Sign in to follow this  
Followers 0
Nagumo

question about how autoit compiled exe's load

3 posts in this topic

First off I would like to show my thanks to the guys who work on AutoIt. Many thanks.

Now to my question. I was looking at the structure of compiled au3 exe files and found that they all contain the a3x code inside of them. If I strip off the a3x code from 2 compiled aut2exe files they are exactly identical so my question is this.

How does the compiled exe load into memory? does it read the a3x overlay inside the compiled exe and execute that? or does it load that first into memory then execute it from the memory itself?

Cause I was considering encrypting the a3x overlay inside the exe then using a loader I will decrypt the a3x loaded into a memory before the compiled exe can use it.

Hope I thats not too confusing to understand.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

If you compile au3 without UPX, and open exe in HEX editor you will see that it starts such as Autoit.exe, but with few modified bytes, which, probably, are responsible for a path, and then .au3 exes reads data from itself(tested with FileMon)..

Edited by Godless

_____________________________________________________________________________

Share this post


Link to post
Share on other sites

I see, so it reads the exe file again to get the a3x attached to it for execution. hmm will have to rethink how the loader should work if that is how it runs.

I am trying to figure out a way to encrypt the a3x attached part of the compiled exe then when the system loads it up the program waits for the a3x part to be read it decrypts it while being loaded.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0