Jump to content
Sign in to follow this  
TXTechie

AutoIt and Malware: Compile or just run scripts with AutoIt3.exe?

Recommended Posts

TXTechie

Hello Everyone!

Now that I've decided to begin using AutoIt as my standard template "wrapper" for deploying software and automating changes on computers within my work environment, I want to ask the community whether you think I should deploy my software packages as compiled executables, or should I just include the main AutoIt executables (AutoIt3.exe & AutoIt3_x64.exe) and then call the software package in my software deployment solution via the command-line (for example: AutoIt3.exe Flash-11.6.au3)?

The primary reason for this question is based on the AutoIt and Malware link on the AutoIt Wiki. While, AutoIt executables are not currently being flagged as false positives by our current Anti-Virus and Anti-Malware solution, I'm concerned about the potential scenario where a false positive occurring again at any time in the future (for any number of reasons) disabling all software deployments within our company because I've chose to use compiled AutoIt scripts for my standard deployment mechanism.

What are your thoughts?

Share this post


Link to post
Share on other sites
JLogan3o13

Hi, TXTechie. Besides AutoIt, what method of deployment are you using (Altiris, SCCM, A.D., etc.)? I always always always suggest you take the time to repackage applications into MSI format, as it gives you much more flexibility with the install. Beyond that, however, it really depends on the method of deployment.


√-1 2^3 ∑ π, and it was delicious!

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites
TXTechie

Hi JLogan3o13,

Well, I've been in Systems Management (software packaging and deployments) for 14+ years now and there are two primary methods for software packaging and deployments: 1) drive the installation using the native installer and 2) repackaging everything to Microsoft's Windows Installer (MSI) technology. I am in the 1) camp, so I create a script "wrapper" to drive the native installer (whether legacy or MSI) and then automate any other desired post-installation configurations as desired.

So, since I don't use Flexera Software's InstallShield tools - I've been deploying software using a script as a wrapper (currently VBScript, but I've decided to switch to AutoIt). This is why I'm asking the question.

My company uses CA Software Delivery as our software deployment solution (I have previously used Microsoft's SMS [now SCCM], Novell ZenWorks, what used to be called Marimba, but is now BMC BladeLogic Client Automation and Dell's KACE KBOX).

Share this post


Link to post
Share on other sites
abberration

If you have access to your company's antivirus software on the server level, you can whitelist the installation location of your software.

Also, I have found that compiling with options and unchecking UPX compression reduces false positives.

  • Like 1

RAID Calculator | Software Installer

The truth has been suppressed since the dawn of time.

Share this post


Link to post
Share on other sites
storme

My experience "in the wild" with home pcs and having to deal with multiple Antivirus products with multiple configurations is you can't trust them not to kill AutoIt programs.

As you (unlike I) have control of your environment,

Why not install "AutoIt3.exe" somewhere permanently on your computers.

Then associate "a3x" with "AutoIt3.exe".

That way you don't have to bundle AutoIt3 with everything, you avoid the possibility of false positives completely and the AutoIt program (a3x) isn't plain text visible.

Just my 2c worth.

John Morrison

  • Like 1

Share this post


Link to post
Share on other sites
TXTechie

abberration - The problem is the location of the deployed software will be different and growing, I don't want that management nightmare. I thought that I had read another post here in the forums stating that using any other setting except for the default UPX compression setting of Normal would change the file attributes of the default AutoIt compiled executable - is this true?

storme - Since I am also the person in control of the standard workstation clone image, I have thought about including the AutoIt3_x64.exe on our standard Win7 (64-bit) image build - if I go the route of just executing scripts (rather than compiling). However, the less than 1 MB size of each of the AutoIt executables is not a big deal. I don't really care about the visibility of my scripts (especially since I've been using VBScript files for years), but I like the idea of having less additional files by compiling to the a3x format (I had to look that up in the help file, as I was unfamiliar with that) in that it can incorporate all include and FIleInstall files. Plus, I have the added ability to make my scripts a little more secure from easily prying eyes - especially if I may include some more confidential info in some of my scripts in the future (I know that this is not really secure, but is just secure from those who aren't interested in really trying to hack the scripts). Thank you, very much, for the additional information, storme!

 

Does anyone think I should worry about this and just go ahead and use fully compiled scripts to executables for all of my deployments?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • TheDcoder
      By TheDcoder
      Hello Guys! I wanted to share all my knowledge on arrays! Hope may enjoy the article , Lets start!
      Declaring arrays!
      Declaring arrays is a little different than other variables: 
      ; Rules to follow while declaring arrays: ; ; Rule #1: You must have a declarative keyword like Dim/Global/Local before the declaration unless the array is assigned a value from a functions return (Ex: StringSplit) ; Rule #2: You must declare the number of dimensions but not necessarily the size of the dimension if you are gonna assign the values at the time of declaration. #include <Array.au3> Local $aEmptyArray[0] ; Creates an Array with 0 elements (aka an Empty Array). Local $aArrayWithData[1] = ["Data"] _ArrayDisplay($aEmptyArray) _ArrayDisplay($aArrayWithData) That's it
      Resizing Arrays
      Its easy! Just like declaring an empty array! ReDim is our friend here:
      #include <Array.au3> Local $aArrayWithData[1] = ["Data1"] ReDim $aArrayWithData[2] ; Change the number of elements in the array, I have added an extra element! $aArrayWithData[1] = "Data2" _ArrayDisplay($aArrayWithData) Just make sure that you don't use ReDim too often (especially don't use it in loops!), it can slow down you program.
      Best practice of using "Enum"
      You might be wondering what they might be... Do you know the Const keyword which you use after Global/Local keyword? Global/Local are declarative keywords which are used to declare variables, of course, you would know that already by now , If you check the documentation for Global/Local there is a optional parameter called Const which willl allow you to "create a constant rather than a variable"... Enum is similar to Const, it declares Integers (ONLY Integers):
      Global Enum $ZERO, $ONE, $TWO, $THREE, $FOUR, $FIVE, $SIX, $SEVEN, $EIGHT, $NINE ; And so on... ; $ZERO will evaluate to 0 ; $ONE will evaluate to 1 ; You get the idea :P ; Enum is very useful to declare Constants each containing a number (starting from 0) This script will demonstrate the usefulness and neatness of Enums :
      ; We will create an array which will contain details of the OS Global Enum $ARCH, $TYPE, $LANG, $VERSION, $BUILD, $SERVICE_PACK Global $aOS[6] = [@OSArch, @OSType, @OSLang, @OSVersion, @OSBuild, @OSServicePack] ; Now, if you want to access anything related to the OS, you would do this: ConsoleWrite(@CRLF) ConsoleWrite('+>' & "Architecture: " & $aOS[$ARCH] & @CRLF) ConsoleWrite('+>' & "Type: " & $aOS[$TYPE] & @CRLF) ConsoleWrite('+>' & "Langauge: " & $aOS[$LANG] & @CRLF) ConsoleWrite('+>' & "Version: " & $aOS[$VERSION] & @CRLF) ConsoleWrite('+>' & "Build: " & $aOS[$BUILD] & @CRLF) ConsoleWrite('+>' & "Service Pack: " & $aOS[$SERVICE_PACK] & @CRLF) ConsoleWrite(@CRLF) ; Isn't it cool? XD You can use this in your UDF(s) or Program(s), it will look very neat!
      Looping through an Array
      Looping through an array is very easy! . There are 2 ways to loop an array in AutoIt!
      Simple Way:
      ; This is a very basic way to loop through an array ; In this way we use a For...In...Next Loop! Global $aArray[2] = ["Foo", "Bar"] ; Create an array ; This loop will loop 2 times because our $aArray contains 2 elements. For $vElement In $aArray ; $vElement will contain the value of the elements in the $aArray... one element at a time. ConsoleWrite($vElement & @CRLF) ; Prints the element out to the console Next ; And that's it! Advanced Way:
      ; This is an advanced way to loop through an array ; In this way we use a For...To...Next Loop! Global $aArray[4] = ["Foo", "Bar", "Baz", "Quack"] ; Create an array ; This loop will loop 2 times because our $aArray contains 2 elements. For $i = 0 To UBound($aArray) - 1 ; $i is automatically created and is set to zero, UBound($aArray) returns the no. of elements in the $aArray. ConsoleWrite($aArray[$i] & @CRLF) ; Prints the element out to the console. Next ; This is the advanced way, we use $i to access the elements! ; With the advanced method you can also use the Step keyword to increase the offset in each "step" of the loop: ; This will only print every 2nd element starting from 0 ConsoleWrite(@CRLF & "Every 2nd element: " & @CRLF) For $i = 0 To UBound($aArray) - 1 Step 2 ConsoleWrite($aArray[$i] & @CRLF) Next ; This will print the elements in reverse order! ConsoleWrite(@CRLF & "In reverse: " & @CRLF) For $i = UBound($aArray) - 1 To 0 Step -1 ConsoleWrite($aArray[$i] & @CRLF) Next ; And that ends this section! For some reason, many people use the advance way more than the simple way . For more examples of loops see this post by @FrancescoDiMuro!
      Interpreting Multi-Dimensional Arrays
      Yeah, its the most brain squeezing problem for newbies, Imagining an 3D Array... I will explain it in a very simple way for ya, so stop straining you brain now! . This way will work for any array regardless of its dimensions...
      Ok, Lets start... You can imagine an array as a (data) mine of information:

      ; Note that: ; Dimension = Level (except the ground level :P) ; Element in a Dimension = Path ; Level 2 ----------\ ; Level 1 -------\ | ; Level 0 ----\ | | ; v v v Local $aArray[2][2][2] ; \-----/ ; | ; v ; Ground Level ; As you can see that $aArray is the Ground Level ; All the elements start after the ground level, i.e from level 0 ; Level 0 Contains 2 different paths ; Level 1 Contains 4 different paths ; Level 2 Contains 8 different paths ; When you want too fill some data in the data mine, ; You can do that like this: $aArray[0][0][0] = 1 $aArray[0][0][1] = 2 $aArray[0][1][0] = 3 $aArray[0][1][1] = 4 $aArray[1][0][0] = 5 $aArray[1][0][1] = 6 $aArray[1][1][0] = 7 $aArray[1][1][1] = 8 ; Don't get confused with the 0s & 1s, Its just tracing the path! ; Try to trace the path of a number with the help of the image! Its super easy! :D I hope you might have understand how an array looks, Mapping your way through is the key in Multi-Dimensional arrays, You take the help of notepad if you want! Don't be shy!
      Frequently Asked Questions (FAQs) & Their answers
      Q #1. What are Arrays?
      A. An Array is an datatype of an variable (AutoIt has many datatypes of variables like "strings", "integers" etc. Array is one of them). An Array can store information in a orderly manner. An Array consist of elements, each element can be considered as a variable (and yes, each element has its own datatype!). AutoIt can handle 16,777,216 elements in an Array, If you have an Array with 16,777,217 elements then AutoIt crashes.
      Q #2. Help! I get an error while declaring an Array!?
      A. You tried to declare an array like this:
      $aArray[1] = ["Data"] That is not the right way, Array is a special datatype, since its elements can be considered as individual variables you must have an declarative keyword like Dim/Global/Local before the declaration, So this would work:
      Local $aArray[1] = ["Data"] Q #3. How can I calculate the no. of elements in an array?
      A. The UBound function is your answer, Its what exactly does! If you have an multi-dimensional Array you can calculate the total no. of elements in that dimension by specifying the dimension in the second parameter of UBound
      Q #4. Why is my For...Next loop throwing an error while processing an Array?
      A.  You might have done something like this:
      #include <MsgBoxConstants.au3> Local $aArray[10] = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] Local $iMyNumber = 0 For $i = 0 To UBound($aArray) ; Concentrate here! $iMyNumber += $aArray[$i] Next MsgBox($MB_OK, "Sum of all Numbers!", $iMyNumber) Did you notice the mistake? UBound returns the no. of elements in an array with the index starting from 1! That's right, you need to remove 1 from the total no. of elements in order to process the array because the index of an array starts with 0! So append a simple - 1 to the statment:
      #include <MsgBoxConstants.au3> Local $aArray[10] = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] Local $iMyNumber = 0 For $i = 0 To UBound($aArray) - 1 $iMyNumber += $aArray[$i] Next MsgBox($MB_OK, "Sum of all Numbers!", $iMyNumber) Q #5. Can an Array contain an Array? How do I access an Array within an Array?
      A. Yes! It is possible that an Array can contain another Array! Here is an example of an Array within an Array:
      ; An Array can contain another Array in one of its elements ; Let me show you an example of what I mean ;) #include <Array.au3> Global $aArray[2] $aArray[0] = "Foo" Global $aChildArray[1] = ["Bar"] $aArray[1] = $aChildArray _ArrayDisplay($aArray) ; Did you see that!? The 2nd element is an {Array} :O ; But how do we access it??? ; You almost guessed it, like this: ; Just envolope the element which contains the {Array} (as shown in _ArrayDisplay) with brackets (or parentheses)! :D ConsoleWrite(($aArray[1])[0]) ; NOTE the brackets () around $aArray[1]!!! They are required or you would get an syntax error! ; So this: $aArray[1][0] wont work!  
      More FAQs coming soon!
    • simonc8
      By simonc8
      I have a script which executes sleep for a couple of hours then carries out instructions. Does the running AutoIt script prevent the computer from entering sleep mode during this time? If not, is there something I can add to the AutoIt script to keep the computer awake?
      Grateful for advice.
    • gahhon
      By gahhon
      Hi,
      I have a program that is read data from the .txt file, since the .txt file is only readable, viewable and editable for the admin user.
      But how could I lock it with password, or some other technique that can helps to achieve this?
      Thanks for the advanced information.
    • gahhon
      By gahhon
      Hi,
      How can I the trigger the another button functions without waiting the previous function to finish execute?
      Any advise?
      I couldn't find any relevant topics via google.
      Thanks a lot.
    • SharpDressedMan
      By SharpDressedMan
      Hi all,
      I need to use ControlMove() on some controls of a hidden GUI window.
      This works properly on a GUI window created with default style, but does not work on a GUI window created with style $WS_OVERLAPPEDWINDOW
      func GUItest($bOverlapped) $m = GUICreate("test", 200, 100, -1, -1, $bOverlapped ? $WS_OVERLAPPEDWINDOW : -1) $g = GUICtrlCreateButton("test", 0, 0) ControlMove($m, "", $g, 30, 30) GUISetState() endfunc GuiTest(false) ; button 'test' properly moved to (30,30) GuiTest(true) ; button 'test' not moved and still sitting at (0,0) Any reason for this unexpected behavior ?
      Any workaround to fix this ?
      Thanks for any help
×