gerwim Posted September 21, 2011 Posted September 21, 2011 (edited) Hi there, When using the obfuscator, my project is marked by 13 AV's as a virus (according to VirusTotal). When I'm not using it, it's only marked by 3 (which is OK, those AV's are not popular at all). However, using this my project can be decompiled quite easily (although -snipped- failed todo so, for some reason -- I don't know why though - something about detokenising). So, what are the alternatives? Are AutoIT scripts that easily decoded? Thanks in advance Edited September 21, 2011 by SmOke_N
Moderators Melba23 Posted September 21, 2011 Moderators Posted September 21, 2011 gerwim, You are treading on very dangerous ground here. Please read these 2 entries in the FAQ and then the Forum Rules. If you search the forum these very questions have been asked and answered many, many, many times. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area
gerwim Posted September 21, 2011 Author Posted September 21, 2011 Well I'm not asking on how-to decompile. I'm just having issues why obfuscating my code will mark it as a virus. I don't want to use that obfuscator, since I don't want my users to think it might possibly be a virus. Are there any other obfuscators (not the one in scite).?
Moderators Melba23 Posted September 21, 2011 Moderators Posted September 21, 2011 gerwin,I say again: If you search the forum these very questions have been asked and answered many, many, many timesThe Search box is at top right.M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area
gerwim Posted September 21, 2011 Author Posted September 21, 2011 Thank you for pointing me out where the search box is, however, there is still no post which says how this can be done, except the fact that that guy didn't obfuscate but saved his data in a encrypted dat file.
Moderators Melba23 Posted September 21, 2011 Moderators Posted September 21, 2011 gerwim,there is still no post which says how this can be doneThen you have your answer. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area
jvanegmond Posted September 21, 2011 Posted September 21, 2011 gerwim, the obfuscator has a few options. If you "tone it down" to use more simple obfuscation (only variable and function names changed), stripping comments, and compacting your code (removing double newlines), then I think you'll have less of a problem with AV marking your script. github.com/jvanegmond
water Posted September 21, 2011 Posted September 21, 2011 Or you might try to not use UPX to compress the code. In SciTE press Ctrl+F7 and then uncheck "Use UPX" on the AutoIt3 / Aut2Exe tab. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki
GEOSoft Posted September 21, 2011 Posted September 21, 2011 Or you could go the prefered route and just notify the AV companies that it's a false positive. That can be a pain in the arse to keep up with but eventually the companies involved do start to pay attention to the method they use to detect a virus in a compiled AI script. I should look at the next update to see what has been changed but the last time I looked they had 40 new AutoIt scripts within 2 months that were definitely a virus so I don't blame them for being a bit cautious nor do I want to see them relax the rules. Just checking a bit deeper is a better alternative although we will still be plagued with the occasional file being improperly flagged. George Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number. Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else. "Old age and treachery will always overcome youth and skill!"
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now