Installer for auto execute a3x files

[Schnuffel]

Hello,
there was a discussion in the German AutoIt forum about false positive messages from virus scanners for compiled exe files.
Therefore we did some tests and found out that a3x files do not trigger a relevant virus message and your AutoIt3.exe is apparently also known to the manufacturers,
since none of the manufacturers are responding.
For this reason, I have written a small AutoIt installer that only enables a3x support for users.
The AutoIt3.exe is copied into the original directory, including the icon, so that the files are simply overwritten in the same place during a possible full installation.
The registry entries have also been copied from the installation. After installation you can use a3x files as well as “normal” exe files.
The only difference is that there are no false positive messages (hopefully).

Advantages:
- no more “false-positive” messages (mostly ^^)
AutoIt3.exe is submitted to the anti-virus software manufacturers when it is updated and included in the exception list of the scanners
and therefore does not generate false positive messages
- small script for distribution  
the own script is significantly smaller as it does not require the included wrapper this makes distribution, updates etc. easier
- binary script
the script is encoded as an a3x file and cannot be read by “normal” means.
(decompiling is not the point of discussion here, as reverse engineering is almost always possible)

The script contains all necessary files and currently the AutoIt3.exe in version 3.3.16.1.
Since the script is a bit longer due to the inserted files, I only provide it here as a zip file.
As always, suggestions, wishes, praise, criticism and constructive criticism are absolutely welcome.

Due to the limitations I can neither upload the script nor the files as 7z here. Therefore I link to the thread in the German forum.
The file is attached to the first entry as a3xInstaller.zip ==>  Thread in german Forum

@JosI have noticed that there is still no rudimentary support for the use of 64-bit a3x files, and that the 32-bit wrapper is also used due to the fact that they are also called “a3x”.
I would suggest to introduce a filetype like “a3x64”, and then link it to the 64-bit wrapper (AutoIt3_x64.exe) in the registry.

[Jos]

Not sure i understand the question about x64. The choice is yours to use either auto3.exe or auto3_x64.exe to run the ax3 "compiled" script. So do not really see why one would need this.  

Care to elaborate?

I haven't looked at the details of your wrapper but is that an executable? What makes you think it won't be flagged as an virus in the near future when people start using it for that purpose?

[Schnuffel]

Hi Jos,
The idea behind this is that on PCs on which no AutoIt installation is available and is also not wanted, just install the AutoIt3.exe in the program directory and register the file ending a3x for AutoIt3.
I noticed that if I compile an a3x file as x64, then this file is also executed with the AutoIt3.exe. A registration of the a3x as 64bit variant is not yet available.
No directive can activate the 64-bit mode during execution, as all a3x files are linked to the AutoIt3.exe in the registry (AutoIt3XScript).

My hope is actually that you build an installer that provides a “Lite AutoIt Installation for a3x Support”. This would then completely include giving the 64-bit a3x files in the aut2exe their own file extension (my suggestion would be .a3x64) so that when the a3x64 file is executed directly, AutoIt3_x64.exe processes it. Since I can not accomplish this, I would need your interest and support.
The Lite installation would then be controlled by you and could also be submitted to the anti-virus software manufacturers for testing. Then this file and its installation would not be a problem. Since a3x files themselves are not executable files, they do not pose a virus threat (at least not yet).

For developers who distribute their scripts, the script file would therefore be freed from false positives, the file would be smaller and have no restrictions.

It would be a presumptuous idea if this Lite installation made it into the Microsoft Store and could be installed by anyone. Then AutoIt would reside on the PC like Powershell and could natively execute a3x files.

[Jos]

As I mentioned, there is no x64 or x86 compile for a3x! All that happens is that the source is converted to the byte code, which is the same as normally included in the PE header of an actual compiled script. So again it is irrelevant which autoit3.exe you use for a3x files.

[argumentum]

..I associate .nfo to notepad. I guess you can associate .whatever to anything
On AutoIt3 installation you are asked to default to x86 or x64 therefore nothing wrong with the installer.
And you can do as you please. Meaning, change the registry or click-click "open with", select the x64 version and set as always.
So that's that in regards to the default handler of a file extension in windows.

In regards to AV, you may have to exclude your executable because, you can never know what is going to happen.

..ok. case closed  

[argumentum]

16 minutes ago, Schnuffel said:

so that when the a3x64 file is

... you can set #AutoIt3Wrapper_Run_After=  and rename those files to any extension name. In case you'd like to differentiate between 32bit and 64bit. Not that the file would be different but at least you can have the file extension paired with one executable or another.

Just an idea.  

[ioa747]

I tried it and it works.

I added

RegWrite("HKEY_CLASSES_ROOT\AutoIt3X64Script", "", "REG_SZ", "AutoIt v3 Encoded Script X64")
RegWrite("HKEY_CLASSES_ROOT\AutoIt3X64Script\DefaultIcon", "", "REG_SZ", "C:\Program Files (x86)\AutoIt3\Icons\au3script_v11.ico")
RegWrite("HKEY_CLASSES_ROOT\AutoIt3X64Script\Shell", "", "REG_SZ", "Run")
RegWrite("HKEY_CLASSES_ROOT\AutoIt3X64Script\Shell\Run", "", "REG_SZ", "Run Script")
RegWrite("HKEY_CLASSES_ROOT\AutoIt3X64Script\Shell\Run\Command", "", "REG_SZ", '"C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe" "%1" %*')
RegWrite("HKEY_CLASSES_ROOT\.a3x64", "", "REG_SZ", "AutoIt3X64Script")

Compiled

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile_type=a3x
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****


MsgBox(0, @ScriptName, "AutoItVersion:" & @AutoItVersion & " " & (@AutoItX64 ? "X64" : "X86") )

I just changed the extension manually to .a3x64

 

[Jos]

8 minutes ago, ioa747 said:

I tried it and it works.

Did you doubt/question that in the first place? 😉

[ioa747]

8 minutes ago, Jos said:

Did you doubt/question that in the first place? 😉

I wasn't sure that AutoIt3_x64.exe would accept executing a file with the extension .a3x64.

[argumentum]

9 hours ago, Schnuffel said:

...there was a discussion in the German AutoIt forum...

I read the 3 posts in the German forum and in

https://autoit.de/thread/88436-anti-false-positive-strategie-mit-purebasic/?postID=715322#post715322

on the other hand, I don't want to interfere with the installation or official distribution of data and registry entries by Jos installer.
As long as it does not involve native support for a3x64 files, I would also do without it and only register a3x files.

( forgot my forum password hence my response here. Also, don't know German 😅 )

Reading your script ( a3xInstaller.au3 ) I was thinking that since all you care about is the x64 version,
to install it in "C:\Program Files\AutoIt3\" instead of "C:\Program Files (x86)\AutoIt3\".
That way you will not interfere with the standard distribution.
Also, since a3xInstaller.exe is an executable, you can FileInstall() instead of the @temp folder back and forth of the files to be installed.

Hope you like the idea

[ioa747]

@argumentum, I'm missing something here. 
If AutoIt it's already installed in the "C:\Program Files (x86)\AutoIt3\" folder,
why does it need to be install  and in the "C:\Program Files\AutoIt3\" folder?
or what will install in the "C:\Program Files\AutoIt3\" folder?

[argumentum]

If you go to the link he gave for the discussion in AutoIt.de you'll find the "light installer" he wrote.
Standard AutoIt3 distribution goes to the "x86" folder due to all the 32bit executables. He can use the 64bit path and, collision avoided
Given that his tokenized files ( .a3x ) will be renamed to .a3x64, there is no inference.
Also, he can give another naming convention to his distro like "AutoItLight" or what not, to not mess with the standard established by the original creator ( this forum ).

I would add to the "light installer" he coded the AutoIt EULA too, because he is not installing his product but packaging someone else's product without written consent or abiding by the EULA of the original product ( AutoIt3 ) that states the the user can distribute any code the user made including executables, hence not the product itself ( AutoIt.exe ).
So just the .au3 or .a3x or .exe produced by the AutoIt3 product as installed by the user from the creator's distribution site.

More than you asked @ioa747 
But @Schnuffel is likely to read this too  

Edited January 19 by argumentum
English

[argumentum]

my quick and dirty solution for x64 only scripts:

RunAs64bit()
Func RunAs64bit($iNoErrorStdOut = 1)
    If @AutoItExe = @ScriptFullPath Or @AutoItX64 Then Return
    If Not FileGetSize(StringTrimRight(@AutoItExe, 4) & "_x64.exe") Then Return SetError(1, 0, 1) ; one can never know as a coder
    ShellExecute(StringTrimRight(@AutoItExe, 4) & "_x64.exe", ($iNoErrorStdOut ? StringReplace($CmdLineRaw, "/ErrorStdOut ", "") : $CmdLineRaw))
    Exit 101 ; remove /ErrorStdOut because you are not in SciTE anymore, ..or not.
EndFunc   ;==>RunAs64bit

MsgBox(0, @ScriptName, "@AutoItX64 = " & @AutoItX64 & @LF & $CmdLineRaw, 30)

Place this before anything else ( including #includes ) on your script and problem solved. My 2 cents

Edited January 19 by argumentum
version 3 ?

[ioa747]

23 minutes ago, argumentum said:

my quick and dirty solution for x64 only scripts:

It seems like a much cleaner solution to me.

[Schnuffel]

@argumentum
please, I do not want to abuse or illegally pass on the work of Jos in any way.
My approach was only to help users who do not want to install AutoIt3, or the distributor of his script does not want a complete installation of AutoIt3, that their scripts can be distributed without “false positives” and can be executed on the target computer.
Therefore please “back to topic”. I would like to have a possibility to distribute a3x files (whether 64-bit or not (this was only a “side-effect” of the topic)) that are not subject to a false.positive.
I am aware that a single installation of the “Lite-Installer” would trigger a virus find. That is why I asked Jos to take up the issue of including such a “Lite-Installer” in his “program”, as he can most easily pass on this installation exe to the anti-virus software manufacturers.
If this idea does not meet with interest, then simply close this topic and good.

[Schnuffel]

Just think about the fact that AutoIt was not only made for admins, but that applications are now being written that are distributed commercially.
The fact that updating only a3x files is much easier for everyone should be the approach of this thread.

As I said, if my approach is flawed or pointless, then I accept any criticism.

[Schnuffel]

I think that AutoIt should be a wrapper like Powershell.exe for ps1 files that is simply available in every Windows system or at least should be easy to install.
That way a3x files could be distributed very easily and used by the people who voluntarily installed the “Lite-Installer”. Maybe my approach is stupid, but I'm the kind of person who only gives up on an idea when I stop breathing

[Schnuffel]

Perhaps I need to clarify my approach a little:
The point is that a user can start an a3x file simply by double-clicking on it. This user has no idea about AutoIt or the dependencies. The developer of the a3x and the user just want a carefree way to use this a3x.
The fact that the a3x does not generate a virus warning is just a side effect

[Schnuffel]

The discussion about 32bit and 64bit is also just a side effect that I noticed in passing. When creating the exe, you can “choose” between the x86 and the x64 exe. This is not possible with a3x.
However, this is not the subject of this topic. It's just about whether a “Lite installation” is an interesting idea for non-developers.

[argumentum]

@Schnuffel, I don't think that an idea is stupid. I for once create stuff that others may see it as so, but solved the problem I had. At times someone would came along and give and idea ( in the form of running code ) that was better than what I came up with and I thank them accordingly, but not much different than a monkey that just got a banana and quickly run away with it

> This user has no idea about AutoIt or the dependencies.
Some PS1 or .NET will complain that dependencies are needed if not there. Or just plain crash, or do nothing.
AutoIt is beautiful in that regard. It just runs.
The part to think about is the "This user has no idea about...". AutoIt is signed by ... them. A script is signed by you ?, nope, them too. Tomorrow they download a .a3x file named "gameCheat.a3x" and they run it and it was actually a ... good luck with that.
So this you'd like to do, of having a ".ps1 like behavior" is a bad idea from a security point of view.

>..applications are now being written that are distributed commercially.
Then buy a key and sign your executable. With time the executable will develop fame ( marker that is used nowadays to determine if a piece of software is safe ) and problem solved. Or put all the executable ( and code, or not ) publicly in github and with time it'll be regarded as safe. 

>I would like to have a possibility to distribute a3x files (whether 64-bit or not (this was only a “side-effect” of the topic)) that are not subject to a false positive.
Distribute ala JAVA, where you'd have a batch file that calls "java.exe myCode.jar". In this case "AutoIt3_x64.exe myCode.a3x" but don't install AutoIt3 for anyone to click-click anything .a3x and run it.

You could from your installer, register the extension ".MyCodeExt" with your path to your "BIN\AutoIt3\AutoIt3_x64.exe" and that is safer.
But not as safe as your own signed .exe.

There is not much that can be done about anti-Pay_Me_To_Feel_Safe programs  
Announce in the installer the AV problem, and that is a false positive if flagged, is the most you can do, and some renown programs have the disclaimer and are written in C.

Am not against your idea ( that presents a solution to what we all need ) but, we have to think of "what Jesus a black hat would do if".