Jump to content

Recommended Posts

Posted

Actually that does make a little sense. Remember if the NoAutoItExecute line is not present, then you can run the exe in singleline mode and that single line could be an InputBox. So unless NoAutoItExecute is present then the resource isn't safe to strip.

 

I agree. I hadn't thought about that when I posted that originally, until you mentioned it.

Posted

Guys (Jon) now that you are changing lots of things would be nice if you put some attention on the source code's security.

You have changed how script is stored within the exe, it will break down lot's of decompilers for now, it's quite enough for a while, would be even better if you change the encrypting method, script signatures and ... so we will have more "secure" time for a long time.

Let me know what you think.

Posted

Guys (Jon) now that you are changing lots of things would be nice if you put some attention on the source code's security.

You have changed how script is stored within the exe, it will break down lot's of decompilers for now, it's quite enough for a while, would be even better if you change the encrypting method, script signatures and ... so we will have more "secure" time for a long time.

Let me know what you think.

Or we just accept that AutoIt scripts could be decompiled, as can any other program given enough time and effort, and get on with it.

Posted

Or we just accept that AutoIt scripts could be decompiled, as can any other program given enough time and effort, and get on with it.

Or always distribute EXE with source codes!

Posted

Or always distribute EXE with source codes!

Sometimes you cannot afford to distribute it as it will compromise the utility of the program itself.

Posted

y, but if it can be more secure why not? we can do our best.

do you want to simply give up?

changing some signatures, encryption and other things will not hurt, but it can buy lots of time until someone make another decompiler.

i think you can't understand me because you never need to keep yout sources secure as i want.

you are ignoring because you think "hey, don't talk about decompilers, we will ban you", but they exist, and we always loose.

  • Moderators
Posted

D4RKON3,

Please drop this subject - we are not "ignoring" it, it is just that it is impossible and so a complete waste of time. I would much rather the Devs developed new features (as has been the case) than working on the lost cause of (false) security for executables. After all, major games and OSs are hacked pretty quickly - so what chance do we have? :(

 

buy lots of time until someone make another decompiler

Wrong! The last time Jon changed the internal workings of AutoIt compilation it only took hours before a new decompiler was out there. ;)

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Posted (edited)

AWESOME! (It deserves to be big.)

 

Compile the following code:

#AutoIt3Wrapper_Outfile=myAThreeX.a3x
#AutoIt3Wrapper_Outfile_Type=a3x

#include <GUIConstantsEx.au3>

Func ThisFunctionIsInTheA3XScriptWouldYouBelieve($sText = 'This is a GUI in the compressed script.')
    Local $hGUI = GUICreate('SomeGUI')
    GUICtrlCreateLabel($sText, 5, 5)
    GUISetState(@SW_SHOW, $hGUI)

    While 1
        Switch GUIGetMsg()
            Case $GUI_EVENT_CLOSE
                ExitLoop
        EndSwitch
    WEnd
    GUIDelete($hGUI)
    Return True
EndFunc   ;==>ThisFunctionIsInTheA3XScriptWouldYouBelieve
Run this code making sure myAThreeX.a3x is in the same directory as this script:

#include 'myAThreeX.a3x'

Example()

Func Example()
    ; Create a first class object of ThisFunctionIsInTheA3XScriptWouldYouBelieve and assign to a Local variable.
    Local $hA3XFunction = ThisFunctionIsInTheA3XScriptWouldYouBelieve
    $hA3XFunction('I''m overriding the default parameter with this text.')
EndFunc   ;==>Example
..or this..

#include 'myAThreeX.a3x'

Example()

Func Example()
    ; Access the user function as you normally would.
    ThisFunctionIsInTheA3XScriptWouldYouBelieve('I''m overriding the default parameter with this text.')
EndFunc   ;==>Example
Edited by guinness

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Posted (edited)

I normally don't use AV software on my PC, but depending where I am, machines I work with have them installed. I tried latest available compiler on computer with installed AV called Zone Alarm or something, and every time I hit "beta compile" I got some attention dialog from the AV popping up saying: "Potentially harmfull file with executable signature... something, something... in anonymous ..something... location, ...something!".

Then I have to allow things and then compilation continues. If I don't allow nothing happens, compilation fails.

I also checked temp dir afterwards and it's kind of flooded with .tmp files. If I delete all temp files there and try again and this time allow everything I still got .tmp leftover(s).

If I say I know why this happens somebody (politically correct asses) will again say I'm britney bitching, so I won't. I just wanted to let you know  :*

Edited by trancexx

♡♡♡

.

eMyvnE

  • Developers
Posted (edited)

If I say I know why this happens somebody (politically correct asses) will again say I'm britney bitching, so I won't. I just wanted to let you know  :*

 

Why don't you simply play along and really help or simply STFU?

So much with Political correctness.

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

  • Administrators
Posted

Did this happen on the previous beta version? I moved the temporary exe creation into %temp% from %appdata% - shouldn't make a difference but maybe the AV is more sensitive to that location. %appdata% wasn't the best location because it gets put in a network user's roaming profile and/or be redirected to a network location. But %localappdata% might work. Or I might rejig it so that the output .exe is created in place like it was in 3.3.8.1

Posted

Why this cannot be just @scriptdir & 'Temp' 

I think this location can be the best solution , any body can add an exclusion to AV to this location.

but maybe I'm wrong ?

Signature beginning:
Please remember: "AutoIt"..... *  Wondering who uses AutoIt and what it can be used for ? * Forum Rules *
ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Codefor other useful stuff click the following button:

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 *

 

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskSchedulerIE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related:How to get reference to PDF object embeded in IE * IE on Windows 11

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

I also encourage you to check awesome @trancexx code:  * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuffOnHungApp handlerAvoid "AutoIt Error" message box in unknown errors  * HTML editor

winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2023-04-24

Posted

Did this happen on the previous beta version? I moved the temporary exe creation into %temp% from %appdata% - shouldn't make a difference but maybe the AV is more sensitive to that location. %appdata% wasn't the best location because it gets put in a network user's roaming profile and/or be redirected to a network location. But %localappdata% might work. Or I might rejig it so that the output .exe is created in place like it was in 3.3.8.1

I don't know about previous betas, but dev version we shared worked fine.

Avoid using temp dir for temporary executables somehow because (this) AV really looks nervous with them.

If you switch to in-place executable you will break everything for most of the users.

♡♡♡

.

eMyvnE

Posted

Guys (Jon) now that you are changing lots of things would be nice if you put some attention on the source code's security...

 

Stay in topic, this is for bug of the beta, not for feature request. Anyway i have posted the same question ( topic locked, the rules are rules ) and then a feature request, here:

http://www.autoitscript.com/trac/autoit/ticket/2355

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...