.rar

you have to request beeing a team member of my svn repository to get access.

its just for my securety to track who has downladed it and when.

just register at assembla.com and hand me your e-mail address.

Edited by JRSmile

$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])))''Chr("a")&"HI"Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Share this post


Link to post
Share on other sites
b1naryatr0phy

you have to request beeing a team member of my svn repository to get access.

its just for my securety to track who has downladed it and when.

Security against what, might i ask?

Share this post


Link to post
Share on other sites
JRSmile

Security against what, might i ask?

to let me sleep well cause i know who has done what with the archive.

there are several guys out there which don't follow any ethnical rules...


$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])))''Chr("a")&"HI"Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Share this post


Link to post
Share on other sites
TomCat

Link is down can someone upload again :)

Share this post


Link to post
Share on other sites
ProgAndy

*GERMAN* [note: you are not allowed to remove author / modified info from my UDFs]My UDFs:[_SetImageBinaryToCtrl] [_TaskDialog] [AutoItObject] [Animated GIF (GDI+)] [ClipPut for Image] [FreeImage] [GDI32 UDFs] [GDIPlus Progressbar] [Hotkey-Selector] [Multiline Inputbox] [MySQL without ODBC] [RichEdit UDFs] [SpeechAPI Example] [WinHTTP]UDFs included in AutoIt: FTP_Ex (as FTPEx), _WinAPI_SetLayeredWindowAttributes

Share this post


Link to post
Share on other sites
JRSmile

didn't know you can directly link the fileto here ... so no svn registration at all :D


$a=StringSplit("547275737420796F757220546563686E6F6C75737421","")For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4)Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])))''Chr("a")&"HI"Next;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile;MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×