Author Topic: API Hook Plugins & AutoIt  (Read 16611 times)

Offline Ruhe

  • Member
  • ***
  • Posts: 31
  • Gender: Male
API Hook Plugins & AutoIt
« on: April 24, 2010, 04:41:13 PM »
Does anyone know how to use API Hook Plugins within AutoIt?
I'm interested in pec2hooks_ispacked.dll and maybe pec2hooks_isdebuggerpresent.dll, but especially pec2hooks_api_watermark.dll

Coding for pec2hooks_break_un2pec.dll seems not to be necessary. After including it (/Hh:pec2hooks_break_un2pec.dll) the UN2PEC utility crashes, without coding anything in the own application.



Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5247
  • Gender: Male
  • The Lasso
    • Bitsum
Re: API Hook Plugins & AutoIt
« Reply #1 on: April 24, 2010, 04:55:37 PM »
You are right, you don't have to invoke any API to make the UN2PEC plug-in useful - its automatically used. The same goes for the IsDebuggerPresent plug-in when combined with the standard or enhanced anti-debug loader. Since those PECompact loaders call the IsDebuggerPresent API, you don't have to do it.

In cases where you do need to call an API, the method would be the same as calling any other Windows API. Whether or not AutoIt and/or AutoHotKey allow for [in]direct user-specified API calls, I don't know.
Software Engineer. Bitsum LLC.

Offline Ruhe

  • Member
  • ***
  • Posts: 31
  • Gender: Male
Re: API Hook Plugins & AutoIt
« Reply #2 on: April 26, 2010, 10:34:00 AM »
FYI

pec2hooks_ispacked.dll & AutoIt

Code: [Select]
Func _GetProcAddress($hModule, $FunctionName)
$call = DllCall("Kernel32.dll", "ptr", "GetProcAddress", "ptr", $hModule, "str", $FunctionName)
Return $call[0]
EndFunc

Func _IsPackedWithPECompact()
If _GetProcAddress(-1, "PEC2_IsPacked") <> 0 Then
Return True
Else
Return False
EndIf
EndFunc

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5247
  • Gender: Male
  • The Lasso
    • Bitsum
Re: API Hook Plugins & AutoIt
« Reply #3 on: April 26, 2010, 11:36:17 AM »
Thanks for posting the solution ;). I'm sure people will find that useful.
Software Engineer. Bitsum LLC.

Offline Ruhe

  • Member
  • ***
  • Posts: 31
  • Gender: Male
Re: API Hook Plugins & AutoIt
« Reply #4 on: April 26, 2010, 12:36:48 PM »
Next I'll try to use pec2hooks_api_watermark.dll ... after I get your response to my mail ("PEWaterMark and AutoIt executables").

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5247
  • Gender: Male
  • The Lasso
    • Bitsum
Re: API Hook Plugins & AutoIt
« Reply #5 on: April 26, 2010, 01:46:01 PM »
Where did you send that email to? I'm not seeing it anywhere here.. its entirely possible somehow I missed it, but I don't see anything on a search of PEWatermark or AutoIT.
Software Engineer. Bitsum LLC.

Offline Ruhe

  • Member
  • ***
  • Posts: 31
  • Gender: Male
Re: API Hook Plugins & AutoIt
« Reply #6 on: April 26, 2010, 02:03:21 PM »
Sent the mail again to support bitsum com.

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5247
  • Gender: Male
  • The Lasso
    • Bitsum
Re: API Hook Plugins & AutoIt
« Reply #7 on: April 26, 2010, 02:10:54 PM »
Hmm... not sure why I haven't got it yet. Sometimes the forwarding gets delayed a few hours. They may arrive here in a while, both the first and second ones.

For more immediate emails use 'jeremy.collake@gmail.com'. Otherwise, I will continue waiting for them to come through ;o.
Software Engineer. Bitsum LLC.

Offline Ruhe

  • Member
  • ***
  • Posts: 31
  • Gender: Male
Re: API Hook Plugins & AutoIt
« Reply #8 on: May 02, 2010, 10:47:59 AM »
Any news about the reported watermark & AutoIt problem?

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5247
  • Gender: Male
  • The Lasso
    • Bitsum
Re: API Hook Plugins & AutoIt
« Reply #9 on: May 04, 2010, 12:52:32 PM »
No, I'm sorry. I've been preoccupied here, but still have it on my todo list. I hope to get to it very soon, and also have a planned PECompact release coming soon.
Software Engineer. Bitsum LLC.

Offline Legend

  • New
  • *
  • Posts: 2
Re: API Hook Plugins & AutoIt
« Reply #10 on: April 22, 2014, 10:18:36 PM »
FYI

pec2hooks_ispacked.dll & AutoIt

Code: [Select]
Func _GetProcAddress($hModule, $FunctionName)
$call = DllCall("Kernel32.dll", "ptr", "GetProcAddress", "ptr", $hModule, "str", $FunctionName)
Return $call[0]
EndFunc

Func _IsPackedWithPECompact()
If _GetProcAddress(-1, "PEC2_IsPacked") <> 0 Then
Return True
Else
Return False
EndIf
EndFunc

Anymore example of pecompact using autoit?
Thank you