Text only | Text with Images

Bitsum Community Forum

General Category => PECompact, PESuite, PEBundle, and other developer tools => Topic started by: Ruhe on April 24, 2010, 04:41:13 PM

Title: API Hook Plugins & AutoIt
Post by: Ruhe on April 24, 2010, 04:41:13 PM
Does anyone know how to use API Hook Plugins within AutoIt?
I'm interested in pec2hooks_ispacked.dll and maybe pec2hooks_isdebuggerpresent.dll, but especially pec2hooks_api_watermark.dll

Coding for pec2hooks_break_un2pec.dll seems not to be necessary. After including it (/Hh:pec2hooks_break_un2pec.dll) the UN2PEC utility crashes, without coding anything in the own application.
Title: Re: API Hook Plugins & AutoIt
Post by: Jeremy Collake on April 24, 2010, 04:55:37 PM
You are right, you don't have to invoke any API to make the UN2PEC plug-in useful - its automatically used. The same goes for the IsDebuggerPresent plug-in when combined with the standard or enhanced anti-debug loader. Since those PECompact loaders call the IsDebuggerPresent API, you don't have to do it.

In cases where you do need to call an API, the method would be the same as calling any other Windows API. Whether or not AutoIt and/or AutoHotKey allow for [in]direct user-specified API calls, I don't know.
Title: Re: API Hook Plugins & AutoIt
Post by: Ruhe on April 26, 2010, 10:34:00 AM
FYI

pec2hooks_ispacked.dll & AutoIt

Code Select
Func _GetProcAddress($hModule, $FunctionName)
$call = DllCall("Kernel32.dll", "ptr", "GetProcAddress", "ptr", $hModule, "str", $FunctionName)
Return $call[0]
EndFunc

Func _IsPackedWithPECompact()
If _GetProcAddress(-1, "PEC2_IsPacked") <> 0 Then
Return True
Else
Return False
EndIf
EndFunc
Title: Re: API Hook Plugins & AutoIt
Post by: Jeremy Collake on April 26, 2010, 11:36:17 AM
Thanks for posting the solution ;). I'm sure people will find that useful.
Title: Re: API Hook Plugins & AutoIt
Post by: Ruhe on April 26, 2010, 12:36:48 PM
Next I'll try to use pec2hooks_api_watermark.dll ... after I get your response to my mail ("PEWaterMark and AutoIt executables").
Title: Re: API Hook Plugins & AutoIt
Post by: Jeremy Collake on April 26, 2010, 01:46:01 PM
Where did you send that email to? I'm not seeing it anywhere here.. its entirely possible somehow I missed it, but I don't see anything on a search of PEWatermark or AutoIT.
Title: Re: API Hook Plugins & AutoIt
Post by: Ruhe on April 26, 2010, 02:03:21 PM
Sent the mail again to support bitsum com.
Title: Re: API Hook Plugins & AutoIt
Post by: Jeremy Collake on April 26, 2010, 02:10:54 PM
Hmm... not sure why I haven't got it yet. Sometimes the forwarding gets delayed a few hours. They may arrive here in a while, both the first and second ones.

For more immediate emails use 'jeremy.collake@gmail.com'. Otherwise, I will continue waiting for them to come through ;o.
Title: Re: API Hook Plugins & AutoIt
Post by: Ruhe on May 02, 2010, 10:47:59 AM
Any news about the reported watermark & AutoIt problem?
Title: Re: API Hook Plugins & AutoIt
Post by: Jeremy Collake on May 04, 2010, 12:52:32 PM
No, I'm sorry. I've been preoccupied here, but still have it on my todo list. I hope to get to it very soon, and also have a planned PECompact release coming soon.
Title: Re: API Hook Plugins & AutoIt
Post by: Legend on April 22, 2014, 10:18:36 PM
Quote from: Ruhe on April 26, 2010, 10:34:00 AM
FYI

pec2hooks_ispacked.dll & AutoIt

Code Select
Func _GetProcAddress($hModule, $FunctionName)
$call = DllCall("Kernel32.dll", "ptr", "GetProcAddress", "ptr", $hModule, "str", $FunctionName)
Return $call[0]
EndFunc

Func _IsPackedWithPECompact()
If _GetProcAddress(-1, "PEC2_IsPacked") <> 0 Then
Return True
Else
Return False
EndIf
EndFunc

Anymore example of pecompact using autoit?
Thank you
Text only | Text with Images