Jump to content

Search the Community

Showing results for tags 'pe file'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements and Site News
    • Administration
  • AutoIt v3
    • AutoIt Help and Support
    • AutoIt Technical Discussion
    • AutoIt Example Scripts
  • Scripting and Development
    • Developer General Discussion
    • Language Specific Discussion
  • IT Administration
    • Operating System Deployment
    • Windows Client
    • Windows Server
    • Office

Categories

  • AutoIt Team
    • Beta
    • MVP
  • AutoIt
    • Automation
    • Databases and web connections
    • Data compression
    • Encryption and hash
    • Games
    • GUI Additions
    • Hardware
    • Information gathering
    • Internet protocol suite
    • Maths
    • Media
    • PDF
    • Security
    • Social Media and other Website API
    • Windows
  • Scripting and Development
  • IT Administration
    • Operating System Deployment
    • Windows Client
    • Windows Server
    • Office

Categories

  • Forum FAQ
  • AutoIt

Calendars

  • Community Calendar

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Location


WWW


Interests

Found 2 results

  1. PE File Overlay Extraction (and Certificate info) Executable and other PE files can contain "overlays", which is data that is appended to the end of the file. This data can be important, such as setup packages, Authenticode signatures*, and overlays for AutoIt scripts. Or it could just be extra unneeded cruft (sometimes). Whatever the case is, I wanted to find a way to detect if this data was present. This project is actually a result of dealing with so-called 'File Optimizer' programs that would strip Overlay information from Executables (leaving compiled AutoIt scripts crippled!). An
  2. A3X Script Extract With newer versions of AutoIT (v3.3.10.0+), the compiled script is no longer appended to files as an overlay, and instead is embedded as a binary resource. This leads my previous AutoIt-script detection UDF lacking. However, since that UDF (>PE File Overlay Extraction) was targeted towards overlays in general, its still a worthwhile tool to have. This UDF on the other hand is pretty specific - it lets you detect and optionally extract A3X scripts from a compiled executable. The method is rather straightforward - it looks for a resource type of RT_RCDATA with a res
×
×
  • Create New...