Rayman Pirate-Community

I am making a simple autorun version of Rayman Designer, but i want to edit the RAYRUN.exe so when i start the autorunner and click on *Rayman*, instead of running Rayman.bat, make it run RayDes.exe -edited DOSBOX i made, but when i enter InstData and edit ubi.ini and ubi.ins and edit the *Rayman.bat* to be *RayDes.exe* it simpley don´t runs, and if i click *Mapper* it opens Mapper, but i want to edit the RAYRUN.exe so it can run other file...

Not a good solution, but just an alternative -
If it's only for your purposes, and you don't care about binding to the specific drive letter, you could create a shortcut with specific command(s) to the exe added into autorun file (if autorun runs .lnk files).

i dont know that commands, but the RAYRUN.exe come with Rayman Designer, so here it is, it opens Mapper when i click mapper but i tried to edit so when i click the rayman option opens RayDes.exe, but the RAYRUN instead opens Rayman.bat.
How i edit that
im leaving the files so maybe someone can help me

It seems that the name of the program to run when 'Rayman' is clicked is hardcoded in RAYRUN.EXE, offset 0x1C880.

By simply changing the string RAYMAN.BAT at that location to NOTEPAD.EXE I got it to run Notepad. It seems there is an extra NULL terminator there (probably for alignment), which makes the total usable length 11 characters. Since Windows doesn't care about extensions, you can use it to launch any program whose name is no more than 11 characters long, and which is located in the same directory as RAYRUN.EXE or in the PATH (as long as you pad it with null-terminators up to 12 bytes).

TL;DR - Hex-edit RAYRUN.EXE, change the string at 0x1C880 from RAYMAN.BAT to RAYDES.EXE, and it should do what you want.

DavidSosa wrote: Sun Sep 26, 2021 5:39 pm im leaving the files so maybe someone can help me

What exactly is the RAYRUN.EXE in your ZIP? The RAYRUN.EEE appears identical to the RAYRUN.EXE I have, but your RAYRUN.EXE has a different size (355840 bytes) which I don't recognize. 2/67 scanners on VirusTotal detect it as malicious. Where did you get it?

maybe it´s larger than your rayrun because i edited the bitmap using resource hacker, i got it from a rayman forever iso in archive.org

DavidSosa wrote: Thu Oct 07, 2021 10:01 pm maybe it´s larger than your rayrun because i edited the bitmap using resource hacker, i got it from a rayman forever iso in archive.org

Ah, yes indeed! I just repeated your experiment with Resource Hacker. With the modified bitmap, the size becomes 355840 exactly. The following facts are interesting:
1. Resource Hacker preserves the original date so you cannot easily tell the file has been modified.
2. The simple fact that a file is modified with RH makes "Cylance" flag it as 'Unsafe'.
3. It is the bitmap itself that makes Microsoft flag it as Trojan:Win32/Sabsik.FL.B!ml.

This is on VirusTotal's site. Windows Defender itself (whether on Win7 or Win10) does not detect the file as malicious. These heuristics used by AV tools and the false positives they bring with them are a far bigger mystery than anything we've done with Rayman.

C´mon, i edited the bitmap with Paint, it would be dumb, anyways i fixed the prob, the rayrun opens rayman.bat, so i edited the bat so it opens my exe i want