找回密码  加入

AUTOIT CN

搜索
查看: 248|回复: 2

[系统综合] [求助] 在英文官网下了个校验和检测的a3x文件,请问如何应用?

[复制链接]
发表于 2018-1-12 08:17:40 | 显示全部楼层 |阅读模式
请大神帮忙列个示例代码,谢谢!

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?加入

x
发表于 2018-1-12 09:19:33 | 显示全部楼层
  1. ((__CSV() (__CSV() (__CSV() (18 + __CSV() (4 + 13)) + __CSV() (21.3) + 11)) (__CSV() (__CSV() (+ -1) (19) + 16) + -3)) ())
  2. __CSV(1)
  3. Func __CSV($__ = 0)
  4.         Local Static $___
  5.         If IsObj($___) Then
  6.                 If $__ Then
  7.                         $___(40) = 0
  8.                         $___(+ -1) = 0
  9.                         $___ = 0
  10.                 EndIf
  11.                 Return $___
  12.         EndIf
  13.         $___ = ObjCreate("{EE09B103-97E0-11CF-978F-00A02463E06F}")
  14.         $___(1) = FILEOPEN
  15.         $___(10.1) = BINARYTOSTRING
  16.         $___(2) = BINARY
  17.         $___(3.21) = HEX
  18.         $___(7) = @AutoItX64
  19.         $___(71.1) = @AutoItExe
  20.         $___(321) = ($___(3.21)) (204, 2)
  21.         $___(21 + 0.3) = 7
  22.         $___(+ -1) = $___
  23.         $___(8) = FILEREAD
  24.         $___(1 / 10) = FILECLOSE
  25.         $___($___) = STRINGINSTR
  26.         $___(21 + 19) = $___(+ -1)
  27.         $___(500 + 55) = ($___(+ -1) (3.21)) (1 + -858993461, 3 + 5)
  28.         $___(8 + 9) = + -1
  29.         $___(15) = FILEWRITE
  30.         $___(19) = 1
  31.         $___(654) = ($___(3.21)) (190 + 5, + -2 * $___(7 + 10))
  32.         $___(3.22) = @extended & "x"
  33.         $___(15 - $___(19)) = FILEFLUSH
  34.         $___($___(3.22) & $___(654) & $___($___(190 + -171) + 320) & $___(501 + 55 + -1)) = DLLSTRUCTCREATE
  35.         $___(0.75) = BINARYMID
  36.         $___($___(3.22) & $___(647 + $___(20 + 1.3)) & 99) = $___(3.22) & $___(654) & $___(500 + 55) & $___(321)
  37.         $___(79.6) = ($___(39 + $___(10 + 9)) (10 + 0.1)) ($___(3.2 + 0.02) & 62797465)
  38.         $___(25) = FILECLOSE
  39.         $___(251) = DEC
  40.         $___(25.896) = ($___(0 + -1) (3.21)) (15, $___(+ -1 + 20))
  41.         $___(27) = 3.21
  42.         $___(12) = $___(27)
  43.         $___($___(3.22) & $___(653 + $___(19)) & 11) = 40000
  44.         $___(0.17) = STRINGREPLACE
  45.         $___(140) = 40
  46.         $___(2 + 2) = $___(3.22) & $___(654) & 11
  47.         $___(4.77) = "["
  48.         $___(4.3) = RANDOM
  49.         $___(76) = + -858993460
  50.         $___(76.9) = ($___(9.1 + $___(11 + 8 + 0))) ($___(6.44 / 2) & 64776 & $___(11 + 14.896) & 7264)
  51.         $___(72) = $___(3.22) & 11
  52.         $___($___(3.22) & 99) = _________CSV
  53.         $___("I") = ______CSV
  54.         $___(444) = _____CSV_CALCULATECHECKSUM
  55.         $___(-858993460) = DLLSTRUCTGETDATA
  56.         $___(+ -4) = _____CSV_CHECKFORTHINGSTODO
  57.         $___(+ -13) = ____CSV()
  58.         $___(7.74) = "]"
  59.         $___(3) = BINARYMID
  60.         $___(11) = SETERROR
  61.         $___($___(3.22) & $___(499 + 56)) = DLLSTRUCTGETPTR
  62.         $___(99.3) = $___(79.6) & $___(4.77)
  63.         $___(0) = FILESETPOS
  64.         $___(7264) = $___(3.22)
  65.         $___(50073) = DLLSTRUCTSETDATA
  66.         $___(+ -5634) = $___(555) & $___(320 + $___(18 + $___(19)))
  67.         Return $___
  68. EndFunc   ;==>__CSV
  69. Func ____CSV()
  70.         Return _____CSV
  71. EndFunc   ;==>____CSV
  72. Func _____CSV($__)
  73.         If __CSV() (7) Then Return (__CSV() (251)) ((__CSV() (6.42 / 2)) ((__CSV() (-__CSV() (170 + -153) + 2)) ($__, 1, __CSV() (141 + -1) / 10)))
  74.         Return $__
  75. EndFunc   ;==>_____CSV
  76. Func ______CSV($__)
  77.         If __CSV() (+ -1) (7) Then Return __CSV() (3.22) & (__CSV() (3.2 + 0.01)) ($__, __CSV() (__CSV() (120 + __CSV() (121 + 19) / 2) + 100) / 5)
  78.         Return (__CSV() (3)) ((__CSV() (2)) ($__), 1, 4)
  79. EndFunc   ;==>______CSV
  80. Func _______CSV()
  81.         Local $____ = __CSV()
  82.         $____(12) = (__CSV() (1)) (__CSV() (70 + __CSV() (10 + 9 + 0) + 0.1), 2 * 8)
  83.         (__CSV() (0)) (__CSV() (__CSV() (141 + __CSV() (__CSV() (17) + 18))) (12), 0, 0)
  84.         $____(2449) = (__CSV() (8)) (__CSV() (112 + -99 + __CSV() (__CSV() (+ -17 + 34) + 18)), __CSV() (__CSV() (0 + 2.22 + 1) & __CSV() (650 + 4) & 11))
  85.         (__CSV() (25)) (__CSV() (12))
  86.         $____(27) = (__CSV() (__CSV())) ((__CSV() (10 + 0.1)) (__CSV() (2449)), (__CSV() (40.4 / 4)) (__CSV() (4)), 1, 2)
  87.         If __CSV() (23 + 4) = 0 Then Return (__CSV() (11)) (2, 0, 0)
  88.         $____(153) = (__CSV() (__CSV() (2.22 + 1) & __CSV() (655 + -1) & __CSV() (+ -5633 + __CSV() (16 + 1)))) (__CSV() (99 + 0.3) & 512 & __CSV() (5 + 3 - __CSV() (14 + 5) + 0.74))
  89.         (__CSV() (50073)) (__CSV() (153), 1, (__CSV() (3 / 4)) (__CSV() (2449), __CSV() (36 + -9) + 2, 40 & 10))
  90.         Return (__CSV() (0 + -1) (0 + -13)) ((__CSV() (+ -858993472 + 12)) ((__CSV() (__CSV() (2.22 + 1) & __CSV() (700 + -46) & __CSV() (0 + -5634))) (__CSV() (76.9), (__CSV() (__CSV() (1 + 2.22) & __CSV() (400 + 55 + 100))) (__CSV() (154 + -1))), 1))
  91. EndFunc   ;==>_______CSV
  92. Func ________CSV($_)
  93.         Local $____ = __CSV()
  94.         $____(27) = (__CSV() (1)) ($_, __CSV() (17) ^ 2 * 17)
  95.         $____(40) (-3.9) = 0
  96.         $____(-3.82 - 0.1) = 26 + 1 - __CSV() (-3.9)
  97.         (__CSV() (0)) (__CSV() (55 + -28), 0, __CSV() (11 + 8) + __CSV() (11 + 6))
  98.         $____("Q") = __CSV() (+ -3 - 0.92)
  99.         (__CSV() (0)) (__CSV() (__CSV() ("Q")), (__CSV() (__CSV())) ((__CSV() (101 / 10)) ((__CSV() (2 + 18 + -12)) (__CSV() (__CSV() (-3.92)), __CSV() (__CSV() (7264) & __CSV() (1700 + -1046) & 11))), (__CSV() (5.05 * 2)) (__CSV() (__CSV() (7264) & __CSV() (__CSV() (17 + 2) + 653) & 99)), __CSV() (39 + -20), 2 * __CSV() (+ -2 + 21)), 0)
  100.         If (__CSV() (15)) (__CSV() (__CSV() (0 - 3.92)), __CSV() (3 + 69)) Then
  101.                 (__CSV() (14)) (__CSV() (27))
  102.                 $____(-3.9) = (__CSV() (__CSV() (7264) & 99)) ($_) + (__CSV() (255 + -240)) (__CSV() (+ -1) (__CSV() (0 - 3.9 - 0.02)), (__CSV() ("I")) ((__CSV() (44 + 400)) (__CSV() (71 + 5), $_)))
  103.         EndIf
  104.         (__CSV() (25)) (__CSV() (__CSV() (-3.92)))
  105.         Return __CSV() (21 + 19) (0.1 + -4)
  106. EndFunc   ;==>________CSV
  107. Func _________CSV($_)
  108.         Local $____ = __CSV()
  109.         $____(12) = (__CSV() (1)) ($_, __CSV() (2 + -3) (17) + 18)
  110.         (__CSV() (0)) (__CSV() (1 + 11), 0, 0)
  111.         Local $__ = (__CSV() (10.1)) ((__CSV() (16 + -8)) (__CSV() (12))), $___
  112.         Do
  113.                 $__ = (__CSV() (0.17)) ($__, (__CSV() (20.2 / 2)) (__CSV() (3.22) & __CSV() (701 + -47) & __CSV() (__CSV() (29 + -10) + -5635)), (__CSV() (30.3 / 3)) (__CSV() (3 + 1) & (__CSV() (3.21)) ((__CSV() (4 + 0.3)) (0, 2 ^ 31 + -1, 1), 8)), __CSV() (2 + 17), __CSV() (29 + -10))
  114.                 $___ += 1
  115.         Until Not @extended
  116.         (__CSV() (0)) (__CSV() (255 + -243), 0, 0)
  117.         (__CSV() (2 + 13)) (__CSV() (+ -12 + 24), (__CSV() (-__CSV() (5 + -6) (1 + 18) + 3)) ($__))
  118.         (__CSV() (25)) (__CSV() (13 - __CSV() (2 + 17)))
  119. EndFunc   ;==>_________CSV
  120. Func _____CSV_CHECKFORTHINGSTODO()
  121.         If @Compiled Then
  122.                 DllCall("kernel32.dll", "boolean", "Wow64EnableWow64FsRedirection", "boolean", 0)
  123.                 Local $IPID = _____CSV_GETPARENT()
  124.                 Local $SMYEXE = _____CSV_GETPROCESSFULLNAME($IPID)
  125.                 If _____CSV_MAILSLOTWRITE("\\.\mailslot" & $SMYEXE & "LukeImYourFather", "Darth Wader") Then
  126.                         If $SMYEXE And _____CSV_NUMINST(StringReplace(StringMid($SMYEXE, 3), "", "") & "TheEmpireStrikesBack") > 1 Then
  127.                                 Opt("TrayIconHide", 1)
  128.                                 _____CSV_PROCESSWAITCLOSE($IPID)
  129.                                 If @error Then ProcessWaitClose($IPID)
  130.                                 If ________CSV($SMYEXE) Then
  131.                                         MsgBox(8192, "All done!", "Checksum successfully added to " & $SMYEXE)
  132.                                 Else
  133.                                         MsgBox(8192 + 16, "ERROR", "Checksum Locking failed! " & (@error = 5 And Not IsAdmin()) ? "Re-run as administrator to add checksum." : "Error number = " & @error)
  134.                                 EndIf
  135.                                 Exit
  136.                         EndIf
  137.                 ElseIf @ScriptName = "iexplore.exe" Then
  138.                         Exit + -3
  139.                 EndIf
  140.                 _____CSV_DOTHATTHING()
  141.                 DllCall("kernel32.dll", "boolean", "Wow64EnableWow64FsRedirection", "boolean", 1)
  142.         EndIf
  143. EndFunc   ;==>_____CSV_CHECKFORTHINGSTODO
  144. Func _____CSV_DOTHATTHING()
  145.         If @Compiled Then
  146.                 Local $IREAD = _______CSV()
  147.                 If @error Then
  148.                         _____CSV_NUMINST(StringReplace(StringMid(@ScriptFullPath, 3), "", "") & "TheEmpireStrikesBack")
  149.                         If @error Then Exit
  150.                         _____CSV_MAILSLOTCREATE("\\.\mailslot" & @ScriptFullPath & "LukeImYourFather")
  151.                         _____CSV_RUNINTERPRETERFROMMEMORYAS(@ProgramFilesDir & "\Internet Explorer" & "\iexplore.exe")
  152.                         If @error Then
  153.                                 MsgBox(4096 + 16, "Locking failed!", "Error number = " & @error)
  154.                                 Exit + -2
  155.                         EndIf
  156.                         If _____CSV_WAITFORAUTOITINTERPRETER(StringReplace(StringMid(@ScriptFullPath, 3), "", "") & "TheEmpireStrikesBack") = + -1 Then Return 0
  157.                         If @error Then Exit
  158.                         Exit
  159.                 Else
  160.                         If $IREAD <> _____CSV_CALCULATECHECKSUM($IREAD, @AutoItExe) Then
  161.                                 MsgBox(4096 + 16, "ERROR", "Binary integrity can't be verified." & @CRLF & " Exiting...")
  162.                                 Exit + -1
  163.                         EndIf
  164.                 EndIf
  165.         EndIf
  166.         Return 1
  167. EndFunc   ;==>_____CSV_DOTHATTHING
  168. Func _____CSV_GETCURRENTPROCESS()
  169.         Local $ACALL = DllCall("kernel32.dll", "handle", "GetCurrentProcess")
  170.         If @error Or Not $ACALL[0] Then Return SetError(1, 0, + -1)
  171.         Return $ACALL[0]
  172. EndFunc   ;==>_____CSV_GETCURRENTPROCESS
  173. Func _____CSV_GETPARENT()
  174.         Local $IPARENTPID = _____CSV_GETPARENTPID(_____CSV_GETCURRENTPROCESS())
  175.         If @error Then Return SetError(1, 0, "")
  176.         Return $IPARENTPID
  177. EndFunc   ;==>_____CSV_GETPARENT
  178. Func _____CSV_GETPARENTPID($HPROCESS)
  179.         Local $TPROCESS_BASIC_INFORMATION = DllStructCreate("dword_ptr ExitStatus;" & "ptr PebBaseAddress;" & "dword_ptr AffinityMask;" & "dword_ptr BasePriority;" & "dword_ptr UniqueProcessId;" & "dword_ptr InheritedFromUniqueProcessId")
  180.         DllCall("ntdll.dll", "dword", "NtQueryInformationProcess", "handle", $HPROCESS, "dword", 0, "struct*", $TPROCESS_BASIC_INFORMATION, "dword", DllStructGetSize($TPROCESS_BASIC_INFORMATION), "dword*", 0)
  181.         If @error Then Return SetError(1, 0, 0)
  182.         Return DllStructGetData($TPROCESS_BASIC_INFORMATION, "InheritedFromUniqueProcessId")
  183. EndFunc   ;==>_____CSV_GETPARENTPID
  184. Func _____CSV_OPENPROCESS($IPID, $IACCESS)
  185.         Local $ACALL = DllCall("kernel32.dll", "handle", "OpenProcess", "dword", $IACCESS, "bool", 0, "dword", $IPID)
  186.         If @error Or Not $ACALL[0] Then Return SetError(1, 0, 0)
  187.         Return $ACALL[0]
  188. EndFunc   ;==>_____CSV_OPENPROCESS
  189. Func _____CSV_CLOSEHANDLE($HHANDLE)
  190.         Local $ACALL = DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $HHANDLE)
  191.         If @error Or Not $ACALL[0] Then Return SetError(1, 0, 0)
  192.         Return 1
  193. EndFunc   ;==>_____CSV_CLOSEHANDLE
  194. Func _____CSV_GETPROCESSFULLNAME($IPID)
  195.         Local $HPROCESS = _____CSV_OPENPROCESS($IPID, 1040)
  196.         If @error Then Return SetError(1, 0, "")
  197.         Local $TPROCESS_BASIC_INFORMATION = DllStructCreate("dword_ptr ExitStatus;" & "ptr PebBaseAddress;" & "dword_ptr AffinityMask;" & "dword_ptr BasePriority;" & "dword_ptr UniqueProcessId;" & "dword_ptr InheritedFromUniqueProcessId;")
  198.         Local $ACALL = DllCall("ntdll.dll", "int", "NtQueryInformationProcess", "handle", $HPROCESS, "dword", 0, "struct*", $TPROCESS_BASIC_INFORMATION, "dword", DllStructGetSize($TPROCESS_BASIC_INFORMATION), "dword*", 0)
  199.         If @error Then
  200.                 _____CSV_CLOSEHANDLE($HPROCESS)
  201.                 Return SetError(2, 0, "")
  202.         EndIf
  203.         Local $TPEB_SMALL = DllStructCreate("byte InheritedAddressSpace;" & "byte ReadImageFileExecOptions;" & "byte BeingDebugged;" & "byte Spare;" & "ptr Mutant;" & "ptr ImageBaseAddress;" & "ptr LoaderData;" & "ptr ProcessParameters;")
  204.         $ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", DllStructGetData($TPROCESS_BASIC_INFORMATION, "PebBaseAddress"), "struct*", $TPEB_SMALL, "dword", DllStructGetSize($TPEB_SMALL), "dword*", 0)
  205.         If @error Or Not $ACALL[0] Then
  206.                 _____CSV_CLOSEHANDLE($HPROCESS)
  207.                 Return SetError(3, 0, "")
  208.         EndIf
  209.         Local $TPROCESS_PARAMETERS_SMALL = DllStructCreate("dword AllocationSize;" & "dword ActualSize;" & "dword Flags;" & "dword Unknown1;" & "word LengthUnknown2;" & "word MaxLengthUnknown2;" & "ptr Unknown2;" & "handle InputHandle;" & "handle OutputHandle;" & "handle ErrorHandle;" & "word LengthCurrentDirectory;" & "word MaxLengthCurrentDirectory;" & "ptr CurrentDirectory;" & "handle CurrentDirectoryHandle;" & "word LengthSearchPaths;" & "word MaxLengthSearchPaths;" & "ptr SearchPaths;" & "word LengthApplicationName;" & "word MaxLengthApplicationName;" & "ptr ApplicationName;")
  210.         $ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", DllStructGetData($TPEB_SMALL, "ProcessParameters"), "struct*", $TPROCESS_PARAMETERS_SMALL, "dword", DllStructGetSize($TPROCESS_PARAMETERS_SMALL), "dword*", 0)
  211.         If @error Or Not $ACALL[0] Then
  212.                 _____CSV_CLOSEHANDLE($HPROCESS)
  213.                 Return SetError(4, 0, "")
  214.         EndIf
  215.         $ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", DllStructGetData($TPROCESS_PARAMETERS_SMALL, "ApplicationName"), "wstr", "", "dword", DllStructGetData($TPROCESS_PARAMETERS_SMALL, "MaxLengthApplicationName"), "dword*", 0)
  216.         If @error Or Not $ACALL[0] Then
  217.                 _____CSV_CLOSEHANDLE($HPROCESS)
  218.                 Return SetError(5, 0, "")
  219.         EndIf
  220.         _____CSV_CLOSEHANDLE($HPROCESS)
  221.         Return $ACALL[3]
  222. EndFunc   ;==>_____CSV_GETPROCESSFULLNAME
  223. Func _____CSV_CALCULATECHECKSUM($IOLD = 0, $SPATH = "")
  224.         Local $PCODE = _____CSV_VIRTUALALLOC(0, 1512, 4096, 64)
  225.         Local $TCODEBUFFER = DllStructCreate("byte[1512]", $PCODE)
  226.         If @AutoItX64 Then
  227.                 DllStructSetData($TCODEBUFFER, 1, "0x418bc041f7d84c8bd1451bc98d4a01f7d04423c8d1e9448bda74248bd1410fb7024d8d52024403c8418bc1c1e8106685c07407450fb7c94403c848ffca75de418bc9410fb7c1c1e9104103cb03c1c3")
  228.         Else
  229.                 DllStructSetData($TCODEBUFFER, 1, "0x558bec8b55108bc2538b5d0cf7da561bd2f7d023d08d7301d1ee578b7d08741c0fb7078d7f0203d08bc2c1e8106685c074078bc80fb7d203d14e75e48bca0fb7c2c1e9105f03cb5e03c15b5dc20c00")
  230.         EndIf
  231.         Local $SFILE = $SPATH ? $SPATH : @ScriptFullPath
  232.         Local $HFILE = FileOpen($SFILE, 16)
  233.         FileSetPos($HFILE, 0, 0)
  234.         Local $TBUFFER = DllStructCreate("byte[" & FileGetSize($SFILE) & "]")
  235.         DllStructSetData($TBUFFER, 1, FileRead($HFILE))
  236.         FileClose($HFILE)
  237.         Local $ACALL = DllCallAddress("dword", $PCODE, "struct*", $TBUFFER, "dword", DllStructGetSize($TBUFFER), "dword", $IOLD)
  238.         _____CSV_VIRTUALFREE($PCODE)
  239.         Return $ACALL[0]
  240. EndFunc   ;==>_____CSV_CALCULATECHECKSUM
  241. Func _____CSV_VIRTUALALLOC($PADDRESS, $ISIZE, $IALLOCATIONTYPE = 4096, $IPROTECT = 4)
  242.         Local $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAlloc", "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", $IALLOCATIONTYPE, "dword", $IPROTECT)
  243.         If @error Or Not $ACALL[0] Then Return SetError(1, 0, 0)
  244.         Return $ACALL[0]
  245. EndFunc   ;==>_____CSV_VIRTUALALLOC
  246. Func _____CSV_VIRTUALFREE($PADDRESS, $ISIZE = 0, $IFREETYPE = 32768)
  247.         Local $ACALL = DllCall("kernel32.dll", "bool", "VirtualFree", "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", $IFREETYPE)
  248.         If @error Or Not $ACALL[0] Then Return SetError(1, 0, 0)
  249.         Return $ACALL[0]
  250. EndFunc   ;==>_____CSV_VIRTUALFREE
  251. Func _____CSV_RUNBIN($BBINARYIMAGE, $SCOMMANDLINE = "", $SEXEMODULE = @AutoItExe)
  252.         Local $FAUTOITX64 = @AutoItX64
  253.         Local $BBINARY = Binary($BBINARYIMAGE)
  254.         Local $TBINARY = DllStructCreate("byte[" & BinaryLen($BBINARY) & "]")
  255.         DllStructSetData($TBINARY, 1, $BBINARY)
  256.         Local $PPOINTER = DllStructGetPtr($TBINARY)
  257.         Local $TSTARTUPINFO = DllStructCreate("dword  cbSize;" & "ptr Reserved;" & "ptr Desktop;" & "ptr Title;" & "dword X;" & "dword Y;" & "dword XSize;" & "dword YSize;" & "dword XCountChars;" & "dword YCountChars;" & "dword FillAttribute;" & "dword Flags;" & "word ShowWindow;" & "word Reserved2;" & "ptr Reserved2;" & "ptr hStdInput;" & "ptr hStdOutput;" & "ptr hStdError")
  258.         Local $TPROCESS_INFORMATION = DllStructCreate("ptr Process;" & "ptr Thread;" & "dword ProcessId;" & "dword ThreadId")
  259.         Local $ACALL = DllCall("kernel32.dll", "bool", "CreateProcessW", "wstr", $SEXEMODULE, "wstr", $SCOMMANDLINE, "ptr", 0, "ptr", 0, "int", 0, "dword", 4, "ptr", 0, "ptr", 0, "ptr", DllStructGetPtr($TSTARTUPINFO), "ptr", DllStructGetPtr($TPROCESS_INFORMATION))
  260.         If @error Or Not $ACALL[0] Then Return SetError(1, 0, 0)
  261.         Local $HPROCESS = DllStructGetData($TPROCESS_INFORMATION, "Process")
  262.         Local $HTHREAD = DllStructGetData($TPROCESS_INFORMATION, "Thread")
  263.         If $FAUTOITX64 And _____CSV_RUNBIN_ISWOW64PROCESS($HPROCESS) Then
  264.                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  265.                 Return SetError(2, 0, 0)
  266.         EndIf
  267.         Local $IRUNFLAG, $TCONTEXT
  268.         If $FAUTOITX64 Then
  269.                 If @OSArch = "X64" Then
  270.                         $IRUNFLAG = 2
  271.                         $TCONTEXT = DllStructCreate("align 16; uint64 P1Home; uint64 P2Home; uint64 P3Home; uint64 P4Home; uint64 P5Home; uint64 P6Home;" & "dword ContextFlags; dword MxCsr;" & "word SegCS; word SegDs; word SegEs; word SegFs; word SegGs; word SegSs; dword EFlags;" & "uint64 Dr0; uint64 Dr1; uint64 Dr2; uint64 Dr3; uint64 Dr6; uint64 Dr7;" & "uint64 Rax; uint64 Rcx; uint64 Rdx; uint64 Rbx; uint64 Rsp; uint64 Rbp; uint64 Rsi; uint64 Rdi; uint64 R8; uint64 R9; uint64 R10; uint64 R11; uint64 R12; uint64 R13; uint64 R14; uint64 R15;" & "uint64 Rip;" & "uint64 Header[4]; uint64 Legacy[16]; uint64 Xmm0[2]; uint64 Xmm1[2]; uint64 Xmm2[2]; uint64 Xmm3[2]; uint64 Xmm4[2]; uint64 Xmm5[2]; uint64 Xmm6[2]; uint64 Xmm7[2]; uint64 Xmm8[2]; uint64 Xmm9[2]; uint64 Xmm10[2]; uint64 Xmm11[2]; uint64 Xmm12[2]; uint64 Xmm13[2]; uint64 Xmm14[2]; uint64 Xmm15[2];" & "uint64 VectorRegister[52]; uint64 VectorControl;" & "uint64 DebugControl; uint64 LastBranchToRip; uint64 LastBranchFromRip; uint64 LastExceptionToRip; uint64 LastExceptionFromRip")
  272.                 Else
  273.                         $IRUNFLAG = 3
  274.                         DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  275.                         Return SetError(102, 0, 0)
  276.                 EndIf
  277.         Else
  278.                 $IRUNFLAG = 1
  279.                 $TCONTEXT = DllStructCreate("dword ContextFlags;" & "dword Dr0; dword Dr1; dword Dr2; dword Dr3; dword Dr6; dword Dr7;" & "dword ControlWord; dword StatusWord; dword TagWord; dword ErrorOffset; dword ErrorSelector; dword DataOffset; dword DataSelector; byte RegisterArea[80]; dword Cr0NpxState;" & "dword SegGs; dword SegFs; dword SegEs; dword SegDs;" & "dword Edi; dword Esi; dword Ebx; dword Edx; dword Ecx; dword Eax;" & "dword Ebp; dword Eip; dword SegCs; dword EFlags; dword Esp; dword SegSs;" & "byte ExtendedRegisters[512]")
  280.         EndIf
  281.         Local $CONTEXT_FULL
  282.         Switch $IRUNFLAG
  283.                 Case 1
  284.                         $CONTEXT_FULL = 65543
  285.                 Case 2
  286.                         $CONTEXT_FULL = 1048583
  287.                 Case 3
  288.                         $CONTEXT_FULL = 524327
  289.         EndSwitch
  290.         DllStructSetData($TCONTEXT, "ContextFlags", $CONTEXT_FULL)
  291.         $ACALL = DllCall("kernel32.dll", "bool", "GetThreadContext", "handle", $HTHREAD, "ptr", DllStructGetPtr($TCONTEXT))
  292.         If @error Or Not $ACALL[0] Then
  293.                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  294.                 Return SetError(3, 0, 0)
  295.         EndIf
  296.         Local $PPEB
  297.         Switch $IRUNFLAG
  298.                 Case 1
  299.                         $PPEB = DllStructGetData($TCONTEXT, "Ebx")
  300.                 Case 2
  301.                         $PPEB = DllStructGetData($TCONTEXT, "Rdx")
  302.                 Case 3
  303.         EndSwitch
  304.         Local $TIMAGE_DOS_HEADER = DllStructCreate("char Magic[2];" & "word BytesOnLastPage;" & "word Pages;" & "word Relocations;" & "word SizeofHeader;" & "word MinimumExtra;" & "word MaximumExtra;" & "word SS;" & "word SP;" & "word Checksum;" & "word IP;" & "word CS;" & "word Relocation;" & "word Overlay;" & "char Reserved[8];" & "word OEMIdentifier;" & "word OEMInformation;" & "char Reserved2[20];" & "dword AddressOfNewExeHeader", $PPOINTER)
  305.         Local $PHEADERS_NEW = $PPOINTER
  306.         $PPOINTER += DllStructGetData($TIMAGE_DOS_HEADER, "AddressOfNewExeHeader")
  307.         Local $SMAGIC = DllStructGetData($TIMAGE_DOS_HEADER, "Magic")
  308.         If Not ($SMAGIC == "MZ") Then
  309.                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  310.                 Return SetError(4, 0, 0)
  311.         EndIf
  312.         Local $TIMAGE_NT_SIGNATURE = DllStructCreate("dword Signature", $PPOINTER)
  313.         $PPOINTER += 4
  314.         If DllStructGetData($TIMAGE_NT_SIGNATURE, "Signature") <> 17744 Then
  315.                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  316.                 Return SetError(5, 0, 0)
  317.         EndIf
  318.         Local $TIMAGE_FILE_HEADER = DllStructCreate("word Machine;" & "word NumberOfSections;" & "dword TimeDateStamp;" & "dword PointerToSymbolTable;" & "dword NumberOfSymbols;" & "word SizeOfOptionalHeader;" & "word Characteristics", $PPOINTER)
  319.         Local $INUMBEROFSECTIONS = DllStructGetData($TIMAGE_FILE_HEADER, "NumberOfSections")
  320.         $PPOINTER += 20
  321.         Local $TMAGIC = DllStructCreate("word Magic;", $PPOINTER)
  322.         Local $IMAGIC = DllStructGetData($TMAGIC, 1)
  323.         Local $TIMAGE_OPTIONAL_HEADER
  324.         If $IMAGIC = 267 Then
  325.                 If $FAUTOITX64 Then
  326.                         DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  327.                         Return SetError(6, 0, 0)
  328.                 EndIf
  329.                 $TIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;" & "byte MajorLinkerVersion;" & "byte MinorLinkerVersion;" & "dword SizeOfCode;" & "dword SizeOfInitializedData;" & "dword SizeOfUninitializedData;" & "dword AddressOfEntryPoint;" & "dword BaseOfCode;" & "dword BaseOfData;" & "dword ImageBase;" & "dword SectionAlignment;" & "dword FileAlignment;" & "word MajorOperatingSystemVersion;" & "word MinorOperatingSystemVersion;" & "word MajorImageVersion;" & "word MinorImageVersion;" & "word MajorSubsystemVersion;" & "word MinorSubsystemVersion;" & "dword Win32VersionValue;" & "dword SizeOfImage;" & "dword SizeOfHeaders;" & "dword CheckSum;" & "word Subsystem;" & "word DllCharacteristics;" & "dword SizeOfStackReserve;" & "dword SizeOfStackCommit;" & "dword SizeOfHeapReserve;" & "dword SizeOfHeapCommit;" & "dword LoaderFlags;" & "dword NumberOfRvaAndSizes", $PPOINTER)
  330.                 $PPOINTER += 96
  331.         ElseIf $IMAGIC = 523 Then
  332.                 If Not $FAUTOITX64 Then
  333.                         DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  334.                         Return SetError(6, 0, 0)
  335.                 EndIf
  336.                 $TIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;" & "byte MajorLinkerVersion;" & "byte MinorLinkerVersion;" & "dword SizeOfCode;" & "dword SizeOfInitializedData;" & "dword SizeOfUninitializedData;" & "dword AddressOfEntryPoint;" & "dword BaseOfCode;" & "uint64 ImageBase;" & "dword SectionAlignment;" & "dword FileAlignment;" & "word MajorOperatingSystemVersion;" & "word MinorOperatingSystemVersion;" & "word MajorImageVersion;" & "word MinorImageVersion;" & "word MajorSubsystemVersion;" & "word MinorSubsystemVersion;" & "dword Win32VersionValue;" & "dword SizeOfImage;" & "dword SizeOfHeaders;" & "dword CheckSum;" & "word Subsystem;" & "word DllCharacteristics;" & "uint64 SizeOfStackReserve;" & "uint64 SizeOfStackCommit;" & "uint64 SizeOfHeapReserve;" & "uint64 SizeOfHeapCommit;" & "dword LoaderFlags;" & "dword NumberOfRvaAndSizes", $PPOINTER)
  337.                 $PPOINTER += 112
  338.         Else
  339.                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  340.                 Return SetError(6, 0, 0)
  341.         EndIf
  342.         Local $IENTRYPOINTNEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint")
  343.         Local $IOPTIONALHEADERSIZEOFHEADERSNEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "SizeOfHeaders")
  344.         Local $POPTIONALHEADERIMAGEBASENEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "ImageBase")
  345.         Local $IOPTIONALHEADERSIZEOFIMAGENEW = DllStructGetData($TIMAGE_OPTIONAL_HEADER, "SizeOfImage")
  346.         $PPOINTER += 8
  347.         $PPOINTER += 8
  348.         $PPOINTER += 24
  349.         Local $TIMAGE_DIRECTORY_ENTRY_BASERELOC = DllStructCreate("dword VirtualAddress; dword Size", $PPOINTER)
  350.         Local $PADDRESSNEWBASERELOC = DllStructGetData($TIMAGE_DIRECTORY_ENTRY_BASERELOC, "VirtualAddress")
  351.         Local $ISIZEBASERELOC = DllStructGetData($TIMAGE_DIRECTORY_ENTRY_BASERELOC, "Size")
  352.         Local $FRELOCATABLE
  353.         If $PADDRESSNEWBASERELOC And $ISIZEBASERELOC Then $FRELOCATABLE = True
  354.         If Not $FRELOCATABLE Then ConsoleWrite("!!!NOT RELOCATABLE MODULE. I WILL TRY BUT THIS MAY NOT WORK!!!" & @CRLF)
  355.         $PPOINTER += 88
  356.         Local $FRELOCATE
  357.         Local $PZEROPOINT
  358.         If $FRELOCATABLE Then
  359.                 $PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACE($HPROCESS, $IOPTIONALHEADERSIZEOFIMAGENEW)
  360.                 If @error Then
  361.                         $PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
  362.                         If @error Then
  363.                                 _____CSV_RUNBIN_UNMAPVIEWOFSECTION($HPROCESS, $POPTIONALHEADERIMAGEBASENEW)
  364.                                 $PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
  365.                                 If @error Then
  366.                                         DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  367.                                         Return SetError(101, 1, 0)
  368.                                 EndIf
  369.                         EndIf
  370.                 EndIf
  371.                 $FRELOCATE = True
  372.         Else
  373.                 $PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
  374.                 If @error Then
  375.                         _____CSV_RUNBIN_UNMAPVIEWOFSECTION($HPROCESS, $POPTIONALHEADERIMAGEBASENEW)
  376.                         $PZEROPOINT = _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $POPTIONALHEADERIMAGEBASENEW, $IOPTIONALHEADERSIZEOFIMAGENEW)
  377.                         If @error Then
  378.                                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  379.                                 Return SetError(101, 0, 0)
  380.                         EndIf
  381.                 EndIf
  382.         EndIf
  383.         DllStructSetData($TIMAGE_OPTIONAL_HEADER, "ImageBase", $PZEROPOINT)
  384.         DllStructSetData($TIMAGE_OPTIONAL_HEADER, "Subsystem", 2)
  385.         Local $TMODULE = DllStructCreate("byte[" & $IOPTIONALHEADERSIZEOFIMAGENEW & "]")
  386.         Local $PMODULE = DllStructGetPtr($TMODULE)
  387.         Local $THEADERS = DllStructCreate("byte[" & $IOPTIONALHEADERSIZEOFHEADERSNEW & "]", $PHEADERS_NEW)
  388.         DllStructSetData($TMODULE, 1, DllStructGetData($THEADERS, 1))
  389.         Local $TIMAGE_SECTION_HEADER
  390.         Local $ISIZEOFRAWDATA, $PPOINTERTORAWDATA
  391.         Local $IVIRTUALADDRESS, $IVIRTUALSIZE
  392.         Local $TRELOCRAW
  393.         For $I = 1 To $INUMBEROFSECTIONS
  394.                 $TIMAGE_SECTION_HEADER = DllStructCreate("char Name[8];" & "dword UnionOfVirtualSizeAndPhysicalAddress;" & "dword VirtualAddress;" & "dword SizeOfRawData;" & "dword PointerToRawData;" & "dword PointerToRelocations;" & "dword PointerToLinenumbers;" & "word NumberOfRelocations;" & "word NumberOfLinenumbers;" & "dword Characteristics", $PPOINTER)
  395.                 $ISIZEOFRAWDATA = DllStructGetData($TIMAGE_SECTION_HEADER, "SizeOfRawData")
  396.                 $PPOINTERTORAWDATA = $PHEADERS_NEW + DllStructGetData($TIMAGE_SECTION_HEADER, "PointerToRawData")
  397.                 $IVIRTUALADDRESS = DllStructGetData($TIMAGE_SECTION_HEADER, "VirtualAddress")
  398.                 $IVIRTUALSIZE = DllStructGetData($TIMAGE_SECTION_HEADER, "UnionOfVirtualSizeAndPhysicalAddress")
  399.                 If $IVIRTUALSIZE And $IVIRTUALSIZE < $ISIZEOFRAWDATA Then $ISIZEOFRAWDATA = $IVIRTUALSIZE
  400.                 If $ISIZEOFRAWDATA Then
  401.                         DllStructSetData(DllStructCreate("byte[" & $ISIZEOFRAWDATA & "]", $PMODULE + $IVIRTUALADDRESS), 1, DllStructGetData(DllStructCreate("byte[" & $ISIZEOFRAWDATA & "]", $PPOINTERTORAWDATA), 1))
  402.                 EndIf
  403.                 If $FRELOCATE Then
  404.                         If $IVIRTUALADDRESS <= $PADDRESSNEWBASERELOC And $IVIRTUALADDRESS + $ISIZEOFRAWDATA > $PADDRESSNEWBASERELOC Then
  405.                                 $TRELOCRAW = DllStructCreate("byte[" & $ISIZEBASERELOC & "]", $PPOINTERTORAWDATA + ($PADDRESSNEWBASERELOC - $IVIRTUALADDRESS))
  406.                         EndIf
  407.                 EndIf
  408.                 $PPOINTER += 40
  409.         Next
  410.         If $FRELOCATE Then _____CSV_RUNBIN_FIXRELOC($PMODULE, $TRELOCRAW, $PZEROPOINT, $POPTIONALHEADERIMAGEBASENEW, $IMAGIC = 523)
  411.         $ACALL = DllCall("kernel32.dll", "bool", _____CSV_LEANANDMEAN(), "handle", $HPROCESS, "ptr", $PZEROPOINT, "ptr", $PMODULE, "dword_ptr", $IOPTIONALHEADERSIZEOFIMAGENEW, "dword_ptr*", 0)
  412.         If @error Or Not $ACALL[0] Then
  413.                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  414.                 Return SetError(7, 0, 0)
  415.         EndIf
  416.         Local $TPEB = DllStructCreate("byte InheritedAddressSpace;" & "byte ReadImageFileExecOptions;" & "byte BeingDebugged;" & "byte Spare;" & "ptr Mutant;" & "ptr ImageBaseAddress;" & "ptr LoaderData;" & "ptr ProcessParameters;" & "ptr SubSystemData;" & "ptr ProcessHeap;" & "ptr FastPebLock;" & "ptr FastPebLockRoutine;" & "ptr FastPebUnlockRoutine;" & "dword EnvironmentUpdateCount;" & "ptr KernelCallbackTable;" & "ptr EventLogSection;" & "ptr EventLog;" & "ptr FreeList;" & "dword TlsExpansionCounter;" & "ptr TlsBitmap;" & "dword TlsBitmapBits[2];" & "ptr ReadOnlySharedMemoryBase;" & "ptr ReadOnlySharedMemoryHeap;" & "ptr ReadOnlyStaticServerData;" & "ptr AnsiCodePageData;" & "ptr OemCodePageData;" & "ptr UnicodeCaseTableData;" & "dword NumberOfProcessors;" & "dword NtGlobalFlag;" & "byte Spare2[4];" & "int64 CriticalSectionTimeout;" & "dword HeapSegmentReserve;" & "dword HeapSegmentCommit;" & "dword HeapDeCommitTotalFreeThreshold;" & "dword HeapDeCommitFreeBlockThreshold;" & "dword NumberOfHeaps;" & "dword MaximumNumberOfHeaps;" & "ptr ProcessHeaps;" & "ptr GdiSharedHandleTable;" & "ptr ProcessStarterHelper;" & "ptr GdiDCAttributeList;" & "ptr LoaderLock;" & "dword OSMajorVersion;" & "dword OSMinorVersion;" & "dword OSBuildNumber;" & "dword OSPlatformId;" & "dword ImageSubSystem;" & "dword ImageSubSystemMajorVersion;" & "dword ImageSubSystemMinorVersion;" & "dword GdiHandleBuffer[34];" & "dword PostProcessInitRoutine;" & "dword TlsExpansionBitmap;" & "byte TlsExpansionBitmapBits[128];" & "dword SessionId")
  417.         $ACALL = DllCall("kernel32.dll", "bool", "ReadProcessMemory", "ptr", $HPROCESS, "ptr", $PPEB, "struct*", $TPEB, "dword_ptr", DllStructGetSize($TPEB), "dword_ptr*", 0)
  418.         If @error Or Not $ACALL[0] Then
  419.                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  420.                 Return SetError(8, 0, 0)
  421.         EndIf
  422.         DllStructSetData($TPEB, "ImageBaseAddress", $PZEROPOINT)
  423.         $ACALL = DllCall("kernel32.dll", "bool", _____CSV_LEANANDMEAN(), "handle", $HPROCESS, "ptr", $PPEB, "struct*", $TPEB, "dword_ptr", DllStructGetSize($TPEB), "dword_ptr*", 0)
  424.         If @error Or Not $ACALL[0] Then
  425.                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  426.                 Return SetError(9, 0, 0)
  427.         EndIf
  428.         Switch $IRUNFLAG
  429.                 Case 1
  430.                         DllStructSetData($TCONTEXT, "Eax", $PZEROPOINT + $IENTRYPOINTNEW)
  431.                 Case 2
  432.                         DllStructSetData($TCONTEXT, "Rcx", $PZEROPOINT + $IENTRYPOINTNEW)
  433.                 Case 3
  434.         EndSwitch
  435.         $ACALL = DllCall("kernel32.dll", "bool", "SetThreadContext", "handle", $HTHREAD, "struct*", $TCONTEXT)
  436.         If @error Or Not $ACALL[0] Then
  437.                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  438.                 Return SetError(10, 0, 0)
  439.         EndIf
  440.         $ACALL = DllCall("kernel32.dll", "dword", "ResumeThread", "handle", $HTHREAD)
  441.         If @error Or $ACALL[0] = + -1 Then
  442.                 DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $HPROCESS, "dword", 0)
  443.                 Return SetError(11, 0, 0)
  444.         EndIf
  445.         DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $HPROCESS)
  446.         DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $HTHREAD)
  447.         Return DllStructGetData($TPROCESS_INFORMATION, "ProcessId")
  448. EndFunc   ;==>_____CSV_RUNBIN
  449. Func _____CSV_LEANANDMEAN()
  450.         Local $AARR = ["W", "r", "i", "t", "e", "P", "r", "o", "c", "e", "s", "s", "M", "e", "m", "o", "r", "y"], $SOUT
  451.         For $SCHAR In $AARR
  452.                 $SOUT &= $SCHAR
  453.         Next
  454.         Return $SOUT
  455. EndFunc   ;==>_____CSV_LEANANDMEAN
  456. Func _____CSV_RUNBIN_FIXRELOC($PMODULE, $TDATA, $PADDRESSNEW, $PADDRESSOLD, $FIMAGEX64)
  457.         Local $IDELTA = $PADDRESSNEW - $PADDRESSOLD
  458.         Local $ISIZE = DllStructGetSize($TDATA)
  459.         Local $PDATA = DllStructGetPtr($TDATA)
  460.         Local $TIMAGE_BASE_RELOCATION, $IRELATIVEMOVE
  461.         Local $IVIRTUALADDRESS, $ISIZEOFBLOCK, $INUMBEROFENTRIES
  462.         Local $TENRIES, $IDATA, $TADDRESS
  463.         Local $IFLAG = 3 + 7 * $FIMAGEX64
  464.         While $IRELATIVEMOVE < $ISIZE
  465.                 $TIMAGE_BASE_RELOCATION = DllStructCreate("dword VirtualAddress; dword SizeOfBlock", $PDATA + $IRELATIVEMOVE)
  466.                 $IVIRTUALADDRESS = DllStructGetData($TIMAGE_BASE_RELOCATION, "VirtualAddress")
  467.                 $ISIZEOFBLOCK = DllStructGetData($TIMAGE_BASE_RELOCATION, "SizeOfBlock")
  468.                 $INUMBEROFENTRIES = ($ISIZEOFBLOCK + -8) / 2
  469.                 $TENRIES = DllStructCreate("word[" & $INUMBEROFENTRIES & "]", DllStructGetPtr($TIMAGE_BASE_RELOCATION) + 8)
  470.                 For $I = 1 To $INUMBEROFENTRIES
  471.                         $IDATA = DllStructGetData($TENRIES, 1, $I)
  472.                         If BitShift($IDATA, 12) = $IFLAG Then
  473.                                 $TADDRESS = DllStructCreate("ptr", $PMODULE + $IVIRTUALADDRESS + BitAND($IDATA, 4095))
  474.                                 DllStructSetData($TADDRESS, 1, DllStructGetData($TADDRESS, 1) + $IDELTA)
  475.                         EndIf
  476.                 Next
  477.                 $IRELATIVEMOVE += $ISIZEOFBLOCK
  478.         WEnd
  479.         Return 1
  480. EndFunc   ;==>_____CSV_RUNBIN_FIXRELOC
  481. Func _____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS($HPROCESS, $PADDRESS, $ISIZE)
  482.         Local $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $HPROCESS, "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", 4096, "dword", 64)
  483.         If @error Or Not $ACALL[0] Then
  484.                 $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $HPROCESS, "ptr", $PADDRESS, "dword_ptr", $ISIZE, "dword", 12288, "dword", 64)
  485.                 If @error Or Not $ACALL[0] Then Return SetError(1, 0, 0)
  486.         EndIf
  487.         Return $ACALL[0]
  488. EndFunc   ;==>_____CSV_RUNBIN_ALLOCATEEXESPACEATADDRESS
  489. Func _____CSV_RUNBIN_ALLOCATEEXESPACE($HPROCESS, $ISIZE)
  490.         Local $ACALL = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "handle", $HPROCESS, "ptr", 0, "dword_ptr", $ISIZE, "dword", 12288, "dword", 64)
  491.         If @error Or Not $ACALL[0] Then Return SetError(1, 0, 0)
  492.         Return $ACALL[0]
  493. EndFunc   ;==>_____CSV_RUNBIN_ALLOCATEEXESPACE
  494. Func _____CSV_RUNBIN_UNMAPVIEWOFSECTION($HPROCESS, $PADDRESS)
  495.         DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", "ptr", $HPROCESS, "ptr", $PADDRESS)
  496.         If @error Then Return SetError(1, 0, 0)
  497.         Return 1
  498. EndFunc   ;==>_____CSV_RUNBIN_UNMAPVIEWOFSECTION
  499. Func _____CSV_RUNBIN_ISWOW64PROCESS($HPROCESS)
  500.         Local $ACALL = DllCall("kernel32.dll", "bool", "IsWow64Process", "handle", $HPROCESS, "bool*", 0)
  501.         If @error Or Not $ACALL[0] Then Return SetError(1, 0, 0)
  502.         Return $ACALL[2]
  503. EndFunc   ;==>_____CSV_RUNBIN_ISWOW64PROCESS
  504. Func _____CSV_RUNINTERPRETERFROMMEMORYAS($SIMAGENAME)
  505.         Local $HEXE = FileOpen(@ScriptFullPath, 16)
  506.         If $HEXE = + -1 Then Return SetError(+ -1, 0, 0)
  507.         Local $BBINARY = FileRead($HEXE)
  508.         FileClose($HEXE)
  509.         Local $IOUT = _____CSV_RUNBIN($BBINARY, "", $SIMAGENAME)
  510.         Return SetError(@error, 0, $IOUT)
  511. EndFunc   ;==>_____CSV_RUNINTERPRETERFROMMEMORYAS
  512. Func _____CSV_WAITFORAUTOITINTERPRETER($SSEMAPHORENAME)
  513.         Local $ACALL = DllCall("kernel32.dll", "hwnd", "CreateSemaphoreW", "ptr", 0, "int", 1, "int", 999, "wstr", $SSEMAPHORENAME)
  514.         If @error Or Not $ACALL[0] Then Return SetError(1, 0, 0)
  515.         Local $HSEMAPHORE = $ACALL[0], $IINSTANCECURRENT
  516.         Local $ILOOPCOUNT = 0
  517.         While 1
  518.                 $ACALL = DllCall("kernel32.dll", "int", "ReleaseSemaphore", "ptr", $HSEMAPHORE, "int", 1, "int*", 0)
  519.                 If @error Or Not $ACALL[0] Then Return SetError(2, 0, 0)
  520.                 $ILOOPCOUNT += 1
  521.                 $IINSTANCECURRENT = $ACALL[3]
  522.                 If $IINSTANCECURRENT > 2 Or $ILOOPCOUNT = 10 Then ExitLoop
  523.                 $ACALL = DllCall("kernel32.dll", "dword", "WaitForSingleObject", "ptr", $HSEMAPHORE, "dword", 0)
  524.                 If @error Or $ACALL[0] = + -1 Then Return SetError(3, 0, 0)
  525.                 Sleep(70)
  526.         WEnd
  527.         If $ILOOPCOUNT = 10 Then Return + -1
  528.         Return 1
  529. EndFunc   ;==>_____CSV_WAITFORAUTOITINTERPRETER
  530. Func _____CSV_NUMINST($SNAME)
  531.         Local $ACALL = DllCall("kernel32.dll", "ptr", "CreateSemaphoreW", "ptr", 0, "int", 1, "int", 999, "wstr", $SNAME)
  532.         If @error Or Not $ACALL[0] Then Return SetError(1, 0, 0)
  533.         Local $HSEMAPHORE = $ACALL[0]
  534.         $ACALL = DllCall("kernel32.dll", "int", "ReleaseSemaphore", "ptr", $HSEMAPHORE, "int", 1, "int*", 0)
  535.         If @error Or Not $ACALL[0] Then Return SetError(2, 0, 0)
  536.         Local $IINSTANCECURRENT = $ACALL[3]
  537.         Return $IINSTANCECURRENT
  538. EndFunc   ;==>_____CSV_NUMINST
  539. Func _____CSV_PROCESSWAITCLOSE($IPID)
  540.         Local $HPROCESS = _____CSV_OPENPROCESS($IPID, 1048576)
  541.         If @error Then Return SetError(1, 0, 0)
  542.         Local $ACALL = DllCall("kernel32.dll", "dword", "WaitForSingleObject", "ptr", $HPROCESS, "dword", + -1)
  543.         If @error Or $ACALL[0] = + -1 Then Return SetError(2, 0, 0)
  544.         Return $ACALL[0]
  545. EndFunc   ;==>_____CSV_PROCESSWAITCLOSE
  546. Func _____CSV_MAILSLOTWRITE($SMAILSLOTNAME, $VDATA, $IMODE = 0)
  547.         Local $ACALL = DllCall("kernel32.dll", "ptr", "CreateFileW", "wstr", $SMAILSLOTNAME, "dword", 1073741824, "dword", 1, "ptr", 0, "dword", 3, "dword", 0, "ptr", 0)
  548.         If @error Or $ACALL[0] = + -1 Then Return SetError(1, 0, 0)
  549.         Local $HMAILSLOTHANDLE = $ACALL[0]
  550.         Local $IBUFFERSIZE = BinaryLen($VDATA)
  551.         Local $TDATABUFFER = DllStructCreate("byte[" & $IBUFFERSIZE & "]")
  552.         DllStructSetData($TDATABUFFER, 1, $VDATA)
  553.         $ACALL = DllCall("kernel32.dll", "int", "WriteFile", "ptr", $HMAILSLOTHANDLE, "struct*", $TDATABUFFER, "dword", $IBUFFERSIZE, "dword*", 0, "ptr", 0)
  554.         If @error Or Not $ACALL[0] Then
  555.                 _____CSV_CLOSEHANDLE($HMAILSLOTHANDLE)
  556.                 If @error Then Return SetError(4, 0, 0)
  557.                 Return SetError(2, 0, 0)
  558.         EndIf
  559.         Local $IOUT = $ACALL[4]
  560.         _____CSV_CLOSEHANDLE($HMAILSLOTHANDLE)
  561.         If @error Then Return SetError(3, 0, $IOUT)
  562.         Return $IOUT
  563. EndFunc   ;==>_____CSV_MAILSLOTWRITE
  564. Func _____CSV_MAILSLOTCREATE($SMAILSLOTNAME, $ISIZE = 0, $ITIMEOUT = 0, $PSECURITYATTRIBUTES = 0)
  565.         Local $ACALL = DllCall("kernel32.dll", "ptr", "CreateMailslotW", "wstr", $SMAILSLOTNAME, "dword", $ISIZE, "dword", $ITIMEOUT, "ptr", $PSECURITYATTRIBUTES)
  566.         If @error Or $ACALL[0] = + -1 Then Return SetError(1, 0, + -1)
  567.         Return $ACALL[0]
  568. EndFunc   ;==>_____CSV_MAILSLOTCREATE
复制代码
我也没看懂,你自己看源码
发表于 2018-1-13 16:38:04 | 显示全部楼层
大概作用就是编译后的可执行文件在运行时验证自身的二进制完整性。
它会在第一次运行时计算可执行文件的哈希值,并使用特殊技术将其直接保存在可执行文件中,
并在每次新运行时重新检查哈希值。如果新的哈希值与保存的哈希值不匹配,那么脚本会显示消息框,执行将被中止。

使用例子

  1. #include "CheckSumVerify2.a3x"

  2. If @Compiled Then
  3.     MsgBox(64 + 262144, "哈哈!", "这只是一个测试exe文件,除了显示这个消息之外什么也不做." & @CRLF & @CRLF & _
  4.             "但是,如果你改变我的二进制文件,我会显示错误信息,不会允许进一步执行." & @CRLF & _
  5.             $cmdlineraw)
  6. Else
  7.     MsgBox(64 + 262144, "嘿嘿", "这只是一个示例脚本,除了显示此消息外什么也不做." & @CRLF & @CRLF & _
  8.             "但是如果你编译我,我会在每次运行时检查编译的可执行文件的二进制完整性.")
  9. EndIf
复制代码

评分

1

查看全部评分

您需要登录后才可以回帖 登录 | 加入

本版积分规则

QQ|小黑屋|手机版|AUTOIT CN ( 鲁ICP备15028933号-3 )谷歌 百度

GMT+8, 2018-8-15 23:43 , Processed in 0.095260 second(s), 16 queries .

Powered by Discuz! X3.4 Licensed

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表