AHK Compiler By DLG

Discuss other useful utilities, general computing tips & tricks, Internet resources, etc.
SOTE
Posts: 1426
Joined: 15 Jun 2015, 06:21

Re: AHK Compiler By DLG

Post by SOTE » 27 May 2020, 15:17

guest3456 wrote: the fact that he continues to refuse to share the code, says all that anybody needs to know.
I do think the criticism directed towards DLG about the colors of his GUI was a bit unfair, so I'm glad to see that he now provides user options. However, I reluctantly agree with you, that it becomes very concerning when code isn't shared. Unscrupulous types can do very bad things, like backdoors, keyloggers, etc... I'm presently researching some possible malware. I'm not saying that's the case here, but we all need to be conscious of what goes on these days. So it's a very good thing when a tool author is completely open with users, and open-sources their code. They can of course decide not to, but then it's probably best not to tell people about it. The middle ground between both possibilities can be quite shaky.

Even when the source is shared, it might do some odd, unexpected, or unwanted things. If the issue is unforseen, being open-source, the community can help fix or improve. As for an unwanted issue with software, here is an example. A while back, I discovered a tool in the Scripts and Functions forum that was sending back information to the author's selected IP. https://www.autohotkey.com/boards/viewtopic.php?f=6&t=52872&p=230755&hilit=spy. I believe the author was being sincere and was just trying to count users of his tool, after all at least he did open-source the tool, but it would have probably been best to inform users. Not all users are advanced or savvy about code, so they can miss such things.

As a community, we might also want to fight attempts (possibly started by users or authors of competing automation software), to wrongly pigeonhole AutoHotkey. As it is, we have ignorant AV companies wrongfully mislabeling our open-source scripting language. We might want to take care not to scare people or create unnecessary suspicion. In this case, we are talking about a compiler, that will be binding other code to a user's script. It's not a product in isolation or only representing the author, it's a product that indirectly represents AutoHotkey, because (as a compiler) it would be interacting with scripts users create and then possibly give to others. Probably best if there were no surprises. It is of course everyone's individual choice as to what they want to do with their creations, just providing food for thought.

BoBo
Posts: 6564
Joined: 13 May 2014, 17:15

Re: AHK Compiler By DLG

Post by BoBo » 28 May 2020, 00:56

@SOTE Would love to see a separate thread that is showing/providing an open source tool that is parsing an AHK script only to create a report of the (most obvious) lines/commands that would bare a potential risk. Not sure if this is feasable, or will end up as an annoying toy that spits out false positives "en masse"?? :shifty: :think: :?:

TAC109
Posts: 1096
Joined: 02 Oct 2013, 19:41
Location: New Zealand

Re: AHK Compiler By DLG

Post by TAC109 » 28 May 2020, 04:56

From what I’ve seen of the screen shots, this 'Compiler’ is just a highly encapsulated copy of the code @fincs and I have been working on, available here. As the source of the DLG version has not been released I would be suspicious of running it myself. We don’t know what else might have been included behind the flashy exterior.
My scripts:-
XRef - Produces Cross Reference lists for scripts
ReClip - A Text Reformatting and Clip Management utility
ScriptGuard - Protects Compiled Scripts from Decompilation
I also maintain Ahk2Exe

SOTE
Posts: 1426
Joined: 15 Jun 2015, 06:21

Re: AHK Compiler By DLG

Post by SOTE » 28 May 2020, 05:23

BoBo wrote: ...an open source tool that is parsing an AHK script...
I don't think such a tool is necessary (other than what is already out there and people's eyes), because I have seen the detailed reports of real Anti-Virus researchers accessing the source and breaking down AutoHotkey scripts line by line (add AutoIt, VBScript, C#, Python, etc... to the list), showing exactly what each bit of code does. I make the distinction between "real" researchers, as oppose to the low level or lazy Anti-Virus companies that seem to get/import their signatures from 3rd party sources, and with little checking.

Anyway, those real researchers are high level programmer types that know what they are doing and seeing. AutoHotkey is an interpreted language, so they are usually going to have an easier time of figuring things out than with other forms of malware in other programming languages. I also think if they were to have any questions, they can e-mail the AutoHotkey Foundation or Lexikos directly.

In this case, I'm of the opinion that an alternative compiler for the AutoHotkey community and open-source scripting language would arguably be better off with the source code being provided, so that there are no questions or suspicions about it. An AutoHotkey "compiler", by its very nature, is involved in binding code that will possibly be distributed/used by many others. It's an obvious question, that people would want to know what code is being combined with their scripts or if there is anything odd in the compiler they are using.

User avatar
cyruz
Posts: 345
Joined: 30 Sep 2013, 13:31

Re: AHK Compiler By DLG

Post by cyruz » 17 Jul 2020, 22:32

SOTE wrote:
28 May 2020, 05:23
An AutoHotkey "compiler", by its very nature, is involved in binding code that will possibly be distributed/used by many others. It's an obvious question, that people would want to know what code is being combined with their scripts or if there is anything odd in the compiler they are using.

This. It's a compiler, without source there is no certainty of what we are releasing if we use it. Without even mentioning the potential legal risk of releasing something that spreads malwares around... I would remove the link straight-away.

I want to add that being a melancholic programmer I feel that the flashy GUI has a retro 90'sh style that fits well the type of program :D
ABCza on the old forum.
My GitHub.

ahk7
Posts: 572
Joined: 06 Nov 2013, 16:35

Re: AHK Compiler By DLG

Post by ahk7 » 18 Jul 2020, 04:15

BoBo wrote:
28 May 2020, 00:56
Would love to see a separate thread that is showing/providing an open source tool that is parsing an AHK script only to create a report of the (most obvious) lines/commands that would bare a potential risk.
@tidbit had a go at it here https://autohotkey.com/board/topic/88437-possibly-a-hero-scan-a-script-for/

toralf
Posts: 868
Joined: 27 Apr 2014, 21:08
Location: Germany

Re: AHK Compiler By DLG

Post by toralf » 18 Jul 2020, 12:10

That thread does not contain the code. Do you have acolytes of it
ciao
toralf

ahk7
Posts: 572
Joined: 06 Nov 2013, 16:35

Re: AHK Compiler By DLG

Post by ahk7 » 19 Jul 2020, 02:46

I don't but tidbit is still around so he may have a copy if he sees this... @tidbit

User avatar
tidbit
Posts: 1272
Joined: 29 Sep 2013, 17:15
Location: USA

Re: AHK Compiler By DLG

Post by tidbit » 19 Jul 2020, 11:19

WHAT
oh, Hello.

I do still have it, I've even made a version for a certain someone to include in one of his large projects, but that has yet to be implemented (I think)
So until then, here she be: https://pastebin.com/raw/Wt80FV5F
rawr. fear me.
*poke*
Is it December 21, 2012 yet?

burque505
Posts: 1731
Joined: 22 Jan 2017, 19:37

Re: AHK Compiler By DLG

Post by burque505 » 19 Jul 2020, 11:29

Thank you very much, @tidbit! I added the following at the top of the script so drag and drop would work for me on Win7 64-bit, I imagine some won't need it.
Spoiler
Regarding the OP, here's what your script shows for AHK_Compiler.exe:

Code: Select all

This file:
Hooray! This file does nothing to worry about. :)
Regards,
burque505

User avatar
tidbit
Posts: 1272
Joined: 29 Sep 2013, 17:15
Location: USA

Re: AHK Compiler By DLG

Post by tidbit » 19 Jul 2020, 20:44

win10 64bit with the 'allow drag and drop' option enabled from the installer works for me. On the .ahk file and on the GUI.

But glad you got that for anyone with an issue
rawr. fear me.
*poke*
Is it December 21, 2012 yet?

swagfag
Posts: 6222
Joined: 11 Jan 2017, 17:59

Re: AHK Compiler By DLG

Post by swagfag » 18 Aug 2020, 13:27

i could have sworn there used to be a post here earlier today :think:
anyhow, care to explain what specifically about an ahk upx compiler merits releasing it as a closed source obfuscated winforms-type app? it cant be the gaudy visuals, so why the secrecy?
Samantha wrote:
11 Apr 2020, 15:27
@burque505 Honestly, it worries me a little, it is when it[the code] will be posted and it will be tested by the same committee against the colors of the rainbows, and they will find some bugs and imperfections in the functioning of the app, they will devour me alive ... :lol: :o :salute: .
i aint buying this for a second and neither should anyone. what are u trying to hide?
Samantha wrote:
11 Apr 2020, 03:44
But thanks to your feedback, if anyone here would have been really interested in the functionality and implementations of the application, and not by the design and the rainbow colors "that are so useful in this period of global pandemic" is forced to no longer be able to use its true potential of the app. :|
judging by the looks of this thread, there are a lot of people "interested in the functionality and implementations of the application". u dont appear to be one of them, though
is forced to no longer be able to use its true potential of the app. :|
for all i care the "true potential of the app" is exercised as soon as the user doubleclicks compiler.exe. thanks but no thanks
tldr

SOTE
Posts: 1426
Joined: 15 Jun 2015, 06:21

Re: AHK Compiler By DLG

Post by SOTE » 18 Aug 2020, 19:51

swagfag wrote:
18 Aug 2020, 13:27
i could have sworn there used to be a post here earlier today :think:
anyhow, care to explain what specifically about an ahk upx compiler merits releasing it as a closed source obfuscated winforms-type app? it cant be the gaudy visuals, so why the secrecy?
LOL, sorry about that. Failed to notice there was already a link to SourceForge by the author. :oops:

However, speaking of SourceForge, it does seem problematic that people searching for AutoHotkey on there might assume that the AHK Compiler by DLG is official or preferred. It doesn't clearly identify itself as unofficial. For the majority of AHK users, they probably know to only go for official downloads from this website or GitHub, then possibly open-source downloads. But, I can see a few getting caught off guard that haven't heard about AutoHotkey and happened to just find downloads on SourceForge, or are more casual/younger computer users looking for software to play with.

It's one of those tough and tricky situations, because of course the author has the right to release their software in the form that they want, just as we have the right to say something about it or that something is strange about such a closed-source compiler.

Post Reply

Return to “Other Utilities & Resources”