Jump to content

Recommended Posts

Posted

Thank you for your help.

But the problem still persists :)

I added your lines to the A3C.pref file.

And I can see it in AutoIt3Camo.

I noticed that the "bad" compiled file are ~30kb smaler than the good file from 17.3.

In the log aren't errors.

are you using icon ? don't select icon. it causes lots of problems, for icon change i prefer to use resource hacker.

Posted

are you using icon ? don't select icon. it causes lots of problems, for icon change i prefer to use resource hacker.

How exactly does defining an icon within A3C 'cause lots of problems'?

wtfpl-badge-1.png

Posted (edited)

How exactly does defining an icon within A3C 'cause lots of problems'?

well, i am not the developer of autoit3camo i can't say how exactly but i can prove you, when compiling exes via camo, choosing an icon is causing some weird problems.

Edited by autoitaddicted
  • Moderators
Posted

autoitaddicted,

i am not the developer of autoit3camo

But Mobius is the developer. ;)

Hint: It would help him help you if you provided a script and icon which demonstrate the problems you are having. Just saying "weird problems" is very unlikely to get them solved. :)

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Posted (edited)

Thankyou Melba23,

I could not have worded it better if I tried.:-)

@autoitaddicted,

a reproducer in any form: binary - source - config or simply a3 log output of the offending build would be a great asset in detecting your potential issue.

Vlad

Edited by Mobius

wtfpl-badge-1.png

  • 3 weeks later...
Posted (edited)

AutoIt3Camo has been updated to 48.6 (Blasted thing :) )

Ah well, since the dude did not get back to me about his issue with icon handling in a3c, I guess I will have a stab at suggesting possible causes for others with the same impression.

  • Using an older build of Au3 and not defining the correct main icon index for it.
  • Adding icons with a lower index than that of the main icon and not using 'adapt icon index option'
  • Using the 'adapt icon index' option and not understanding what it does.
  • Forgetting that A3C strips the default interpreter resources and using negative indices in your source to reference them.
  • Forgetting to tell A3C not to delete the default interpreter resources should your source require them in any general way.
  • An internal bug
In any event if you are a user and you encounter what you consider to be a bug or unexpected behavior please be prepared to produce one or more of the following. (more is better for a faster more precise solution)
  • AutoIt3Camo log output of the offending build with 'Extra log info' ticked
  • The config file / options you are using
  • The temporary interpreter used in the build if a binary / res problem. 'Keep temporary files' option can help retrieve the file AutoFuzzy.bin
  • If a resource problem then possibly a line or two of source you are using to reference them.
  • Smoke / hand signals, extra sensory perception methods, fart morse code, genetically inherited memory.
  • Preferably more than one line, or some vague reference.
Vlad Edited by Mobius

wtfpl-badge-1.png

Posted (edited)

Users of the most recent build of AutoIt 3.3.8.0 should know that A3C.exe in the primary download does not work with this version.

I have found the problem and until I integrate it properly here is an alternate build of the main AutoIt3Camo executable that does work for the new and previously supported versions of AutoIt3.

Its a (thankfully) minor rollback of the original which you can safely overwrite with this if you want to.

Sorry for any confusion folks, bit slow to spot this one.

Ed:

Please take note that the section in the intro / whats new text about 'adapted camouflage' does not apply to the rollback version for 3.3.8.0, and if you have not already done so you will need the primary download as well as the updated exe.

Vlad

Edited by Mobius

wtfpl-badge-1.png

Posted (edited)

I have had reports that two popular (so called) antivirus utils are flagging thier products built with my AutoIt3Camo wrapper.

Here is the sorry ass state of affairs concerning this::

Antivirus     Version     Last Update     Result
AhnLab-V3    2012.01.09.00    2012.01.09    -
AntiVir    7.11.20.203    2012.01.09    TR/Dropper.Gen
Antiy-AVL    2.0.3.7    2012.01.09    -
Avast    6.0.1289.0    2012.01.09    -
AVG    10.0.0.1190    2012.01.09    -
BitDefender    7.2    2012.01.09    -
ByteHero    1.0.0.1    2011.12.31    -
CAT-QuickHeal    12.00    2012.01.09    -
ClamAV    0.97.3.0    2012.01.09    -
Commtouch    5.3.2.6    2012.01.09    -
Comodo    11225    2012.01.09    -
DrWeb    5.0.2.03300    2012.01.09    -
Emsisoft    5.1.0.11    2012.01.09    -
eSafe    7.0.17.0    2012.01.09    -
eTrust-Vet    37.0.9671    2012.01.09    -
F-Prot    4.6.5.141    2012.01.09    -
F-Secure    9.0.16440.0    2012.01.09    -
Fortinet    4.3.388.0    2012.01.09    -
GData    22    2012.01.09    -
Ikarus    T3.1.1.109.0    2012.01.09    -
Jiangmin    13.0.900    2012.01.08    -
K7AntiVirus    9.124.5897    2012.01.09    -
Kaspersky    9.0.0.837    2012.01.09    HEUR:Trojan.Win32.Generic
McAfee    5.400.0.1158    2012.01.09    -
McAfee-GW-Edition    2010.1E    2012.01.09    -
Microsoft    1.7903    2012.01.09    -
NOD32    6780    2012.01.09    -
Norman    6.07.13    2012.01.09    -
nProtect    2012-01-09.01    2012.01.09    -
Panda    10.0.3.5    2012.01.09    -
PCTools    8.0.0.5    2012.01.09    -
Prevx    3.0    2012.01.09    -
Rising    23.92.00.02    2012.01.09    -
Sophos    4.73.0    2012.01.09    -
SUPERAntiSpyware    4.40.0.1006    2012.01.09    -
Symantec    20111.2.0.82    2012.01.09    -
TheHacker    6.7.0.1.373    2012.01.08    -
TrendMicro    9.500.0.1008    2012.01.09    -
TrendMicro-HouseCall    9.500.0.1008    2012.01.09    -
VBA32    3.12.16.4    2012.01.09    -
VIPRE    11375    2012.01.09    -
ViRobot    2012.1.9.4871    2012.01.09    -
VirusBuster    14.1.158.1    2012.01.09    -

Y'know folks two flags isn't actually that bad, the worst part is that it is by two solutions that really are financed well enough to know better.

Did a couple of other VT scans using methods that previously worked to combat these flags and now they also remain, which leads me to believe they are locking onto something static that should not be.

I will see what can be done about these flags for the next release since the following problems also need to be addressed:

Assembly fluctuation in Au3 3.3.8.0 related to camo needs to be integrated into the main release.

(Same as the original released A3C.exe does for 3.3.6.1 and previous)

Bug in MNU.pref for the DRXL extension to configure the OBF (obfuscator) macro, which modifies the AI3 macro instead.

Also a bug with the new A3C_INC construction config entrance since it no longer works (example templates no longer include config information from thier respective au3 script).

Vlad

Edited by Mobius

wtfpl-badge-1.png

Posted (edited)

I suggest you to compile a file with your tool, split it in parts and analyse them.

In this way can you find what's wrong.

Ah the old methods are still the best, although it is slightly flawed because of the mild risk of actually bisecting one or more of the flag regions which can corrupt results.

Vlad

Edited by Mobius

wtfpl-badge-1.png

Posted

It's a pity: that's the only reason I do not use autoit3cano.

Really, you can try it, if there is no result, split it differently and if even no result, ask symantec what's wrong in your code:

Give your source, explain what does it do, they will answer if it's a false positive and how to fix this to avoid this.

Regards, I'm hoping on a new release !

Posted (edited)

It's a pity: that's the only reason I do not use autoit3cano.

Really, you can try it, if there is no result, split it differently and if even no result, ask symantec what's wrong in your code:

Give your source, explain what does it do, they will answer if it's a false positive and how to fix this to avoid this.

Regards, I'm hoping on a new release !

I suspect you suddenly stop using AutoIt when it gives av false positives without having any modifications?

I am not wasting my time contacting the fools that write antivirus programs, purely because of the fools that believe the lies and purchase/install this trash. I will leave it to them to waste thie own time

Multiple camo compiled targets were:

Broken down into its respective pe components with 7-Zip, then the relevant pieces were sent to virus total.

The oldschool method of dumb dicing was also performed on each target, with the pieces also being sent to VT.

A new release of a3c is inevitable, whether I will waste any more time on this AV business is another matter.

Vlad

Edited by Mobius

wtfpl-badge-1.png

  • 2 weeks later...
Posted (edited)

New - Changed or Fixed in this release.

> A3C_INC Issue fixed <

A problem with the mentioned construction config entrance that

meant it was not parsing A3C macros.

> Taskbar close when minimized bug fixed <

Silly bug when closing A3C from the taskbar when it is minimized

would mean that it saved the negative desktop offsets given to an

app when minimized. Resulting in A3C not appearing on screen when

it is next launched.

> Better explorer control in log window <

Supports file right click shell context menu

> AWC.exe AutoItWrapper directive converter <

Added a simple new binary to the release whose purpose is to read

a script given via the commandline for wrapper directives that it

supports, from which it then generates a config file and loads

AutoIt3Camo upon that file.

Execute AWC with no parameters for a message box with usage info.

> ~AWC commandline switch <

The introduction of AWC.exe led to an alternative method in which

to utilize it via AutoIt3Camo's commandline.

A3C.exe ~awc "Script Path.au3"

See 'Commandline' help reference for more info.

> More user definable AutoIt3 app based macros <

Greater effort made regarding certain tools persistent to installs

of AutoIt3 in the form of additional modifyable macros.

This was partly necessity and partly because of AWC's inception.

> More robust nested macros & environment variable handling <

From day one AutoIt3Camo's handling of nested macros/evars was in

a word awful, parse depths of up to 6 levels of macros plus evars

within other macros and evars (and so on) are now supported.

> Minor changes to additional files <

FilePath : Changes

ETCA3CSHLINT.au3 : ~AWC cmd parameter shell integration for .au3

ETCA3XINJX.drx : Fixed DRXL exiting with incorrect code for the example template in which it was used.

Vlad

Edited by Mobius

wtfpl-badge-1.png

  • 2 weeks later...
Posted (edited)

The AutoIt3 interpreter is not going to be able to display the inputbox without its dialog resource item, which AutoIt3Camo removes unless told not to do so.

Heres what you can do. (assuming AutoIt3Camo's gui is open and the script with that line of code is defined as 'input' )

Simple:

Navigate to the 'Options' tab and tick the 'Keep original resources' option. (then rebuild)

Slightly less simple: (without ticking 'Keep original resources' option)

Navigate to the 'Resources' tab, click on the 'Elements' button and select the following from the popup menu:

Manually keep defaults -> Input Box Dialog

Right click on the 'ListBox' control and select from the popup menu:

Add to Top

or

Add to Bottom

Then rebuild.

Vlad

Edited by Mobius

wtfpl-badge-1.png

Posted

Perhaps I should state more clearly in the references for newcomers that A3C always strips all the resources that previously exist in the interpreter (unless you specifically tell it not too) whenever you:

  • Specify the main icon ( A3C_ICO )
  • Add version information ( [A3C_VER] )
  • Add any resource instructions ( [A3C_RES] )
This behaviour is initially confusing, if you want to always 'Keep original resources' for every project then in the gui you can:

Left click on the 'Kit' button, then from the popup menu select:

Edit preference files -> USR.pref

This should have loaded the file with SciTe, Scroll down until you come to the line:

A3C_KOR =

Change the value as below then save and close the file.

A3C_KOR = 1

Now every time you load a build config that option should be enabled.

Alternatively

A3C_KOR option is always set to 1 for config files that are generated by the AutoItWrapper converter 'AWC.exe', so you might try building that way while benefitting from not having to delve into AutoIt3Camo build options so early on :)

Vlad

wtfpl-badge-1.png

Posted

Hi Vlad,

First let me congratulate you with AWC.exe, It works allmost PERFECT.

Very nice work but something goes wrong

Au3 file => #AutoIt3Wrapper_Res_File_Add=z:progchangelog.txt, rt_rcdata, CHANGELOG_TXT

A3C file created by AWC.exe => =rt_rcdata}CHANGELOG_TXT}}z:progchangelog.txt

The GUI logbox says changelog.txt added but it isn't added .

This is how i added it to A3C => Changelog=10}CHANGELOG_TXT}1033}z:progchangelog.txt

So i believe you should translate rt_rcdata into the value 10

Cheers

Emiel

Best regards,Emiel Wieldraaijer

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...