Sign in to follow this  
Followers 0
MattH

How can I compile without encrypting the exe

18 posts in this topic

AutoIt3Wrapper automatically encrypts the compiled exe. The McAfee virus scan at my work spends about 30 seconds per file any time I view or copy or move one of these encrypted files. Is there a way to compile the au3 code without it being encrypted. Thanks in advance for your help.

Share this post


Link to post
Share on other sites



I'm sorry for my ignorance, but UPX does encryption, too? I thought it only compressed the file. In the AutoIt Help, it states that "the compiled script is compressed and encrypted".

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

I'm sorry for my ignorance, but UPX does encryption, too? I thought it only compressed the file. In the AutoIt Help, it states that "the compiled script is compressed and encrypted".

Correct. UPX compresses the resource header but sometimes leads to false positives.

So, what exactly are you after, because that is about the only thing you can do different.

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Thank you for your help. I'll give the no compression a try and see if that improves the McAfee scan time.

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

I'm sorry for my ignorance, but UPX does encryption, too? I thought it only compressed the file. In the AutoIt Help, it states that "the compiled script is compressed and encrypted".

Correct. UPX compresses the resource header but sometimes leads to false positives.

So, what exactly are you after, because that is about the only thing you can do different.

To clarify, does AutoIt's compiler encrypt the source code whether or not UPX is enabled? I have read through many threads on this topic and reviewed the FAQ and help file. I can't find anything that clearly states this.

I ask because I'm trying to automate the modifcation of resource fields while compiling several hundred scripts. I can achieve what I want with the #AutoIt3Wrapper_Run_After directive, but only if UPX is disabled. Some of these scripts contain product keys, proprietary code, etc. I understand there are ways to decompile/decrypt my code, but I don't want to reduce what security is already in place.

So does disabling UPX make it easier for someone to decompile and decrypt my code?

Edited by SeanMaloney

Share this post


Link to post
Share on other sites

It converts the script to bytecode and stores that in the exe. It's not normally in plain text in the exe itself.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

It converts the script to bytecode and stores that in the exe. It's not normally in plain text in the exe itself.

While I'm sure that is a fine answer, I don't know what bytecode is or how it compares to what people have been referring to as encrypted code.

I guess the most important question is: Does disabling UPX make it easier for someone to decompile and decrypt my code?

Share this post


Link to post
Share on other sites

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

Does disabling UPX make it easier for someone to decompile and decrypt my code?

UPX appears (to me) to introduce an additional layer of obfuscation. That in itself would make it harder to reverse engineer. I don't know if this is entirely correct (not knowing the details), but it sounds logical to me at least. Edited by czardas

Share this post


Link to post
Share on other sites

UPX neither helps nor hinders decompiling your script, in other words it has no effect on whether your script can be decompiled or not.

You could use the Obfuscator to help further hide some things in the script, but understand there's almost nothing you can do to prevent someone from finding out the information that you use in your script. Mobius has a script in the example scripts section that supposedly makes it much harder to get at your script, but even then it's not going to be 100% secure.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

UPX neither helps nor hinders decompiling your script, in other words it has no effect on whether your script can be decompiled or not.

Well I didn't expect a great deal of difference, and I'm not going to attempt to test this. Compression (+ encryption) is at least one additional layer of abstraction as I see it - perhaps not a very secure one in this case. Although I'm open to the suggestion that using UPX may make it easier to decompile, it does seem somewhat counter-intuitive. I would be very surprised if there was absolutely no difference whatsoever, if only in the time it takes.

Edit

It's good to know that UPX is not to be relied on for this purpose (I didn't really imagine it would be). :)

Edited by czardas

Share this post


Link to post
Share on other sites

Folks, All UPX does is compress the PE header in the program and doesn't add any encryption/security what so ever since "UPX /d" reverts the process.

Jos :)


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

Haha. It's an extra step though! Thanks Jos for the enlightenment. :)

Edited by czardas

Share this post


Link to post
Share on other sites

BrewManNH,

autoit does not use bytecode. it simply stores the tokenised script in the EXE, with the parsing done it runtime. the only exception is wierd things like fileinstall(), i have no idea how they work.

fyi:

bytecode - a series of stateless instructions for a virtual machine. sometimes given structures or headers. the key feature is that no parsing is required for execution.

tokens - a linear array of critical elements of the script. a lot of work is still required at runtime for execution.

1 person likes this

ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search

Share this post


Link to post
Share on other sites

According to several posts I've read, it's been converted to bytecode by Aut2Exe since 3.2.6.0.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

brewman,

3.2.6.0 introduced tokenisation into the compilation process. i know people have said its bytecode but its not, there is a very clear difference. the difference is wether you do parsing at compile or runtime.

sorry for being pedantic.


ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search

Share this post


Link to post
Share on other sites

I was a little confused (by Jos' responce to MattH's question in post No 4) when I replied earlier; which is why I expressed some caution in what I said. I just wanted to know the answer to SeanMaloney's question in post No 8. Now I know the answer to that question at least.

:imwithstupid:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0