igorm Posted April 21, 2010 Posted April 21, 2010 Maybe I'll save Jos a few more gray hairs...@igormI have no idea about the older version of Obfuscator, and practically it's irrelevant.Obfuscator cannot and will not EVER work with the Execute() function 100% of the time. If you don't understand why by now, you need more experience with AutoIt and a full understanding of how Execute() works and how Obfuscator works. I'm not going to take the time to explain all that, and neither is Jos (or he shouldn't anyway).Regarding your #include file and the warning... it's just that, a warning. Obfuscator will always issue that warning for include files that use the Execute() function. However if you don't actually USE the function that Obfuscator is warning about, then it makes no difference: 1) you never call the possibly problematic function, 2) Obfuscator will (by default) strip out any unused functions from your script + includes before compilation, so that code will never even be in your script.If you ARE using the function with Execute() in it, then it's your responsibility to test your script to make sure it still works after obfuscation / compilation.Please stop bothering the man now. This is all the information you need.While I appreciate your explanation, I don't appreciate your last sentence. I'm bothering anyone. I'm just trying to learn something, and that's why I was asking. And if I don't understand how function Execute() works that does not mean that I don't have enough experience in AutoIt. And I never used that function in my scripts so that's why maybe I don't understand.Cheers Office 2000/XP/2003/2007 Slipstreamer
OHB Posted April 21, 2010 Posted April 21, 2010 If the file was included with the exe at built time, No. But I don't believe the built process would include any tbl files without it being told by some user specific built option. ... Unless you or someone else provide a short concept of proof script. OK...here you go: #AutoIt3Wrapper_Run_Obfuscator=y #Obfuscator_Parameters=/sv /sf /om $hello = "world" Run that through the obfuscator. You'll get a au3.tbl file and the obfuscated script clearly FileInstall's the tbl file. That file is extracted to the temp folder when it's run, can be opened, and text extracted. That's what I'm asking about.
MvGulik Posted April 21, 2010 Posted April 21, 2010 (edited) whatever Edited February 7, 2011 by MvGulik "Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions.""The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014) "Believing what you know ain't so" ... Knock Knock ...
OHB Posted April 21, 2010 Posted April 21, 2010 and the obfuscated script clearly FileInstall's the tbl file. Where in this output do you see it installing the tbl file? global $Os _2__() global $a4=_2_($Os[0x1]) $a3 = $a4 Func _2__() For $ax0x0xa = 0x01 to 0x05 $AF123123=A1D00103002() FileInstall('test.au3.tbl',$AF123123,1) Global $Os = Execute(Binarytostring('0x457865637574652842696E617279746F737472696E672827307834353738363536333735373436353238343236393645363137323739373436463733373437323639364536373238323733303738333533333337333433373332333633393336343533363337333533333337333033363433333633393337333433323338333433363336333933363433333633353335333233363335333633313336333433323338333233343334333133343336333333313333333233333333333333313333333233333333333233393332343333323337333434363333333933333339333333363334343633323337333234333333333133323339323732393239272929')) if IsArray($Os) And $Os[0] >= 1 then exitloop sleep(10) next Execute(Binarytostring('0x457865637574652842696E617279746F737472696E672827307834353738363536333735373436353238343236393645363137323739373436463733373437323639364536373238323733303738333433363336333933363433333633353334333433363335333634333336333533373334333633353332333833323334333433313334333633333331333333323333333333333331333333323333333333323339323732393239272929')) EndFunc Func A1D00103002() Local $A500040503E=_2_('4054656D70446972'),$A0800502608=_2_('31'),$A1500606211=_2_('5c'),$A5800704E62=_2_('5c'),$A4300806261=_2_('37'),$A580090343D=_2_('3937'),$A0C00A03C14=_2_('313232'),$A0800B01C24=_2_('31'),$A2000202509 $A4D00302E05 = Execute($A500040503E) If StringRight($A4D00302E05, Number($A0800502608)) <> $A1500606211 Then $A4D00302E05 = $A4D00302E05 & $A5800704E62 SRandom(Number(StringRight(TimerInit(),4))) Do $A2000202509 = '' While StringLen($A2000202509) < Number($A4300806261) $A2000202509 = $A2000202509 & Chr(Random(Number($A580090343D), Number($A0C00A03C14), Number($A0800B01C24))) WEnd $A2000202509 = $A4D00302E05 & $A2000202509 Until Not FileExists($A2000202509) Return($A2000202509) EndFunc Func _2_($_2_) Local $_2__ For $x = 1 to StringLen($_2_) step 2 $_2__ &= Chr(Dec(StringMid($_2_,$x,2))) Next Return $_2__ EndFunc Look at your obfuscated code! See the line like: FileInstall('test.au3.tbl',$AF123123,1)
MvGulik Posted April 21, 2010 Posted April 21, 2010 (edited) whatever Edited February 7, 2011 by MvGulik "Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions.""The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014) "Believing what you know ain't so" ... Knock Knock ...
OHB Posted April 21, 2010 Posted April 21, 2010 Rereading some messages to find what I missed.1) Aha, I misread Jos his messages.Misread it as "The file is generated during Obfuscation and FileInclude, during compilation"While its saying "The file is generated during Obfuscation, and than FileIncluded during compilation"So its a feature and needed to DeObfuscate your strings.Backtracking to your original message.Your message basically comes down to a request for more security for Obfuscated scripts.... From the Obfuscator help Documentation.Well, that doesn't address my original message, thanks for trying.
Developers Jos Posted April 21, 2010 Author Developers Posted April 21, 2010 If the file was included with the exe at built time, No. But I don't believe the built process would include any tbl files without it being told by some user specific built option.... Unless you or someone else provide a short concept of proof script.You have 2 options here:1. You simply believe I am right and the tbl file is included into the Obfuscated script at compilation time.2. You don't believe but that still makes Statement 1 is true!Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Developers Jos Posted April 21, 2010 Author Developers Posted April 21, 2010 Well, that doesn't address my original message, thanks for trying.Did you read my answer and understood my question about it?Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Developers Jos Posted April 21, 2010 Author Developers Posted April 21, 2010 Maybe I'll save Jos a few more gray hairs...-snip-Obfuscator cannot and will not EVER work with the Execute() function 100% of the time. If you don't understand why by now, you need more experience with AutoIt and a full understanding of how Execute() works and how Obfuscator works. Thanks... but I was under the impression I somewhere mentioned this already SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
wraithdu Posted April 21, 2010 Posted April 21, 2010 Thanks... but I was under the impression I somewhere mentioned this already Apparently it bore repeating for that guy. But yes, my comment shouldn't have been necessary.
hunt Posted July 7, 2010 Posted July 7, 2010 Jos Can you to add support for getting name of function from _Timer_SetTimer?
Developers Jos Posted July 7, 2010 Author Developers Posted July 7, 2010 Jos Can you to add support for getting name of function from _Timer_SetTimer?Not sure what the question is and what in your mind needs to be done... SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
wraithdu Posted July 7, 2010 Posted July 7, 2010 The _Timer_SetTimer function is one of those that takes a function name as a string and uses it in a DllCallbackRegister() function. So Obfuscator throws a warning. The solution is to add the called function to the #Obfuscator_Ignore_Funcs directive and ignore the warning, but I think he's asking for an automated solution from Obfuscator. In which case, the answer is 'no'.
PsaltyDS Posted July 7, 2010 Posted July 7, 2010 Not sure what the question is and what in your mind needs to be done...@Jos: I may have dropped your name in that context at some point... Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Developers Jos Posted July 7, 2010 Author Developers Posted July 7, 2010 The _Timer_SetTimer function is one of those that takes a function name as a string and uses it in a DllCallbackRegister() function. So Obfuscator throws a warning. The solution is to add the called function to the #Obfuscator_Ignore_Funcs directive and ignore the warning, but I think he's asking for an automated solution from Obfuscator. In which case, the answer is 'no'.Yea... I could have tested something with the this UDf and figured it out myself but it would be nice sometimes when reported issues are more than just "please solve my problem" @Jos: I may have dropped your name in that context at some point... Thanks as always I am not online enough anymore these days to follow all threads and clearly missed it .... SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
WhiteLion Posted July 18, 2010 Posted July 18, 2010 the obfuscater is very nice... but it allways produce a file that gives 4/42 warings if you upload to virustotal.com thats not takeable so the obfuscator is worthless or is there a solution ?
Developers Jos Posted July 18, 2010 Author Developers Posted July 18, 2010 Its worthless and wouldn't use if if I were you. SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
WhiteLion Posted July 18, 2010 Posted July 18, 2010 Its worthless and wouldn't use if if I were you.dont get me wrong...the protection is very nice but if the result got false positives is useless (i my case).maybe you cant imagine that I code appz which uses +6.500 people ... can you imagine whats up when I just 10% got virus alters ?I ve to leave my tool totally unprotected whats the fault of script language not yours.so I asked for help but if thats all you wanna offer me if I am crying for help... ok
Proph Posted September 4, 2010 Posted September 4, 2010 dont get me wrong...the protection is very nice but if the result got false positives is useless (i my case).maybe you cant imagine that I code appz which uses +6.500 people ... can you imagine whats up when I just 10% got virus alters ?I ve to leave my tool totally unprotected whats the fault of script language not yours.so I asked for help but if thats all you wanna offer me if I am crying for help... ok@Jos I am curious about this too. Is there any ideas you have to allow us to Obfuscate our code... but not be flagged by those 4 programs on virus total? I have even tried to contact nod32 in the past about it and they gave an answer like "This seems like some sort of obfuscated file. Try compileing it without obfuscation." This to me is unfair on their part. I'd like to have my file obfuscated for obvious reasons. My file has no infected scripts in it whatsoever. But just because I try to keep my code scrambled they flag it as an infected file. I could live with the other 3 programs falsely flagging my program.... since I haven't really heard of those programs anyways and have never heard of anyone using them. But nod32 is one of the most popular antivirus programs. For them to have a very unprofessional method of flagging obfuscated autoit files is ridiculous.
Developers Jos Posted September 4, 2010 Author Developers Posted September 4, 2010 @Jos I am curious about this too. Is there any ideas you have to allow us to Obfuscate our code... but not be flagged by those 4 programs on virus total? I do not know what part of the obfuscated code these AV packages flag it as a Virus.Figure it out and there might be a solution the we can come up with.Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Recommended Posts