AutoHotkey Community
It is currently May 27th, 2012, 10:44 am

View unanswered posts | View active topics


Board index » AutoHotkey » Support

All times are UTC [ DST ]



Post new topic Reply to topic  Page 1 of 7
  [ 92 posts ]  Go to page 1, 2, 3, 4, 5 ... 7  Next
  Print view | E-mail friend Previous topic | Next topic 
Author Message
Clash
PostPosted: February 19th, 2008, 9:57 pm 
Offline

Joined: June 27th, 2006, 4:36 pm
Posts: 182
Someone decompiled my script even though a password was set and i set it to not be decompilable with the compiler script.

How do i stop this?

_________________
Image Image


Report this post
Top
 Profile  
Reply with quote  
some0ne
 Post subject:
PostPosted: February 19th, 2008, 10:11 pm 
you've to kill me?


Report this post
Top
  
Reply with quote  
engunneer
 Post subject:
PostPosted: February 19th, 2008, 10:29 pm 
Offline
User avatar

Joined: August 30th, 2005, 8:43 pm
Posts: 8667
Location: Salem, MA
it is impossible to 100% protect a script. Try compiling it on your own instead of using a helper script, so you know exaclty what options are set. What version of AHK are you using?

_________________
Image
(Common Answers) - New Tutorials Forum - Humongous FAQ


Report this post
Top
 Profile  
Reply with quote  
Clash
 Post subject:
PostPosted: February 20th, 2008, 11:12 pm 
Offline

Joined: June 27th, 2006, 4:36 pm
Posts: 182
version 1.0.47.05. i don't think i can make my own compiler..

_________________
Image Image


Report this post
Top
 Profile  
Reply with quote  
Oberon
PostPosted: February 20th, 2008, 11:30 pm 
Offline

Joined: February 18th, 2008, 8:26 pm
Posts: 442
Clash wrote:
How do i stop this?
Quite simply you can't. AutoHotkey is an interpreted language. Compiling here is essentially an exe binder.


Report this post
Top
 Profile  
Reply with quote  
jaco0646
 Post subject:
PostPosted: February 20th, 2008, 11:36 pm 
Offline

Joined: October 7th, 2006, 4:50 pm
Posts: 3157
Location: MN, USA
@Clash
Out of curiosity, do you know how, exactly, "someone" managed to do this?


Report this post
Top
 Profile  
Reply with quote  
markreflex
 Post subject:
PostPosted: February 20th, 2008, 11:56 pm 
Offline

Joined: February 12th, 2008, 3:17 pm
Posts: 50
i would like to be able to pack my compiled exe with a protector like execryptor. if i remove upx from the folder it dosent get packed but it still gets modified to be unable to pack with a 3rd party packer/protector which means you have more ways to protect your compile. whoever can open it has got the master key to do all. :(

is there any other tricks to make it safer? i thought somebody would of made some obfuscation by now.

pm me if you know any or how i can pack it with 3rd party protector.


Report this post
Top
 Profile  
Reply with quote  
engunneer
 Post subject:
PostPosted: February 21st, 2008, 12:30 am 
Offline
User avatar

Joined: August 30th, 2005, 8:43 pm
Posts: 8667
Location: Salem, MA
i think there is a thread about this in the scripts section. the /nodecompile flag and a password should be all you need.

even if you encrypt the exe, it will have to be decrypted to run at all anyway

_________________
Image
(Common Answers) - New Tutorials Forum - Humongous FAQ


Report this post
Top
 Profile  
Reply with quote  
DeWild1
 Post subject:
PostPosted: February 21st, 2008, 2:37 am 
Offline

Joined: April 30th, 2006, 6:23 pm
Posts: 358
Location: Shigle Springs
If you encrypt the exe, it makes it unusable. Kind of like if you try to digitally sign it, it craps out too. Chris said something about the bits :shock: or bytes :shock: being changed screws up the script part of the compiled exe..
I don't know or remember, but it does not work with the encryption tools I tried nor the code signing.. You can however zip and make a self extracting file that can be modified via encryption-code signing and put your exe in that.

_________________
CPULOCK.com
virusSWAT.com
Computer Repair Computer Service.com
911PCFIX.com


Report this post
Top
 Profile  
Reply with quote  
SKAN
 Post subject:
PostPosted: February 21st, 2008, 7:18 am 
Offline
User avatar

Joined: December 26th, 2005, 4:40 pm
Posts: 8776
When the script is in memory, it is not very hard to retrieve the code with a debugger. A debugger writes to the process space of AHK to attach itself.
If this can be detected by a running script, it would be possible for it to kill the debugger as well as quit self.

Here is some ASM code that demonstrates it:

Code:
;
; KaKeeware is proud to present a small piece of code that
; demonstrates how to block usermode debuggers from attaching
; to your process.     
;
; Author: Adam Blaszczyk (c) 2005
; WWW:    http://www.kakeeware.com     
; e-mail: adam[]kakeeware[]com
;
; Feel free to use this source code in your applications, but remember
; that credits are always welcomed :-)                           
;
; ============================================================

.586
.MODEL FLAT,STDCALL

 INCLUDE windows.inc
 CR    = 0Dh
 LF    = 0Ah

 INV equ INVOKE
 OFS  equ OFFSET
 BPTR equ BYTE PTR
 WPTR equ WORD PTR
 DPTR equ DWORD PTR

 MOM  MACRO t:REQ, s:REQ
    push   DPTR s
    pop    t
 ENDM

 INCLUDEX  MACRO plik:REQ
     include    plik.inc
     includelib plik.lib
 ENDM

 INCX MACRO mods:VARARG
   FOR c,<mods>
    INCLUDEX c
   ENDM
 ENDM

 INCX kernel32,user32

.data?
    ddOldProtect dd ?
    ptrDbgUiRemoteBreakin dd ?

.data 
    szNTDLL              db 'ntdll.dll',NULL
    szDbgUiRemoteBreakin db 'DbgUiRemoteBreakin',NULL
    szAntiCaption        db 'AntiAttach',NULL
    szAntiTitleWarning   db 'Gotcha! You are trying to attach debugger...',NULL
    szAntiTitleInfo      db 'Now... try to attach debugger to AntiAttach process.',NULL

.code
  Start:   
    INV GetModuleHandle,OFS szNTDLL
    INV GetProcAddress,eax,OFS szDbgUiRemoteBreakin
    mov ptrDbgUiRemoteBreakin,eax
       
    INV VirtualProtect,ptrDbgUiRemoteBreakin,1,PAGE_EXECUTE_READWRITE,OFS ddOldProtect
   
    mov eax,ptrDbgUiRemoteBreakin

    mov BPTR [eax+00],068h                        ; PUSH xxxxxxxx
    mov DPTR [eax+01],MB_OK or MB_ICONEXCLAMATION ; PUSH MB_OK or MB_ICONEXCLAMATION

    mov BPTR [eax+05],068h                        ; PUSH xxxxxxxx
    mov DPTR [eax+06],OFS szAntiCaption           ; PUSH OFS szAntiCaption
   
    mov BPTR [eax+10],068h                        ; PUSH xxxxxxxx
    mov DPTR [eax+11],OFS szAntiTitleWarning      ; PUSH OFS szAntiTitle

    mov BPTR [eax+15],068h                        ; PUSH xxxxxxxx
    mov DPTR [eax+16],0                           ; PUSH 0

    mov BPTR [eax+20],0B8h                        ; mov eax,xxxxxxxx
    mov DPTR [eax+21],OFS MessageBoxA             ; mov eax,OFS MessageBoxA
   
    mov WPTR [eax+26],0D0FFh                      ; call eax
   
    mov BPTR [eax+28],0B8h                        ; mov eax,xxxxxxxx
    mov DPTR [eax+29],OFS ExitProcess             ; mov eax,OFS ExitProcess
   
    mov WPTR [eax+33],0D0FFh                      ; call eax
   
    INV MessageBoxA,0,OFS szAntiTitleInfo,OFS szAntiCaption,MB_OK

    ret
END Start


The compiled form of above code is available @ http://kakeeware.com/i_antiattach.php

It would be nice if any ASM coder can throw some light into this concept.

:)



Last edited by SKAN on February 28th, 2008, 1:16 pm, edited 2 times in total.

Report this post
Top
 Profile  
Reply with quote  
DeWild1
 Post subject:
PostPosted: February 21st, 2008, 7:52 am 
Offline

Joined: April 30th, 2006, 6:23 pm
Posts: 358
Location: Shigle Springs
I think I love you. :P

_________________
CPULOCK.com
virusSWAT.com
Computer Repair Computer Service.com
911PCFIX.com


Report this post
Top
 Profile  
Reply with quote  
DeWild1
 Post subject:
PostPosted: February 21st, 2008, 8:03 am 
Offline

Joined: April 30th, 2006, 6:23 pm
Posts: 358
Location: Shigle Springs
OK, the problem with you geniuses, IS, you never write s%$T in laymans terms so we can never learn to be super geniuses like you..
All kinds of include this or that... BUT NEVER a plug N play script that is beneficial to all and can help us to start thinking at a higher level..

P a PPPPaaaaa PA ppplease... :cry: :cry: :lol:
Explain with a working example.
90% of the code was something that I will stare at, like a deer in headlights, but, HEY, I am trying...

_________________
CPULOCK.com
virusSWAT.com
Computer Repair Computer Service.com
911PCFIX.com


Report this post
Top
 Profile  
Reply with quote  
Raccoon
 Post subject:
PostPosted: February 21st, 2008, 9:25 am 
Offline

Joined: January 2nd, 2008, 4:47 am
Posts: 150
Location: Freenode IRC
Plug 'n Play has NEVER helped anyone think at a higher level. :)

"My plug's broken, fix it for me?"


Report this post
Top
 Profile  
Reply with quote  
DeWild1
 Post subject:
PostPosted: February 21st, 2008, 9:54 am 
Offline

Joined: April 30th, 2006, 6:23 pm
Posts: 358
Location: Shigle Springs
well, I am a dissembler.. I take things apart just to understand them. A dyslexia of the learning process I guess. :wink: :lol:

_________________
CPULOCK.com
virusSWAT.com
Computer Repair Computer Service.com
911PCFIX.com


Report this post
Top
 Profile  
Reply with quote  
Clash
 Post subject:
PostPosted: February 21st, 2008, 10:30 am 
Offline

Joined: June 27th, 2006, 4:36 pm
Posts: 182
Hi SKAN,

The person that decompiled the script said something about debuggers. I'm not sure on how to use your script though, do i just run it alongside my script?

Thanks, Peter

_________________
Image Image


Report this post
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 7
  [ 92 posts ]  Go to page 1, 2, 3, 4, 5 ... 7  Next

Board index » AutoHotkey » Support

All times are UTC [ DST ]

Who is online

Users browsing this forum: chaosad, specter333, Yahoo [Bot] and 57 guests

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Group