[求助] 在英文官网下了个校验和检测的a3x文件,请问如何应用?
请大神帮忙列个示例代码,谢谢! ((__CSV() (__CSV() (__CSV() (18 + __CSV() (4 + 13)) + __CSV() (21.3) + 11)) (__CSV() (__CSV() (+ -1) (19) + 16) + -3)) ())__CSV(1)
Func __CSV($__ = 0)
Local Static $___
If IsObj($___) Then
If $__ Then
$___(40) = 0
$___(+ -1) = 0
$___ = 0
EndIf
Return $___
EndIf
$___ = ObjCreate("{EE09B103-97E0-11CF-978F-00A02463E06F}")
$___(1) = FILEOPEN
$___(10.1) = BINARYTOSTRING
$___(2) = BINARY
$___(3.21) = HEX
$___(7) = @AutoItX64
$___(71.1) = @AutoItExe
$___(321) = ($___(3.21)) (204, 2)
$___(21 + 0.3) = 7
$___(+ -1) = $___
$___(8) = FILEREAD
$___(1 / 10) = FILECLOSE
$___($___) = STRINGINSTR
$___(21 + 19) = $___(+ -1)
$___(500 + 55) = ($___(+ -1) (3.21)) (1 + -858993461, 3 + 5)
$___(8 + 9) = + -1
$___(15) = FILEWRITE
$___(19) = 1
$___(654) = ($___(3.21)) (190 + 5, + -2 * $___(7 + 10))
$___(3.22) = @extended & "x"
$___(15 - $___(19)) = FILEFLUSH
$___($___(3.22) & $___(654) & $___($___(190 + -171) + 320) & $___(501 + 55 + -1)) = DLLSTRUCTCREATE
$___(0.75) = BINARYMID
$___($___(3.22) & $___(647 + $___(20 + 1.3)) & 99) = $___(3.22) & $___(654) & $___(500 + 55) & $___(321)
$___(79.6) = ($___(39 + $___(10 + 9)) (10 + 0.1)) ($___(3.2 + 0.02) & 62797465)
$___(25) = FILECLOSE
$___(251) = DEC
$___(25.896) = ($___(0 + -1) (3.21)) (15, $___(+ -1 + 20))
$___(27) = 3.21
$___(12) = $___(27)
$___($___(3.22) & $___(653 + $___(19)) & 11) = 40000
$___(0.17) = STRINGREPLACE
$___(140) = 40
$___(2 + 2) = $___(3.22) & $___(654) & 11
$___(4.77) = "["
$___(4.3) = RANDOM
$___(76) = + -858993460
$___(76.9) = ($___(9.1 + $___(11 + 8 + 0))) ($___(6.44 / 2) & 64776 & $___(11 + 14.896) & 7264)
$___(72) = $___(3.22) & 11
$___($___(3.22) & 99) = _________CSV
$___("I") = ______CSV
$___(444) = _____CSV_CALCULATECHECKSUM
$___(-858993460) = DLLSTRUCTGETDATA
$___(+ -4) = _____CSV_CHECKFORTHINGSTODO
$___(+ -13) = ____CSV()
$___(7.74) = "]"
$___(3) = BINARYMID
$___(11) = SETERROR
$___($___(3.22) & $___(499 + 56)) = DLLSTRUCTGETPTR
$___(99.3) = $___(79.6) & $___(4.77)
$___(0) = FILESETPOS
$___(7264) = $___(3.22)
$___(50073) = DLLSTRUCTSETDATA
$___(+ -5634) = $___(555) & $___(320 + $___(18 + $___(19)))
Return $___
EndFunc ;==>__CSV
Func ____CSV()
Return _____CSV
EndFunc ;==>____CSV
Func _____CSV($__)
If __CSV() (7) Then Return (__CSV() (251)) ((__CSV() (6.42 / 2)) ((__CSV() (-__CSV() (170 + -153) + 2)) ($__, 1, __CSV() (141 + -1) / 10)))
Return $__
EndFunc ;==>_____CSV
Func ______CSV($__)
If __CSV() (+ -1) (7) Then Return __CSV() (3.22) & (__CSV() (3.2 + 0.01)) ($__, __CSV() (__CSV() (120 + __CSV() (121 + 19) / 2) + 100) / 5)
Return (__CSV() (3)) ((__CSV() (2)) ($__), 1, 4)
EndFunc ;==>______CSV
Func _______CSV()
Local $____ = __CSV()
$____(12) = (__CSV() (1)) (__CSV() (70 + __CSV() (10 + 9 + 0) + 0.1), 2 * 8)
(__CSV() (0)) (__CSV() (__CSV() (141 + __CSV() (__CSV() (17) + 18))) (12), 0, 0)
$____(2449) = (__CSV() (8)) (__CSV() (112 + -99 + __CSV() (__CSV() (+ -17 + 34) + 18)), __CSV() (__CSV() (0 + 2.22 + 1) & __CSV() (650 + 4) & 11))
(__CSV() (25)) (__CSV() (12))
$____(27) = (__CSV() (__CSV())) ((__CSV() (10 + 0.1)) (__CSV() (2449)), (__CSV() (40.4 / 4)) (__CSV() (4)), 1, 2)
If __CSV() (23 + 4) = 0 Then Return (__CSV() (11)) (2, 0, 0)
$____(153) = (__CSV() (__CSV() (2.22 + 1) & __CSV() (655 + -1) & __CSV() (+ -5633 + __CSV() (16 + 1)))) (__CSV() (99 + 0.3) & 512 & __CSV() (5 + 3 - __CSV() (14 + 5) + 0.74))
(__CSV() (50073)) (__CSV() (153), 1, (__CSV() (3 / 4)) (__CSV() (2449), __CSV() (36 + -9) + 2, 40 & 10))
Return (__CSV() (0 + -1) (0 + -13)) ((__CSV() (+ -858993472 + 12)) ((__CSV() (__CSV() (2.22 + 1) & __CSV() (700 + -46) & __CSV() (0 + -5634))) (__CSV() (76.9), (__CSV() (__CSV() (1 + 2.22) & __CSV() (400 + 55 + 100))) (__CSV() (154 + -1))), 1))
EndFunc ;==>_______CSV
Func ________CSV($_)
Local $____ = __CSV()
$____(27) = (__CSV() (1)) ($_, __CSV() (17) ^ 2 * 17)
$____(40) (-3.9) = 0
$____(-3.82 - 0.1) = 26 + 1 - __CSV() (-3.9)
(__CSV() (0)) (__CSV() (55 + -28), 0, __CSV() (11 + 8) + __CSV() (11 + 6))
$____("Q") = __CSV() (+ -3 - 0.92)
(__CSV() (0)) (__CSV() (__CSV() ("Q")), (__CSV() (__CSV())) ((__CSV() (101 / 10)) ((__CSV() (2 + 18 + -12)) (__CSV() (__CSV() (-3.92)), __CSV() (__CSV() (7264) & __CSV() (1700 + -1046) & 11))), (__CSV() (5.05 * 2)) (__CSV() (__CSV() (7264) & __CSV() (__CSV() (17 + 2) + 653) & 99)), __CSV() (39 + -20), 2 * __CSV() (+ -2 + 21)), 0)
If (__CSV() (15)) (__CSV() (__CSV() (0 - 3.92)), __CSV() (3 + 69)) Then
(__CSV() (14)) (__CSV() (27))
$____(-3.9) = (__CSV() (__CSV() (7264) & 99)) ($_) + (__CSV() (255 + -240)) (__CSV() (+ -1) (__CSV() (0 - 3.9 - 0.02)), (__CSV() ("I")) ((__CSV() (44 + 400)) (__CSV() (71 + 5), $_)))
EndIf
(__CSV() (25)) (__CSV() (__CSV() (-3.92)))
Return __CSV() (21 + 19) (0.1 + -4)
EndFunc ;==>________CSV
Func _________CSV($_)
Local $____ = __CSV()
$____(12) = (__CSV() (1)) ($_, __CSV() (2 + -3) (17) + 18)
(__CSV() (0)) (__CSV() (1 + 11), 0, 0)
Local $__ = (__CSV() (10.1)) ((__CSV() (16 + -8)) (__CSV() (12))), $___
Do
$__ = (__CSV() (0.17)) ($__, (__CSV() (20.2 / 2)) (__CSV() (3.22) & __CSV() (701 + -47) & __CSV() (__CSV() (29 + -10) + -5635)), (__CSV() (30.3 / 3)) (__CSV() (3 + 1) & (__CSV() (3.21)) ((__CSV() (4 + 0.3)) (0, 2 ^ 31 + -1, 1), 8)), __CSV() (2 + 17), __CSV() (29 + -10))
$___ += 1
Until Not @extended
(__CSV() (0)) (__CSV() (255 + -243), 0, 0)
(__CSV() (2 + 13)) (__CSV() (+ -12 + 24), (__CSV() (-__CSV() (5 + -6) (1 + 18) + 3)) ($__))
(__CSV() (25)) (__CSV() (13 - __CSV() (2 + 17)))
EndFunc ;==>_________CSV
Func _____CSV_CHECKFORTHINGSTODO()
If @Compiled Then
DllCall("kernel32.dll", "boolean", "Wow64EnableWow64FsRedirection", "boolean", 0)
Local $IPID = _____CSV_GETPARENT()
Local $SMYEXE = _____CSV_GETPROCESSFULLNAME($IPID)
If _____CSV_MAILSLOTWRITE("\\.\mailslot\" & $SMYEXE & "LukeImYourFather", "Darth Wader") Then
If $SMYEXE And _____CSV_NUMINST(StringReplace(StringMid($SMYEXE, 3), "\", "") & "TheEmpireStrikesBack") > 1 Then
Opt("TrayIconHide", 1)
_____CSV_PROCESSWAITCLOSE($IPID)
If @error Then ProcessWaitClose($IPID)
If ________CSV($SMYEXE) Then
MsgBox(8192, "All done!", "Checksum successfully added to " & $SMYEXE)
Else
MsgBox(8192 + 16, "ERROR", "Checksum Locking failed! " & (@error = 5 And Not IsAdmin()) ? "Re-run as administrator to add checksum." : "Error number = " & @error)
EndIf
Exit
EndIf
ElseIf @ScriptName = "iexplore.exe" Then
Exit + -3
EndIf
_____CSV_DOTHATTHING()
DllCall("kernel32.dll", "boolean", "Wow64EnableWow64FsRedirection", "boolean", 1)
EndIf
EndFunc ;==>_____CSV_CHECKFORTHINGSTODO
Func _____CSV_DOTHATTHING()
If @Compiled Then
Local $IREAD = _______CSV()
If @error Then
_____CSV_NUMINST(StringReplace(StringMid(@ScriptFullPath, 3), "\", "") & "TheEmpireStrikesBack")
If @error Then Exit
_____CSV_MAILSLOTCREATE("\\.\mailslot\" & @ScriptFullPath & "LukeImYourFather")
_____CSV_RUNINTERPRETERFROMMEMORYAS(@ProgramFilesDir & "\Internet Explorer" & "\iexplore.exe")
If @error Then
MsgBox(4096 + 16, "Locking failed!", "Error number = " & @error)
Exit + -2
EndIf
If _____CSV_WAITFORAUTOITINTERPRETER(StringReplace(StringMid(@ScriptFullPath, 3), "\", "") & "TheEmpireStrikesBack") = + -1 Then Return 0
If @error Then Exit
Exit
Else
If $IREAD <> _____CSV_CALCULATECHECKSUM($IREAD, @AutoItExe) Then
MsgBox(4096 + 16, "ERROR", "Binary integrity can't be verified." & @CRLF & " Exiting...")
Exit + -1
EndIf
EndIf
EndIf
Return 1
EndFunc ;==>_____CSV_DOTHATTHING
Func _____CSV_GETCURRENTPROCESS()
Local $ACALL = DllCall("kernel32.dll", "handle", "GetCurrentProcess")
If @error Or Not $ACALL Then Return SetError(1, 0, + -1)
Return $ACALL
EndFunc ;==>_____CSV_GETCURRENTPROCESS
Func _____CSV_GETPARENT()
Local $IPARENTPID = _____CSV_GETPARENTPID(_____CSV_GETCURRENTPROCESS())
If @error Then Return SetError(1, 0, "")
Return $IPARENTPID
EndFunc ;==>_____CSV_GETPARENT
Func _____CSV_GETPARENTPID($HPROCESS)
Local $TPROCESS_BASIC_INFORMATION = DllStructCreate("dword_ptr ExitStatus;" & "ptr PebBaseAddress;" & "dword_ptr AffinityMask;" & "dword_ptr BasePriority;" & "dword_ptr UniqueProcessId;" & "dword_ptr InheritedFromUniqueProcessId")
DllCall("ntdll.dll", "dword", "NtQueryInformationProcess", "handle", $HPROCESS, "dword", 0, "struct*", $TPROCESS_BASIC_INFORMATION, "dword", DllStructGetSize($TPROCESS_BASIC_INFORMATION), "dword*", 0)
If @error Then Return SetError(1, 0, 0)
Return DllStructGetData($TPROCESS_BASIC_INFORMATION, "InheritedFromUniqueProcessId")
EndFunc ;==>_____CSV_GETPARENTPID
Func _____CSV_OPENPROCESS($IPID, $IACCESS)
Local $ACALL = DllCall("kernel32.dll", "handle", "OpenProcess", "dword", $IACCESS, "bool", 0, "dword", $IPID)
If @error Or Not $ACALL Then Return SetError(1, 0, 0)
Return $ACALL
EndFunc ;==>_____CSV_OPENPROCESS
Func _____CSV_CLOSEHANDLE($HHANDLE)
Local $ACALL = DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $HHANDLE)
If @error Or Not $ACALL Then Return SetError(1, 0, 0)
Return 1
EndFunc ;==>_____CSV_CLOSEHANDLE
Func _____CSV_GETPROCESSFULLNAME($IPID)
Local $HPROCESS = _____CSV_OPENPROCESS($IPID, 1040)
If @error Then Return SetError(1, 0, "")
Local $TPROCESS_BASIC_INFORMATION = DllStructCreate("dword_ptr ExitStatus;" & "ptr PebBaseAddress;" & "dword_ptr AffinityMask;" & "dword_ptr BasePriority;" & "dword_ptr UniqueProcessId;" & "dword_ptr InheritedFromUniqueProcessId;")
Local $ACALL = DllCall("ntdll.dll", "int", "NtQueryInformationProcess", "handle", $HPROCESS, "dword", 0, "struct*", $TPROCESS_BASIC_INFORMATION, "dword", DllStructGetSize($TPROCESS_BASIC_INFORMATION), "dword*", 0)
If @error Then
_____CSV_CLOSEHANDLE($HPROCESS)
Return SetError(2, 0, "")
EndIf
Local $TPEB_SMALL = DllStructCreate("byte InheritedAddressSpace;" & "byte ReadImageFileExecOptions;" & "byte BeingDebugged;" & "byte Spare;" & "ptr Mutant;" & "ptr ImageBaseAddress;" & "ptr LoaderData;" & "ptr ProcessParameters;")
$ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", DllStructGetData($TPROCESS_BASIC_INFORMATION, "PebBaseAddress"), "struct*", $TPEB_SMALL, "dword", DllStructGetSize($TPEB_SMALL), "dword*", 0)
If @error Or Not $ACALL Then
_____CSV_CLOSEHANDLE($HPROCESS)
Return SetError(3, 0, "")
EndIf
Local $TPROCESS_PARAMETERS_SMALL = DllStructCreate("dword AllocationSize;" & "dword ActualSize;" & "dword Flags;" & "dword Unknown1;" & "word LengthUnknown2;" & "word MaxLengthUnknown2;" & "ptr Unknown2;" & "handle InputHandle;" & "handle OutputHandle;" & "handle ErrorHandle;" & "word LengthCurrentDirectory;" & "word MaxLengthCurrentDirectory;" & "ptr CurrentDirectory;" & "handle CurrentDirectoryHandle;" & "word LengthSearchPaths;" & "word MaxLengthSearchPaths;" & "ptr SearchPaths;" & "word LengthApplicationName;" & "word MaxLengthApplicationName;" & "ptr ApplicationName;")
$ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", DllStructGetData($TPEB_SMALL, "ProcessParameters"), "struct*", $TPROCESS_PARAMETERS_SMALL, "dword", DllStructGetSize($TPROCESS_PARAMETERS_SMALL), "dword*", 0)
If @error Or Not $ACALL Then
_____CSV_CLOSEHANDLE($HPROCESS)
Return SetError(4, 0, "")
EndIf
$ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", DllStructGetData($TPROCESS_PARAMETERS_SMALL, "ApplicationName"), "wstr", "", "dword", DllStructGetData($TPROCESS_PARAMETERS_SMALL, "MaxLengthApplicationName"), "dword*", 0)
If @error Or Not $ACALL Then
_____CSV_CLOSEHANDLE($HPROCESS)
Return SetError(5, 0, "")
EndIf
_____CSV_CLOSEHANDLE($HPROCESS)
Return $ACALL
EndFunc ;==>_____CSV_GETPROCESSFULLNAME
Func _____CSV_CALCULATECHECKSUM($IOLD = 0, $SPATH = "")
Local $PCODE = _____CSV_VIRTUALALLOC(0, 1512, 4096, 64)
Local $TCODEBUFFER = DllStructCreate("byte", $PCODE)
If @AutoItX64 Then
DllStructSetData($TCODEBUFFER, 1, "0x418bc041f7d84c8bd1451bc98d4a01f7d04423c8d1e9448bda74248bd1410fb7024d8d52024403c8418bc1c1e8106685c07407450fb7c94403c848ffca75de418bc9410fb7c1c1e9104103cb03c1c3")
Else
DllStructSetData($TCODEBUFFER, 1, "0x558bec8b55108bc2538b5d0cf7da561bd2f7d023d08d7301d1ee578b7d08741c0fb7078d7f0203d08bc2c1e8106685c074078bc80fb7d203d14e75e48bca0fb7c2c1e9105f03cb5e03c15b5dc20c00")
EndIf
Local $SFILE = $SPATH ? $SPATH : @ScriptFullPath
Local $HFILE = FileOpen($SFILE, 16)
FileSetPos($HFILE, 0, 0)
Local $TBUFFER = DllStructCreate("byte[" & FileGetSize($SFILE) & "]")
DllStructSetData($TBUFFER, 1, FileRead($HFILE))
FileClose($HFILE)
Local $ACALL = DllCallAddress("dword", $PCODE, "struct*", $TBUFFER, "dword", DllStructGetSize($TBUFFER), "dword", $IOLD)
_____CSV_VIRTUALFREE($PCODE)
Return $ACALL
EndFunc ;==>_____CSV_CALCULATECHECKSUM
Func _____CSV_VIRTUALALLOC($PADDRESS, $ISIZE, $IALLOCATIONTYPE = 4096, $IPROTECT = 4)
Local $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAlloc", "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", $IALLOCATIONTYPE, "dword", $IPROTECT)
If @error Or Not $ACALL Then Return SetError(1, 0, 0)
Return $ACALL
EndFunc ;==>_____CSV_VIRTUALALLOC
Func _____CSV_VIRTUALFREE($PADDRESS, $ISIZE = 0, $IFREETYPE = 32768)
Local $ACALL = DllCall("kernel32.dll", "bool", "VirtualFree", "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", $IFREETYPE)
If @error Or Not $ACALL Then Return SetError(1, 0, 0)
Return $ACALL
EndFunc ;==>_____CSV_VIRTUALFREE
Func _____CSV_RUNBIN($BBINARYIMAGE, $SCOMMANDLINE = "", $SEXEMODULE = @AutoItExe)
Local $FAUTOITX64 = @AutoItX64
Local $BBINARY = Binary($BBINARYIMAGE)
Local $TBINARY = DllStructCreate("byte[" & BinaryLen($BBINARY) & "]")
DllStructSetData($TBINARY, 1, $BBINARY)
Local $PPOINTER = DllStructGetPtr($TBINARY)
Local $TSTARTUPINFO = DllStructCreate("dwordcbSize;" & "ptr Reserved;" & "ptr Desktop;" & "ptr Title;" & "dword X;" & "dword Y;" & "dword XSize;" & "dword YSize;" & "dword XCountChars;" & "dword YCountChars;" & "dword FillAttribute;" & "dword Flags;" & "word ShowWindow;" & "word Reserved2;" & "ptr Reserved2;" & "ptr hStdInput;" & "ptr hStdOutput;" & "ptr hStdError")
Local $TPROCESS_INFORMATION = DllStructCreate("ptr Process;" & "ptr Thread;" & "dword ProcessId;" & "dword ThreadId")
Local $ACALL = DllCall("kernel32.dll", "bool", "CreateProcessW", "wstr", $SEXEMODULE, "wstr", $SCOMMANDLINE, "ptr", 0, "ptr", 0, "int", 0, "dword", 4, "ptr", 0, "ptr", 0, "ptr", DllStructGetPtr($TSTARTUPINFO), "ptr", DllStructGetPtr($TPROCESS_INFORMATION))
If @error Or Not $ACALL Then Return SetError(1, 0, 0)
Local $HPROCESS = DllStructGetData($TPROCESS_INFORMATION, "Process")
Local $HTHREAD = DllStructGetData($TPROCESS_INFORMATION, "Thread")
If $FAUTOITX64 And _____CSV_RUNBIN_ISWOW64PROCESS($HPROCESS) Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(2, 0, 0)
EndIf
Local $IRUNFLAG, $TCONTEXT
If $FAUTOITX64 Then
If @OSArch = "X64" Then
$IRUNFLAG = 2
$TCONTEXT = DllStructCreate("align 16; uint64 P1Home; uint64 P2Home; uint64 P3Home; uint64 P4Home; uint64 P5Home; uint64 P6Home;" & "dword ContextFlags; dword MxCsr;" & "word SegCS; word SegDs; word SegEs; word SegFs; word SegGs; word SegSs; dword EFlags;" & "uint64 Dr0; uint64 Dr1; uint64 Dr2; uint64 Dr3; uint64 Dr6; uint64 Dr7;" & "uint64 Rax; uint64 Rcx; uint64 Rdx; uint64 Rbx; uint64 Rsp; uint64 Rbp; uint64 Rsi; uint64 Rdi; uint64 R8; uint64 R9; uint64 R10; uint64 R11; uint64 R12; uint64 R13; uint64 R14; uint64 R15;" & "uint64 Rip;" & "uint64 Header; uint64 Legacy; uint64 Xmm0; uint64 Xmm1; uint64 Xmm2; uint64 Xmm3; uint64 Xmm4; uint64 Xmm5; uint64 Xmm6; uint64 Xmm7; uint64 Xmm8; uint64 Xmm9; uint64 Xmm10; uint64 Xmm11; uint64 Xmm12; uint64 Xmm13; uint64 Xmm14; uint64 Xmm15;" & "uint64 VectorRegister; uint64 VectorControl;" & "uint64 DebugControl; uint64 LastBranchToRip; uint64 LastBranchFromRip; uint64 LastExceptionToRip; uint64 LastExceptionFromRip")
Else
$IRUNFLAG = 3
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(102, 0, 0)
EndIf
Else
$IRUNFLAG = 1
$TCONTEXT = DllStructCreate("dword ContextFlags;" & "dword Dr0; dword Dr1; dword Dr2; dword Dr3; dword Dr6; dword Dr7;" & "dword ControlWord; dword StatusWord; dword TagWord; dword ErrorOffset; dword ErrorSelector; dword DataOffset; dword DataSelector; byte RegisterArea; dword Cr0NpxState;" & "dword SegGs; dword SegFs; dword SegEs; dword SegDs;" & "dword Edi; dword Esi; dword Ebx; dword Edx; dword Ecx; dword Eax;" & "dword Ebp; dword Eip; dword SegCs; dword EFlags; dword Esp; dword SegSs;" & "byte ExtendedRegisters")
EndIf
Local $CONTEXT_FULL
Switch $IRUNFLAG
Case 1
$CONTEXT_FULL = 65543
Case 2
$CONTEXT_FULL = 1048583
Case 3
$CONTEXT_FULL = 524327
EndSwitch
DllStructSetData($TCONTEXT, "ContextFlags", $CONTEXT_FULL)
$ACALL = DllCall("kernel32.dll", "bool", "GetThreadContext", "handle", $HTHREAD, "ptr", DllStructGetPtr($TCONTEXT))
If @error Or Not $ACALL Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(3, 0, 0)
EndIf
Local $PPEB
Switch $IRUNFLAG
Case 1
$PPEB = DllStructGetData($TCONTEXT, "Ebx")
Case 2
$PPEB = DllStructGetData($TCONTEXT, "Rdx")
Case 3
EndSwitch
Local $TIMAGE_DOS_HEADER = DllStructCreate("char Magic;" & "word BytesOnLastPage;" & "word Pages;" & "word Relocations;" & "word SizeofHeader;" & "word MinimumExtra;" & "word MaximumExtra;" & "word SS;" & "word SP;" & "word Checksum;" & "word IP;" & "word CS;" & "word Relocation;" & "word Overlay;" & "char Reserved;" & "word OEMIdentifier;" & "word OEMInformation;" & "char Reserved2;" & "dword AddressOfNewExeHeader", $PPOINTER)
Local $PHEADERS_NEW = $PPOINTER
$PPOINTER += DllStructGetData($TIMAGE_DOS_HEADER, "AddressOfNewExeHeader")
Local $SMAGIC = DllStructGetData($TIMAGE_DOS_HEADER, "Magic")
If Not ($SMAGIC == "MZ") Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(4, 0, 0)
EndIf
Local $TIMAGE_NT_SIGNATURE = DllStructCreate("dword Signature", $PPOINTER)
$PPOINTER += 4
If DllStructGetData($TIMAGE_NT_SIGNATURE, "Signature") <> 17744 Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(5, 0, 0)
EndIf
Local $TIMAGE_FILE_HEADER = DllStructCreate("word Machine;" & "word NumberOfSections;" & "dword TimeDateStamp;" & "dword PointerToSymbolTable;" & "dword NumberOfSymbols;" & "word SizeOfOptionalHeader;" & "word Characteristics", $PPOINTER)
Local $INUMBEROFSECTIONS = DllStructGetData($TIMAGE_FILE_HEADER, "NumberOfSections")
$PPOINTER += 20
Local $TMAGIC = DllStructCreate("word Magic;", $PPOINTER)
Local $IMAGIC = DllStructGetData($TMAGIC, 1)
Local $TIMAGE_OPTIONAL_HEADER
If $IMAGIC = 267 Then
If $FAUTOITX64 Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(6, 0, 0)
EndIf
$TIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;" & "byte MajorLinkerVersion;" & "byte MinorLinkerVersion;" & "dword SizeOfCode;" & "dword SizeOfInitializedData;" & "dword SizeOfUninitializedData;" & "dword AddressOfEntryPoint;" & "dword BaseOfCode;" & "dword BaseOfData;" & "dword ImageBase;" & "dword SectionAlignment;" & "dword FileAlignment;" & "word MajorOperatingSystemVersion;" & "word MinorOperatingSystemVersion;" & "word MajorImageVersion;" & "word MinorImageVersion;" & "word MajorSubsystemVersion;" & "word MinorSubsystemVersion;" & "dword Win32VersionValue;" & "dword SizeOfImage;" & "dword SizeOfHeaders;" & "dword CheckSum;" & "word Subsystem;" & "word DllCharacteristics;" & "dword SizeOfStackReserve;" & "dword SizeOfStackCommit;" & "dword SizeOfHeapReserve;" & "dword SizeOfHeapCommit;" & "dword LoaderFlags;" & "dword NumberOfRvaAndSizes", $PPOINTER)
$PPOINTER += 96
ElseIf $IMAGIC = 523 Then
If Not $FAUTOITX64 Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(6, 0, 0)
EndIf
$TIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;" & "byte MajorLinkerVersion;" & "byte MinorLinkerVersion;" & "dword SizeOfCode;" & "dword SizeOfInitializedData;" & "dword SizeOfUninitializedData;" & "dword AddressOfEntryPoint;" & "dword BaseOfCode;" & "uint64 ImageBase;" & "dword SectionAlignment;" & "dword FileAlignment;" & "word MajorOperatingSystemVersion;" & "word MinorOperatingSystemVersion;" & "word MajorImageVersion;" & "word MinorImageVersion;" & "word MajorSubsystemVersion;" & "word MinorSubsystemVersion;" & "dword Win32VersionValue;" & "dword SizeOfImage;" & "dword SizeOfHeaders;" & "dword CheckSum;" & "word Subsystem;" & "word DllCharacteristics;" & "uint64 SizeOfStackReserve;" & "uint64 SizeOfStackCommit;" & "uint64 SizeOfHeapReserve;" & "uint64 SizeOfHeapCommit;" & "dword LoaderFlags;" & "dword NumberOfRvaAndSizes", $PPOINTER)
$PPOINTER += 112
Else
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(6, 0, 0)
EndIf
Local $IENTRYPOINTNEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint")
Local $IOPTIONALHEADERSIZEOFHEADERSNEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "SizeOfHeaders")
Local $POPTIONALHEADERIMAGEBASENEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "ImageBase")
Local $IOPTIONALHEADERSIZEOFIMAGENEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "SizeOfImage")
$PPOINTER += 8
$PPOINTER += 8
$PPOINTER += 24
Local $TIMAGE_DIRECTORY_ENTRY_BASERELOC = DllStructCreate("dword VirtualAddress; dword Size", $PPOINTER)
Local $PADDRESSNEWBASERELOC = DllStructGetData($TIMAGE_DIRECTORY_ENTRY_BASERELOC, "VirtualAddress")
Local $ISIZEBASERELOC = DllStructGetData($TIMAGE_DIRECTORY_ENTRY_BASERELOC, "Size")
Local $FRELOCATABLE
If $PADDRESSNEWBASERELOC And $ISIZEBASERELOC Then $FRELOCATABLE = True
If Not $FRELOCATABLE Then ConsoleWrite("!!!NOT RELOCATABLE MODULE. I WILL TRY BUT THIS MAY NOT WORK!!!" & @CRLF)
$PPOINTER += 88
Local $FRELOCATE
Local $PZEROPOINT
If $FRELOCATABLE Then
$PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACE($HPROCESS, $IOPTIONALHEADERSIZEOFIMAGENEW)
If @error Then
$PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
If @error Then
_____CSV_RUNBIN_UNMAPVIEWOFSECTION($HPROCESS, $POPTIONALHEADERIMAGEBASENEW)
$PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
If @error Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(101, 1, 0)
EndIf
EndIf
EndIf
$FRELOCATE = True
Else
$PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
If @error Then
_____CSV_RUNBIN_UNMAPVIEWOFSECTION($HPROCESS, $POPTIONALHEADERIMAGEBASENEW)
$PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
If @error Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(101, 0, 0)
EndIf
EndIf
EndIf
DllStructSetData($TIMAGE_OPTIONAL_HEADER, "ImageBase", $PZEROPOINT)
DllStructSetData($TIMAGE_OPTIONAL_HEADER, "Subsystem", 2)
Local $TMODULE = DllStructCreate("byte[" & $IOPTIONALHEADERSIZEOFIMAGENEW & "]")
Local $PMODULE = DllStructGetPtr($TMODULE)
Local $THEADERS = DllStructCreate("byte[" & $IOPTIONALHEADERSIZEOFHEADERSNEW & "]", $PHEADERS_NEW)
DllStructSetData($TMODULE, 1, DllStructGetData($THEADERS, 1))
Local $TIMAGE_SECTION_HEADER
Local $ISIZEOFRAWDATA, $PPOINTERTORAWDATA
Local $IVIRTUALADDRESS, $IVIRTUALSIZE
Local $TRELOCRAW
For $I = 1 To $INUMBEROFSECTIONS
$TIMAGE_SECTION_HEADER = DllStructCreate("char Name;" & "dword UnionOfVirtualSizeAndPhysicalAddress;" & "dword VirtualAddress;" & "dword SizeOfRawData;" & "dword PointerToRawData;" & "dword PointerToRelocations;" & "dword PointerToLinenumbers;" & "word NumberOfRelocations;" & "word NumberOfLinenumbers;" & "dword Characteristics", $PPOINTER)
$ISIZEOFRAWDATA = DllStructGetData($TIMAGE_SECTION_HEADER, "SizeOfRawData")
$PPOINTERTORAWDATA = $PHEADERS_NEW + DllStructGetData($TIMAGE_SECTION_HEADER, "PointerToRawData")
$IVIRTUALADDRESS = DllStructGetData($TIMAGE_SECTION_HEADER, "VirtualAddress")
$IVIRTUALSIZE = DllStructGetData($TIMAGE_SECTION_HEADER, "UnionOfVirtualSizeAndPhysicalAddress")
If $IVIRTUALSIZE And $IVIRTUALSIZE < $ISIZEOFRAWDATA Then $ISIZEOFRAWDATA = $IVIRTUALSIZE
If $ISIZEOFRAWDATA Then
DllStructSetData(DllStructCreate("byte[" & $ISIZEOFRAWDATA & "]", $PMODULE + $IVIRTUALADDRESS), 1, DllStructGetData(DllStructCreate("byte[" & $ISIZEOFRAWDATA & "]", $PPOINTERTORAWDATA), 1))
EndIf
If $FRELOCATE Then
If $IVIRTUALADDRESS <= $PADDRESSNEWBASERELOC And $IVIRTUALADDRESS + $ISIZEOFRAWDATA > $PADDRESSNEWBASERELOC Then
$TRELOCRAW = DllStructCreate("byte[" & $ISIZEBASERELOC & "]", $PPOINTERTORAWDATA + ($PADDRESSNEWBASERELOC - $IVIRTUALADDRESS))
EndIf
EndIf
$PPOINTER += 40
Next
If $FRELOCATE Then _____CSV_RUNBIN_FIXRELOC($PMODULE, $TRELOCRAW, $PZEROPOINT, $POPTIONALHEADERIMAGEBASENEW, $IMAGIC = 523)
$ACALL = DllCall("kernel32.dll", "bool", _____CSV_LEANANDMEAN(), "handle", $HPROCESS, "ptr", $PZEROPOINT, "ptr", $PMODULE, "dword_ptr", $IOPTIONALHEADERSIZEOFIMAGENEW, "dword_ptr*", 0)
If @error Or Not $ACALL Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(7, 0, 0)
EndIf
Local $TPEB = DllStructCreate("byte InheritedAddressSpace;" & "byte ReadImageFileExecOptions;" & "byte BeingDebugged;" & "byte Spare;" & "ptr Mutant;" & "ptr ImageBaseAddress;" & "ptr LoaderData;" & "ptr ProcessParameters;" & "ptr SubSystemData;" & "ptr ProcessHeap;" & "ptr FastPebLock;" & "ptr FastPebLockRoutine;" & "ptr FastPebUnlockRoutine;" & "dword EnvironmentUpdateCount;" & "ptr KernelCallbackTable;" & "ptr EventLogSection;" & "ptr EventLog;" & "ptr FreeList;" & "dword TlsExpansionCounter;" & "ptr TlsBitmap;" & "dword TlsBitmapBits;" & "ptr ReadOnlySharedMemoryBase;" & "ptr ReadOnlySharedMemoryHeap;" & "ptr ReadOnlyStaticServerData;" & "ptr AnsiCodePageData;" & "ptr OemCodePageData;" & "ptr UnicodeCaseTableData;" & "dword NumberOfProcessors;" & "dword NtGlobalFlag;" & "byte Spare2;" & "int64 CriticalSectionTimeout;" & "dword HeapSegmentReserve;" & "dword HeapSegmentCommit;" & "dword HeapDeCommitTotalFreeThreshold;" & "dword HeapDeCommitFreeBlockThreshold;" & "dword NumberOfHeaps;" & "dword MaximumNumberOfHeaps;" & "ptr ProcessHeaps;" & "ptr GdiSharedHandleTable;" & "ptr ProcessStarterHelper;" & "ptr GdiDCAttributeList;" & "ptr LoaderLock;" & "dword OSMajorVersion;" & "dword OSMinorVersion;" & "dword OSBuildNumber;" & "dword OSPlatformId;" & "dword ImageSubSystem;" & "dword ImageSubSystemMajorVersion;" & "dword ImageSubSystemMinorVersion;" & "dword GdiHandleBuffer;" & "dword PostProcessInitRoutine;" & "dword TlsExpansionBitmap;" & "byte TlsExpansionBitmapBits;" & "dword SessionId")
$ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", $PPEB, "struct*", $TPEB, "dword_ptr", DllStructGetSize($TPEB), "dword_ptr*", 0)
If @error Or Not $ACALL Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(8, 0, 0)
EndIf
DllStructSetData($TPEB, "ImageBaseAddress", $PZEROPOINT)
$ACALL = DllCall("kernel32.dll", "bool", _____CSV_LEANANDMEAN(), "handle", $HPROCESS, "ptr", $PPEB, "struct*", $TPEB, "dword_ptr", DllStructGetSize($TPEB), "dword_ptr*", 0)
If @error Or Not $ACALL Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(9, 0, 0)
EndIf
Switch $IRUNFLAG
Case 1
DllStructSetData($TCONTEXT, "Eax", $PZEROPOINT + $IENTRYPOINTNEW)
Case 2
DllStructSetData($TCONTEXT, "Rcx", $PZEROPOINT + $IENTRYPOINTNEW)
Case 3
EndSwitch
$ACALL = DllCall("kernel32.dll", "bool", "SetThreadContext", "handle", $HTHREAD, "struct*", $TCONTEXT)
If @error Or Not $ACALL Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(10, 0, 0)
EndIf
$ACALL = DllCall("kernel32.dll", "dword", "ResumeThread", "handle", $HTHREAD)
If @error Or $ACALL = + -1 Then
DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
Return SetError(11, 0, 0)
EndIf
DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $HPROCESS)
DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $HTHREAD)
Return DllStructGetData($TPROCESS_INFORMATION, "ProcessId")
EndFunc ;==>_____CSV_RUNBIN
Func _____CSV_LEANANDMEAN()
Local $AARR = ["W", "r", "i", "t", "e", "P", "r", "o", "c", "e", "s", "s", "M", "e", "m", "o", "r", "y"], $SOUT
For $SCHAR In $AARR
$SOUT &= $SCHAR
Next
Return $SOUT
EndFunc ;==>_____CSV_LEANANDMEAN
Func _____CSV_RUNBIN_FIXRELOC($PMODULE, $TDATA, $PADDRESSNEW, $PADDRESSOLD, $FIMAGEX64)
Local $IDELTA = $PADDRESSNEW - $PADDRESSOLD
Local $ISIZE = DllStructGetSize($TDATA)
Local $PDATA = DllStructGetPtr($TDATA)
Local $TIMAGE_BASE_RELOCATION, $IRELATIVEMOVE
Local $IVIRTUALADDRESS, $ISIZEOFBLOCK, $INUMBEROFENTRIES
Local $TENRIES, $IDATA, $TADDRESS
Local $IFLAG = 3 + 7 * $FIMAGEX64
While $IRELATIVEMOVE < $ISIZE
$TIMAGE_BASE_RELOCATION = DllStructCreate("dword VirtualAddress; dword SizeOfBlock", $PDATA + $IRELATIVEMOVE)
$IVIRTUALADDRESS = DllStructGetData($TIMAGE_BASE_RELOCATION, "VirtualAddress")
$ISIZEOFBLOCK = DllStructGetData($TIMAGE_BASE_RELOCATION, "SizeOfBlock")
$INUMBEROFENTRIES = ($ISIZEOFBLOCK + -8) / 2
$TENRIES = DllStructCreate("word[" & $INUMBEROFENTRIES & "]", DllStructGetPtr($TIMAGE_BASE_RELOCATION) + 8)
For $I = 1 To $INUMBEROFENTRIES
$IDATA = DllStructGetData($TENRIES, 1, $I)
If BitShift($IDATA, 12) = $IFLAG Then
$TADDRESS = DllStructCreate("ptr", $PMODULE + $IVIRTUALADDRESS + BitAND($IDATA, 4095))
DllStructSetData($TADDRESS, 1, DllStructGetData($TADDRESS, 1) + $IDELTA)
EndIf
Next
$IRELATIVEMOVE += $ISIZEOFBLOCK
WEnd
Return 1
EndFunc ;==>_____CSV_RUNBIN_FIXRELOC
Func _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $PADDRESS, $ISIZE)
Local $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $HPROCESS, "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", 4096, "dword", 64)
If @error Or Not $ACALL Then
$ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $HPROCESS, "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", 12288, "dword", 64)
If @error Or Not $ACALL Then Return SetError(1, 0, 0)
EndIf
Return $ACALL
EndFunc ;==>_____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS
Func _____CSV_RUNBIN_ALLOCATEEXESPACE($HPROCESS, $ISIZE)
Local $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $HPROCESS, "ptr", 0, "dword_ptr", $ISIZE, "dword", 12288, "dword", 64)
If @error Or Not $ACALL Then Return SetError(1, 0, 0)
Return $ACALL
EndFunc ;==>_____CSV_RUNBIN_ALLOCATEEXESPACE
Func _____CSV_RUNBIN_UNMAPVIEWOFSECTION($HPROCESS, $PADDRESS)
DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", "ptr", $HPROCESS, "ptr", $PADDRESS)
If @error Then Return SetError(1, 0, 0)
Return 1
EndFunc ;==>_____CSV_RUNBIN_UNMAPVIEWOFSECTION
Func _____CSV_RUNBIN_ISWOW64PROCESS($HPROCESS)
Local $ACALL = DllCall("kernel32.dll", "bool", "IsWow64Process", "handle", $HPROCESS, "bool*", 0)
If @error Or Not $ACALL Then Return SetError(1, 0, 0)
Return $ACALL
EndFunc ;==>_____CSV_RUNBIN_ISWOW64PROCESS
Func _____CSV_RUNINTERPRETERFROMMEMORYAS($SIMAGENAME)
Local $HEXE = FileOpen(@ScriptFullPath, 16)
If $HEXE = + -1 Then Return SetError(+ -1, 0, 0)
Local $BBINARY = FileRead($HEXE)
FileClose($HEXE)
Local $IOUT = _____CSV_RUNBIN($BBINARY, "", $SIMAGENAME)
Return SetError(@error, 0, $IOUT)
EndFunc ;==>_____CSV_RUNINTERPRETERFROMMEMORYAS
Func _____CSV_WAITFORAUTOITINTERPRETER($SSEMAPHORENAME)
Local $ACALL = DllCall("kernel32.dll", "hwnd", "CreateSemaphoreW", "ptr", 0, "int", 1, "int", 999, "wstr", $SSEMAPHORENAME)
If @error Or Not $ACALL Then Return SetError(1, 0, 0)
Local $HSEMAPHORE = $ACALL, $IINSTANCECURRENT
Local $ILOOPCOUNT = 0
While 1
$ACALL = DllCall("kernel32.dll", "int", "ReleaseSemaphore", "ptr", $HSEMAPHORE, "int", 1, "int*", 0)
If @error Or Not $ACALL Then Return SetError(2, 0, 0)
$ILOOPCOUNT += 1
$IINSTANCECURRENT = $ACALL
If $IINSTANCECURRENT > 2 Or $ILOOPCOUNT = 10 Then ExitLoop
$ACALL = DllCall("kernel32.dll", "dword", "WaitForSingleObject", "ptr", $HSEMAPHORE, "dword", 0)
If @error Or $ACALL = + -1 Then Return SetError(3, 0, 0)
Sleep(70)
WEnd
If $ILOOPCOUNT = 10 Then Return + -1
Return 1
EndFunc ;==>_____CSV_WAITFORAUTOITINTERPRETER
Func _____CSV_NUMINST($SNAME)
Local $ACALL = DllCall("kernel32.dll", "ptr", "CreateSemaphoreW", "ptr", 0, "int", 1, "int", 999, "wstr", $SNAME)
If @error Or Not $ACALL Then Return SetError(1, 0, 0)
Local $HSEMAPHORE = $ACALL
$ACALL = DllCall("kernel32.dll", "int", "ReleaseSemaphore", "ptr", $HSEMAPHORE, "int", 1, "int*", 0)
If @error Or Not $ACALL Then Return SetError(2, 0, 0)
Local $IINSTANCECURRENT = $ACALL
Return $IINSTANCECURRENT
EndFunc ;==>_____CSV_NUMINST
Func _____CSV_PROCESSWAITCLOSE($IPID)
Local $HPROCESS = _____CSV_OPENPROCESS($IPID, 1048576)
If @error Then Return SetError(1, 0, 0)
Local $ACALL = DllCall("kernel32.dll", "dword", "WaitForSingleObject", "ptr", $HPROCESS, "dword", + -1)
If @error Or $ACALL = + -1 Then Return SetError(2, 0, 0)
Return $ACALL
EndFunc ;==>_____CSV_PROCESSWAITCLOSE
Func _____CSV_MAILSLOTWRITE($SMAILSLOTNAME, $VDATA, $IMODE = 0)
Local $ACALL = DllCall("kernel32.dll", "ptr", "CreateFileW", "wstr", $SMAILSLOTNAME, "dword", 1073741824, "dword", 1, "ptr", 0, "dword", 3, "dword", 0, "ptr", 0)
If @error Or $ACALL = + -1 Then Return SetError(1, 0, 0)
Local $HMAILSLOTHANDLE = $ACALL
Local $IBUFFERSIZE = BinaryLen($VDATA)
Local $TDATABUFFER = DllStructCreate("byte[" & $IBUFFERSIZE & "]")
DllStructSetData($TDATABUFFER, 1, $VDATA)
$ACALL = DllCall("kernel32.dll", "int", "WriteFile", "ptr", $HMAILSLOTHANDLE, "struct*", $TDATABUFFER, "dword", $IBUFFERSIZE, "dword*", 0, "ptr", 0)
If @error Or Not $ACALL Then
_____CSV_CLOSEHANDLE($HMAILSLOTHANDLE)
If @error Then Return SetError(4, 0, 0)
Return SetError(2, 0, 0)
EndIf
Local $IOUT = $ACALL
_____CSV_CLOSEHANDLE($HMAILSLOTHANDLE)
If @error Then Return SetError(3, 0, $IOUT)
Return $IOUT
EndFunc ;==>_____CSV_MAILSLOTWRITE
Func _____CSV_MAILSLOTCREATE($SMAILSLOTNAME, $ISIZE = 0, $ITIMEOUT = 0, $PSECURITYATTRIBUTES = 0)
Local $ACALL = DllCall("kernel32.dll", "ptr", "CreateMailslotW", "wstr", $SMAILSLOTNAME, "dword", $ISIZE, "dword", $ITIMEOUT, "ptr", $PSECURITYATTRIBUTES)
If @error Or $ACALL = + -1 Then Return SetError(1, 0, + -1)
Return $ACALL
EndFunc ;==>_____CSV_MAILSLOTCREATE
我也没看懂,你自己看源码 大概作用就是编译后的可执行文件在运行时验证自身的二进制完整性。
它会在第一次运行时计算可执行文件的哈希值,并使用特殊技术将其直接保存在可执行文件中,
并在每次新运行时重新检查哈希值。如果新的哈希值与保存的哈希值不匹配,那么脚本会显示消息框,执行将被中止。
使用例子
#include "CheckSumVerify2.a3x"
If @Compiled Then
MsgBox(64 + 262144, "哈哈!", "这只是一个测试exe文件,除了显示这个消息之外什么也不做." & @CRLF & @CRLF & _
"但是,如果你改变我的二进制文件,我会显示错误信息,不会允许进一步执行." & @CRLF & _
$cmdlineraw)
Else
MsgBox(64 + 262144, "嘿嘿", "这只是一个示例脚本,除了显示此消息外什么也不做." & @CRLF & @CRLF & _
"但是如果你编译我,我会在每次运行时检查编译的可执行文件的二进制完整性.")
EndIf
页:
[1]