Jump to content

Recommended Posts

Posted (edited)

Several questions around the forum get asked repeatedly:

  1. How to avoid false-positive Anti-Virus detection? Answered by AutoIt god himself
  2. How to make AutoIt software safe from hacking?
  3. How to prevent AutoIt software being de-compiled?
  4. How to prevent exposure of native AutoIt code?

The general answers all go in the direction of (a) can't be done or (b) make it an .a3x script.

The Wiki contains a single entry under "compiler directives" and the Help File  contains mainly compiler info, with this note

Quote

Note: Scripts can be compiled with .a3x extension. They should be run with AutoIt.exe filename.a3x. The .a3x contains the script itself with all referred #include plus the FileInstall files. This format allows you to distribute smaller files as they don't include the AutoIt3.exe in each compiled script. You still need to have it accessible on the target machine but just AutoIt3.exe.

 

 

Also see this thread.

 

So I thought I would make a little demo to actually show how it works.

Here are the 2 scripts.  The a3x_demo.zip file contains these 2, plus the compiled .a3x file and the .EXE

 

The body

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile_type=a3x
#AutoIt3Wrapper_Outfile=a3x_demo.a3x
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#cs ----------------------------------------------------------------------------

    AutoIt Version: 3.3.14.2
    Author:         Skysnake

    Script Function:
    Demonstates working of a3x

    Instructions

    Code as normal
    Set Compiler option to .a3x as per Help File
    Compile
    Note output is (a) .a3x file,
    (b) now compile wrapper to make .exe file

    The compiled .a3x is included inside the .exe.

    To demonstrate, copy .exe to any new location and run. :)



#ce ----------------------------------------------------------------------------


; Script Start
#include <MsgBoxConstants.au3>

MsgBox($MB_SYSTEMMODAL, "a3x demo", "This message box is called from an a3x pre-compiled script " & @CRLF & "will timeout after 10 seconds or select the OK button.", 10)

; code ends

 

The wrapper

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile=a3x_wrapper.exe
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#cs ----------------------------------------------------------------------------

    AutoIt Version: 3.3.14.2
    Author:         Skysnake

    Script Function:
    Wrapper for .a3x demo

    the INCLUDE line below forces the .a3x to be included in the new .EXE

    other option is to use FileIsntall and then run the a3x_demo.a3x as an
    external file

    NOTE: required in order are the following steps
    1. body .au3 script
    2. compile body .au3 as .a3x file, include in wrapper
    3. wrapper .au3 script, to become the .exe -> compile as .EXE


#ce ----------------------------------------------------------------------------

; Script Start -

#include "a3x_demo.a3x"

; code ends

DOWNLOAD: The ax3_demo.zip file

 

EDIT:

2016.07.08 Fixed typos

Edited by Skysnake
added a link

Skysnake

Why is the snake in the sky?

Posted (edited)

Dear @argumentum I am not sure how to interpret your response.  

This little demo was so supposed to show exactly how an .au3 file becomes an .a3x file and gets included in an .EXE.

AFAIK this is the only complete example in the Forum.  Thank you for reading. :)

 

Edited by Skysnake
Typo

Skysnake

Why is the snake in the sky?

Posted

I've tryed it because I has a program made in Autoit wich is use by a lot of people and I get a lot "False Positive".

It takes with every update about 3 weeks to report it to al virusscan company, because a lot of them reply very slow on these reports.

What I've discovered is that a lot of scanners stil mark it as virus when I use a3x file packed in a exe file but it are less then usally.

But I think it's a matter of time before viruscan company marks this way as virus as well.

 

Thanks for showing how to do this.

  • 2 weeks later...
Posted

@Skysnake,

it is understood that what this topic is all about is a demonstration of how to make a3x file distributable.

however, as for the reasons for doing so, i side with @argumentum here. in respect to the reasons you mention - it works, but does not do much. here's how:

On 7/7/2016 at 1:27 PM, Skysnake said:

How to avoid false-positive Anti-Virus detection?

working with your demo, i compiled it to exe directly (commented-out the wrapper directives). then i uploaded the directly-compiled exe to VirusTotal, as well as your pre-compiled wrapper using a3x.

links:     directly compiled     compiled using a3x

results:

directly compiled:

Antivirus Result Update
Antiy-AVL Trojan/Generic.ASVCS3S.1E5 20160719
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20160719
Qihoo-360 QVM10.1.Malware.Gen 20160719

compiled using a3x:

Antivirus Result Update
Antiy-AVL Trojan/Generic.ASVCS3S.1E5 20160719
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch 20160719

so there is some improvement. more interestingly, in addition to current observation (above), i think it should prove interesting to follow those links and re-scan from time to time.

 

as for the other 3 reasons you gave -

1) is it just me, or these are all rephrasing the same concept? :huh2:

2) the wrapped a3x and directly-compiled exe are both equally unprotected.

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Posted (edited)

Dear @orbs, I could not find a complete example, so I made one and demonstrated it.

As to all your other comments, I did not intend, nor suggest that I could solve these.  The point was to show how it works.  The reasons why these problems remain fall beyond the scope of this demo.  I will admit that these appear valid, but are inherently part of the package we use, and beyond the scope of this example.

What is mentioned in some posts is to (a) install AutoIt, and then (b) run the .a3x as a stand-alone file using the AutoIt interpreter.  In this way the .a3x file escapes detection.  This is suggested to be the preferred option. Perhaps you want to run your virus scan like this?

Thank you. :)

 

Edited by Skysnake
typo

Skysnake

Why is the snake in the sky?

Posted

I was thinking about all of this.

Somewhere @Melba23 uses the term "the .a3x file is tokenised" and I was wondering how far that tokenised file is form being binary?  If we can get the tokenised file converted to binary, would that solve the problems mentioned above?  

 

Skysnake

Why is the snake in the sky?

  • 6 months later...
Posted

This is good as far as it goes, but I'm wondering if you can give an example of running an A3x script with another compiled script?

Run(@ScriptDir & "BasicRunProgram.exe" ,"FileToruna3x.a3x")

I don't want to insert the a3x file, but run different a3x files in different places with the same compiled script... Is that possible? It sounds like it from the help file but I can't find, after quite a bit of searching, an example.

Thanks for reading.

  • Moderators
Posted

Graeme,

Look in the Help file under <Using AutoIt - Running Scripts - AutoIt specific command Line Switches - Run a script using another compiled script>. You run the .a3x files just as you would an standard .au3 file - the "Important Notes" section at the end of the page even suggests that this is the preferred method (and also explains why), as well as what you need to do to the master executable to ensure that it is permitted to run external scripts.

M23

 

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Posted

Dear Melba,

Thanks for your comments but sadly I had already seen that help file and not been able to make anything work. As well I was surprised that you said, just as you would a standard .au3 file. I've never run a standard au3 file other than by compiling it and running the exe file or from within the editor. This is why I was hoping for an example.

  • Moderators
Posted (edited)

Graeme,

Here are 3 files:

Example.exe is this script compiled to exe:

#pragma compile(AutoItExecuteAllowed, True)

Run("Example.exe /AutoIt3ExecuteScript Script.au3")

Run ("Example.exe /AutoIt3ExecuteScript Script.a3x")

Script.a3x is this script compiled to a3x:

#include <MsgBoxConstants.au3>

MsgBox($MB_SYSTEMMODAL, "Example", "Compiled a3x script")

Script.au3 is this script left as text:

; Note no include file n the au3 script as it will not necessarily be available

MsgBox(4096, "Example", "au3 script") ; So we need magic numbers instead

Run Example.exe and you will see the 2 MsgBoxes appear. Note that the .a3x file automatically includes the required MsgBoxConstants file when compiled - if you try running the same script as an .au3 file you are likely to get an error.

M23

Edited by Melba23
Added more detail

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

  • Moderators
Posted

Graeme,

My pleasure as always.

M23

Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

  • 2 months later...
Posted

So now I'm using a3x files to get around the AV problem... I'm doing this by compiling my au3 files as a3x files and running them with

Run("C:\Program Files (x86)\QA\AutoIT3.exe" Example.a3x)

This works fine. The only problem I have is that whereas before I could use

if processexists("example.exe") do stuff

now I have several instances of autoit3.exe in the process lists and I can't find out how to distinguish between them... Is there a way?

Blessings

  • Developers
Posted

Sure, I see 2 options:

  1. Use the _Singleton function with a unique name for each script
  2. Use the hidden window of each AutoIt3 session and set it to a unique name, which you then can test with WinExist()

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Posted

Sorry, I think I'm a bit simple.

I tried to use the Singleton idea. I looked at the help and couldn't see how to set the string to identify the occurrence. I tried the name of the script and the name of the script without the extension but neither worked.

Blessings

Posted (edited)
12 hours ago, Graeme said:

Sorry, I think I'm a bit simple.

#include <Array.au3>
Global $sTitle = "let's call this a title, identifier, whatnot"
AutoItWinSetTitle($sTitle & Chr(1) & @AutoItPID)
Local $b, $n, $aMyScripts = WinList("[TITLE:" & $sTitle & ";CLASS:AutoIt v3;]")
ReDim $aMyScripts[UBound($aMyScripts)][3]
$aMyScripts[0][1] = "$hWindow"
$aMyScripts[0][2] = "@AutoItPID"
For $n = 1 To $aMyScripts[0][0]
    $b = StringSplit($aMyScripts[$n][0], Chr(1))
    $aMyScripts[$n][0] = $b[1]
    $aMyScripts[$n][2] = $b[2]
Next
_ArrayDisplay($aMyScripts, "this way you can ProcessClose(@AutoItPID) or WinKill($hWindow)")

; also
If WinExists($sTitle) Then Exit 123

That's it   =)

Edited by argumentum
more ideas :)

Follow the link to my code contribution ( and other things too ).
FAQ - Please Read Before Posting.
autoit_scripter_blue_userbar.png

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...