API Hook Plugins & AutoIt

Started by Ruhe, April 24, 2010, 04:41:13 PM

Previous topic - Next topic

Ruhe

Does anyone know how to use API Hook Plugins within AutoIt?
I'm interested in pec2hooks_ispacked.dll and maybe pec2hooks_isdebuggerpresent.dll, but especially pec2hooks_api_watermark.dll

Coding for pec2hooks_break_un2pec.dll seems not to be necessary. After including it (/Hh:pec2hooks_break_un2pec.dll) the UN2PEC utility crashes, without coding anything in the own application.

Jeremy Collake

You are right, you don't have to invoke any API to make the UN2PEC plug-in useful - its automatically used. The same goes for the IsDebuggerPresent plug-in when combined with the standard or enhanced anti-debug loader. Since those PECompact loaders call the IsDebuggerPresent API, you don't have to do it.

In cases where you do need to call an API, the method would be the same as calling any other Windows API. Whether or not AutoIt and/or AutoHotKey allow for [in]direct user-specified API calls, I don't know.
Software Engineer. Bitsum LLC.

Ruhe

FYI

pec2hooks_ispacked.dll & AutoIt

Func _GetProcAddress($hModule, $FunctionName)
$call = DllCall("Kernel32.dll", "ptr", "GetProcAddress", "ptr", $hModule, "str", $FunctionName)
Return $call[0]
EndFunc

Func _IsPackedWithPECompact()
If _GetProcAddress(-1, "PEC2_IsPacked") <> 0 Then
Return True
Else
Return False
EndIf
EndFunc

Jeremy Collake

Thanks for posting the solution ;). I'm sure people will find that useful.
Software Engineer. Bitsum LLC.

Ruhe

Next I'll try to use pec2hooks_api_watermark.dll ... after I get your response to my mail ("PEWaterMark and AutoIt executables").

Jeremy Collake

Where did you send that email to? I'm not seeing it anywhere here.. its entirely possible somehow I missed it, but I don't see anything on a search of PEWatermark or AutoIT.
Software Engineer. Bitsum LLC.

Ruhe

Sent the mail again to support bitsum com.

Jeremy Collake

Hmm... not sure why I haven't got it yet. Sometimes the forwarding gets delayed a few hours. They may arrive here in a while, both the first and second ones.

For more immediate emails use 'jeremy.collake@gmail.com'. Otherwise, I will continue waiting for them to come through ;o.
Software Engineer. Bitsum LLC.

Ruhe

Any news about the reported watermark & AutoIt problem?

Jeremy Collake

No, I'm sorry. I've been preoccupied here, but still have it on my todo list. I hope to get to it very soon, and also have a planned PECompact release coming soon.
Software Engineer. Bitsum LLC.

Legend

Quote from: Ruhe on April 26, 2010, 10:34:00 AM
FYI

pec2hooks_ispacked.dll & AutoIt

Func _GetProcAddress($hModule, $FunctionName)
$call = DllCall("Kernel32.dll", "ptr", "GetProcAddress", "ptr", $hModule, "str", $FunctionName)
Return $call[0]
EndFunc

Func _IsPackedWithPECompact()
If _GetProcAddress(-1, "PEC2_IsPacked") <> 0 Then
Return True
Else
Return False
EndIf
EndFunc


Anymore example of pecompact using autoit?
Thank you