Also god damn AutoIt code is awful. The way it does it’s compilation is even crazier. Just embeds the whole autoit3 exe in the binary with the compiled autoit script appended to itself in the binary.
So you can co-opt such an exe to extend its abilities any way you want.
Ahh shucks. Now I’m back at the point where I need a copy of exe2aut to hack with. That old program has got rather hard to find and fell out of my tools collection at some point.
Possibly found a workaround with a different tool.
update: i was looking over my customers pc and I really was not in the mood to have to reinstall windows and back everything up, but i had to do the due diligence.
anyhow as i was struggling to get the pc to post with 64gigs of ram, I had turned on bootlogging using the bcdedit /set bootlog yes command which produced nothing unusual there. Or so I thought.
Today I looked at the C:\windows\ntblog.txt and I found this :
BOOTLOG_NOT_LOADED \SystemRoot\system32\drivers\WdFilter.sys
BOOTLOG_LOADED \SystemRoot\system32\Drivers\WdNisDrv.sys
BOOTLOG_LOADED ??\C:\Program Files (x86)\Samsung\Samsung Magician\magdrvamd64.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\tunnel.sys
BOOTLOG_LOADED \SystemRoot\System32\drivers\WSDPrint.sys
BOOTLOG_LOADED
BOOTLOG_LOADED ??\C:\Users\geoffh\Downloads\RTC_1.01\WinRing0x64.sys
I thought this is strange as I have never seen a boot item with no name loaded, and also that RTC program sys file should not be loaded during boot as I have never installed it as a startup item or service. After this one appearance, it is never appearing in the bootlog. Can anyone else verify this? Strange but kind of exciting and titilating
That’s the Kernel Mode Driver used to do the low level hardware (PCI) access. I have no idea where it comes from, but a lot of places such as CorsairLink, OpenHardware monitor etc used to use it. It can be loaded by a bunch of applications actually.
SO unless you have another program loading it for hardware monitoring. It shouldn’t be bound at boot. Only while the actual RTC is running.
That said I haven’t gone over the WinRing0 code yet. It’s a separate thirdparty dll called by the AutoIt scrpit to perform the actual PCI Bus Config R/W.
There is a copy of some ?archived? source code of it available that might be recompilable/reusable.