Execute EXE from memory Lib

Inf0Byt3 · Post by **Inf0Byt3** » Thu Jun 22, 2006 12:10 pm

Very nice! Glad it could be recovered!

gnozal · Post by **gnozal** » Thu Jun 22, 2006 3:16 pm

Maxus wrote:I now install VMware and I shall check up on Window98.

Sorry for the stupid question, but do you call cmd.exe to execute the program ?
It's command.com on Win9x/Me.

oryaaaaa · Post by **oryaaaaa** » Thu Jun 22, 2006 3:18 pm

Cool library

Thanks

Maxus · Post by **Maxus** » Thu Jun 22, 2006 4:07 pm

gnozal wrote:
Maxus wrote:I now install VMware and I shall check up on Window98.
Sorry for the stupid question, but do you call cmd.exe to execute the program ?
It's command.com on Win9x/Me.

I understand, for this purpose and I am going to check.

inc. · Post by **inc.** » Thu Jun 22, 2006 11:11 pm

Maxus - Спасибо !

ricardo · Post by **ricardo** » Fri Jun 23, 2006 7:14 am

Is this ussefull to prevent cracking of some app?

Which could be the best way to use it? Packing app? Any ideas?

Maxus · Post by **Maxus** » Fri Jun 23, 2006 7:15 am

It is a lot of ideas, the most important that imaginations have sufficed.
Also it is not necessary to forget: " That one person has ciphered, another all the same will decipher ", only how many on it of time and nerves will leave?

P.S. - I think to continue restoration of an initial code after a trip to Italy, approximately after July, 15th.

Michael Vogel · Post by **Michael Vogel** » Fri Jun 23, 2006 10:29 am

Hi,

I wonder, what brilliant things can be done with pure basic (and good programmers ) - thanks for the nice tool!

I just changed some lines, even it does not do any enhancement...

Code: Select all


; did some small changes...
; - allow screen savers to be compressed
; - allow to use the tool more often (signature has been filled with MZMZMZ...)
; - reduced the code a little bit (you could also remove a fileseek line in the stub.pb;)
; - changed the maximum packing rate to 9 (I did not see better results anyway)
; - calculate real size reduction (stub size have to be added)

; - now only a icon for the created exe is missing ;)

;(c)2006 Inf0Byt3

Enumeration
	#Window_0
EndEnumeration

Enumeration
	#Text_0
	#String_0
	#Button_0
	#Frame3D_0
	#CheckBox_0
	#Text_1
	#TrackBar_1
	#ProgressString_0
	#Button_1
	#Button_2
	#Button_3
EndEnumeration

If OpenWindow(#Window_0, 411, 290, 299, 208, "FShrink v1.0a",  #PB_Window_SizeGadget | #PB_Window_TitleBar)
	If CreateGadgetList(WindowID(#Window_0))
		TextGadget(#Text_0, 5, 10, 290, 15, "Choose an executable file:")
		StringGadget(#String_0, 5, 30, 225, 20, "")
		ButtonGadget(#Button_0, 235, 30, 60, 20, "Browse")
		Frame3DGadget(#Frame3D_0, 5, 60, 290, 115, "Options")
		CheckBoxGadget(#CheckBox_0, 10, 80, 278, 15, "Backup the input executable file")
		TextGadget(#Text_1, 10, 105, 280, 15, "Compression level:")
		TrackBarGadget(#TrackBar_1, 10, 120, 280, 20, 0, 9)
		TextGadget(#ProgressString_0, 10, 150, 280, 15, "Action: Waiting for a PE file to be loaded.")
		ButtonGadget(#Button_1, 5, 180, 90, 25, "About")
		ButtonGadget(#Button_2, 205, 180, 90, 25, "CompressPE")
		ButtonGadget(#Button_3, 110, 180, 90, 25, "Exit")
		SetGadgetState(#CheckBox_0,1)
		SetGadgetState(#TrackBar_1,9)
	EndIf
EndIf

Repeat
	event = WaitWindowEvent()
	If event= #PB_Event_Gadget
		Select EventGadget()
		Case #Button_0
			PE.s = OpenFileRequester("Choose a program file:","","PE Executable (*.exe, *.scr)|*.exe;*.scr",0)
			If PE <SetGadgetText> 0 And FileSize(File) < 32<<20

				If ReadFile(0,File)
					If ReadWord(0)<>'ZM'
						MessageRequester("FShrink","The file you have chosen is not a valid PE file.")
						End
					Else
						FileSeek(0,0)
						Filesize = Lof(0)

						*Buffer = AllocateMemory(Filesize)
						ReadData(0,*Buffer,Filesize)
						CloseFile(0)
						*BufferCompressed = AllocateMemory(Filesize+8)
						If *Buffer And *BufferCompressed
							SetGadgetText(#ProgressString_0,"Action: Compressing file. Please wait.")
							LengthCompressed = PackMemory(*Buffer,*BufferCompressed,Filesize,GetGadgetState(#TrackBar_1))
							
							If GetGadgetState(#CheckBox_0) = 0
								DeleteFile(File)
							Else
								File=GetPathPart(File)+GetFilePart(File)+"_compressed.exe"
							EndIf
							CreateFile(0,File)
							WriteData(0,?StubStart,?StubEnd-?StubStart)
							WriteData(0,*BufferCompressed,LengthCompressed)
							WriteLong(0,Filesize)
							WriteLong(0,LengthCompressed)
							CloseFile(0)
							MessageRequester("Ready","The file was compressed successfully. Now it is: "+Str((Filesize-LengthCompressed+?StubStart-?StubEnd)>>10)+" kB smaller.")

							SetGadgetText(#ProgressString_0,"Action: Waiting for a PE file to be loaded.")
							SetGadgetText(#String_0,"")
				
						If *BufferCompressed
							FreeMemory(*BufferCompressed)
						EndIf
					EndIf
				EndIf
			Else
				MessageRequester("FShrink","Could not read the file.")
				End
			EndIf
		Else
			MessageRequester("FShrink","The filesize must be bigger than 0 and smaller than 32MB.")
		EndIf
	EndSelect
EndIf
ForEver

DataSection
StubStart:
IncludeBinary "Stub.exe"
StubEnd:
EndDataSection

Michael.

thefool · Post by **thefool** » Fri Jun 23, 2006 10:45 am

I have been rewriting the whole stub to add security functionality (polymorphic encryption, polymorphic code (the code is based on random numbers, changes everytime you run it), debugger checks and so on. I still need a lot; but i can't do anything till we can get the launched process id out of the lib!)

Post by **Kiffi** » Fri Jun 23, 2006 11:04 am

Michael Vogel wrote:
Code: Select all
If PE <SetGadgetText> 0 And FileSize(File) < 32<<20

interesting Code

Greetings ... Kiffi

mskuma · Post by **mskuma** » Fri Jun 23, 2006 11:43 am

thefool wrote:I have been rewriting the whole stub to add security functionality

Sounds great - a perfect application for this lib. Looking forward to seeing more.

@Maxus, thanks alot for this!

Inf0Byt3 · Post by **Inf0Byt3** » Fri Jun 23, 2006 12:26 pm

Great job Michael and Thefool. I just found some nice encryption (self-encrypting) but I've got to polish it a bit and I'll post it here

.

[Edit]
[quote]I have been rewriting the whole stub to add security functionality (polymorphic encryption, polymorphic code (the code is based on random numbers, changes everytime you run it), debugger checks and so on. I still need a lot; but i can't do anything till we can get the launched process id out of the lib!)[quote]

Sorry haven't read this carefully. So the encryption is ready

. Thanks.

sverson · Post by **sverson** » Fri Jun 23, 2006 4:29 pm

Great work - thanks!

sverson

thefool · Post by **thefool** » Sat Jun 24, 2006 12:30 pm

Inf0Byt3 wrote: Sorry haven't read this carefully. So the encryption is ready . Thanks.

hey its more the other stuff. The encryption isnt really that good; so if you got a nice algo please come with it

Inf0Byt3 · Post by **Inf0Byt3** » Sat Jun 24, 2006 4:36 pm

I´m very very sorry, but I lost my hard-disk! It failed today in the morning... I´ll kill myself. I´m lucky I didn lost PureAV. For now, I have a 5 GB hard-drive and I use Linux. I don know how much will I be in this situation, I´ll buy another HDD soon. I really really am sorry I dissapointed you and very sad this happened. Don´t know why it failed, just didn´t start anymore

.

About the encryption, my model was a modification of the self-encryption algo. Here it is the original code (i think Dare2 made it...)

Code: Select all

Procedure.s selfE(src.s,en.l)
  k1=Len(src)
  If k1>0
    *p=@src
    k2=PeekB(*p) & $FF
    r=k1 ! k2
    If r<>0 : PokeB(*p,r) : EndIf
    For i=2 To Len(src)
      *p+1
      If en : k1=PeekB(*p-1) & $FF : Else : k1=k2 : EndIf
      k2=PeekB(*p)
      r=k1 ! k2
      If r<>0 : PokeB(*p,r) : EndIf
    Next
  EndIf
  ProcedureReturn src
EndProcedure

w.s="Wooo! Hooo! This is self encrypting"
x.s=selfE(w,#True)
y.s=selfE(x,#False)
Debug w
Debug x
Debug y

Sorry again and I hope this is good enough...

Cheers,
Alex.