_secure.exe seems bypass the FileInstall, because it keep telling me: "ccc.exe NOT exists", while _safe.exe doesn't bypass it. _safe.exe telling "ccc.exe exists."
Although in this short script test, _secure.exe doesn't throw an error, but seems it bypass FileInstall. Is it correct?
Why not just use _safe.exe ? It's not secure/well protected enough?
Quote:
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseUpx=n
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
FileInstall("ccc.exe", @TempDir & "\ccc.exe", 1)
If FileExists(@TempDir & "\ccc.exe") Then
msgbox(0,0,"ccc.exe exists")
Else
msgbox(0,0,"ccc.exe NOT exists")
EndIf
_secure.exe seems bypass the FileInstall, because it keep telling me: "ccc.exe NOT exists", while _safe.exe doesn't bypass it. _safe.exe telling "ccc.exe exists."
Although in this short script test, _secure.exe doesn't throw an error, but seems it bypass FileInstall. Is it correct?
Why not just use _safe.exe ? It's not secure/well protected enough?
This i what i thought.
You can use _safe.exe but it will be no problem to decompile it using Links decompiler, just try it.
#Updated
- Made protection better (Thanks to Jeoni)
- Changed some things and made them more stable (Thanks to Jeoni)
- Removed some bugs (Thanks to Jeoni)
Jeoni will work even more with me at this protector and will try to make it even harder to decompile AutoIt.
This is not the sourcecode. xD
And your links are broken, too.
Sorry, done now. Please comment about both my test files. Thank you.
Sorry, done now. Please comment about both my test files. Thank you.
No problem decompiling Test2.exe. Test1.exe wasnt startable for me so upload new one and then Ill show you its easy to decompile without any special skills.
Func Fn0006($ArgOpt00 = 0, $ArgOpt01 = 0, $ArgOpt02 = 0, $ArgOpt03 = 0) Local $Local0015 = 0 If $ArgOpt00 = Default Then $ArgOpt00 = 0 If $ArgOpt01 = Default Then $ArgOpt01 = 0 If $ArgOpt02 = Default Then $ArgOpt02 = 0 If $ArgOpt03 = Default Then $ArgOpt03 = 0 If @NumParams = 0 Then $Local0015 = DllCall("user32.dll", "bool", "ClipCursor", "ptr", 0) If @error Or Not $Local0015[0] Then Return SetError(1, Fn0000(), False) Else If @NumParams = 2 Then $ArgOpt02 = $ArgOpt00 + 1 $ArgOpt03 = $ArgOpt01 + 1 EndIf Local $Local0016 = DllStructCreate($Var004F) DllStructSetData($Local0016, "Left", $ArgOpt00) DllStructSetData($Local0016, "Top", $ArgOpt01) DllStructSetData($Local0016, "Right", $ArgOpt02) DllStructSetData($Local0016, "Bottom", $ArgOpt03) $Local0015 = DllCall("user32.dll", "bool", "ClipCursor", "struct*", $Local0016) If @error Or Not $Local0015[0] Then Return SetError(2, Fn0000(), False) EndIf Return True EndFunc
Func Fn0007($Arg00, $ArgOpt01 = 0) Local Const $Var00B8 = 0x00B7 Local Const $Var00B9 = 1 Local $Local0017 = 0 If BitAND($ArgOpt01, 2) Then Local $Local0018 = DllStructCreate("byte;byte;word;ptr[4]") Local $Local0019 = DllCall("advapi32.dll", "bool", "InitializeSecurityDescriptor", "struct*", $Local0018, "dword", $Var00B9) If @error Then Return SetError(@error, @extended, 0) If $Local0019[0] Then $Local0019 = DllCall("advapi32.dll", "bool", "SetSecurityDescriptorDacl", "struct*", $Local0018, "bool", 1, "ptr", 0, "bool", 0) If @error Then Return SetError(@error, @extended, 0) If $Local0019[0] Then $Local0017 = DllStructCreate($Var00AA) DllStructSetData($Local0017, 1, DllStructGetSize($Local0017)) DllStructSetData($Local0017, 2, DllStructGetPtr($Local0018)) DllStructSetData($Local0017, 3, 0) EndIf EndIf EndIf Local $Local001A = DllCall("kernel32.dll", "handle", "CreateMutexW", "struct*", $Local0017, "bool", 1, "wstr", $Arg00) If @error Then Return SetError(@error, @extended, 0) Local $Local001B = DllCall("kernel32.dll", "dword", "GetLastError") If @error Then Return SetError(@error, @extended, 0) If $Local001B[0] = $Var00B8 Then If BitAND($ArgOpt01, 1) Then Return SetError($Local001B[0], $Local001B[0], 0) Else Exit -1 EndIf EndIf Return $Local001A[0] EndFunc
Func Fn0008($Arg00, $ArgOpt01 = "user32.dll") Local $Local001C = DllCall($ArgOpt01, "short", "GetAsyncKeyState", "int", "0x" & $Arg00) If @error Then Return SetError(@error, @extended, False) Return BitAND($Local001C[0], 0x8000) <> 0 EndFunc
Func Fn0009($Arg00, $Arg01) If $Arg00 = $Arg01 Then Return 0 Local $Local001D = StringSplit($Arg00, ".,"), $Var00BA = StringSplit($Arg01, ".,") If UBound($Local001D) <> UBound($Var00BA) Or UBound($Local001D) = 0 Then If $Arg00 > $Arg01 Then Return SetExtended(1, 1) ElseIf $Arg00 < $Arg01 Then Return SetExtended(1, -1) EndIf Else For $Var00B7 = 1 To UBound($Local001D) - 1 If StringIsDigit($Local001D[$Var00B7]) And StringIsDigit($Var00BA[$Var00B7]) Then If Number($Local001D[$Var00B7]) > Number($Var00BA[$Var00B7]) Then Return SetExtended(2, 1) ElseIf Number($Local001D[$Var00B7]) < Number($Var00BA[$Var00B7]) Then Return SetExtended(2, -1) EndIf Else If $Local001D[$Var00B7] > $Var00BA[$Var00B7] Then Return SetExtended(1, 1) ElseIf $Local001D[$Var00B7] < $Var00BA[$Var00B7] Then Return SetExtended(1, -1) EndIf EndIf Next EndIf Return SetError(2, 0, 0) EndFunc
Func Fn000A($Arg00) Local $Local0000 = DllCall("User32.dll", "handle", "GetDC", "hwnd", $Arg00) If @error Or Not $Local0000[0] Then Return SetError(1, Fn0000(), 0) Return $Local0000[0] EndFunc
Func Fn000B($Arg00, $Arg01) Local $Local0000 = DllCall("GDI32.dll", "int", "GetDeviceCaps", "handle", $Arg00, "int", $Arg01) If @error Then Return SetError(@error, @extended, 0) Return $Local0000[0] EndFunc
Func Fn000C($Arg00, $Arg01) Local $Local0000 = DllCall("User32.dll", "int", "ReleaseDC", "hwnd", $Arg00, "handle", $Arg01) If @error Then Return SetError(@error, @extended, False) Return $Local0000[0] <> 0 EndFunc If Fn0007("test", 1) = 0 Then Exit EndIf MsgBox(0, "Test Two", "annyeonghi gaseyo", 6)
I know test2.rar is easy, its just a method similar to wrapping the exe with winrar/sfx but I forgot to mention test1.rar isnt easy and it only works on windows xp since the tool I used stated it support until windows xp(yeah the tool more than one year old..).
The test1.rar file tested on windows xp english version and it work just fine. BTW, it wont work in virtual mode(eg. virtual box etc).
I know test2.rar is easy, its just a method similar to wrapping the exe with winrar/sfx but I forgot to mention test1.rar isnt easy and it only works on windows xp since the tool I used stated it support until windows xp(yeah the tool more than one year old..).
The test1.rar file tested on windows xp english version and it work just fine. BTW, it wont work in virtual mode(eg. virtual box etc).
Then it is not possible for me to decompile your tool because i am also not able to start it. But i am sure if this packer is not something autoit specific it will be as easy as unpacking Armadillo or Themida and both isnt that hard if you know how. Just dump compiler to file and hook FileRead for source if code is encrypted hook first command execution then you can dump autoit line by line so no real problem. If this compiler does not modify autoit code into some Byte-Code it will be ad easy as all other unpacking challenges.
Klar, nichts ist 100% sicher.
Mir gehts nur darum das Ganze nicht mehr per Programm decompilierbar zu machen und wir arbeiten auch ständig an neuen Methoden unsere SecureAu3 zu verbessern. Du kannst es auch gerne einmal mit der neue Version probieren, die CrackMe ist nämlich schon lange veraltet und wurde davor bereits von Link gecrackt.
Edit:
Abgesehen davon ist das ja gar nicht der komplette Code, sondern nur der Text.
Then it is not possible for me to decompile your tool because i am also not able to start it. But i am sure if this packer is not something autoit specific it will be as easy as unpacking Armadillo or Themida and both isnt that hard if you know how. Just dump compiler to file and hook FileRead for source if code is encrypted hook first command execution then you can dump autoit line by line so no real problem. If this compiler does not modify autoit code into some Byte-Code it will be ad easy as all other unpacking challenges.
Well, the pack file is more than one layer,(both autoit specific/not specific protection are included in it). The reason it cant run in virtual environment mode is because I enable its anti virtual mode feature.
Im not really into unpacking thing, so I never study the unpacking tutorial available on the internet.
Recursion level has been exceeded - AutoIt will quit to prevent stack overflow. 01/20/2013 - AutoIt - 4 Replies Hallo Leute,
ich hab das folgende Problem mit meinem Bot:
Nach ca. 4-5 Std. Laufzeit meines Bots bekomme ich folgende Meldung...
"Recursion level has been exceeded - AutoIt will quit to prevent stack overflow."
Das ganze an völlig unterschiedlichen Stellen, es ist also wirklich die Addition die das Problem hervorruft und nicht eine bestimmte Funktion etc.
Tool to aid the creation of RegEx offset finders - AutoIt code included 09/05/2011 - PW Hacks, Bots, Cheats, Exploits - 9 Replies When I was making my offset finders for my real chat filters tool I got pretty pissed off with having to turn code like this:
CPU Disasm
Address Hex dump Command Comments
00604B30 /. 53 PUSH EBX
00604B31 |. 8B5C24 08 MOV EBX,DWORD PTR SS:
00604B35 |. 56 PUSH ESI
00604B36 |. 8B7424 10 MOV ESI,DWORD PTR SS:
00604B3A |. 57 PUSH EDI
00604B3B |. 56 PUSH ESI ...
[Release] GM-Tool Sourcecode [AutoiT] 10/16/2010 - Metin2 Hacks, Bots, Cheats, Exploits & Macros - 8 Replies Hm joah hab mal mein alten pc aufgeräumt und mein alten sourcecode von nem metin2 gm tool das ich damals fertig machen wollte gefunden.
Ich kann damit leider nix mehr anfangen da mich metin2 0% mehr interessiert.
Wers gebrauchen kann soll spaß damit haben.
Ihr könnt damit machen was ihr wollt mich juckt das nicht^^
Pic:
http://img59.imageshack.us/i/gmtool.png/
![[Release] Tool to prevent decompilation of your Autoit-Code](https://www.elitepvpers.com/forum/iconimages/autoit/release-tool-prevent-decompilation-your-autoit-code_ltr.gif){kind=small}
"
