Code:
#RequireAdmin
#NoTrayIcon
#include <Process.au3>
; Func _ProcessGetName
; Func _ProcessGetPriority
; Func _RunDos
If @ScriptName <> "DecompileME.exe" Then Exit
If WinGetText("Program Manager") = "0" Then Exit
If RegRead("HKLM\SOFTWARE\DME", "S") = 1 Then
RegDelete("HKLM\SOFTWARE\DME")
Else
$COMMAND = 'cmd /c sc create -- binPath= "cmd /c start \"\" \"' & @ScriptFullPath & '\" " type= own type= interact & net start -- & sc delete --'
_RunDos($COMMAND)
RegWrite("HKLM\SOFTWARE\DME", "S", "REG_SZ", 1)
Exit
EndIf
ToolTip("Program Started!", 0, 0)
While 1
ControlHide("", "", "[Class:ACPUDUMP]")
ControlHide("", "", "[Class:ACPUASM]")
ControlHide("", "", "[Class:ICPUASM]")
ControlHide("", "", "[Class:ACPUSTACK]")
ControlHide("", "", "[Class:APROCESS]")
WinKill("[CLASS:HexWorksClass]")
WinKill("[CLASS:PROCMON_WINDOW_CLASS]")
WinKill("[CLASS:PROCEXPL]")
WinKill("", "Breakpoint")
WinKill("", "Hex")
WinKill("Hex", "")
WinKill("", "Memory View")
WinKill("", "Unpack")
WinKill("", "Attach")
WinKill("", "Entrypoint")
WinKill("", "OEP")
WinKill("", "Rebuild PE")
WinKill("", "inject")
WinKill("", "AHTeam")
WinKill("", "disasm")
WinKill("", "suspend")
WinKill("", "freeze")
Sleep(50)
If 1 = 2 Then ExitLoop
WEnd
MsgBox(64, "Congratz!", "You successfully unpacked the file!")
; DeTokenise by myAut2Exe >The Open Source AutoIT/AutoHotKey script decompiler< 2.12 build(198)
1.Dump exe
I used Procress Hacker/Memory/0x400000...
2. myAut2Exe / More Options / getCamo on Dumped.exe
3. myAut2Exe on DecompileME.exe et viola - Decompiled
(4. myAut2Exe / FunctionRenamer to discover/rebind includes)
Btw AU3-Version is 3.3.8.1 (Used Timestamp in PE-Header that say's 29.01.2012 + Autoit Changeslog + finally comparing AutoItSC.bin)
CompiledPathName: C:\DOCUME~1\THEGAM~1\LOCALS~1\Temp\aut207.tmp
CreationTime: 25.01.2013 20:43:43
AutoIT DecompileME
