wraithdu Posted July 20, 2013 Posted July 20, 2013 Actually that does make a little sense. Remember if the NoAutoItExecute line is not present, then you can run the exe in singleline mode and that single line could be an InputBox. So unless NoAutoItExecute is present then the resource isn't safe to strip. I agree. I hadn't thought about that when I posted that originally, until you mentioned it.
FaridAgl Posted July 20, 2013 Posted July 20, 2013 Guys (Jon) now that you are changing lots of things would be nice if you put some attention on the source code's security. You have changed how script is stored within the exe, it will break down lot's of decompilers for now, it's quite enough for a while, would be even better if you change the encrypting method, script signatures and ... so we will have more "secure" time for a long time. Let me know what you think. http://faridaghili.ir
Mat Posted July 20, 2013 Posted July 20, 2013 Guys (Jon) now that you are changing lots of things would be nice if you put some attention on the source code's security. You have changed how script is stored within the exe, it will break down lot's of decompilers for now, it's quite enough for a while, would be even better if you change the encrypting method, script signatures and ... so we will have more "secure" time for a long time. Let me know what you think. Or we just accept that AutoIt scripts could be decompiled, as can any other program given enough time and effort, and get on with it. FaridAgl 1 AutoIt Project Listing
Starg Posted July 21, 2013 Posted July 21, 2013 Or we just accept that AutoIt scripts could be decompiled, as can any other program given enough time and effort, and get on with it. Or always distribute EXE with source codes!
FireFox Posted July 21, 2013 Posted July 21, 2013 Or always distribute EXE with source codes! Sometimes you cannot afford to distribute it as it will compromise the utility of the program itself.
FaridAgl Posted July 21, 2013 Posted July 21, 2013 y, but if it can be more secure why not? we can do our best. do you want to simply give up? changing some signatures, encryption and other things will not hurt, but it can buy lots of time until someone make another decompiler. i think you can't understand me because you never need to keep yout sources secure as i want. you are ignoring because you think "hey, don't talk about decompilers, we will ban you", but they exist, and we always loose. http://faridaghili.ir
Moderators Melba23 Posted July 21, 2013 Moderators Posted July 21, 2013 D4RKON3,Please drop this subject - we are not "ignoring" it, it is just that it is impossible and so a complete waste of time. I would much rather the Devs developed new features (as has been the case) than working on the lost cause of (false) security for executables. After all, major games and OSs are hacked pretty quickly - so what chance do we have? buy lots of time until someone make another decompilerWrong! The last time Jon changed the internal workings of AutoIt compilation it only took hours before a new decompiler was out there. M23 James 1 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area
guinness Posted July 21, 2013 Posted July 21, 2013 (edited) AWESOME! (It deserves to be big.) Compile the following code:#AutoIt3Wrapper_Outfile=myAThreeX.a3x #AutoIt3Wrapper_Outfile_Type=a3x #include <GUIConstantsEx.au3> Func ThisFunctionIsInTheA3XScriptWouldYouBelieve($sText = 'This is a GUI in the compressed script.') Local $hGUI = GUICreate('SomeGUI') GUICtrlCreateLabel($sText, 5, 5) GUISetState(@SW_SHOW, $hGUI) While 1 Switch GUIGetMsg() Case $GUI_EVENT_CLOSE ExitLoop EndSwitch WEnd GUIDelete($hGUI) Return True EndFunc ;==>ThisFunctionIsInTheA3XScriptWouldYouBelieveRun this code making sure myAThreeX.a3x is in the same directory as this script:#include 'myAThreeX.a3x' Example() Func Example() ; Create a first class object of ThisFunctionIsInTheA3XScriptWouldYouBelieve and assign to a Local variable. Local $hA3XFunction = ThisFunctionIsInTheA3XScriptWouldYouBelieve $hA3XFunction('I''m overriding the default parameter with this text.') EndFunc ;==>Example..or this..#include 'myAThreeX.a3x' Example() Func Example() ; Access the user function as you normally would. ThisFunctionIsInTheA3XScriptWouldYouBelieve('I''m overriding the default parameter with this text.') EndFunc ;==>Example Edited July 21, 2013 by guinness UDF List: _AdapterConnections() • _AlwaysRun() • _AppMon() • _AppMonEx() • _ArrayFilter/_ArrayReduce • _BinaryBin() • _CheckMsgBox() • _CmdLineRaw() • _ContextMenu() • _ConvertLHWebColor()/_ConvertSHWebColor() • _DesktopDimensions() • _DisplayPassword() • _DotNet_Load()/_DotNet_Unload() • _Fibonacci() • _FileCompare() • _FileCompareContents() • _FileNameByHandle() • _FilePrefix/SRE() • _FindInFile() • _GetBackgroundColor()/_SetBackgroundColor() • _GetConrolID() • _GetCtrlClass() • _GetDirectoryFormat() • _GetDriveMediaType() • _GetFilename()/_GetFilenameExt() • _GetHardwareID() • _GetIP() • _GetIP_Country() • _GetOSLanguage() • _GetSavedSource() • _GetStringSize() • _GetSystemPaths() • _GetURLImage() • _GIFImage() • _GoogleWeather() • _GUICtrlCreateGroup() • _GUICtrlListBox_CreateArray() • _GUICtrlListView_CreateArray() • _GUICtrlListView_SaveCSV() • _GUICtrlListView_SaveHTML() • _GUICtrlListView_SaveTxt() • _GUICtrlListView_SaveXML() • _GUICtrlMenu_Recent() • _GUICtrlMenu_SetItemImage() • _GUICtrlTreeView_CreateArray() • _GUIDisable() • _GUIImageList_SetIconFromHandle() • _GUIRegisterMsg() • _GUISetIcon() • _Icon_Clear()/_Icon_Set() • _IdleTime() • _InetGet() • _InetGetGUI() • _InetGetProgress() • _IPDetails() • _IsFileOlder() • _IsGUID() • _IsHex() • _IsPalindrome() • _IsRegKey() • _IsStringRegExp() • _IsSystemDrive() • _IsUPX() • _IsValidType() • _IsWebColor() • _Language() • _Log() • _MicrosoftInternetConnectivity() • _MSDNDataType() • _PathFull/GetRelative/Split() • _PathSplitEx() • _PrintFromArray() • _ProgressSetMarquee() • _ReDim() • _RockPaperScissors()/_RockPaperScissorsLizardSpock() • _ScrollingCredits • _SelfDelete() • _SelfRename() • _SelfUpdate() • _SendTo() • _ShellAll() • _ShellFile() • _ShellFolder() • _SingletonHWID() • _SingletonPID() • _Startup() • _StringCompact() • _StringIsValid() • _StringRegExpMetaCharacters() • _StringReplaceWholeWord() • _StringStripChars() • _Temperature() • _TrialPeriod() • _UKToUSDate()/_USToUKDate() • _WinAPI_Create_CTL_CODE() • _WinAPI_CreateGUID() • _WMIDateStringToDate()/_DateToWMIDateString() • Au3 script parsing • AutoIt Search • AutoIt3 Portable • AutoIt3WrapperToPragma • AutoItWinGetTitle()/AutoItWinSetTitle() • Coding • DirToHTML5 • FileInstallr • FileReadLastChars() • GeoIP database • GUI - Only Close Button • GUI Examples • GUICtrlDeleteImage() • GUICtrlGetBkColor() • GUICtrlGetStyle() • GUIEvents • GUIGetBkColor() • Int_Parse() & Int_TryParse() • IsISBN() • LockFile() • Mapping CtrlIDs • OOP in AutoIt • ParseHeadersToSciTE() • PasswordValid • PasteBin • Posts Per Day • PreExpand • Protect Globals • Queue() • Resource Update • ResourcesEx • SciTE Jump • Settings INI • SHELLHOOK • Shunting-Yard • Signature Creator • Stack() • Stopwatch() • StringAddLF()/StringStripLF() • StringEOLToCRLF() • VSCROLL • WM_COPYDATA • More Examples... Updated: 22/04/2018
trancexx Posted July 21, 2013 Posted July 21, 2013 (edited) I normally don't use AV software on my PC, but depending where I am, machines I work with have them installed. I tried latest available compiler on computer with installed AV called Zone Alarm or something, and every time I hit "beta compile" I got some attention dialog from the AV popping up saying: "Potentially harmfull file with executable signature... something, something... in anonymous ..something... location, ...something!". Then I have to allow things and then compilation continues. If I don't allow nothing happens, compilation fails. I also checked temp dir afterwards and it's kind of flooded with .tmp files. If I delete all temp files there and try again and this time allow everything I still got .tmp leftover(s). If I say I know why this happens somebody (politically correct asses) will again say I'm britney bitching, so I won't. I just wanted to let you know Edited July 21, 2013 by trancexx FaridAgl 1 ♡♡♡ . eMyvnE
Developers Jos Posted July 21, 2013 Developers Posted July 21, 2013 (edited) If I say I know why this happens somebody (politically correct asses) will again say I'm britney bitching, so I won't. I just wanted to let you know Why don't you simply play along and really help or simply STFU? So much with Political correctness. Edited July 21, 2013 by Jos Mobius 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
trancexx Posted July 21, 2013 Posted July 21, 2013 Why don't you simply play along and really help or simply STFU? So much with Political correctness. Charmed I'm sure. ♡♡♡ . eMyvnE
Administrators Jon Posted July 21, 2013 Author Administrators Posted July 21, 2013 Did this happen on the previous beta version? I moved the temporary exe creation into %temp% from %appdata% - shouldn't make a difference but maybe the AV is more sensitive to that location. %appdata% wasn't the best location because it gets put in a network user's roaming profile and/or be redirected to a network location. But %localappdata% might work. Or I might rejig it so that the output .exe is created in place like it was in 3.3.8.1 Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/
mLipok Posted July 21, 2013 Posted July 21, 2013 Why this cannot be just @scriptdir & 'Temp' I think this location can be the best solution , any body can add an exclusion to AV to this location. but maybe I'm wrong ? Signature beginning:* Please remember: "AutoIt"..... * Wondering who uses AutoIt and what it can be used for ? * Forum Rules ** ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Code * for other useful stuff click the following button: Spoiler Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API * ErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 * My contribution to others projects or UDF based on others projects: * _sql.au3 UDF * POP3.au3 UDF * RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF * SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane * Useful links: * Forum Rules * Forum etiquette * Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * Wiki: * Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX IE Related: * How to use IE.au3 UDF with AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskScheduler * IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related: * How to get reference to PDF object embeded in IE * IE on Windows 11 * I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions * EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *I also encourage you to check awesome @trancexx code: * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuff * OnHungApp handler * Avoid "AutoIt Error" message box in unknown errors * HTML editor * winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/ "Homo sum; humani nil a me alienum puto" - Publius Terentius Afer"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming" , be and \\//_. Anticipating Errors : "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty." Signature last update: 2023-04-24
trancexx Posted July 21, 2013 Posted July 21, 2013 Did this happen on the previous beta version? I moved the temporary exe creation into %temp% from %appdata% - shouldn't make a difference but maybe the AV is more sensitive to that location. %appdata% wasn't the best location because it gets put in a network user's roaming profile and/or be redirected to a network location. But %localappdata% might work. Or I might rejig it so that the output .exe is created in place like it was in 3.3.8.1 I don't know about previous betas, but dev version we shared worked fine. Avoid using temp dir for temporary executables somehow because (this) AV really looks nervous with them. If you switch to in-place executable you will break everything for most of the users. ♡♡♡ . eMyvnE
Administrators Jon Posted July 21, 2013 Author Administrators Posted July 21, 2013 I'll try local appdata first then and we'll see if goes away. Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/
Terenz Posted July 21, 2013 Posted July 21, 2013 Guys (Jon) now that you are changing lots of things would be nice if you put some attention on the source code's security... Stay in topic, this is for bug of the beta, not for feature request. Anyway i have posted the same question ( topic locked, the rules are rules ) and then a feature request, here: http://www.autoitscript.com/trac/autoit/ticket/2355 Nothing is so strong as gentleness. Nothing is so gentle as real strength
Recommended Posts