Decompiling

Ask for help, how to use AHK_H, etc.
yektohotua
Posts: 2
Joined: 25 May 2015, 15:47

Re: Decompiling

26 May 2015, 08:02

HotKeyIt wrote:You need to install VS 2010 too.
in fact I did, I just dont't know how to set the platform toolset, I can't find the configuration items:
Image
and these are the warning and error:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
warning LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library
Error LINK : fatal error LNK1123: failure during conversion to COFF: file invalid or corrupt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Could you give me some details about this information and how to deal with them?
thanks!
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

26 May 2015, 14:22

Unfortunately I have not got Visual Studio Community so can't test, can you try compiling AutoHotkey?

EDIT:
This one is not a problem warning LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library
With regards to the other error have a look here.
User avatar
Taurus
Posts: 94
Joined: 20 Jan 2015, 10:31

Re: Decompiling

28 Aug 2015, 07:08

Wow! Thats really awesome! Great Thx!

Two more wishes for that:

- Could you Rename ">AUTOHOTKEY SCRIPT<", "AUTOHOTKEY.DLL" and "AUTOHOTKEYMINI.DLL" to something that's hard to recognize? (e. system.dll, ...)
> It`s harder to get the source doe, if an attacker don't now, what language is used.

- Bug in your 1.1.22.4 Unicode 32Bit (others not testet) ahk2exe.exe: If i embed a file greater than 50 MB with Fileinstall, the compiler breaks. The compiler of ahk_L is working, but misses the powerful encryption. Could you please fix that?
:beard: Full Stack Developer > Dev for a better world | PHP for Web | AHK H for Local | with KISS (Keep IT Short and Simple) on Win 10 Pro (Version 2004) x64
User avatar
Taurus
Posts: 94
Joined: 20 Jan 2015, 10:31

Re: Decompiling

31 Aug 2015, 09:13

Ok, Bug solved: I used the same "FileInstall, test.exe, test.exe" two times. Now solved by using a gosub, label.


Anosther question: Is it possible to not compress the files from "Fileinstall"? I only would like to compress and encrypt the script.
:beard: Full Stack Developer > Dev for a better world | PHP for Web | AHK H for Local | with KISS (Keep IT Short and Simple) on Win 10 Pro (Version 2004) x64
User avatar
Taurus
Posts: 94
Joined: 20 Jan 2015, 10:31

Re: Decompiling

31 Aug 2015, 10:15

Ok, easy to change:

Open ahkdll-v1-release-master\Compiler\Compiler.ahk and insert on line 79:

Code: Select all

 - UseCompression = 0
Final result:

Code: Select all

...
	for each,file in ExtraFiles
	{
		UseCompression = 0
		
		SB_SetText("Adding: " file)
		StringUpper, resname, file
...
Now resources are not compressed any more. (e. Installer with included 7z sfx files, which are compressed before)

AHK_H ist really wonderful!
:beard: Full Stack Developer > Dev for a better world | PHP for Web | AHK H for Local | with KISS (Keep IT Short and Simple) on Win 10 Pro (Version 2004) x64
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

31 Aug 2015, 16:03

Taurus wrote:Two more wishes for that:

- Could you Rename ">AUTOHOTKEY SCRIPT<", "AUTOHOTKEY.DLL" and "AUTOHOTKEYMINI.DLL" to something that's hard to recognize? (e. system.dll, ...)
> It`s harder to get the source doe, if an attacker don't now, what language is used.

- Bug in your 1.1.22.4 Unicode 32Bit (others not testet) ahk2exe.exe: If i embed a file greater than 50 MB with Fileinstall, the compiler breaks. The compiler of ahk_L is working, but misses the powerful encryption. Could you please fix that?
I like the idea, so I implemented it for v1.1 and v2.0 as well as Compiler.
It is now a GUID number instead of >AUTOHOTKEY SCRIPT<, same for AutoHotkey[MINI].dll and WINAPI.
The bug for FileInstall is fixed as well, now UnZipRawMemory requires size parameter, see UnZipRawMemory.
User avatar
Taurus
Posts: 94
Joined: 20 Jan 2015, 10:31

Re: Decompiling

02 Sep 2015, 09:38

Wow, thats really great. I just tried it out and it's working perfect. Thank you! :thumbup:
:beard: Full Stack Developer > Dev for a better world | PHP for Web | AHK H for Local | with KISS (Keep IT Short and Simple) on Win 10 Pro (Version 2004) x64
User avatar
Soft
Posts: 174
Joined: 07 Jan 2015, 13:18
Location: Seoul
Contact:

Re: Decompiling

09 Sep 2015, 16:14

HotKeyIt wrote:I like the idea,.....
Hotkeyit, cant we use 3rd party packer on AHK H?
I downloaded the latest H version, compiled without mpress. and packed with ASPACK.
But, file is not working. There's no response when I run the file.

Autohotkey L worked fine, is there a problem?
AutoHotkey & AutoHotkey_H v1.1.22.07
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

10 Sep 2015, 12:25

I have no idea why it does not work, you will need to ask them for support.
User avatar
Taurus
Posts: 94
Joined: 20 Jan 2015, 10:31

Re: Decompiling

11 Sep 2015, 04:37

Hi, i did the same test for packing. Packers can make the files corrupt. Mpresss is not working with delphi-files very well, so i am not able to use it.

Best compression and reliability can be achieved with:

http://upx.sourceforge.net/

Just use this command at the Compiler-Script (i created some "Create"-Scripts to do that for me):

RunWait, ..\UPC_Exe_Compressor\upx.exe --best "%AHK_Datei%.exe"

But be aware:
- Packers have problems with big files (>50 MB)
- Packed exe files get more attention from Anti-Virus & Security-Systems (important if deployed to customers)
:beard: Full Stack Developer > Dev for a better world | PHP for Web | AHK H for Local | with KISS (Keep IT Short and Simple) on Win 10 Pro (Version 2004) x64
User avatar
Soft
Posts: 174
Joined: 07 Jan 2015, 13:18
Location: Seoul
Contact:

Re: Decompiling

11 Sep 2015, 10:36

Taurus wrote:Hi,....
thanks for letting me know.
so sad I can't pack using other packers T.T
AutoHotkey & AutoHotkey_H v1.1.22.07
User avatar
Taurus
Posts: 94
Joined: 20 Jan 2015, 10:31

Re: Decompiling

17 Sep 2015, 05:15

@HotKeyIt: May i ask you to create a /MT compiled ahk h?

At the moment i am using ahk L to deploy a software together with the msvcr100.dll and ahk h to run the programs.
It would be great, if the installer is also source code protected and i only need ahk h for everything, because ahk h is definitely the better ahk.
In my opinion, you don't need the ansi-version anymore, because there won't be any in ahk v2. That could spare some time.
:beard: Full Stack Developer > Dev for a better world | PHP for Web | AHK H for Local | with KISS (Keep IT Short and Simple) on Win 10 Pro (Version 2004) x64
mobius

Re: Decompiling

16 Nov 2015, 08:02

Excellent work HotKeyIt 8-)

To those that don't wish to recompile the builder to change the password simply patch the static string in the standalone builder (a temporary version ofc)

Limitation of this however is that the new password must be of equal or lesser length than the hardcoded password but still doable.

Vlad
guest3456
Posts: 3453
Joined: 09 Oct 2013, 10:31

Re: Decompiling

16 Nov 2015, 14:26

mobius wrote: To those that don't wish to recompile the builder to change the password simply patch the static string in the standalone builder (a temporary version ofc)

Limitation of this however is that the new password must be of equal or lesser length than the hardcoded password but still doable.

Vlad
how do we 'patch' it? what do you mean by that?

i tried opening win32w\AutoHotkeySC.bin file with hexeditor and searching for "AutoHotkey" which is the pw that HotKeyIt said, but I only found 3 occurances and none looked right

Mobius
Posts: 5
Joined: 16 Nov 2015, 08:41

Re: Decompiling

16 Nov 2015, 16:18

guest3456 wrote:
mobius wrote: To those that don't wish to recompile the builder to change the password simply patch the static string in the standalone builder (a temporary version ofc)

Limitation of this however is that the new password must be of equal or lesser length than the hardcoded password but still doable.

Vlad
how do we 'patch' it? what do you mean by that?

i tried opening win32w\AutoHotkeySC.bin file with hexeditor and searching for "AutoHotkey" which is the pw that HotKeyIt said, but I only found 3 occurances and none looked right
What I meant by patching is a byte for byte replacement of a hardcoded string within the binary, so your hex editor was indeed the right tool for the task, don't have a hex editor on my phone so can't tell you to look for an ansi or unicode string.

It is my understanding that the builder itself is written in ahk so it is AutoHotkey.exe (optionally after renaming it to ahk2exe) that you need to patch not AutoHotkeySC.bin (It might well be hardcoded within the interpreter also).

I will have a better look after I finish work
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

16 Nov 2015, 16:43

Afaik you can't simply change that, it is not a static string that is assigned.


EDIT:
Taurus wrote:@HotKeyIt: May i ask you to create a /MT compiled ahk h?
Sorry Taurus but you will have to compile it yourself because /MT version might not be compatible with many other functions/scripts and would just cause problems.
Mobius
Posts: 5
Joined: 16 Nov 2015, 08:41

Re: Decompiling

16 Nov 2015, 16:53

HotKeyIt wrote:Afaik you can't simply change that, it is not a static string that is assigned.
My bad then.

Afaik? You don't know? Didn't you say to users that recompilation after changing the password string is necessary, so what happens to that string during the vs 2010 build process, it must still exist statically for reference purposes?

Or perhaps not, maybe I have jumped the gun a little. ;)

If I may be so bold, are any of the algorithmic components part of the true compile (by that I mean vc 2010 not ahk) or are these components written in ahk?
HotKeyIt
Posts: 2364
Joined: 29 Sep 2013, 18:35
Contact:

Re: Decompiling

16 Nov 2015, 17:33

I don't know a simple way.
As said, it is not a string but individual characters assigned to variables.
You could probably locate them when there were no optimization options for compiler but I have no idea what compiler does when it optimizes code and I am quite sure it is not simple to find them, but who knows.

EDIT:
There are no algorithmic components, script is zipped using LiteZip (AHK_H uses parts of LiteUnzip to unzip the data) and encrypted using Crypt API.
guest3456
Posts: 3453
Joined: 09 Oct 2013, 10:31

Re: Decompiling

16 Nov 2015, 17:44

@HotKeyIt

there are two separate files:

script.cpp
https://github.com/HotKeyIt/ahkdll/blob ... t.cpp#L675

and source/script.cpp,
https://github.com/HotKeyIt/ahkdll/blob ... t.cpp#L677

both containing the g_default_pwd

whats the difference between these two files?


Return to “Ask for Help”

Who is online

Users browsing this forum: No registered users and 18 guests