Sign in to follow this  
Followers 0
qwert

Proper approach for obfuscating Execute() statements?

10 posts in this topic

Running Obfuscator, I receive four errors of the form:

Found Execute() statement which will lead to problems running your obfuscated script.

Warning for line: $Result = Execute ($Parameter)

Is there a viable workaround for this? For example, can my four statements be isolated with #Obfuscator Off/On?

Or is using Execute() a non-starter for obfuscation?

Thanks in advance for any guidance.

BTW, if anyone can explain what aspect of Execute() causes difficulties for Obfuscator, I'd like to understand this a little better.

(I'm running the latest release ... 7/3/11)

Share this post


Link to post
Share on other sites



My guess is because you can include variables within a string:

Global $gn_num = 18
Global $gn_execute = Execute("$gn_num + 2")
ConsoleWrite($gn_execute & @CRLF)

It becomes increasingly difficult to make sure that variable is changed as well.

Ideally when obfuscating you'd get something like:

Global $obfchar1 = "encoded string"; eg. upon decryption would be: "$obfchar2 + 2" where $gn_num was changed to the right var
Global $obfchar2 = 18
Global $obfchar3 = Execute(_somefunctoconvertstr($obfchar1))
ConsoleWrite($obfchar3 & @CRLF)

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Thanks for your response.

My guess is because you can include variables within a string.

Does this mean that an Execute() using a single parameter (that contains the actual string) is safe to use?

I guess I don't follow what the problem is ... and whether you're suggesting that there's a workaround.

Share this post


Link to post
Share on other sites

The problem is that you have to pull out the variables in order to obfuscate what's inside them properly ( to match what you've already obfuscated ).

Then you have to evaluate if it's even a variable.

I mean, "Execute" is a do all function, not the funnest thing for someone that writes an obfuscator to try and figure out every little nuance to make everyone happy.

.....

A solution? Yeah, don't use it.

Or if you need to use it, use it in an another exe that isn't obfuscated, pass the variable ( assume it's a string or an addition statement ) via command line, and wait for it to come back. ( or any other form of IPC ).


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Post an example snippet that shows what you need it for so we can see how it could be resolved for Obfuscator.

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Jos, what I provided as an example of the nightmare it causes was just one case.

Global $gn_num = 18
Global $gn_execute = Execute("$gn_num + 2")
ConsoleWrite($gn_execute & @CRLF)

Here's another:

Global $gs_data = "I am a string "
Global $gv_execute = Execute("_example1($gs_data, ""that you are now reading"")")
ConsoleWrite($gv_execute & @CRLF)

Func _example1($v_param1, $v_param2)
    Return $v_param1 & $v_param2
EndFunc

Here you have to obfuscate a variable and a function call properly.

However, you have to know it's a udf function call, because you can't obfuscate a standard one:

Global $gs_Body = "I am some body of text"
Global $gt_Body = DllStructCreate("char[" & StringLen($gs_Body) & "]")
Global $gs_Title = "I am a title"
Global $gt_Title = DllStructCreate("char[" & StringLen($gs_Title) & "]")
DllStructSetData($gt_Body, 1, $gs_Body)
DllStructSetData($gt_Title, 1, $gs_Title)
Global $gv_execute = Execute("DllCall(""user32.dll"", ""Int"", ""MessageBox"", ""hwnd"", 0, ""ptr"", DllStructGetPtr($gt_Body), ""ptr"", DllStructGetPtr($gt_Title), ""uint"", 4)")
ConsoleWrite($gv_execute[0] & @CRLF)

A lot of rules that would have to be created during the obfuscation process.

However, I'm sure you're well aware of the issues as you haven't created anything yet to take care of all the variant options that Execute provides for.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

I have to admit, my current usages are much simpler ... something like:

$Parameter = "(1.2 * 6) + 4"

Execute($Parameter)

IOW, $Parameter is a variable, but it does not contain any variables. I just need Execute to do the math.

The problem is that you have to pull out the variables in order to obfuscate what's inside them properly ( to match what you've already obfuscated ).

So does this statement mean that if there are no embedded variables that Obfuscator can handle the single call variable? ... which is only a pointer to a string.

Share this post


Link to post
Share on other sites

I checked again. I do have one statement that has an embedded variable. So (from my original question):

Can individual Execute() statements be isolated with #Obfuscator Off/On?

Do the associated variables need to be isolated as well?

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

There are several options as long as you understand what is happening.

In the example you posted things will work despite the warning since there are no variable in the Literal string.

So just ignore the Warning.

$Parameter = "(1.2 * 6) + 4"
ConsoleWrite(Execute($Parameter) & @CRLF)

In Case of a variable in a literal string like Smoke_N's first example you could tell Obfuscator to ignore that Variable from being Obfuscated like:

Global $gn_num = 18
Global $gn_execute = Execute("$gn_num + 2")
ConsoleWrite($gn_execute & @CRLF)

The example from Smoke_N with both variable's and Func can be handled like this:

#Obfuscator_Ignore_Variables=$gs_data
#Obfuscator_Ignore_Funcs=_example1
Global $gs_data = "I am a string "
Global $gv_execute = Execute('_example1($gs_data, "that you are now reading")')
ConsoleWrite($gv_execute & @CRLF)

Func _example1($v_param1, $v_param2)
    Return $v_param1 & $v_param2
EndFunc

I had to change the quotation because the current version of Obfuscator is getting mixed up here with the double quotes in the string. This is fixed in the current Beta. (Strange nobody reported this Bug yet :) )

The #Obfuscator_Off and #Obfuscator_On will stop Obfuscation totally for the lines between them so should only be used when that is wanted.

I cannot remember having ever a need for Execute() in any script I wrote. ;)

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions  - Beta files                                How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

Jos, I want to thank you for the detailed examples. I was able to work through each of my instances ... and learned a lot about obfuscation in the process. LOL, the one case that appreared most problematic was a function in a standard Include file ... and it was a function I wasn't even calling. I moved the ones I'm using into my script and dropped the reference to the Include.

Anyway, everything is now working 100%. And BTW, I'm only using Execute() to perform arithmetic on simple constructed "equations". I can see where that's probably rare.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0