Re: Upcoming Ahk2Exe Changes (2019)
Posted: 31 Oct 2019, 09:19
@lexikos Is the uppercase crucial or can that be changed without issue?
Let's help each other out
https://www.autohotkey.com/boards/
Interesting point...hadn't thought of that.gregster wrote:so, heuristically your exe might look more risky than others to them, right from the start
Good call! I tried it with one of my real programs...no problem! Went through the same procedure with the same code as I had used in HelloWorld...no detection this time.Drugwash wrote:However, variations on "Hello world" may well be on the black list; have you tried other more sensible names in the Manifest?
I do submit my Setup.exe files to VT and recently submitted a false-positive report to one of the A-V products that VT flagged. I was stunned to get the following reply:Drugwash wrote:You may submit your exes to VirusTotal for analysis
Hello and thank you for submitting. Your case 12345 has been closed. The submitted content was confirmed to be a false positive and will be fixed in an upcoming definition update.
Yes, I put a section in all my user guides/manuals called "Anti-Virus/Anti-Malware False Positives". I mention VirusTotal in the section and even have a couple of quotes from them, including this beauty: "False positive detections are common in the antivirus industry. They occur when a benign program is wrongfully flagged as malicious due to an overly broad detection signature or algorithm used in an antivirus product." Even so, it still spooks a lot of users...besides, who reads the doc?Drugwash wrote:also mention that option in a ReadMe file and/or other places related to the distribution of your exes
Yes, found that out during my first test with a real program...used upper and lower case...no joy...but I'm fine with all upper case.lexikos wrote:I think that resource names with lower-case letters don't work (maybe for specific APIs or situations?).
I tried a null-terminated string, but the compiled exe couldn’t find the embedded script, whereas space-filling to the original size worked.
Interesting idea! I had been unaware of the -d option on UPX until you mentioned it earlier in this thread. Would be very nice if it weren't so easy to de-compress a UPX.I’ve found another use for BinMod; to alter a UPX compressed .exe so that it can’t be de-compressed with UPX -d.
Yes, I mentioned that, because when I experimented with UPX, RH showed only Group 159 in the EXE, and after creating a shortcut to the EXE and doing Properties>Change Icon on the shortcut, it said that the file contains no icons. lexikos then pointed out that it's due to the compression of resources, which occurs along with the compression of the script text. At that point, I mentioned that I decided to stick with MPRESS, which was working well with AddResource (for the icons) in Beta_7. I've gone back and forth over the years with MPRESS versus UPX, but lately (since UPX v3.95, 26-Aug-2018) have had fewer false positives with MPRESS. Would certainly be happy to give UPX another try if you can prevent -d from de-compressing. Thanks, JoeI also wish to add the UPX parameter to stop it compressing the icons. This was a request of yours, joe?
i've been submitting my setup.exe's to AV vendors for years, and it usually works, they update their definitions. the problem is, they only seem to whitelist an individual file, instead of doing some actual research and figuring out the heuristic. that means with each new setup.exe version, i had to re-submit it againJoeWinograd wrote: ↑31 Oct 2019, 13:06I do submit my Setup.exe files to VT and recently submitted a false-positive report to one of the A-V products that VT flagged. I was stunned to get the following reply:Hello and thank you for submitting. Your case 12345 has been closed. The submitted content was confirmed to be a false positive and will be fixed in an upcoming definition update.
Good to know...I was wondering about that. I update my software fairly often (most of my programs have a Check for Update menu pick), so having to submit each updated Setup.exe file is a real pain, but I'll certainly do it.guest3456 wrote:the problem is, they only seem to whitelist an individual file
Thanks for that link! I was unaware of the ability to submit false positives to multiple A-V Vendors at once...very nice!guest3456 wrote:i typically used this page
i saw that thread. it is concerning to me too, because i was planning on migrating my software to AHK_H soon (i currently still use AHK Basic so that i can protect my source with the HotkeyCamo compiler).JoeWinograd wrote: ↑01 Nov 2019, 12:44Btw, I wasn't ignoring your earlier suggestion about AutoHotkey_H. I downloaded it to try, but ran into problems with both MBAM and MSE (see attached files). I was thinking about whitelisting it, but got very concerned about moving forward with it when I saw this post:
https://www.autohotkey.com/boards/viewtopic.php?f=65&t=68608#p295278
I'm fine with explaining away to my users 2 or 3 false positives out of 60+ vendors, but 22 makes it a whole different ballgame (and I create a 32-bit version of all my programs). So, I decided not to pursue AutoHotkey_H further, combined with the fact that the main AutoHotkey branch with TAC109's Ahk2Exe (and MPRESS) is working well now. Regards, Joe
Congrats!TAC109 wrote: I've managed to beat GitHub into submission!
URL Expander is your friend for this (and clean, according to URLVoid). Using that, the long URL is:Drugwash wrote:I wanna see clearly where I'm being sent before getting there.
Very clever! I never heard of HotkeyCamo. I just went through all 13 pages at this HotkeyCamo thread on the archived forums. I see that yours was the last post there...four years ago! Is there a more recent thread about it? Thanks, Joeguest3456 wrote:an alternative i used for one project was to distribute an AHK Basic wrapper program to my users (protected with HotkeyCamo), which sole purpose was to download an encrypted script txt file from my server, and then i would run that script through ahk.dll - that way i got _L/_H functionality through the .dll, and the executable was just an AHK_Basic file.
Hmmm...what's the purpose of this?making compression a DLL in the GUI
Sorry...not unserstanding this, either.sorting out the destination field
nope, that thread from the old forums is the only one.. that compiler offered decent protected for AHK Basic scripts, much better than just the basic pwJoeWinograd wrote: ↑02 Nov 2019, 18:06Very clever! I never heard of HotkeyCamo. I just went through all 13 pages at this HotkeyCamo thread on the archived forums. I see that yours was the last post there...four years ago! Is there a more recent thread about it? Thanks, Joe
if you don't know what you're doing, you shouldn't be pushing directly to the repo. instead, you should fork into your own account, and then do pull requests from your fork back into the main repoTAC109 wrote: ↑02 Nov 2019, 19:18@joedf
Joe, I’ve created a fork of Ahk2Exe under TAC109 on GitHub and am editing via my pc to there. I’m having problems pulling to AutoHotkey/Ahk2Exe. I did one and it seems ok, but when I try to do the next it wants to include the first pull! Help!
(Can I message you directly somehow? I couldn’t see how to message on GitHub).
Got it. Problem is, DLL=dynamic link library. I would have had it with DDL. Yes, that was mine...much better than the tri-state checkbox, imo.DLL = dropdown list. ('Compress exe with' in the GUI.)
Ah, yes, the folder wasn't sticky...that was mine, too.some problems with the default destination shown when selecting a folder
here's what i suggest if you're using the git bash command line:TAC109 wrote: ↑02 Nov 2019, 19:18@joedf
Joe, I’ve created a fork of Ahk2Exe under TAC109 on GitHub and am editing via my pc to there. I’m having problems pulling to AutoHotkey/Ahk2Exe. I did one and it seems ok, but when I try to do the next it wants to include the first pull! Help!
(Can I message you directly somehow? I couldn’t see how to message on GitHub).
with this method, you wouldn't be using separate branches for new features, but rather keeping everything in master branch. so do this on your local machine: