AutoHotkey Community

[Sarah]

Some good news, it seems maybe this is possible,

IDEA/CONCEPT: Starting a batch load of textual HEX data "a program" via a DLL call and pipe the memory content to the newly started process, .... {To basically 'run' the program this way}.

I will let others post to this thread to expand the notion, risks, or show demonstrations or a path of how this may work. I hope it can be done, it would be real breathtaking and a true breakthru to make this design work

[TodWulff]

G'day Sarah;

Are you basically suggesting that there is a text file with some ASM source code, and that when you 'run' the text file, that it kicks off an executable/dll to interpret the ASM code in the text file, and execute it, or feed direct hex to the host processor via a machine language call?

Sounds like it could be easily done. Take a peek here, you might find something useful and interesting.?.

Good luck.

-t

[Laszlo]

DllCAll’s to addresses of whole programs in memory do not usually work, like with a compiled AHK script. I just get access violation errors. I have not investigated the cause, but there can be very simple ones, like the need for runtime libraries in memory, which is easy to solve (with a prior DllCall("LoadLibrary"…). Other problems could be the need for setting privileges, allocate memory, etc, which are done by the program loader of the OS. But, unfortunately, all these are not that easy.

[Guest]

Are you missing the PE header or? Ship it in your exe otherwise

[Sarah]

That's all great *everyone*, ... thank you
TodWulff, looks like this may be a possibility! I hope to hear what Lexikos has to think if he is out there

[ZebraPony]

How would the data be called in, from just raw binary format?

[TeeTwo]

I think that could be very dangerous as a simple text file could trigger disastrous effects as mostn anti virus programd only look for rogue programs not seemingly inocent text files.

If anyone has success with this approach they should inform the major antivirus companies of the method.

Me worried, Just lost my bios, mbr and most of windows to something that briefly had AVG complaining before a final shutdown. It has taken me 4 days to get back 60% of my files and programs.

Just as well I did a drive image albeit several months ago. Memo to self, Do Drive Image Regulary. Yeah! as if.

Terry alias Chicken Little "Watch the skies"
_________________
(The guy from Oz)

[zoop]

Dude, to make that work you would need a .EXE to create the program from a text file anyway (under the OP topic proposition), ... and anyway it would probably just be picked up as a signature in the very same way if something criminally malicious were to be executed in memory. Those AV programs do check for memory alterations and other things, so this is no different. Don't throw cold water on something 99% people would not use to commit a crime on third-party computers somehow..... which takes allot of work and many conditions to be right to hurt more than 1 computer these days. Your blowing this issue way out of proportion.

[Maxidoa]

Lexikos, some people have said you might know how to do this advanced concept of OP? Can you load libraries into memory to execute binary files this way? It would be great to see a working demonstration from the Master.

[Guest]

[Guest0]

That is straight liableous and slander, who ever you are behind the GUEST account which can only be owned by just one person. I wonder who that is? Can anyone just post under GUEST? Your destroying your own credibility not to mention flat wrong. Why? This is a separate issue you generate. Besides, what the heck are you talking about? :/ You mean distribution of some XYZ file with problems for _Your_ computer? Maybe I am a sleepyhead, but that is so old school and nothing can prevent any compter script technique from doing that. There would be no sort of advantage BEYOND straight executables for something building under the OP concept, since it would require a Executable and some-back-end in the first place.. Wake up and stop harassing your own people.. (double wink)

[Guest]

The last poster would be technically correct, and a method to pack executable data into textual format would do more good than harm, especially for those wanting to encrypt & couple components into one file to simplify distribution! Since this method I propose would require anyway a EXE to manage it, there should be no express worries somehow this should be a stealth way to easily commander someones computer. Anyhoot, advanced SpyWare (good ones), or even Norton will scan memory chunks for many common signatures something goofy, such as tackling the registry, etc, ... and Firewall alerts are especially sensitive if anything tries to poke a hole through it... so no worries.... doesn't matter how the commands get fired off. And today it is increasingly going to be difficult in my opinion to just 'trick' someone into running a foreign executable out of the blue...., there seems to be many other exploits Web browser and email based that don't even require running programs that get into the pants of people to accomplish any nefarious goals, .... so I see no special advantage to my proposed idea. I think it is just throwing cold water on really a good development approach if this can be made to working by someone with savvy & expertise. Besides who wants to go to jail for even trying to invade someones privacy? Let people decide what they want to do with this stuff. If you write a AHK script that goes FORMAT C:/ and try to trick someone to run it, I mean... your just taking a huge risk with no payoff or protection :=) Just my opinoin here. Don't overblow what is good for the rest of us because of a few hackers messing with a few people.

Hey Lexikos are you out there honey?

I think this is a good experiment and hopefully anyone out there can put their two cents in. Thank you.

PS... Thank you TodWulff, Laszlo, ZebraPony, and others for thinking on this. It sounds like for this to work, some calls which load proper libraries into memory to support this function would need to be implemented. Maybe there is a better way. Please re-read my first post to re-cap what this is all about. Any ideas to get this started.... with the good old fashioned baseline test of MSGBOX, HELLO WORLD?

Have a wonderful week. Best wishes, The Sarah.

[Sarah]

(slight bump)

Has anybody actually been able to figure out this most challenging of ways to call programs this way yet?

[engunneer]

[Sarah]

Perhaps more Slightly Gracious is the better etymology.