 |
AutoHotkey Community
Let's help each other out
|
| View previous topic :: View next topic |
| Author |
Message |
Clash
Joined: 27 Jun 2006
Posts: 182
|
 Posted: Tue Feb 19, 2008 9:57 pm Post subject: Someone decompiled my passworded and protected script. |
 |
|
Someone decompiled my script even though a password was set and i set it to not be decompilable with the compiler script.
How do i stop this?
_________________
  |
|
| Back to top |
|
 |
some0ne
Guest
|
| Posted: Tue Feb 19, 2008 10:11 pm Post subject: |
|
|
| you've to kill me? |
|
| Back to top |
|
|
engunneer
Joined: 30 Aug 2005
Posts: 6349
Location: Pacific Northwest, US
|
| Posted: Tue Feb 19, 2008 10:29 pm Post subject: |
|
|
it is impossible to 100% protect a script. Try compiling it on your own instead of using a helper script, so you know exaclty what options are set. What version of AHK are you using?
_________________
 Unless otherwise noted, all code is untested.
Common Answers: 1.(Loops, Viruses, etc.) 2. Search 3.RTFM |
|
| Back to top |
|
|
Clash
Joined: 27 Jun 2006
Posts: 182
|
| Posted: Wed Feb 20, 2008 11:12 pm Post subject: |
|
|
version 1.0.47.05. i don't think i can make my own compiler..
_________________
|
|
| Back to top |
|
|
Oberon
Joined: 18 Feb 2008
Posts: 458
|
| Posted: Wed Feb 20, 2008 11:30 pm Post subject: Re: Someone decompiled my passworded and protected script. |
|
|
| Clash wrote: | | How do i stop this? |
Quite simply you can't. AutoHotkey is an interpreted language. Compiling here is essentially an exe binder. |
|
| Back to top |
|
|
jaco0646
Joined: 07 Oct 2006
Posts: 489
Location: MN, USA
|
| Posted: Wed Feb 20, 2008 11:36 pm Post subject: |
|
|
@Clash
Out of curiosity, do you know how, exactly, "someone" managed to do this?
_________________
http://autohotkey.net/~jaco0646/ |
|
| Back to top |
|
|
markreflex
Joined: 12 Feb 2008
Posts: 42
|
| Posted: Wed Feb 20, 2008 11:56 pm Post subject: |
|
|
i would like to be able to pack my compiled exe with a protector like execryptor. if i remove upx from the folder it dosent get packed but it still gets modified to be unable to pack with a 3rd party packer/protector which means you have more ways to protect your compile. whoever can open it has got the master key to do all. 
is there any other tricks to make it safer? i thought somebody would of made some obfuscation by now.
pm me if you know any or how i can pack it with 3rd party protector. |
|
| Back to top |
|
|
engunneer
Joined: 30 Aug 2005
Posts: 6349
Location: Pacific Northwest, US
|
| Posted: Thu Feb 21, 2008 12:30 am Post subject: |
|
|
i think there is a thread about this in the scripts section. the /nodecompile flag and a password should be all you need.
even if you encrypt the exe, it will have to be decrypted to run at all anyway
_________________
Unless otherwise noted, all code is untested.
Common Answers: 1.(Loops, Viruses, etc.) 2. Search 3.RTFM |
|
| Back to top |
|
|
DeWild1
Joined: 30 Apr 2006
Posts: 156
Location: Shigle Springs
|
| Posted: Thu Feb 21, 2008 2:37 am Post subject: |
|
|
If you encrypt the exe, it makes it unusable. Kind of like if you try to digitally sign it, it craps out too. Chris said something about the bits  or bytes being changed screws up the script part of the compiled exe..
I don't know or remember, but it does not work with the encryption tools I tried nor the code signing.. You can however zip and make a self extracting file that can be modified via encryption-code signing and put your exe in that.
_________________
CPULOCK
virusSWAT
Guaranteed PC
911 PC FIX |
|
| Back to top |
|
|
SKAN
Joined: 26 Dec 2005
Posts: 5595
|
| Posted: Thu Feb 21, 2008 7:18 am Post subject: |
|
|
When the script is in memory, it is not very hard to retrieve the code with a debugger. A debugger writes to the process space of AHK to attach itself.
If this can be detected by a running script, it would be possible for it to kill the debugger as well as quit self.
Here is some ASM code that demonstrates it:
| Code: | ;
; KaKeeware is proud to present a small piece of code that
; demonstrates how to block usermode debuggers from attaching
; to your process.
;
; Author: Adam Blaszczyk (c) 2005
; WWW: http://www.kakeeware.com
; e-mail: adam[]kakeeware[]com
;
; Feel free to use this source code in your applications, but remember
; that credits are always welcomed :-)
;
; ============================================================
.586
.MODEL FLAT,STDCALL
INCLUDE windows.inc
CR = 0Dh
LF = 0Ah
INV equ INVOKE
OFS equ OFFSET
BPTR equ BYTE PTR
WPTR equ WORD PTR
DPTR equ DWORD PTR
MOM MACRO t:REQ, s:REQ
push DPTR s
pop t
ENDM
INCLUDEX MACRO plik:REQ
include plik.inc
includelib plik.lib
ENDM
INCX MACRO mods:VARARG
FOR c,<mods>
INCLUDEX c
ENDM
ENDM
INCX kernel32,user32
.data?
ddOldProtect dd ?
ptrDbgUiRemoteBreakin dd ?
.data
szNTDLL db 'ntdll.dll',NULL
szDbgUiRemoteBreakin db 'DbgUiRemoteBreakin',NULL
szAntiCaption db 'AntiAttach',NULL
szAntiTitleWarning db 'Gotcha! You are trying to attach debugger...',NULL
szAntiTitleInfo db 'Now... try to attach debugger to AntiAttach process.',NULL
.code
Start:
INV GetModuleHandle,OFS szNTDLL
INV GetProcAddress,eax,OFS szDbgUiRemoteBreakin
mov ptrDbgUiRemoteBreakin,eax
INV VirtualProtect,ptrDbgUiRemoteBreakin,1,PAGE_EXECUTE_READWRITE,OFS ddOldProtect
mov eax,ptrDbgUiRemoteBreakin
mov BPTR [eax+00],068h ; PUSH xxxxxxxx
mov DPTR [eax+01],MB_OK or MB_ICONEXCLAMATION ; PUSH MB_OK or MB_ICONEXCLAMATION
mov BPTR [eax+05],068h ; PUSH xxxxxxxx
mov DPTR [eax+06],OFS szAntiCaption ; PUSH OFS szAntiCaption
mov BPTR [eax+10],068h ; PUSH xxxxxxxx
mov DPTR [eax+11],OFS szAntiTitleWarning ; PUSH OFS szAntiTitle
mov BPTR [eax+15],068h ; PUSH xxxxxxxx
mov DPTR [eax+16],0 ; PUSH 0
mov BPTR [eax+20],0B8h ; mov eax,xxxxxxxx
mov DPTR [eax+21],OFS MessageBoxA ; mov eax,OFS MessageBoxA
mov WPTR [eax+26],0D0FFh ; call eax
mov BPTR [eax+28],0B8h ; mov eax,xxxxxxxx
mov DPTR [eax+29],OFS ExitProcess ; mov eax,OFS ExitProcess
mov WPTR [eax+33],0D0FFh ; call eax
INV MessageBoxA,0,OFS szAntiTitleInfo,OFS szAntiCaption,MB_OK
ret
END Start |
The compiled form of above code is available @ http://kakeeware.com/i_antiattach.php
It would be nice if any ASM coder can throw some light into this concept.
Last edited by SKAN on Thu Feb 28, 2008 1:16 pm; edited 2 times in total |
|
| Back to top |
|
|
DeWild1
Joined: 30 Apr 2006
Posts: 156
Location: Shigle Springs
|
|
| Back to top |
|
|
DeWild1
Joined: 30 Apr 2006
Posts: 156
Location: Shigle Springs
|
| Posted: Thu Feb 21, 2008 8:03 am Post subject: |
|
|
OK, the problem with you geniuses, IS, you never write s%$T in laymans terms so we can never learn to be super geniuses like you..
All kinds of include this or that... BUT NEVER a plug N play script that is beneficial to all and can help us to start thinking at a higher level..
P a PPPPaaaaa PA ppplease...  
Explain with a working example.
90% of the code was something that I will stare at, like a deer in headlights, but, HEY, I am trying...
_________________
CPULOCK
virusSWAT
Guaranteed PC
911 PC FIX |
|
| Back to top |
|
|
Raccoon
Joined: 02 Jan 2008
Posts: 64
|
| Posted: Thu Feb 21, 2008 9:25 am Post subject: |
|
|
Plug 'n Play has NEVER helped anyone think at a higher level.
"My plug's broken, fix it for me?" |
|
| Back to top |
|
|
DeWild1
Joined: 30 Apr 2006
Posts: 156
Location: Shigle Springs
|
| Posted: Thu Feb 21, 2008 9:54 am Post subject: |
|
|
well, I am a dissembler.. I take things apart just to understand them. A dyslexia of the learning process I guess. 
_________________
CPULOCK
virusSWAT
Guaranteed PC
911 PC FIX |
|
| Back to top |
|
|
Clash
Joined: 27 Jun 2006
Posts: 182
|
| Posted: Thu Feb 21, 2008 10:30 am Post subject: |
|
|
Hi SKAN,
The person that decompiled the script said something about debuggers. I'm not sure on how to use your script though, do i just run it alongside my script?
Thanks, Peter
_________________
|
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
