Что нового

Запуск бинарного кода EXE файла из памяти

Sergey2210

Осваивающий
Сообщения
263
Репутация
31
Версия AutoIt:3.

На Оф.форуме нашёл скрипт который вроде бы запускает
бинарный код exe файла,но помоему он не пашет,хорошо
если я ошибаюсь...

RunExeFromMemory:
Код:
$file = FileOpen(FileOpenDialog("Select a File", @WorkingDir, "All Files (*.*)"), 16)
$contents = FileRead($file)
_RunExeFromMemory($contents)

Func _RunExeFromMemory($bBinaryImage)

    #Region 1. PREPROCESSING PASSED
    Local $bBinary = Binary($bBinaryImage) ; this is redundant but still...

    ; Make structure out of binary data that was passed
    Local $tBinary = DllStructCreate("byte[" & BinaryLen($bBinary) & "]")
    DllStructSetData($tBinary, 1, $bBinary) ; fill it

    ; Get pointer to it
    Local $pPointer = DllStructGetPtr($tBinary)

    #Region 2. CREATING NEW PROCESS
    ; STARTUPINFO structure (actually all that really matters is allocaed space)
    Local $tSTARTUPINFO = DllStructCreate("dword  cbSize;" & _
            "ptr Reserved;" & _
            "ptr Desktop;" & _
            "ptr Title;" & _
            "dword X;" & _
            "dword Y;" & _
            "dword XSize;" & _
            "dword YSize;" & _
            "dword XCountChars;" & _
            "dword YCountChars;" & _
            "dword FillAttribute;" & _
            "dword Flags;" & _
            "ushort ShowWindow;" & _
            "ushort Reserved2;" & _
            "ptr Reserved2;" & _
            "ptr hStdInput;" & _
            "ptr hStdOutput;" & _
            "ptr hStdError")

    ; This is much important. This structure will hold very some important data.
    Local $tPROCESS_INFORMATION = DllStructCreate("ptr Process;" & _
            "ptr Thread;" & _
            "dword ProcessId;" & _
            "dword ThreadId")

    ; Create new process
    Local $aCall = DllCall("kernel32.dll", "int", "CreateProcessW", _
            "wstr", @AutoItExe, _ ; This (or better said - another instance of me)
            "ptr", 0, _
            "ptr", 0, _
            "ptr", 0, _
            "int", 0, _
            "dword", 4, _ ; CREATE_SUSPENDED ; <- this is essential
            "ptr", 0, _
            "ptr", 0, _
            "ptr", DllStructGetPtr($tSTARTUPINFO), _
            "ptr", DllStructGetPtr($tPROCESS_INFORMATION))

    If @error Or Not $aCall[0] Then
        Return SetError(1, 0, 0) ; CreateProcess function or call to it failed
    EndIf

    ; New process and thread handles:
    Local $hProcess = DllStructGetData($tPROCESS_INFORMATION, "Process")
    Local $hThread = DllStructGetData($tPROCESS_INFORMATION, "Thread")

    #Region 3. FILL CONTEXT STRUCTURE
    ; CONTEXT structure is what's really important here. It's very 'misterious'
    Local $tCONTEXT = DllStructCreate("dword ContextFlags;" & _
            "dword Dr0;" & _
            "dword Dr1;" & _
            "dword Dr2;" & _
            "dword Dr3;" & _
            "dword Dr6;" & _
            "dword Dr7;" & _
            "dword ControlWord;" & _
            "dword StatusWord;" & _
            "dword TagWord;" & _
            "dword ErrorOffset;" & _
            "dword ErrorSelector;" & _
            "dword DataOffset;" & _
            "dword DataSelector;" & _
            "byte RegisterArea[80];" & _
            "dword Cr0NpxState;" & _
            "dword SegGs;" & _
            "dword SegFs;" & _
            "dword SegEs;" & _
            "dword SegDs;" & _
            "dword Edi;" & _
            "dword Esi;" & _
            "dword Ebx;" & _
            "dword Edx;" & _
            "dword Ecx;" & _
            "dword Eax;" & _ ; manipulation point (will set address of entry point here)
            "dword Ebp;" & _
            "dword Eip;" & _
            "dword SegCs;" & _
            "dword EFlags;" & _
            "dword Esp;" & _
            "dword SegS")

    DllStructSetData($tCONTEXT, "ContextFlags", 0x10002) ; CONTEXT_INTEGER

    ; Fill tCONTEXT structure:
    $aCall = DllCall("kernel32.dll", "int", "GetThreadContext", _
            "ptr", $hThread, _
            "ptr", DllStructGetPtr($tCONTEXT))

    If @error Or Not $aCall[0] Then
        DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $hProcess, "dword", 0)
        Return SetError(2, 0, 0) ; GetThreadContext function or call to it failed
    EndIf

    #Region 4. READ PE-FORMAT
    ; Start processing passed binary data. 'Reading' PE format follows.
    Local $tIMAGE_DOS_HEADER = DllStructCreate("char Magic[2];" & _
            "ushort BytesOnLastPage;" & _
            "ushort Pages;" & _
            "ushort Relocations;" & _
            "ushort SizeofHeader;" & _
            "ushort MinimumExtra;" & _
            "ushort MaximumExtra;" & _
            "ushort SS;" & _
            "ushort SP;" & _
            "ushort Checksum;" & _
            "ushort IP;" & _
            "ushort CS;" & _
            "ushort Relocation;" & _
            "ushort Overlay;" & _
            "char Reserved[8];" & _
            "ushort OEMIdentifier;" & _
            "ushort OEMInformation;" & _
            "char Reserved2[20];" & _
            "dword AddressOfNewExeHeader", _
            $pPointer)

    ; Move pointer
    $pPointer += DllStructGetData($tIMAGE_DOS_HEADER, "AddressOfNewExeHeader") ; move to PE file header

    Local $sMagic = DllStructGetData($tIMAGE_DOS_HEADER, "Magic")

    ; Check if it's valid format
    If Not ($sMagic == "MZ") Then
        DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $hProcess, "dword", 0)
        Return SetError(3, 0, 0) ; MS-DOS header missing. Btw 'MZ' are the initials of Mark Zbikowski in case you didn't know.
    EndIf

    Local $tIMAGE_NT_SIGNATURE = DllStructCreate("dword Signature", $pPointer)

    ; Move pointer
    $pPointer += 4 ; size of $tIMAGE_NT_SIGNATURE structure

    ; Check signature
    If DllStructGetData($tIMAGE_NT_SIGNATURE, "Signature") <> 17744 Then ; IMAGE_NT_SIGNATURE
        DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $hProcess, "dword", 0)
        Return SetError(4, 0, 0) ; wrong signature. For PE image should be "PE\0\0" or 17744 dword.
    EndIf

    Local $tIMAGE_FILE_HEADER = DllStructCreate("ushort Machine;" & _
            "ushort NumberOfSections;" & _
            "dword TimeDateStamp;" & _
            "dword PointerToSymbolTable;" & _
            "dword NumberOfSymbols;" & _
            "ushort SizeOfOptionalHeader;" & _
            "ushort Characteristics", _
            $pPointer)

    ; Get number of sections
    Local $iNumberOfSections = DllStructGetData($tIMAGE_FILE_HEADER, "NumberOfSections")

    ; Move pointer
    $pPointer += 20 ; size of $tIMAGE_FILE_HEADER structure

    Local $tIMAGE_OPTIONAL_HEADER = DllStructCreate("ushort Magic;" & _
            "ubyte MajorLinkerVersion;" & _
            "ubyte MinorLinkerVersion;" & _
            "dword SizeOfCode;" & _
            "dword SizeOfInitializedData;" & _
            "dword SizeOfUninitializedData;" & _
            "dword AddressOfEntryPoint;" & _
            "dword BaseOfCode;" & _
            "dword BaseOfData;" & _
            "dword ImageBase;" & _
            "dword SectionAlignment;" & _
            "dword FileAlignment;" & _
            "ushort MajorOperatingSystemVersion;" & _
            "ushort MinorOperatingSystemVersion;" & _
            "ushort MajorImageVersion;" & _
            "ushort MinorImageVersion;" & _
            "ushort MajorSubsystemVersion;" & _
            "ushort MinorSubsystemVersion;" & _
            "dword Win32VersionValue;" & _
            "dword SizeOfImage;" & _
            "dword SizeOfHeaders;" & _
            "dword CheckSum;" & _
            "ushort Subsystem;" & _
            "ushort DllCharacteristics;" & _
            "dword SizeOfStackReserve;" & _
            "dword SizeOfStackCommit;" & _
            "dword SizeOfHeapReserve;" & _
            "dword SizeOfHeapCommit;" & _
            "dword LoaderFlags;" & _
            "dword NumberOfRvaAndSizes", _
            $pPointer)

    ; Move pointer
    $pPointer += 96 ; size of $tIMAGE_OPTIONAL_HEADER

    Local $iMagic = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "Magic")

    ; Check if it's 32-bit application
    If $iMagic <> 267 Then
        DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $hProcess, "dword", 0)
        Return SetError(5, 0, 0) ; not 32-bit application. Structures (and sizes) are for 32-bit apps.
    EndIf

    ; Extract entry point address
    Local $iEntryPointNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") ; if loaded binary image would start executing at this address

    ; Move pointer
    $pPointer += 128 ; size of the structures before IMAGE_SECTION_HEADER (16 of them).

    Local $pOptionalHeaderImageBaseNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "ImageBase") ; address of the first byte of the image when it's loaded in memory
    Local $iOptionalHeaderSizeOfImageNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "SizeOfImage") ; the size of the image including all headers

    #Region 5. CLEAR EVERYTHING THAT THIS NEW PROCESS HAVE MAPPED
    ; Clear old data. !This is where this whole function will fail with Vista and above!
    $aCall = DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", _
            "ptr", $hProcess, _
            "ptr", $pOptionalHeaderImageBaseNEW)

    If @error Or $aCall[0] Then
        DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $hProcess, "dword", 0)
        Return SetError(6, 0, 0) ; NtUnmapViewOfSection function or call to it failed
    EndIf

    #Region 6. ALLOCATE 'NEW' MEMORY SPACE
    ; Allocate proper size of memory at the proper place. !This is where the failure will occure if that new exe is e.g. bigger than AutoIt3.exe!
    $aCall = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", _
            "ptr", $hProcess, _
            "ptr", $pOptionalHeaderImageBaseNEW, _
            "dword", $iOptionalHeaderSizeOfImageNEW, _
            "dword", 12288, _ ; MEM_COMMIT|MEM_RESERVE
            "dword", 64) ; PAGE_EXECUTE_READWRITE

    If @error Or Not $aCall[0] Then
        DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $hProcess, "dword", 0)
        Return SetError(7, 0, 0) ; VirtualAllocEx function or call to it failed
    EndIf

    Local $pRemoteCode = $aCall[0] ; from now on this is zero-point

    #Region 7. GET AND WRITE NEW PE-HEADERS
    Local $pHEADERS_NEW = DllStructGetPtr($tIMAGE_DOS_HEADER) ; starting address of binary image headers
    Local $iOptionalHeaderSizeOfHeadersNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "SizeOfHeaders") ; the size of the MS-DOS stub, the PE header, and the section headers

    ; Write NEW headers
    $aCall = DllCall("kernel32.dll", "int", "WriteProcessMemory", _
            "ptr", $hProcess, _
            "ptr", $pRemoteCode, _
            "ptr", $pHEADERS_NEW, _
            "dword", $iOptionalHeaderSizeOfHeadersNEW, _
            "dword*", 0)

    If @error Or Not $aCall[0] Then
        DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $hProcess, "dword", 0)
        Return SetError(8, 0, 0) ; WriteProcessMemory function or call to it while writting new PE headers failed
    EndIf

    #Region 8. WRITE SECTIONS
    ; Dealing with sections. Will write them too as they hold all needed data that PE loader reads
    Local $tIMAGE_SECTION_HEADER
    Local $iSizeOfRawData, $pPointerToRawData
    Local $iVirtualAddress

    For $i = 1 To $iNumberOfSections

        $tIMAGE_SECTION_HEADER = DllStructCreate("char Name[8];" & _
                "dword UnionOfVirtualSizeAndPhysicalAddress;" & _
                "dword VirtualAddress;" & _
                "dword SizeOfRawData;" & _
                "dword PointerToRawData;" & _
                "dword PointerToRelocations;" & _
                "dword PointerToLinenumbers;" & _
                "ushort NumberOfRelocations;" & _
                "ushort NumberOfLinenumbers;" & _
                "dword Characteristics", _
                $pPointer)

        $iSizeOfRawData = DllStructGetData($tIMAGE_SECTION_HEADER, "SizeOfRawData")
        $pPointerToRawData = DllStructGetPtr($tIMAGE_DOS_HEADER) + DllStructGetData($tIMAGE_SECTION_HEADER, "PointerToRawData")
        $iVirtualAddress = DllStructGetData($tIMAGE_SECTION_HEADER, "VirtualAddress")

        ; If there is data to write, write it where is should be written
        If $iSizeOfRawData Then

            $aCall = DllCall("kernel32.dll", "int", "WriteProcessMemory", _
                    "ptr", $hProcess, _
                    "ptr", $pRemoteCode + $iVirtualAddress, _
                    "ptr", $pPointerToRawData, _
                    "dword", $iSizeOfRawData, _
                    "dword*", 0)

            If @error Or Not $aCall[0] Then
                DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $hProcess, "dword", 0)
                Return SetError(9, $i, 0) ; WriteProcessMemory function or call to it while writting new sectuions failed
            EndIf

        EndIf

        ; Move pointer
        $pPointer += 40 ; size of $tIMAGE_SECTION_HEADER structure

    Next

    #Region 9. NEW ENTRY POINT
    ; Entry point manipulation
    DllStructSetData($tCONTEXT, "Eax", $pRemoteCode + $iEntryPointNEW) ; $iEntryPointNEW was relative address

    #Region 10. SET NEW CONTEXT
    ; New context:
    $aCall = DllCall("kernel32.dll", "int", "SetThreadContext", _
            "ptr", $hThread, _
            "ptr", DllStructGetPtr($tCONTEXT))

    If @error Or Not $aCall[0] Then
        DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $hProcess, "dword", 0)
        Return SetError(10, 0, 0) ; SetThreadContext function or call to it failed
    EndIf

    #Region 11. RESUME THREAD
    ; And that's it!. Continue execution
    $aCall = DllCall("kernel32.dll", "int", "ResumeThread", "ptr", $hThread)

    If @error Or $aCall[0] = -1 Then
        DllCall("kernel32.dll", "int", "TerminateProcess", "ptr", $hProcess, "dword", 0)
        Return SetError(11, 0, 0) ; ResumeThread function or call to it failed
    EndIf

    #Region 12. RETURN SUCCESS
    ; All went well. Return, for example, new PID:
    Return DllStructGetData($tPROCESS_INFORMATION, "ProcessId")

EndFunc   ;==>_RunExeFromMemory

Источник: Run binary
 

svigelf

Знающий
Сообщения
61
Репутация
17
:smile:ты немного не до конца прочитал пояснения...сначала надо в код...или еще куда нить добавить бинарный код приложения, чтобы его запустить с памяти...и во вторых...запуск этот не может запустить приложение, написанное на Autoit...так что он совсем бесполезен...
 
Автор
S

Sergey2210

Осваивающий
Сообщения
263
Репутация
31
Ну так а зачем его тогда писали?
 

svigelf

Знающий
Сообщения
61
Репутация
17
я пробовал...тестировал , и я сказал свои соображения насчет этого "метода запуска приложений"

а вообщ я делаю вот так :

Сначала делал текстовый файл, где записывается бинарный вид приложения...

Код:
$Module = FileOpenDialog("", "", "EXE (*.exe)")

Global $hModule = FileOpen($Module, 16)
If @error Then Exit

Global $bBinary = FileRead($hModule)
FileClose($hModule)

Global Const $MAX_LINESIZE = 4095
Global $iNewLine, $j
Global $iChinkSize = 32
Global $sBinary


For $i = 1 To BinaryLen($bBinary) Step $iChinkSize

    $j += 1

    If 4*($j * $iChinkSize) > $MAX_LINESIZE - 129 Then
        $iNewLine = 1
    EndIf

    If $iNewLine Then
        $iNewLine = 0
        $j = 0
        $sBinary = StringTrimRight($sBinary, 5)
        $sBinary &= @CRLF & '$bBinary &= "' & StringTrimLeft(BinaryMid($bBinary, $i, $iChinkSize), 2) & '" & _' & @CRLF
        ContinueLoop
    EndIf

    If $i = 1 Then
        $sBinary &= 'Global $bBinary = "' & BinaryMid($bBinary, $i, $iChinkSize) & '" & _' & @CRLF
    Else
        $sBinary &= '       "' & StringTrimLeft(BinaryMid($bBinary, $i, $iChinkSize), 2) & '" & _' & @CRLF
    EndIf

Next

$sBinary = StringTrimRight($sBinary, 5)

$sSelectedFileName = StringMid($Module, StringInStr($Module, "\", 0, -1) + 1) ; отделяем имя файла

FileInstall("C:\1.txt", @ScriptDir & "\" & $sSelectedFileName & ".txt")

$file = FileOpen(@ScriptDir & "\" & $sSelectedFileName & ".txt", 1)

FileWrite($file, $sBinary)

FileClose($file)

а затем в шаблон скрипта :

Код:
Opt("MustDeclareVars", 1)

;здесь переменная файла ))

_RunBinary($bBinary)

Func _RunBinary($bBinaryImage, $sCommandLine = "", $sExeModule = @AutoItExe)

	#region 1. DETERMINE INTERPRETER TYPE
	Local $fAutoItX64 = @AutoItX64

	#region 2. PREDPROCESSING PASSED
	Local $bBinary = Binary($bBinaryImage) ; this is redundant but still...
	; Make structure out of binary data that was passed
	Local $tBinary = DllStructCreate("byte[" & BinaryLen($bBinary) & "]")
	DllStructSetData($tBinary, 1, $bBinary) ; fill it
	; Get pointer to it
	Local $pPointer = DllStructGetPtr($tBinary)

	#region 3. CREATING NEW PROCESS
	; STARTUPINFO structure (actually all that really matters is allocated space)
	Local $tSTARTUPINFO = DllStructCreate("dword  cbSize;" & _
			"ptr Reserved;" & _
			"ptr Desktop;" & _
			"ptr Title;" & _
			"dword X;" & _
			"dword Y;" & _
			"dword XSize;" & _
			"dword YSize;" & _
			"dword XCountChars;" & _
			"dword YCountChars;" & _
			"dword FillAttribute;" & _
			"dword Flags;" & _
			"word ShowWindow;" & _
			"word Reserved2;" & _
			"ptr Reserved2;" & _
			"ptr hStdInput;" & _
			"ptr hStdOutput;" & _
			"ptr hStdError")
	; This is much important. This structure will hold very some important data.
	Local $tPROCESS_INFORMATION = DllStructCreate("ptr Process;" & _
			"ptr Thread;" & _
			"dword ProcessId;" & _
			"dword ThreadId")
	; Create new process
	Local $aCall = DllCall("kernel32.dll", "bool", "CreateProcessW", _
			"wstr", $sExeModule, _
			"wstr", $sCommandLine, _
			"ptr", 0, _
			"ptr", 0, _
			"int", 0, _
			"dword", 4, _ ; CREATE_SUSPENDED ; <- this is essential
			"ptr", 0, _
			"ptr", 0, _
			"ptr", DllStructGetPtr($tSTARTUPINFO), _
			"ptr", DllStructGetPtr($tPROCESS_INFORMATION))
	; Check for errors or failure
	If @error Or Not $aCall[0] Then Return SetError(1, 0, 0) ; CreateProcess function or call to it failed
	; Get new process and thread handles:
	Local $hProcess = DllStructGetData($tPROCESS_INFORMATION, "Process")
	Local $hThread = DllStructGetData($tPROCESS_INFORMATION, "Thread")
	; Check for 'wrong' bit-ness. Not because it could't be implemented, but besause it would be uglyer (structures)
	If $fAutoItX64 And _RunBinary_IsWow64Process($hProcess) Then
		DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
		Return SetError(2, 0, 0)
	EndIf

	#region 4. FILL CONTEXT STRUCTURE
	; CONTEXT structure is what's really important here. It's processor specific.
	Local $iRunFlag, $tCONTEXT
	If $fAutoItX64 Then
		If @OSArch = "X64" Then
			$iRunFlag = 2
			$tCONTEXT = DllStructCreate("align 16; uint64 P1Home; uint64 P2Home; uint64 P3Home; uint64 P4Home; uint64 P5Home; uint64 P6Home;" & _ ; Register parameter home addresses
					"dword ContextFlags; dword MxCsr;" & _ ; Control flags
					"word SegCS; word SegDs; word SegEs; word SegFs; word SegGs; word SegSs; dword EFlags;" & _ ; Segment Registers and processor flags
					"uint64 Dr0; uint64 Dr1; uint64 Dr2; uint64 Dr3; uint64 Dr6; uint64 Dr7;" & _ ; Debug registers
					"uint64 Rax; uint64 Rcx; uint64 Rdx; uint64 Rbx; uint64 Rsp; uint64 Rbp; uint64 Rsi; uint64 Rdi; uint64 R8; uint64 R9; uint64 R10; uint64 R11; uint64 R12; uint64 R13; uint64 R14; uint64 R15;" & _ ; Integer registers
					"uint64 Rip;" & _ ; Program counter
					"uint64 Header[4]; uint64 Legacy[16]; uint64 Xmm0[2]; uint64 Xmm1[2]; uint64 Xmm2[2]; uint64 Xmm3[2]; uint64 Xmm4[2]; uint64 Xmm5[2]; uint64 Xmm6[2]; uint64 Xmm7[2]; uint64 Xmm8[2]; uint64 Xmm9[2]; uint64 Xmm10[2]; uint64 Xmm11[2]; uint64 Xmm12[2]; uint64 Xmm13[2]; uint64 Xmm14[2]; uint64 Xmm15[2];" & _ ; Floating point state (types are not correct for simplicity reasons!!!)
					"uint64 VectorRegister[52]; uint64 VectorControl;" & _ ; Vector registers (type for VectorRegister is not correct for simplicity reasons!!!)
					"uint64 DebugControl; uint64 LastBranchToRip; uint64 LastBranchFromRip; uint64 LastExceptionToRip; uint64 LastExceptionFromRip") ; Special debug control registers
		Else
			$iRunFlag = 3
			; FIXME - Itanium architecture
			; Return special error number:
			DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
			Return SetError(102, 0, 0)
		EndIf
	Else
		$iRunFlag = 1
		$tCONTEXT = DllStructCreate("dword ContextFlags;" & _ ; Control flags
				"dword Dr0; dword Dr1; dword Dr2; dword Dr3; dword Dr6; dword Dr7;" & _ ; CONTEXT_DEBUG_REGISTERS
				"dword ControlWord; dword StatusWord; dword TagWord; dword ErrorOffset; dword ErrorSelector; dword DataOffset; dword DataSelector; byte RegisterArea[80]; dword Cr0NpxState;" & _ ; CONTEXT_FLOATING_POINT
				"dword SegGs; dword SegFs; dword SegEs; dword SegDs;" & _ ; CONTEXT_SEGMENTS
				"dword Edi; dword Esi; dword Ebx; dword Edx; dword Ecx; dword Eax;" & _ ; CONTEXT_INTEGER
				"dword Ebp; dword Eip; dword SegCs; dword EFlags; dword Esp; dword SegSs;" & _ ; CONTEXT_CONTROL
				"byte ExtendedRegisters[512]") ; CONTEXT_EXTENDED_REGISTERS
	EndIf
	; Define CONTEXT_FULL
	Local $CONTEXT_FULL
	Switch $iRunFlag
		Case 1
			$CONTEXT_FULL = 0x10007
		Case 2
			$CONTEXT_FULL = 0x100007
		Case 3
			$CONTEXT_FULL = 0x80027
	EndSwitch
	; Set desired access
	DllStructSetData($tCONTEXT, "ContextFlags", $CONTEXT_FULL)
	; Fill CONTEXT structure:
	$aCall = DllCall("kernel32.dll", "bool", "GetThreadContext", _
			"handle", $hThread, _
			"ptr", DllStructGetPtr($tCONTEXT))
	; Check for errors or failure
	If @error Or Not $aCall[0] Then
		DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
		Return SetError(3, 0, 0) ; GetThreadContext function or call to it failed
	EndIf
	; Pointer to PEB structure
	Local $pPEB
	Switch $iRunFlag
		Case 1
			$pPEB = DllStructGetData($tCONTEXT, "Ebx")
		Case 2
			$pPEB = DllStructGetData($tCONTEXT, "Rdx")
		Case 3
			; FIXME - Itanium architecture
	EndSwitch

	#region 5. READ PE-FORMAT
	; Start processing passed binary data. 'Reading' PE format follows.
	; First is IMAGE_DOS_HEADER
	Local $tIMAGE_DOS_HEADER = DllStructCreate("char Magic[2];" & _
			"word BytesOnLastPage;" & _
			"word Pages;" & _
			"word Relocations;" & _
			"word SizeofHeader;" & _
			"word MinimumExtra;" & _
			"word MaximumExtra;" & _
			"word SS;" & _
			"word SP;" & _
			"word Checksum;" & _
			"word IP;" & _
			"word CS;" & _
			"word Relocation;" & _
			"word Overlay;" & _
			"char Reserved[8];" & _
			"word OEMIdentifier;" & _
			"word OEMInformation;" & _
			"char Reserved2[20];" & _
			"dword AddressOfNewExeHeader", _
			$pPointer)
	; Save this pointer value (it's starting address of binary image headers)
	Local $pHEADERS_NEW = $pPointer
	; Move pointer
	$pPointer += DllStructGetData($tIMAGE_DOS_HEADER, "AddressOfNewExeHeader") ; move to PE file header
	; Get "Magic"
	Local $sMagic = DllStructGetData($tIMAGE_DOS_HEADER, "Magic")
	; Check if it's valid format
	If Not ($sMagic == "MZ") Then
		DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
		Return SetError(4, 0, 0) ; MS-DOS header missing.
	EndIf
	; In place of IMAGE_NT_SIGNATURE
	Local $tIMAGE_NT_SIGNATURE = DllStructCreate("dword Signature", $pPointer)
	; Move pointer
	$pPointer += 4 ; size of $tIMAGE_NT_SIGNATURE structure
	; Check signature
	If DllStructGetData($tIMAGE_NT_SIGNATURE, "Signature") <> 17744 Then ; IMAGE_NT_SIGNATURE
		DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
		Return SetError(5, 0, 0) ; wrong signature. For PE image should be "PE\0\0" or 17744 dword.
	EndIf
	; In place of IMAGE_FILE_HEADER
	Local $tIMAGE_FILE_HEADER = DllStructCreate("word Machine;" & _
			"word NumberOfSections;" & _
			"dword TimeDateStamp;" & _
			"dword PointerToSymbolTable;" & _
			"dword NumberOfSymbols;" & _
			"word SizeOfOptionalHeader;" & _
			"word Characteristics", _
			$pPointer)
	; I could check here if the module is relocatable
	;    Local $fRelocatable
	;    If BitAND(DllStructGetData($tIMAGE_FILE_HEADER, "Characteristics"), 1) Then $fRelocatable = False
	; But I won't (will check data in IMAGE_DIRECTORY_ENTRY_BASERELOC instead)
	; Get number of sections
	Local $iNumberOfSections = DllStructGetData($tIMAGE_FILE_HEADER, "NumberOfSections")
	; Move pointer
	$pPointer += 20 ; size of $tIMAGE_FILE_HEADER structure
	; In place of IMAGE_OPTIONAL_HEADER
	Local $tMagic = DllStructCreate("word Magic;", $pPointer)
	Local $iMagic = DllStructGetData($tMagic, 1)
	Local $tIMAGE_OPTIONAL_HEADER
	If $iMagic = 267 Then ; x86 version
		If $fAutoItX64 Then
			DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
			Return SetError(6, 0, 0) ; incompatible versions
		EndIf
		$tIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;" & _
				"byte MajorLinkerVersion;" & _
				"byte MinorLinkerVersion;" & _
				"dword SizeOfCode;" & _
				"dword SizeOfInitializedData;" & _
				"dword SizeOfUninitializedData;" & _
				"dword AddressOfEntryPoint;" & _
				"dword BaseOfCode;" & _
				"dword BaseOfData;" & _
				"dword ImageBase;" & _
				"dword SectionAlignment;" & _
				"dword FileAlignment;" & _
				"word MajorOperatingSystemVersion;" & _
				"word MinorOperatingSystemVersion;" & _
				"word MajorImageVersion;" & _
				"word MinorImageVersion;" & _
				"word MajorSubsystemVersion;" & _
				"word MinorSubsystemVersion;" & _
				"dword Win32VersionValue;" & _
				"dword SizeOfImage;" & _
				"dword SizeOfHeaders;" & _
				"dword CheckSum;" & _
				"word Subsystem;" & _
				"word DllCharacteristics;" & _
				"dword SizeOfStackReserve;" & _
				"dword SizeOfStackCommit;" & _
				"dword SizeOfHeapReserve;" & _
				"dword SizeOfHeapCommit;" & _
				"dword LoaderFlags;" & _
				"dword NumberOfRvaAndSizes", _
				$pPointer)
		; Move pointer
		$pPointer += 96 ; size of $tIMAGE_OPTIONAL_HEADER
	ElseIf $iMagic = 523 Then ; x64 version
		If Not $fAutoItX64 Then
			DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
			Return SetError(6, 0, 0) ; incompatible versions
		EndIf
		$tIMAGE_OPTIONAL_HEADER = DllStructCreate("word Magic;" & _
				"byte MajorLinkerVersion;" & _
				"byte MinorLinkerVersion;" & _
				"dword SizeOfCode;" & _
				"dword SizeOfInitializedData;" & _
				"dword SizeOfUninitializedData;" & _
				"dword AddressOfEntryPoint;" & _
				"dword BaseOfCode;" & _
				"uint64 ImageBase;" & _
				"dword SectionAlignment;" & _
				"dword FileAlignment;" & _
				"word MajorOperatingSystemVersion;" & _
				"word MinorOperatingSystemVersion;" & _
				"word MajorImageVersion;" & _
				"word MinorImageVersion;" & _
				"word MajorSubsystemVersion;" & _
				"word MinorSubsystemVersion;" & _
				"dword Win32VersionValue;" & _
				"dword SizeOfImage;" & _
				"dword SizeOfHeaders;" & _
				"dword CheckSum;" & _
				"word Subsystem;" & _
				"word DllCharacteristics;" & _
				"uint64 SizeOfStackReserve;" & _
				"uint64 SizeOfStackCommit;" & _
				"uint64 SizeOfHeapReserve;" & _
				"uint64 SizeOfHeapCommit;" & _
				"dword LoaderFlags;" & _
				"dword NumberOfRvaAndSizes", _
				$pPointer)
		; Move pointer
		$pPointer += 112 ; size of $tIMAGE_OPTIONAL_HEADER
	Else
		DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
		Return SetError(6, 0, 0) ; incompatible versions
	EndIf
	; Extract entry point address
	Local $iEntryPointNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "AddressOfEntryPoint") ; if loaded binary image would start executing at this address
	; And other interesting informations
	Local $iOptionalHeaderSizeOfHeadersNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "SizeOfHeaders")
	Local $pOptionalHeaderImageBaseNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "ImageBase") ; address of the first byte of the image when it's loaded in memory
	Local $iOptionalHeaderSizeOfImageNEW = DllStructGetData($tIMAGE_OPTIONAL_HEADER, "SizeOfImage") ; the size of the image including all headers
	; Move pointer
	$pPointer += 8 ; skipping IMAGE_DIRECTORY_ENTRY_EXPORT
	$pPointer += 8 ; size of $tIMAGE_DIRECTORY_ENTRY_IMPORT
	$pPointer += 24 ; skipping IMAGE_DIRECTORY_ENTRY_RESOURCE, IMAGE_DIRECTORY_ENTRY_EXCEPTION, IMAGE_DIRECTORY_ENTRY_SECURITY
	; Base Relocation Directory
	Local $tIMAGE_DIRECTORY_ENTRY_BASERELOC = DllStructCreate("dword VirtualAddress; dword Size", $pPointer)
	; Collect data
	Local $pAddressNewBaseReloc = DllStructGetData($tIMAGE_DIRECTORY_ENTRY_BASERELOC, "VirtualAddress")
	Local $iSizeBaseReloc = DllStructGetData($tIMAGE_DIRECTORY_ENTRY_BASERELOC, "Size")
	Local $fRelocatable
	If $pAddressNewBaseReloc And $iSizeBaseReloc Then $fRelocatable = True
	If Not $fRelocatable Then ConsoleWrite("!!!NOT RELOCATABLE MODULE. I WILL TRY BUT THIS MAY NOT WORK!!!" & @CRLF) ; nothing can be done here
	; Move pointer
	$pPointer += 88 ; size of the structures before IMAGE_SECTION_HEADER (16 of them).

	#region 6. ALLOCATE 'NEW' MEMORY SPACE
	Local $fRelocate
	Local $pZeroPoint
	If $fRelocatable Then ; If the module can be relocated then allocate memory anywhere possible
		$pZeroPoint = _RunBinary_AllocateExeSpace($hProcess, $iOptionalHeaderSizeOfImageNEW)
		; In case of failure try at original address
		If @error Then
			$pZeroPoint = _RunBinary_AllocateExeSpaceAtAddress($hProcess, $pOptionalHeaderImageBaseNEW, $iOptionalHeaderSizeOfImageNEW)
			If @error Then
				_RunBinary_UnmapViewOfSection($hProcess, $pOptionalHeaderImageBaseNEW)
				; Try now
				$pZeroPoint = _RunBinary_AllocateExeSpaceAtAddress($hProcess, $pOptionalHeaderImageBaseNEW, $iOptionalHeaderSizeOfImageNEW)
				If @error Then
					; Return special error number:
					DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
					Return SetError(101, 1, 0)
				EndIf
			EndIf
		EndIf
		$fRelocate = True
	Else ; And if not try where it should be
		$pZeroPoint = _RunBinary_AllocateExeSpaceAtAddress($hProcess, $pOptionalHeaderImageBaseNEW, $iOptionalHeaderSizeOfImageNEW)
		If @error Then
			_RunBinary_UnmapViewOfSection($hProcess, $pOptionalHeaderImageBaseNEW)
			; Try now
			$pZeroPoint = _RunBinary_AllocateExeSpaceAtAddress($hProcess, $pOptionalHeaderImageBaseNEW, $iOptionalHeaderSizeOfImageNEW)
			If @error Then
				; Return special error number:
				DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
				Return SetError(101, 0, 0)
			EndIf
		EndIf
	EndIf
	; If there is new ImageBase value, save it
	DllStructSetData($tIMAGE_OPTIONAL_HEADER, "ImageBase", $pZeroPoint)

	#region 7. CONSTRUCT THE NEW MODULE
	; Allocate enough space (in our space) for the new module
	Local $tModule = DllStructCreate("byte[" & $iOptionalHeaderSizeOfImageNEW & "]")
	; Get pointer
	Local $pModule = DllStructGetPtr($tModule)
	; Headers
	Local $tHeaders = DllStructCreate("byte[" & $iOptionalHeaderSizeOfHeadersNEW & "]", $pHEADERS_NEW)
	; Write headers to $tModule
	DllStructSetData($tModule, 1, DllStructGetData($tHeaders, 1))
	; Write sections now. $pPointer is currently in place of sections
	Local $tIMAGE_SECTION_HEADER
	Local $iSizeOfRawData, $pPointerToRawData
	Local $iVirtualAddress, $iVirtualSize
	Local $tRelocRaw
	; Loop through sections
	For $i = 1 To $iNumberOfSections
		$tIMAGE_SECTION_HEADER = DllStructCreate("char Name[8];" & _
				"dword UnionOfVirtualSizeAndPhysicalAddress;" & _
				"dword VirtualAddress;" & _
				"dword SizeOfRawData;" & _
				"dword PointerToRawData;" & _
				"dword PointerToRelocations;" & _
				"dword PointerToLinenumbers;" & _
				"word NumberOfRelocations;" & _
				"word NumberOfLinenumbers;" & _
				"dword Characteristics", _
				$pPointer)
		; Collect data
		$iSizeOfRawData = DllStructGetData($tIMAGE_SECTION_HEADER, "SizeOfRawData")
		$pPointerToRawData = $pHEADERS_NEW + DllStructGetData($tIMAGE_SECTION_HEADER, "PointerToRawData")
		$iVirtualAddress = DllStructGetData($tIMAGE_SECTION_HEADER, "VirtualAddress")
		$iVirtualSize = DllStructGetData($tIMAGE_SECTION_HEADER, "UnionOfVirtualSizeAndPhysicalAddress")
		If $iVirtualSize And $iVirtualSize < $iSizeOfRawData Then $iSizeOfRawData = $iVirtualSize
		; If there is data to write, write it
		If $iSizeOfRawData Then
			DllStructSetData(DllStructCreate("byte[" & $iSizeOfRawData & "]", $pModule + $iVirtualAddress), 1, DllStructGetData(DllStructCreate("byte[" & $iSizeOfRawData & "]", $pPointerToRawData), 1))
		EndIf
		; Relocations
		If $fRelocate Then
			If $iVirtualAddress <= $pAddressNewBaseReloc And $iVirtualAddress + $iSizeOfRawData > $pAddressNewBaseReloc Then
				$tRelocRaw = DllStructCreate("byte[" & $iSizeBaseReloc & "]", $pPointerToRawData + ($pAddressNewBaseReloc - $iVirtualAddress))
			EndIf
		EndIf
		; Move pointer
		$pPointer += 40 ; size of $tIMAGE_SECTION_HEADER structure
	Next
	; Fix relocations
	If $fRelocate Then _RunBinary_FixReloc($pModule, $tRelocRaw, $pZeroPoint, $pOptionalHeaderImageBaseNEW, $iMagic = 523)
	; Write newly constructed module to allocated space inside the $hProcess
	$aCall = DllCall("kernel32.dll", "bool", "WriteProcessMemory", _
			"handle", $hProcess, _
			"ptr", $pZeroPoint, _
			"ptr", $pModule, _
			"dword_ptr", $iOptionalHeaderSizeOfImageNEW, _
			"dword_ptr*", 0)
	; Check for errors or failure
	If @error Or Not $aCall[0] Then
		DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
		Return SetError(7, 0, 0) ; WriteProcessMemory function or call to it while writting new module binary
	EndIf

	#region 8. PEB ImageBaseAddress MANIPULATION
	; PEB structure definition
	Local $tPEB = DllStructCreate("byte InheritedAddressSpace;" & _
			"byte ReadImageFileExecOptions;" & _
			"byte BeingDebugged;" & _
			"byte Spare;" & _
			"ptr Mutant;" & _
			"ptr ImageBaseAddress;" & _
			"ptr LoaderData;" & _
			"ptr ProcessParameters;" & _
			"ptr SubSystemData;" & _
			"ptr ProcessHeap;" & _
			"ptr FastPebLock;" & _
			"ptr FastPebLockRoutine;" & _
			"ptr FastPebUnlockRoutine;" & _
			"dword EnvironmentUpdateCount;" & _
			"ptr KernelCallbackTable;" & _
			"ptr EventLogSection;" & _
			"ptr EventLog;" & _
			"ptr FreeList;" & _
			"dword TlsExpansionCounter;" & _
			"ptr TlsBitmap;" & _
			"dword TlsBitmapBits[2];" & _
			"ptr ReadOnlySharedMemoryBase;" & _
			"ptr ReadOnlySharedMemoryHeap;" & _
			"ptr ReadOnlyStaticServerData;" & _
			"ptr AnsiCodePageData;" & _
			"ptr OemCodePageData;" & _
			"ptr UnicodeCaseTableData;" & _
			"dword NumberOfProcessors;" & _
			"dword NtGlobalFlag;" & _
			"byte Spare2[4];" & _
			"int64 CriticalSectionTimeout;" & _
			"dword HeapSegmentReserve;" & _
			"dword HeapSegmentCommit;" & _
			"dword HeapDeCommitTotalFreeThreshold;" & _
			"dword HeapDeCommitFreeBlockThreshold;" & _
			"dword NumberOfHeaps;" & _
			"dword MaximumNumberOfHeaps;" & _
			"ptr ProcessHeaps;" & _
			"ptr GdiSharedHandleTable;" & _
			"ptr ProcessStarterHelper;" & _
			"ptr GdiDCAttributeList;" & _
			"ptr LoaderLock;" & _
			"dword OSMajorVersion;" & _
			"dword OSMinorVersion;" & _
			"dword OSBuildNumber;" & _
			"dword OSPlatformId;" & _
			"dword ImageSubSystem;" & _
			"dword ImageSubSystemMajorVersion;" & _
			"dword ImageSubSystemMinorVersion;" & _
			"dword GdiHandleBuffer[34];" & _
			"dword PostProcessInitRoutine;" & _
			"dword TlsExpansionBitmap;" & _
			"byte TlsExpansionBitmapBits[128];" & _
			"dword SessionId")
	; Fill the structure
	$aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _
			"ptr", $hProcess, _
			"ptr", $pPEB, _ ; pointer to PEB structure
			"ptr", DllStructGetPtr($tPEB), _
			"dword_ptr", DllStructGetSize($tPEB), _
			"dword_ptr*", 0)
	; Check for errors or failure
	If @error Or Not $aCall[0] Then
		DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
		Return SetError(8, 0, 0) ; ReadProcessMemory function or call to it failed while filling PEB structure
	EndIf
	; Change base address within PEB
	DllStructSetData($tPEB, "ImageBaseAddress", $pZeroPoint)
	; Write the changes
	$aCall = DllCall("kernel32.dll", "bool", "WriteProcessMemory", _
			"handle", $hProcess, _
			"ptr", $pPEB, _
			"ptr", DllStructGetPtr($tPEB), _
			"dword_ptr", DllStructGetSize($tPEB), _
			"dword_ptr*", 0)
	; Check for errors or failure
	If @error Or Not $aCall[0] Then
		DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
		Return SetError(9, 0, 0) ; WriteProcessMemory function or call to it failed while changing base address
	EndIf

	#region 9. NEW ENTRY POINT
	; Entry point manipulation
	Switch $iRunFlag
		Case 1
			DllStructSetData($tCONTEXT, "Eax", $pZeroPoint + $iEntryPointNEW)
		Case 2
			DllStructSetData($tCONTEXT, "Rcx", $pZeroPoint + $iEntryPointNEW)
		Case 3
			; FIXME - Itanium architecture
	EndSwitch

	#region 10. SET NEW CONTEXT
	; New context:
	$aCall = DllCall("kernel32.dll", "bool", "SetThreadContext", _
			"handle", $hThread, _
			"ptr", DllStructGetPtr($tCONTEXT))

	If @error Or Not $aCall[0] Then
		DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
		Return SetError(10, 0, 0) ; SetThreadContext function or call to it failed
	EndIf

	#region 11. RESUME THREAD
	; And that's it!. Continue execution:
	$aCall = DllCall("kernel32.dll", "dword", "ResumeThread", "handle", $hThread)
	; Check for errors or failure
	If @error Or $aCall[0] = -1 Then
		DllCall("kernel32.dll", "bool", "TerminateProcess", "handle", $hProcess, "dword", 0)
		Return SetError(11, 0, 0) ; ResumeThread function or call to it failed
	EndIf

	#region 12. CLOSE OPEN HANDLES AND RETURN PID
	DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess)
	DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hThread)
	; All went well. Return new PID:
	Return DllStructGetData($tPROCESS_INFORMATION, "ProcessId")
Exit
EndFunc   ;==>_RunBinary


Func _RunBinary_FixReloc($pModule, $tData, $pAddressNew, $pAddressOld, $fImageX64)
	Local $iDelta = $pAddressNew - $pAddressOld ; dislocation value
	Local $iSize = DllStructGetSize($tData) ; size of data
	Local $pData = DllStructGetPtr($tData) ; addres of the data structure
	Local $tIMAGE_BASE_RELOCATION, $iRelativeMove
	Local $iVirtualAddress, $iSizeofBlock, $iNumberOfEntries
	Local $tEnries, $iData, $tAddress
	Local $iFlag = 3 + 7 * $fImageX64 ; IMAGE_REL_BASED_HIGHLOW = 3 or IMAGE_REL_BASED_DIR64 = 10
	While $iRelativeMove < $iSize ; for all data available
		$tIMAGE_BASE_RELOCATION = DllStructCreate("dword VirtualAddress; dword SizeOfBlock", $pData + $iRelativeMove)
		$iVirtualAddress = DllStructGetData($tIMAGE_BASE_RELOCATION, "VirtualAddress")
		$iSizeofBlock = DllStructGetData($tIMAGE_BASE_RELOCATION, "SizeOfBlock")
		$iNumberOfEntries = ($iSizeofBlock - 8) / 2
		$tEnries = DllStructCreate("word[" & $iNumberOfEntries & "]", DllStructGetPtr($tIMAGE_BASE_RELOCATION) + 8)
		; Go through all entries
		For $i = 1 To $iNumberOfEntries
			$iData = DllStructGetData($tEnries, 1, $i)
			If BitShift($iData, 12) = $iFlag Then ; check type
				$tAddress = DllStructCreate("ptr", $pModule + $iVirtualAddress + BitAND($iData, 0xFFF)) ; the rest of $iData is offset
				DllStructSetData($tAddress, 1, DllStructGetData($tAddress, 1) + $iDelta) ; this is what's this all about
			EndIf
		Next
		$iRelativeMove += $iSizeofBlock
	WEnd
	Return 1 ; all OK!
EndFunc   ;==>_RunBinary_FixReloc


Func _RunBinary_AllocateExeSpaceAtAddress($hProcess, $pAddress, $iSize)
	; Allocate
	Local $aCall = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", _
			"handle", $hProcess, _
			"ptr", $pAddress, _
			"dword_ptr", $iSize, _
			"dword", 0x1000, _ ; MEM_COMMIT
			"dword", 64) ; PAGE_EXECUTE_READWRITE
	; Check for errors or failure
	If @error Or Not $aCall[0] Then
		; Try differently
		$aCall = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", _
				"handle", $hProcess, _
				"ptr", $pAddress, _
				"dword_ptr", $iSize, _
				"dword", 0x3000, _ ; MEM_COMMIT|MEM_RESERVE
				"dword", 64) ; PAGE_EXECUTE_READWRITE
		; Check for errors or failure
		If @error Or Not $aCall[0] Then Return SetError(1, 0, 0) ; Unable to allocate
	EndIf
	Return $aCall[0]
EndFunc   ;==>_RunBinary_AllocateExeSpaceAtAddress


Func _RunBinary_AllocateExeSpace($hProcess, $iSize)
	; Allocate space
	Local $aCall = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", _
			"handle", $hProcess, _
			"ptr", 0, _
			"dword_ptr", $iSize, _
			"dword", 0x3000, _ ; MEM_COMMIT|MEM_RESERVE
			"dword", 64) ; PAGE_EXECUTE_READWRITE
	; Check for errors or failure
	If @error Or Not $aCall[0] Then Return SetError(1, 0, 0) ; Unable to allocate
	Return $aCall[0]
EndFunc   ;==>_RunBinary_AllocateExeSpace


Func _RunBinary_UnmapViewOfSection($hProcess, $pAddress)
	DllCall("ntdll.dll", "int", "NtUnmapViewOfSection", _
			"ptr", $hProcess, _
			"ptr", $pAddress)
	; Check for errors only
	If @error Then Return SetError(1, 0, 0) ; Failure
	Return 1
EndFunc   ;==>_RunBinary_UnmapViewOfSection


Func _RunBinary_IsWow64Process($hProcess)
	Local $aCall = DllCall("kernel32.dll", "bool", "IsWow64Process", _
			"handle", $hProcess, _
			"bool*", 0)
	; Check for errors or failure
	If @error Or Not $aCall[0] Then Return SetError(1, 0, 0) ; Failure
	Return $aCall[2]
EndFunc   ;==>_RunBinary_IsWow64Process

вставляем содержимое текстового файла...

И компилим переделанный шаблон... попробуй с мини программами, например со стандартным калькулятором... и со скриптом и сам увидишь
 
Автор
S

Sergey2210

Осваивающий
Сообщения
263
Репутация
31
Хорошо,понятно,вот ещё одна интересная тема runbin.dll
Но я не пойму почему нельзя запустить скомпиленный Autoit скрипт?!

И я не могу запустить чтото с помощью Вашего примера,пишет:
Код:
>Running:(3.3.6.1):D:\Program Files\AutoIt3\autoit3.exe "D:\Documents and Settings\Sergey\Рабочий стол\AutoIt v3 Script.au3"    
!!!NOT RELOCATABLE MODULE. I WILL TRY BUT THIS MAY NOT WORK!!!
 

svigelf

Знающий
Сообщения
61
Репутация
17
запустить можно...но он не будет работать как надо...

У меня все работает... вот архивчик...там разберешься:
 
Автор
S

Sergey2210

Осваивающий
Сообщения
263
Репутация
31
Да действительно,работает,ладно,буду эксперементировать :smile:
И всё же нужно разобраться почему не запускаются скрипты
написаанные на AutoIt'e,иначе эта функция для меня будет
бесполезной...
 

svigelf

Знающий
Сообщения
61
Репутация
17
:smile: делай "запуск из памяти" на другом языке программирования...и все)
 
Автор
S

Sergey2210

Осваивающий
Сообщения
263
Репутация
31
Знал бы другие ЯП,давно бы написал
 
Верх