Jump to content

I found a security hole in the compiler

Guest

By Guest,
in AutoIt General Help and Support

 Share

Recommended Posts

iamtheky Universalist

iamtheky

Posted
Posted (edited)
even if i will do the trick with NotePad++ ?

 

 

but if you're already in notepad++ you can just scroll to the bottom and read, no need for the 'trick'

Edited by boththose 

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Link to comment
Share on other sites
  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

FireFox
FireFox

This answer will be extreme: If your code is well written, no AutoIt Error messagebox will ever show up.

jchd
jchd

This thread is a joke.

JohnOne
JohnOne

For reference >This UDF handles critical errors that do not involve a compiled having been altered. Still don't see a real need for what the OP wants though.

Guest

Guest

Posted
Posted

Because everyone enjoys doing this.

Try with another application and this one will also have an unexpected behavior.

but there is no way to change this root error massge to something like "my script Error" ?

Link to comment
Share on other sites
Edano Universalist

Edano

Posted
Posted

i tell you the story of a car navigation software i wrote in several languages, and an australian mailed me that the exe failed with an autoit error. i don't remember the exact error anymore, but it was because of a different keyboard layout and the code page, i could have never ever forseen that.

[color=rgb(255,0,0);][font="'comic sans ms', cursive;"]FukuLeaks[/color][/font]

Link to comment
Share on other sites
Guest

Guest

Posted
Posted (edited)

i tell you the story of a car navigation software i wrote in several languages, and an australian mailed me that the exe failed with an autoit error. i don't remember the exact error anymore, but it was because of a different keyboard layout and the code page, i could have never ever forseen that.

In addition to what Edano said, I think there is another way to get this root autoit error massage.

Imagine a case that a user downloaded the exe file but the exe file didn't fully downloaded.

in this case i think that this error massage will also show to the user.

Edited by Guest
Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

This thread is a joke.

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

Then noone here has a clue about what a security hole is.

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Then noone here has a clue about what a security hole is.

 

ok so it is not security hole if you say but it is still can be a problem..

 

Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted

Which problem exactly?

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
Guest

Guest

Posted
Posted (edited)

Which problem exactly?

 

reed for example Edano posts.

But maybe that's not a problem ..

Anyway, i do not really care about it.

Edited by Guest
Link to comment
Share on other sites
jchd Universalist

jchd

Posted
Posted (edited)

It's obvious that you (or someone else savvy enough) can detect which language was used as source, which version of which compiler and a large number of pointless such details.

Can this help in reverse-engineering software? Clearly.

What can be done against that? Zilch, nada, nothing useful.

Do you care? You say not at all.

Is this a problem? No.

Is this thread a joke? Yes.

Edited by jchd

This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

Every single compiled AU3 script has this at the end of it "AU3!EA06" (or a minor variation of it depending upon version of the Au2Exe compiler). The only ones that don't have been compressed with UPX, and that's no protection at all.

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
Bert Universalist

Bert

Posted
Posted

I read the entire thread and this seems to me this "problem" is on the same level as this:

There is a person who has got a great big lawn and somebody who walks down the street (doesn't even live in the neighborhood) is complaining to anyone who will listen MONTHS LATER about one blade of grass that is not turned the right direction when they look at the lawn in the afternoon on a Tuesday (May 14th) @ exactly 3:42Pm.

:blink:

The Vollatran project

 

My blog: http://www.vollysinterestingshit.com/

Link to comment
Share on other sites
orbs Universalist

orbs

Posted
Posted

what i read from the OP means a slightly different story then YogiBear suggests:

a guy walks into a cafe, orders some coffee with brown sugar. the waiter goes away, then suddenly an unfamiliar person is shouting at the guy: "HEY! GET LOST! THERE IS NO BROWN SUGAR!". the guy's girlfriend panics, the guy gets mad and punches the cafe owner in the nose.

now, if the shouting person would wear the cafe waiters uniform, and avoid shouting...

the cafe uniform = the uniform of the place the guy knows he entered = the name of the application the user knows he launched.

the cafe owner who gets punched in the nose = the developer who gets users feedback

none of us wants to be in the cafe owner side; so i second the suggestion to replace "AutoIt" with the application name in such msgbox's.

now, that Oozlum bird is getting really really out of sight...

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites
JohnOne Universalist

JohnOne

Posted
Posted

If the error message were to appear to come from user script name, It would be less than accurate.

I have no strong opinions about it really,  but I have not seen a single reason I would consider valid to make such a change.

Also think about this, if autoit interpreter cannot open user script, how exactly would it know the title of it?

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Link to comment
Share on other sites
orbs Universalist

orbs

Posted
Posted

if autoit interpreter cannot open user script, how exactly would it know the title of it?

 

au3 script has no "title", the intention is to use the exe file name.

 

I have not seen a single reason I would consider valid to make such a change.

 

reason 1: so the user knows from which application the error message is coming. if you have several exe's running, then providing the exe name is a good start for troubleshooting. and even more so if you have several compiled AutoIt exe's running.

reason 2: although this is far from being AutoIt fault, or relevant in anyway, and happily in decrease, the name resembles the autoit worm which swarmed the web few years back. you don't want to scare your users, do you?

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...