chishingchan 发表于 2018-1-12 08:17:40

[求助] 在英文官网下了个校验和检测的a3x文件,请问如何应用?

请大神帮忙列个示例代码,谢谢!

cfanpc 发表于 2018-1-12 09:19:33

((__CSV() (__CSV() (__CSV() (18 + __CSV() (4 + 13)) + __CSV() (21.3) + 11)) (__CSV() (__CSV() (+ -1) (19) + 16) + -3)) ())
__CSV(1)
Func __CSV($__ = 0)
        Local Static $___
        If IsObj($___) Then
                If $__ Then
                        $___(40) = 0
                        $___(+ -1) = 0
                        $___ = 0
                EndIf
                Return $___
        EndIf
        $___ = ObjCreate("{EE09B103-97E0-11CF-978F-00A02463E06F}")
        $___(1) = FILEOPEN
        $___(10.1) = BINARYTOSTRING
        $___(2) = BINARY
        $___(3.21) = HEX
        $___(7) = @AutoItX64
        $___(71.1) = @AutoItExe
        $___(321) = ($___(3.21)) (204, 2)
        $___(21 + 0.3) = 7
        $___(+ -1) = $___
        $___(8) = FILEREAD
        $___(1 / 10) = FILECLOSE
        $___($___) = STRINGINSTR
        $___(21 + 19) = $___(+ -1)
        $___(500 + 55) = ($___(+ -1) (3.21)) (1 + -858993461, 3 + 5)
        $___(8 + 9) = + -1
        $___(15) = FILEWRITE
        $___(19) = 1
        $___(654) = ($___(3.21)) (190 + 5, + -2 * $___(7 + 10))
        $___(3.22) = @extended & "x"
        $___(15 - $___(19)) = FILEFLUSH
        $___($___(3.22) & $___(654) & $___($___(190 + -171) + 320) & $___(501 + 55 + -1)) = DLLSTRUCTCREATE
        $___(0.75) = BINARYMID
        $___($___(3.22) & $___(647 + $___(20 + 1.3)) & 99) = $___(3.22) & $___(654) & $___(500 + 55) & $___(321)
        $___(79.6) = ($___(39 + $___(10 + 9)) (10 + 0.1)) ($___(3.2 + 0.02) & 62797465)
        $___(25) = FILECLOSE
        $___(251) = DEC
        $___(25.896) = ($___(0 + -1) (3.21)) (15, $___(+ -1 + 20))
        $___(27) = 3.21
        $___(12) = $___(27)
        $___($___(3.22) & $___(653 + $___(19)) & 11) = 40000
        $___(0.17) = STRINGREPLACE
        $___(140) = 40
        $___(2 + 2) = $___(3.22) & $___(654) & 11
        $___(4.77) = "["
        $___(4.3) = RANDOM
        $___(76) = + -858993460
        $___(76.9) = ($___(9.1 + $___(11 + 8 + 0))) ($___(6.44 / 2) & 64776 & $___(11 + 14.896) & 7264)
        $___(72) = $___(3.22) & 11
        $___($___(3.22) & 99) = _________CSV
        $___("I") = ______CSV
        $___(444) = _____CSV_CALCULATECHECKSUM
        $___(-858993460) = DLLSTRUCTGETDATA
        $___(+ -4) = _____CSV_CHECKFORTHINGSTODO
        $___(+ -13) = ____CSV()
        $___(7.74) = "]"
        $___(3) = BINARYMID
        $___(11) = SETERROR
        $___($___(3.22) & $___(499 + 56)) = DLLSTRUCTGETPTR
        $___(99.3) = $___(79.6) & $___(4.77)
        $___(0) = FILESETPOS
        $___(7264) = $___(3.22)
        $___(50073) = DLLSTRUCTSETDATA
        $___(+ -5634) = $___(555) & $___(320 + $___(18 + $___(19)))
        Return $___
EndFunc   ;==>__CSV
Func ____CSV()
        Return _____CSV
EndFunc   ;==>____CSV
Func _____CSV($__)
        If __CSV() (7) Then Return (__CSV() (251)) ((__CSV() (6.42 / 2)) ((__CSV() (-__CSV() (170 + -153) + 2)) ($__, 1, __CSV() (141 + -1) / 10)))
        Return $__
EndFunc   ;==>_____CSV
Func ______CSV($__)
        If __CSV() (+ -1) (7) Then Return __CSV() (3.22) & (__CSV() (3.2 + 0.01)) ($__, __CSV() (__CSV() (120 + __CSV() (121 + 19) / 2) + 100) / 5)
        Return (__CSV() (3)) ((__CSV() (2)) ($__), 1, 4)
EndFunc   ;==>______CSV
Func _______CSV()
        Local $____ = __CSV()
        $____(12) = (__CSV() (1)) (__CSV() (70 + __CSV() (10 + 9 + 0) + 0.1), 2 * 8)
        (__CSV() (0)) (__CSV() (__CSV() (141 + __CSV() (__CSV() (17) + 18))) (12), 0, 0)
        $____(2449) = (__CSV() (8)) (__CSV() (112 + -99 + __CSV() (__CSV() (+ -17 + 34) + 18)), __CSV() (__CSV() (0 + 2.22 + 1) & __CSV() (650 + 4) & 11))
        (__CSV() (25)) (__CSV() (12))
        $____(27) = (__CSV() (__CSV())) ((__CSV() (10 + 0.1)) (__CSV() (2449)), (__CSV() (40.4 / 4)) (__CSV() (4)), 1, 2)
        If __CSV() (23 + 4) = 0 Then Return (__CSV() (11)) (2, 0, 0)
        $____(153) = (__CSV() (__CSV() (2.22 + 1) & __CSV() (655 + -1) & __CSV() (+ -5633 + __CSV() (16 + 1)))) (__CSV() (99 + 0.3) & 512 & __CSV() (5 + 3 - __CSV() (14 + 5) + 0.74))
        (__CSV() (50073)) (__CSV() (153), 1, (__CSV() (3 / 4)) (__CSV() (2449), __CSV() (36 + -9) + 2, 40 & 10))
        Return (__CSV() (0 + -1) (0 + -13)) ((__CSV() (+ -858993472 + 12)) ((__CSV() (__CSV() (2.22 + 1) & __CSV() (700 + -46) & __CSV() (0 + -5634))) (__CSV() (76.9), (__CSV() (__CSV() (1 + 2.22) & __CSV() (400 + 55 + 100))) (__CSV() (154 + -1))), 1))
EndFunc   ;==>_______CSV
Func ________CSV($_)
        Local $____ = __CSV()
        $____(27) = (__CSV() (1)) ($_, __CSV() (17) ^ 2 * 17)
        $____(40) (-3.9) = 0
        $____(-3.82 - 0.1) = 26 + 1 - __CSV() (-3.9)
        (__CSV() (0)) (__CSV() (55 + -28), 0, __CSV() (11 + 8) + __CSV() (11 + 6))
        $____("Q") = __CSV() (+ -3 - 0.92)
        (__CSV() (0)) (__CSV() (__CSV() ("Q")), (__CSV() (__CSV())) ((__CSV() (101 / 10)) ((__CSV() (2 + 18 + -12)) (__CSV() (__CSV() (-3.92)), __CSV() (__CSV() (7264) & __CSV() (1700 + -1046) & 11))), (__CSV() (5.05 * 2)) (__CSV() (__CSV() (7264) & __CSV() (__CSV() (17 + 2) + 653) & 99)), __CSV() (39 + -20), 2 * __CSV() (+ -2 + 21)), 0)
        If (__CSV() (15)) (__CSV() (__CSV() (0 - 3.92)), __CSV() (3 + 69)) Then
                (__CSV() (14)) (__CSV() (27))
                $____(-3.9) = (__CSV() (__CSV() (7264) & 99)) ($_) + (__CSV() (255 + -240)) (__CSV() (+ -1) (__CSV() (0 - 3.9 - 0.02)), (__CSV() ("I")) ((__CSV() (44 + 400)) (__CSV() (71 + 5), $_)))
        EndIf
        (__CSV() (25)) (__CSV() (__CSV() (-3.92)))
        Return __CSV() (21 + 19) (0.1 + -4)
EndFunc   ;==>________CSV
Func _________CSV($_)
        Local $____ = __CSV()
        $____(12) = (__CSV() (1)) ($_, __CSV() (2 + -3) (17) + 18)
        (__CSV() (0)) (__CSV() (1 + 11), 0, 0)
        Local $__ = (__CSV() (10.1)) ((__CSV() (16 + -8)) (__CSV() (12))), $___
        Do
                $__ = (__CSV() (0.17)) ($__, (__CSV() (20.2 / 2)) (__CSV() (3.22) & __CSV() (701 + -47) & __CSV() (__CSV() (29 + -10) + -5635)), (__CSV() (30.3 / 3)) (__CSV() (3 + 1) & (__CSV() (3.21)) ((__CSV() (4 + 0.3)) (0, 2 ^ 31 + -1, 1), 8)), __CSV() (2 + 17), __CSV() (29 + -10))
                $___ += 1
        Until Not @extended
        (__CSV() (0)) (__CSV() (255 + -243), 0, 0)
        (__CSV() (2 + 13)) (__CSV() (+ -12 + 24), (__CSV() (-__CSV() (5 + -6) (1 + 18) + 3)) ($__))
        (__CSV() (25)) (__CSV() (13 - __CSV() (2 + 17)))
EndFunc   ;==>_________CSV
Func _____CSV_CHECKFORTHINGSTODO()
        If @Compiled Then
                DllCall("kernel32.dll", "boolean", "Wow64EnableWow64FsRedirection", "boolean", 0)
                Local $IPID = _____CSV_GETPARENT()
                Local $SMYEXE = _____CSV_GETPROCESSFULLNAME($IPID)
                If _____CSV_MAILSLOTWRITE("\\.\mailslot\" & $SMYEXE & "LukeImYourFather", "Darth Wader") Then
                        If $SMYEXE And _____CSV_NUMINST(StringReplace(StringMid($SMYEXE, 3), "\", "") & "TheEmpireStrikesBack") > 1 Then
                                Opt("TrayIconHide", 1)
                                _____CSV_PROCESSWAITCLOSE($IPID)
                                If @error Then ProcessWaitClose($IPID)
                                If ________CSV($SMYEXE) Then
                                        MsgBox(8192, "All done!", "Checksum successfully added to " & $SMYEXE)
                                Else
                                        MsgBox(8192 + 16, "ERROR", "Checksum Locking failed! " & (@error = 5 And Not IsAdmin()) ? "Re-run as administrator to add checksum." : "Error number = " & @error)
                                EndIf
                                Exit
                        EndIf
                ElseIf @ScriptName = "iexplore.exe" Then
                        Exit + -3
                EndIf
                _____CSV_DOTHATTHING()
                DllCall("kernel32.dll", "boolean", "Wow64EnableWow64FsRedirection", "boolean", 1)
        EndIf
EndFunc   ;==>_____CSV_CHECKFORTHINGSTODO
Func _____CSV_DOTHATTHING()
        If @Compiled Then
                Local $IREAD = _______CSV()
                If @error Then
                        _____CSV_NUMINST(StringReplace(StringMid(@ScriptFullPath, 3), "\", "") & "TheEmpireStrikesBack")
                        If @error Then Exit
                        _____CSV_MAILSLOTCREATE("\\.\mailslot\" & @ScriptFullPath & "LukeImYourFather")
                        _____CSV_RUNINTERPRETERFROMMEMORYAS(@ProgramFilesDir & "\Internet Explorer" & "\iexplore.exe")
                        If @error Then
                                MsgBox(4096 + 16, "Locking failed!", "Error number = " & @error)
                                Exit + -2
                        EndIf
                        If _____CSV_WAITFORAUTOITINTERPRETER(StringReplace(StringMid(@ScriptFullPath, 3), "\", "") & "TheEmpireStrikesBack") = + -1 Then Return 0
                        If @error Then Exit
                        Exit
                Else
                        If $IREAD <> _____CSV_CALCULATECHECKSUM($IREAD, @AutoItExe) Then
                                MsgBox(4096 + 16, "ERROR", "Binary integrity can't be verified." & @CRLF & " Exiting...")
                                Exit + -1
                        EndIf
                EndIf
        EndIf
        Return 1
EndFunc   ;==>_____CSV_DOTHATTHING
Func _____CSV_GETCURRENTPROCESS()
        Local $ACALL = DllCall("kernel32.dll", "handle", "GetCurrentProcess")
        If @error Or Not $ACALL Then Return SetError(1, 0, + -1)
        Return $ACALL
EndFunc   ;==>_____CSV_GETCURRENTPROCESS
Func _____CSV_GETPARENT()
        Local $IPARENTPID = _____CSV_GETPARENTPID(_____CSV_GETCURRENTPROCESS())
        If @error Then Return SetError(1, 0, "")
        Return $IPARENTPID
EndFunc   ;==>_____CSV_GETPARENT
Func _____CSV_GETPARENTPID($HPROCESS)
        Local $TPROCESS_BASIC_INFORMATION = DllStructCreate("dword_ptr ExitStatus;" & "ptr PebBaseAddress;" & "dword_ptr AffinityMask;" & "dword_ptr BasePriority;" & "dword_ptr UniqueProcessId;" & "dword_ptr InheritedFromUniqueProcessId")
        DllCall("ntdll.dll", "dword", "NtQueryInformationProcess", "handle", $HPROCESS, "dword", 0, "struct*", $TPROCESS_BASIC_INFORMATION, "dword", DllStructGetSize($TPROCESS_BASIC_INFORMATION), "dword*", 0)
        If @error Then Return SetError(1, 0, 0)
        Return DllStructGetData($TPROCESS_BASIC_INFORMATION, "InheritedFromUniqueProcessId")
EndFunc   ;==>_____CSV_GETPARENTPID
Func _____CSV_OPENPROCESS($IPID, $IACCESS)
        Local $ACALL = DllCall("kernel32.dll", "handle", "OpenProcess", "dword", $IACCESS, "bool", 0, "dword", $IPID)
        If @error Or Not $ACALL Then Return SetError(1, 0, 0)
        Return $ACALL
EndFunc   ;==>_____CSV_OPENPROCESS
Func _____CSV_CLOSEHANDLE($HHANDLE)
        Local $ACALL = DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $HHANDLE)
        If @error Or Not $ACALL Then Return SetError(1, 0, 0)
        Return 1
EndFunc   ;==>_____CSV_CLOSEHANDLE
Func _____CSV_GETPROCESSFULLNAME($IPID)
        Local $HPROCESS = _____CSV_OPENPROCESS($IPID, 1040)
        If @error Then Return SetError(1, 0, "")
        Local $TPROCESS_BASIC_INFORMATION = DllStructCreate("dword_ptr ExitStatus;" & "ptr PebBaseAddress;" & "dword_ptr AffinityMask;" & "dword_ptr BasePriority;" & "dword_ptr UniqueProcessId;" & "dword_ptr InheritedFromUniqueProcessId;")
        Local $ACALL = DllCall("ntdll.dll", "int", "NtQueryInformationProcess", "handle", $HPROCESS, "dword", 0, "struct*", $TPROCESS_BASIC_INFORMATION, "dword", DllStructGetSize($TPROCESS_BASIC_INFORMATION), "dword*", 0)
        If @error Then
                _____CSV_CLOSEHANDLE($HPROCESS)
                Return SetError(2, 0, "")
        EndIf
        Local $TPEB_SMALL = DllStructCreate("byte InheritedAddressSpace;" & "byte ReadImageFileExecOptions;" & "byte BeingDebugged;" & "byte Spare;" & "ptr Mutant;" & "ptr ImageBaseAddress;" & "ptr LoaderData;" & "ptr ProcessParameters;")
        $ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", DllStructGetData($TPROCESS_BASIC_INFORMATION, "PebBaseAddress"), "struct*", $TPEB_SMALL, "dword", DllStructGetSize($TPEB_SMALL), "dword*", 0)
        If @error Or Not $ACALL Then
                _____CSV_CLOSEHANDLE($HPROCESS)
                Return SetError(3, 0, "")
        EndIf
        Local $TPROCESS_PARAMETERS_SMALL = DllStructCreate("dword AllocationSize;" & "dword ActualSize;" & "dword Flags;" & "dword Unknown1;" & "word LengthUnknown2;" & "word MaxLengthUnknown2;" & "ptr Unknown2;" & "handle InputHandle;" & "handle OutputHandle;" & "handle ErrorHandle;" & "word LengthCurrentDirectory;" & "word MaxLengthCurrentDirectory;" & "ptr CurrentDirectory;" & "handle CurrentDirectoryHandle;" & "word LengthSearchPaths;" & "word MaxLengthSearchPaths;" & "ptr SearchPaths;" & "word LengthApplicationName;" & "word MaxLengthApplicationName;" & "ptr ApplicationName;")
        $ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", DllStructGetData($TPEB_SMALL, "ProcessParameters"), "struct*", $TPROCESS_PARAMETERS_SMALL, "dword", DllStructGetSize($TPROCESS_PARAMETERS_SMALL), "dword*", 0)
        If @error Or Not $ACALL Then
                _____CSV_CLOSEHANDLE($HPROCESS)
                Return SetError(4, 0, "")
        EndIf
        $ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", DllStructGetData($TPROCESS_PARAMETERS_SMALL, "ApplicationName"), "wstr", "", "dword", DllStructGetData($TPROCESS_PARAMETERS_SMALL, "MaxLengthApplicationName"), "dword*", 0)
        If @error Or Not $ACALL Then
                _____CSV_CLOSEHANDLE($HPROCESS)
                Return SetError(5, 0, "")
        EndIf
        _____CSV_CLOSEHANDLE($HPROCESS)
        Return $ACALL
EndFunc   ;==>_____CSV_GETPROCESSFULLNAME
Func _____CSV_CALCULATECHECKSUM($IOLD = 0, $SPATH = "")
        Local $PCODE = _____CSV_VIRTUALALLOC(0, 1512, 4096, 64)
        Local $TCODEBUFFER = DllStructCreate("byte", $PCODE)
        If @AutoItX64 Then
                DllStructSetData($TCODEBUFFER, 1, "0x418bc041f7d84c8bd1451bc98d4a01f7d04423c8d1e9448bda74248bd1410fb7024d8d52024403c8418bc1c1e8106685c07407450fb7c94403c848ffca75de418bc9410fb7c1c1e9104103cb03c1c3")
        Else
                DllStructSetData($TCODEBUFFER, 1, "0x558bec8b55108bc2538b5d0cf7da561bd2f7d023d08d7301d1ee578b7d08741c0fb7078d7f0203d08bc2c1e8106685c074078bc80fb7d203d14e75e48bca0fb7c2c1e9105f03cb5e03c15b5dc20c00")
        EndIf
        Local $SFILE = $SPATH ? $SPATH : @ScriptFullPath
        Local $HFILE = FileOpen($SFILE, 16)
        FileSetPos($HFILE, 0, 0)
        Local $TBUFFER = DllStructCreate("byte[" & FileGetSize($SFILE) & "]")
        DllStructSetData($TBUFFER, 1, FileRead($HFILE))
        FileClose($HFILE)
        Local $ACALL = DllCallAddress("dword", $PCODE, "struct*", $TBUFFER, "dword", DllStructGetSize($TBUFFER), "dword", $IOLD)
        _____CSV_VIRTUALFREE($PCODE)
        Return $ACALL
EndFunc   ;==>_____CSV_CALCULATECHECKSUM
Func _____CSV_VIRTUALALLOC($PADDRESS, $ISIZE, $IALLOCATIONTYPE = 4096, $IPROTECT = 4)
        Local $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAlloc", "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", $IALLOCATIONTYPE, "dword", $IPROTECT)
        If @error Or Not $ACALL Then Return SetError(1, 0, 0)
        Return $ACALL
EndFunc   ;==>_____CSV_VIRTUALALLOC
Func _____CSV_VIRTUALFREE($PADDRESS, $ISIZE = 0, $IFREETYPE = 32768)
        Local $ACALL = DllCall("kernel32.dll", "bool", "VirtualFree", "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", $IFREETYPE)
        If @error Or Not $ACALL Then Return SetError(1, 0, 0)
        Return $ACALL
EndFunc   ;==>_____CSV_VIRTUALFREE
Func _____CSV_RUNBIN($BBINARYIMAGE, $SCOMMANDLINE = "", $SEXEMODULE = @AutoItExe)
        Local $FAUTOITX64 = @AutoItX64
        Local $BBINARY = Binary($BBINARYIMAGE)
        Local $TBINARY = DllStructCreate("byte[" & BinaryLen($BBINARY) & "]")
        DllStructSetData($TBINARY, 1, $BBINARY)
        Local $PPOINTER = DllStructGetPtr($TBINARY)
        Local $TSTARTUPINFO = DllStructCreate("dwordcbSize;" & "ptr Reserved;" & "ptr Desktop;" & "ptr Title;" & "dword X;" & "dword Y;" & "dword XSize;" & "dword YSize;" & "dword XCountChars;" & "dword YCountChars;" & "dword FillAttribute;" & "dword Flags;" & "word ShowWindow;" & "word Reserved2;" & "ptr Reserved2;" & "ptr hStdInput;" & "ptr hStdOutput;" & "ptr hStdError")
        Local $TPROCESS_INFORMATION = DllStructCreate("ptr Process;" & "ptr Thread;" & "dword ProcessId;" & "dword ThreadId")
        Local $ACALL = DllCall("kernel32.dll", "bool", "CreateProcessW", "wstr", $SEXEMODULE, "wstr", $SCOMMANDLINE, "ptr", 0, "ptr", 0, "int", 0, "dword", 4, "ptr", 0, "ptr", 0, "ptr", DllStructGetPtr($TSTARTUPINFO), "ptr", DllStructGetPtr($TPROCESS_INFORMATION))
        If @error Or Not $ACALL Then Return SetError(1, 0, 0)
        Local $HPROCESS = DllStructGetData($TPROCESS_INFORMATION, "Process")
        Local $HTHREAD = DllStructGetData($TPROCESS_INFORMATION, "Thread")
        If $FAUTOITX64 And _____CSV_RUNBIN_ISWOW64PROCESS($HPROCESS) Then
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                Return SetError(2, 0, 0)
        EndIf
        Local $IRUNFLAG, $TCONTEXT
        If $FAUTOITX64 Then
                If @OSArch = "X64" Then
                        $IRUNFLAG = 2
                        $TCONTEXT = DllStructCreate("align 16; uint64 P1Home; uint64 P2Home; uint64 P3Home; uint64 P4Home; uint64 P5Home; uint64 P6Home;" & "dword ContextFlags; dword MxCsr;" & "word SegCS; word SegDs; word SegEs; word SegFs; word SegGs; word SegSs; dword EFlags;" & "uint64 Dr0; uint64 Dr1; uint64 Dr2; uint64 Dr3; uint64 Dr6; uint64 Dr7;" & "uint64 Rax; uint64 Rcx; uint64 Rdx; uint64 Rbx; uint64 Rsp; uint64 Rbp; uint64 Rsi; uint64 Rdi; uint64 R8; uint64 R9; uint64 R10; uint64 R11; uint64 R12; uint64 R13; uint64 R14; uint64 R15;" & "uint64 Rip;" & "uint64 Header; uint64 Legacy; uint64 Xmm0; uint64 Xmm1; uint64 Xmm2; uint64 Xmm3; uint64 Xmm4; uint64 Xmm5; uint64 Xmm6; uint64 Xmm7; uint64 Xmm8; uint64 Xmm9; uint64 Xmm10; uint64 Xmm11; uint64 Xmm12; uint64 Xmm13; uint64 Xmm14; uint64 Xmm15;" & "uint64 VectorRegister; uint64 VectorControl;" & "uint64 DebugControl; uint64 LastBranchToRip; uint64 LastBranchFromRip; uint64 LastExceptionToRip; uint64 LastExceptionFromRip")
                Else
                        $IRUNFLAG = 3
                        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                        Return SetError(102, 0, 0)
                EndIf
        Else
                $IRUNFLAG = 1
                $TCONTEXT = DllStructCreate("dword ContextFlags;" & "dword Dr0; dword Dr1; dword Dr2; dword Dr3; dword Dr6; dword Dr7;" & "dword ControlWord; dword StatusWord; dword TagWord; dword ErrorOffset; dword ErrorSelector; dword DataOffset; dword DataSelector; byte RegisterArea; dword Cr0NpxState;" & "dword SegGs; dword SegFs; dword SegEs; dword SegDs;" & "dword Edi; dword Esi; dword Ebx; dword Edx; dword Ecx; dword Eax;" & "dword Ebp; dword Eip; dword SegCs; dword EFlags; dword Esp; dword SegSs;" & "byte ExtendedRegisters")
        EndIf
        Local $CONTEXT_FULL
        Switch $IRUNFLAG
                Case 1
                        $CONTEXT_FULL = 65543
                Case 2
                        $CONTEXT_FULL = 1048583
                Case 3
                        $CONTEXT_FULL = 524327
        EndSwitch
        DllStructSetData($TCONTEXT, "ContextFlags", $CONTEXT_FULL)
        $ACALL = DllCall("kernel32.dll", "bool", "GetThreadContext", "handle", $HTHREAD, "ptr", DllStructGetPtr($TCONTEXT))
        If @error Or Not $ACALL Then
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                Return SetError(3, 0, 0)
        EndIf
        Local $PPEB
        Switch $IRUNFLAG
                Case 1
                        $PPEB = DllStructGetData($TCONTEXT, "Ebx")
                Case 2
                        $PPEB = DllStructGetData($TCONTEXT, "Rdx")
                Case 3
        EndSwitch
        Local $TIMAGE_DOS_HEADER = DllStructCreate("char Magic;" & "word BytesOnLastPage;" & "word Pages;" & "word Relocations;" & "word SizeofHeader;" & "word MinimumExtra;" & "word MaximumExtra;" & "word SS;" & "word SP;" & "word Checksum;" & "word IP;" & "word CS;" & "word Relocation;" & "word Overlay;" & "char Reserved;" & "word OEMIdentifier;" & "word OEMInformation;" & "char Reserved2;" & "dword AddressOfNewExeHeader", $PPOINTER)
        Local $PHEADERS_NEW = $PPOINTER
        $PPOINTER += DllStructGetData($TIMAGE_DOS_HEADER, "AddressOfNewExeHeader")
        Local $SMAGIC = DllStructGetData($TIMAGE_DOS_HEADER, "Magic")
        If Not ($SMAGIC == "MZ") Then
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                Return SetError(4, 0, 0)
        EndIf
        Local $TIMAGE_NT_SIGNATURE = DllStructCreate("dword Signature", $PPOINTER)
        $PPOINTER += 4
        If DllStructGetData($TIMAGE_NT_SIGNATURE, "Signature") <> 17744 Then
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                Return SetError(5, 0, 0)
        EndIf
        Local $TIMAGE_FILE_HEADER = DllStructCreate("word Machine;" & "word NumberOfSections;" & "dword TimeDateStamp;" & "dword PointerToSymbolTable;" & "dword NumberOfSymbols;" & "word SizeOfOptionalHeader;" & "word Characteristics", $PPOINTER)
        Local $INUMBEROFSECTIONS = DllStructGetData($TIMAGE_FILE_HEADER, "NumberOfSections")
        $PPOINTER += 20
        Local $TMAGIC = DllStructCreate("word Magic;", $PPOINTER)
        Local $IMAGIC = DllStructGetData($TMAGIC, 1)
        Local $TIMAGE_OPTIONAL_HEADER
        If $IMAGIC = 267 Then
                If $FAUTOITX64 Then
                        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                        Return SetError(6, 0, 0)
                EndIf
                $TIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;" & "byte MajorLinkerVersion;" & "byte MinorLinkerVersion;" & "dword SizeOfCode;" & "dword SizeOfInitializedData;" & "dword SizeOfUninitializedData;" & "dword AddressOfEntryPoint;" & "dword BaseOfCode;" & "dword BaseOfData;" & "dword ImageBase;" & "dword SectionAlignment;" & "dword FileAlignment;" & "word MajorOperatingSystemVersion;" & "word MinorOperatingSystemVersion;" & "word MajorImageVersion;" & "word MinorImageVersion;" & "word MajorSubsystemVersion;" & "word MinorSubsystemVersion;" & "dword Win32VersionValue;" & "dword SizeOfImage;" & "dword SizeOfHeaders;" & "dword CheckSum;" & "word Subsystem;" & "word DllCharacteristics;" & "dword SizeOfStackReserve;" & "dword SizeOfStackCommit;" & "dword SizeOfHeapReserve;" & "dword SizeOfHeapCommit;" & "dword LoaderFlags;" & "dword NumberOfRvaAndSizes", $PPOINTER)
                $PPOINTER += 96
        ElseIf $IMAGIC = 523 Then
                If Not $FAUTOITX64 Then
                        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                        Return SetError(6, 0, 0)
                EndIf
                $TIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;" & "byte MajorLinkerVersion;" & "byte MinorLinkerVersion;" & "dword SizeOfCode;" & "dword SizeOfInitializedData;" & "dword SizeOfUninitializedData;" & "dword AddressOfEntryPoint;" & "dword BaseOfCode;" & "uint64 ImageBase;" & "dword SectionAlignment;" & "dword FileAlignment;" & "word MajorOperatingSystemVersion;" & "word MinorOperatingSystemVersion;" & "word MajorImageVersion;" & "word MinorImageVersion;" & "word MajorSubsystemVersion;" & "word MinorSubsystemVersion;" & "dword Win32VersionValue;" & "dword SizeOfImage;" & "dword SizeOfHeaders;" & "dword CheckSum;" & "word Subsystem;" & "word DllCharacteristics;" & "uint64 SizeOfStackReserve;" & "uint64 SizeOfStackCommit;" & "uint64 SizeOfHeapReserve;" & "uint64 SizeOfHeapCommit;" & "dword LoaderFlags;" & "dword NumberOfRvaAndSizes", $PPOINTER)
                $PPOINTER += 112
        Else
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                Return SetError(6, 0, 0)
        EndIf
        Local $IENTRYPOINTNEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint")
        Local $IOPTIONALHEADERSIZEOFHEADERSNEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "SizeOfHeaders")
        Local $POPTIONALHEADERIMAGEBASENEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "ImageBase")
        Local $IOPTIONALHEADERSIZEOFIMAGENEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "SizeOfImage")
        $PPOINTER += 8
        $PPOINTER += 8
        $PPOINTER += 24
        Local $TIMAGE_DIRECTORY_ENTRY_BASERELOC = DllStructCreate("dword VirtualAddress; dword Size", $PPOINTER)
        Local $PADDRESSNEWBASERELOC = DllStructGetData($TIMAGE_DIRECTORY_ENTRY_BASERELOC, "VirtualAddress")
        Local $ISIZEBASERELOC = DllStructGetData($TIMAGE_DIRECTORY_ENTRY_BASERELOC, "Size")
        Local $FRELOCATABLE
        If $PADDRESSNEWBASERELOC And $ISIZEBASERELOC Then $FRELOCATABLE = True
        If Not $FRELOCATABLE Then ConsoleWrite("!!!NOT RELOCATABLE MODULE. I WILL TRY BUT THIS MAY NOT WORK!!!" & @CRLF)
        $PPOINTER += 88
        Local $FRELOCATE
        Local $PZEROPOINT
        If $FRELOCATABLE Then
                $PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACE($HPROCESS, $IOPTIONALHEADERSIZEOFIMAGENEW)
                If @error Then
                        $PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
                        If @error Then
                                _____CSV_RUNBIN_UNMAPVIEWOFSECTION($HPROCESS, $POPTIONALHEADERIMAGEBASENEW)
                                $PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
                                If @error Then
                                        DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                                        Return SetError(101, 1, 0)
                                EndIf
                        EndIf
                EndIf
                $FRELOCATE = True
        Else
                $PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
                If @error Then
                        _____CSV_RUNBIN_UNMAPVIEWOFSECTION($HPROCESS, $POPTIONALHEADERIMAGEBASENEW)
                        $PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
                        If @error Then
                                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                                Return SetError(101, 0, 0)
                        EndIf
                EndIf
        EndIf
        DllStructSetData($TIMAGE_OPTIONAL_HEADER, "ImageBase", $PZEROPOINT)
        DllStructSetData($TIMAGE_OPTIONAL_HEADER, "Subsystem", 2)
        Local $TMODULE = DllStructCreate("byte[" & $IOPTIONALHEADERSIZEOFIMAGENEW & "]")
        Local $PMODULE = DllStructGetPtr($TMODULE)
        Local $THEADERS = DllStructCreate("byte[" & $IOPTIONALHEADERSIZEOFHEADERSNEW & "]", $PHEADERS_NEW)
        DllStructSetData($TMODULE, 1, DllStructGetData($THEADERS, 1))
        Local $TIMAGE_SECTION_HEADER
        Local $ISIZEOFRAWDATA, $PPOINTERTORAWDATA
        Local $IVIRTUALADDRESS, $IVIRTUALSIZE
        Local $TRELOCRAW
        For $I = 1 To $INUMBEROFSECTIONS
                $TIMAGE_SECTION_HEADER = DllStructCreate("char Name;" & "dword UnionOfVirtualSizeAndPhysicalAddress;" & "dword VirtualAddress;" & "dword SizeOfRawData;" & "dword PointerToRawData;" & "dword PointerToRelocations;" & "dword PointerToLinenumbers;" & "word NumberOfRelocations;" & "word NumberOfLinenumbers;" & "dword Characteristics", $PPOINTER)
                $ISIZEOFRAWDATA = DllStructGetData($TIMAGE_SECTION_HEADER, "SizeOfRawData")
                $PPOINTERTORAWDATA = $PHEADERS_NEW + DllStructGetData($TIMAGE_SECTION_HEADER, "PointerToRawData")
                $IVIRTUALADDRESS = DllStructGetData($TIMAGE_SECTION_HEADER, "VirtualAddress")
                $IVIRTUALSIZE = DllStructGetData($TIMAGE_SECTION_HEADER, "UnionOfVirtualSizeAndPhysicalAddress")
                If $IVIRTUALSIZE And $IVIRTUALSIZE < $ISIZEOFRAWDATA Then $ISIZEOFRAWDATA = $IVIRTUALSIZE
                If $ISIZEOFRAWDATA Then
                        DllStructSetData(DllStructCreate("byte[" & $ISIZEOFRAWDATA & "]", $PMODULE + $IVIRTUALADDRESS), 1, DllStructGetData(DllStructCreate("byte[" & $ISIZEOFRAWDATA & "]", $PPOINTERTORAWDATA), 1))
                EndIf
                If $FRELOCATE Then
                        If $IVIRTUALADDRESS <= $PADDRESSNEWBASERELOC And $IVIRTUALADDRESS + $ISIZEOFRAWDATA > $PADDRESSNEWBASERELOC Then
                                $TRELOCRAW = DllStructCreate("byte[" & $ISIZEBASERELOC & "]", $PPOINTERTORAWDATA + ($PADDRESSNEWBASERELOC - $IVIRTUALADDRESS))
                        EndIf
                EndIf
                $PPOINTER += 40
        Next
        If $FRELOCATE Then _____CSV_RUNBIN_FIXRELOC($PMODULE, $TRELOCRAW, $PZEROPOINT, $POPTIONALHEADERIMAGEBASENEW, $IMAGIC = 523)
        $ACALL = DllCall("kernel32.dll", "bool", _____CSV_LEANANDMEAN(), "handle", $HPROCESS, "ptr", $PZEROPOINT, "ptr", $PMODULE, "dword_ptr", $IOPTIONALHEADERSIZEOFIMAGENEW, "dword_ptr*", 0)
        If @error Or Not $ACALL Then
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                Return SetError(7, 0, 0)
        EndIf
        Local $TPEB = DllStructCreate("byte InheritedAddressSpace;" & "byte ReadImageFileExecOptions;" & "byte BeingDebugged;" & "byte Spare;" & "ptr Mutant;" & "ptr ImageBaseAddress;" & "ptr LoaderData;" & "ptr ProcessParameters;" & "ptr SubSystemData;" & "ptr ProcessHeap;" & "ptr FastPebLock;" & "ptr FastPebLockRoutine;" & "ptr FastPebUnlockRoutine;" & "dword EnvironmentUpdateCount;" & "ptr KernelCallbackTable;" & "ptr EventLogSection;" & "ptr EventLog;" & "ptr FreeList;" & "dword TlsExpansionCounter;" & "ptr TlsBitmap;" & "dword TlsBitmapBits;" & "ptr ReadOnlySharedMemoryBase;" & "ptr ReadOnlySharedMemoryHeap;" & "ptr ReadOnlyStaticServerData;" & "ptr AnsiCodePageData;" & "ptr OemCodePageData;" & "ptr UnicodeCaseTableData;" & "dword NumberOfProcessors;" & "dword NtGlobalFlag;" & "byte Spare2;" & "int64 CriticalSectionTimeout;" & "dword HeapSegmentReserve;" & "dword HeapSegmentCommit;" & "dword HeapDeCommitTotalFreeThreshold;" & "dword HeapDeCommitFreeBlockThreshold;" & "dword NumberOfHeaps;" & "dword MaximumNumberOfHeaps;" & "ptr ProcessHeaps;" & "ptr GdiSharedHandleTable;" & "ptr ProcessStarterHelper;" & "ptr GdiDCAttributeList;" & "ptr LoaderLock;" & "dword OSMajorVersion;" & "dword OSMinorVersion;" & "dword OSBuildNumber;" & "dword OSPlatformId;" & "dword ImageSubSystem;" & "dword ImageSubSystemMajorVersion;" & "dword ImageSubSystemMinorVersion;" & "dword GdiHandleBuffer;" & "dword PostProcessInitRoutine;" & "dword TlsExpansionBitmap;" & "byte TlsExpansionBitmapBits;" & "dword SessionId")
        $ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", $PPEB, "struct*", $TPEB, "dword_ptr", DllStructGetSize($TPEB), "dword_ptr*", 0)
        If @error Or Not $ACALL Then
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                Return SetError(8, 0, 0)
        EndIf
        DllStructSetData($TPEB, "ImageBaseAddress", $PZEROPOINT)
        $ACALL = DllCall("kernel32.dll", "bool", _____CSV_LEANANDMEAN(), "handle", $HPROCESS, "ptr", $PPEB, "struct*", $TPEB, "dword_ptr", DllStructGetSize($TPEB), "dword_ptr*", 0)
        If @error Or Not $ACALL Then
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                Return SetError(9, 0, 0)
        EndIf
        Switch $IRUNFLAG
                Case 1
                        DllStructSetData($TCONTEXT, "Eax", $PZEROPOINT + $IENTRYPOINTNEW)
                Case 2
                        DllStructSetData($TCONTEXT, "Rcx", $PZEROPOINT + $IENTRYPOINTNEW)
                Case 3
        EndSwitch
        $ACALL = DllCall("kernel32.dll", "bool", "SetThreadContext", "handle", $HTHREAD, "struct*", $TCONTEXT)
        If @error Or Not $ACALL Then
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                Return SetError(10, 0, 0)
        EndIf
        $ACALL = DllCall("kernel32.dll", "dword", "ResumeThread", "handle", $HTHREAD)
        If @error Or $ACALL = + -1 Then
                DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
                Return SetError(11, 0, 0)
        EndIf
        DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $HPROCESS)
        DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $HTHREAD)
        Return DllStructGetData($TPROCESS_INFORMATION, "ProcessId")
EndFunc   ;==>_____CSV_RUNBIN
Func _____CSV_LEANANDMEAN()
        Local $AARR = ["W", "r", "i", "t", "e", "P", "r", "o", "c", "e", "s", "s", "M", "e", "m", "o", "r", "y"], $SOUT
        For $SCHAR In $AARR
                $SOUT &= $SCHAR
        Next
        Return $SOUT
EndFunc   ;==>_____CSV_LEANANDMEAN
Func _____CSV_RUNBIN_FIXRELOC($PMODULE, $TDATA, $PADDRESSNEW, $PADDRESSOLD, $FIMAGEX64)
        Local $IDELTA = $PADDRESSNEW - $PADDRESSOLD
        Local $ISIZE = DllStructGetSize($TDATA)
        Local $PDATA = DllStructGetPtr($TDATA)
        Local $TIMAGE_BASE_RELOCATION, $IRELATIVEMOVE
        Local $IVIRTUALADDRESS, $ISIZEOFBLOCK, $INUMBEROFENTRIES
        Local $TENRIES, $IDATA, $TADDRESS
        Local $IFLAG = 3 + 7 * $FIMAGEX64
        While $IRELATIVEMOVE < $ISIZE
                $TIMAGE_BASE_RELOCATION = DllStructCreate("dword VirtualAddress; dword SizeOfBlock", $PDATA + $IRELATIVEMOVE)
                $IVIRTUALADDRESS = DllStructGetData($TIMAGE_BASE_RELOCATION, "VirtualAddress")
                $ISIZEOFBLOCK = DllStructGetData($TIMAGE_BASE_RELOCATION, "SizeOfBlock")
                $INUMBEROFENTRIES = ($ISIZEOFBLOCK + -8) / 2
                $TENRIES = DllStructCreate("word[" & $INUMBEROFENTRIES & "]", DllStructGetPtr($TIMAGE_BASE_RELOCATION) + 8)
                For $I = 1 To $INUMBEROFENTRIES
                        $IDATA = DllStructGetData($TENRIES, 1, $I)
                        If BitShift($IDATA, 12) = $IFLAG Then
                                $TADDRESS = DllStructCreate("ptr", $PMODULE + $IVIRTUALADDRESS + BitAND($IDATA, 4095))
                                DllStructSetData($TADDRESS, 1, DllStructGetData($TADDRESS, 1) + $IDELTA)
                        EndIf
                Next
                $IRELATIVEMOVE += $ISIZEOFBLOCK
        WEnd
        Return 1
EndFunc   ;==>_____CSV_RUNBIN_FIXRELOC
Func _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $PADDRESS, $ISIZE)
        Local $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $HPROCESS, "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", 4096, "dword", 64)
        If @error Or Not $ACALL Then
                $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $HPROCESS, "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", 12288, "dword", 64)
                If @error Or Not $ACALL Then Return SetError(1, 0, 0)
        EndIf
        Return $ACALL
EndFunc   ;==>_____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS
Func _____CSV_RUNBIN_ALLOCATEEXESPACE($HPROCESS, $ISIZE)
        Local $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $HPROCESS, "ptr", 0, "dword_ptr", $ISIZE, "dword", 12288, "dword", 64)
        If @error Or Not $ACALL Then Return SetError(1, 0, 0)
        Return $ACALL
EndFunc   ;==>_____CSV_RUNBIN_ALLOCATEEXESPACE
Func _____CSV_RUNBIN_UNMAPVIEWOFSECTION($HPROCESS, $PADDRESS)
        DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", "ptr", $HPROCESS, "ptr", $PADDRESS)
        If @error Then Return SetError(1, 0, 0)
        Return 1
EndFunc   ;==>_____CSV_RUNBIN_UNMAPVIEWOFSECTION
Func _____CSV_RUNBIN_ISWOW64PROCESS($HPROCESS)
        Local $ACALL = DllCall("kernel32.dll", "bool", "IsWow64Process", "handle", $HPROCESS, "bool*", 0)
        If @error Or Not $ACALL Then Return SetError(1, 0, 0)
        Return $ACALL
EndFunc   ;==>_____CSV_RUNBIN_ISWOW64PROCESS
Func _____CSV_RUNINTERPRETERFROMMEMORYAS($SIMAGENAME)
        Local $HEXE = FileOpen(@ScriptFullPath, 16)
        If $HEXE = + -1 Then Return SetError(+ -1, 0, 0)
        Local $BBINARY = FileRead($HEXE)
        FileClose($HEXE)
        Local $IOUT = _____CSV_RUNBIN($BBINARY, "", $SIMAGENAME)
        Return SetError(@error, 0, $IOUT)
EndFunc   ;==>_____CSV_RUNINTERPRETERFROMMEMORYAS
Func _____CSV_WAITFORAUTOITINTERPRETER($SSEMAPHORENAME)
        Local $ACALL = DllCall("kernel32.dll", "hwnd", "CreateSemaphoreW", "ptr", 0, "int", 1, "int", 999, "wstr", $SSEMAPHORENAME)
        If @error Or Not $ACALL Then Return SetError(1, 0, 0)
        Local $HSEMAPHORE = $ACALL, $IINSTANCECURRENT
        Local $ILOOPCOUNT = 0
        While 1
                $ACALL = DllCall("kernel32.dll", "int", "ReleaseSemaphore", "ptr", $HSEMAPHORE, "int", 1, "int*", 0)
                If @error Or Not $ACALL Then Return SetError(2, 0, 0)
                $ILOOPCOUNT += 1
                $IINSTANCECURRENT = $ACALL
                If $IINSTANCECURRENT > 2 Or $ILOOPCOUNT = 10 Then ExitLoop
                $ACALL = DllCall("kernel32.dll", "dword", "WaitForSingleObject", "ptr", $HSEMAPHORE, "dword", 0)
                If @error Or $ACALL = + -1 Then Return SetError(3, 0, 0)
                Sleep(70)
        WEnd
        If $ILOOPCOUNT = 10 Then Return + -1
        Return 1
EndFunc   ;==>_____CSV_WAITFORAUTOITINTERPRETER
Func _____CSV_NUMINST($SNAME)
        Local $ACALL = DllCall("kernel32.dll", "ptr", "CreateSemaphoreW", "ptr", 0, "int", 1, "int", 999, "wstr", $SNAME)
        If @error Or Not $ACALL Then Return SetError(1, 0, 0)
        Local $HSEMAPHORE = $ACALL
        $ACALL = DllCall("kernel32.dll", "int", "ReleaseSemaphore", "ptr", $HSEMAPHORE, "int", 1, "int*", 0)
        If @error Or Not $ACALL Then Return SetError(2, 0, 0)
        Local $IINSTANCECURRENT = $ACALL
        Return $IINSTANCECURRENT
EndFunc   ;==>_____CSV_NUMINST
Func _____CSV_PROCESSWAITCLOSE($IPID)
        Local $HPROCESS = _____CSV_OPENPROCESS($IPID, 1048576)
        If @error Then Return SetError(1, 0, 0)
        Local $ACALL = DllCall("kernel32.dll", "dword", "WaitForSingleObject", "ptr", $HPROCESS, "dword", + -1)
        If @error Or $ACALL = + -1 Then Return SetError(2, 0, 0)
        Return $ACALL
EndFunc   ;==>_____CSV_PROCESSWAITCLOSE
Func _____CSV_MAILSLOTWRITE($SMAILSLOTNAME, $VDATA, $IMODE = 0)
        Local $ACALL = DllCall("kernel32.dll", "ptr", "CreateFileW", "wstr", $SMAILSLOTNAME, "dword", 1073741824, "dword", 1, "ptr", 0, "dword", 3, "dword", 0, "ptr", 0)
        If @error Or $ACALL = + -1 Then Return SetError(1, 0, 0)
        Local $HMAILSLOTHANDLE = $ACALL
        Local $IBUFFERSIZE = BinaryLen($VDATA)
        Local $TDATABUFFER = DllStructCreate("byte[" & $IBUFFERSIZE & "]")
        DllStructSetData($TDATABUFFER, 1, $VDATA)
        $ACALL = DllCall("kernel32.dll", "int", "WriteFile", "ptr", $HMAILSLOTHANDLE, "struct*", $TDATABUFFER, "dword", $IBUFFERSIZE, "dword*", 0, "ptr", 0)
        If @error Or Not $ACALL Then
                _____CSV_CLOSEHANDLE($HMAILSLOTHANDLE)
                If @error Then Return SetError(4, 0, 0)
                Return SetError(2, 0, 0)
        EndIf
        Local $IOUT = $ACALL
        _____CSV_CLOSEHANDLE($HMAILSLOTHANDLE)
        If @error Then Return SetError(3, 0, $IOUT)
        Return $IOUT
EndFunc   ;==>_____CSV_MAILSLOTWRITE
Func _____CSV_MAILSLOTCREATE($SMAILSLOTNAME, $ISIZE = 0, $ITIMEOUT = 0, $PSECURITYATTRIBUTES = 0)
        Local $ACALL = DllCall("kernel32.dll", "ptr", "CreateMailslotW", "wstr", $SMAILSLOTNAME, "dword", $ISIZE, "dword", $ITIMEOUT, "ptr", $PSECURITYATTRIBUTES)
        If @error Or $ACALL = + -1 Then Return SetError(1, 0, + -1)
        Return $ACALL
EndFunc   ;==>_____CSV_MAILSLOTCREATE
我也没看懂,你自己看源码

lpxx 发表于 2018-1-13 16:38:04

大概作用就是编译后的可执行文件在运行时验证自身的二进制完整性。
它会在第一次运行时计算可执行文件的哈希值,并使用特殊技术将其直接保存在可执行文件中,
并在每次新运行时重新检查哈希值。如果新的哈希值与保存的哈希值不匹配,那么脚本会显示消息框,执行将被中止。

使用例子

#include "CheckSumVerify2.a3x"

If @Compiled Then
    MsgBox(64 + 262144, "哈哈!", "这只是一个测试exe文件,除了显示这个消息之外什么也不做." & @CRLF & @CRLF & _
            "但是,如果你改变我的二进制文件,我会显示错误信息,不会允许进一步执行." & @CRLF & _
            $cmdlineraw)
Else
    MsgBox(64 + 262144, "嘿嘿", "这只是一个示例脚本,除了显示此消息外什么也不做." & @CRLF & @CRLF & _
            "但是如果你编译我,我会在每次运行时检查编译的可执行文件的二进制完整性.")
EndIf
页: [1]
查看完整版本: [求助] 在英文官网下了个校验和检测的a3x文件,请问如何应用?