Jump to content
Sign in to follow this  
storme

A3X on 64 bit systems ???

Recommended Posts

storme

G'day All

Just wondering what happens when you run an A3X on a 64 bit system.

I've checked through the registry and any A3X is run by the following command.

"C:Program Files (x86)AutoIt3AutoIt3.exe" "%1" %*

or

"C:\Program Files (x86)\AutoIt3\Beta\AutoIt3.exe" "%1" %*

I know that scripts run differently on 64 and 32 bit systems.

SO...

IF I compile a script for 64Bit but choose A3X output does it run as a 64Bit or 32Bit application?

Thanks for the info!

John

Share this post


Link to post
Share on other sites
MHz

An A3X file is the script with includes encoded into 1 file. There is no interpreter so no compile as X86 or compile as X64 involved. The interpreter that you choose to run the A3X file is what X?? is is going to run as. And as you show, the registry is set for X86 by default. It may be X64 if you chose X64 as default if you installed AutoIt which I would guess the installer does.

Q. So what happens when you run an A3X on a 64 bit system? A. The same as an AU3 by the same interpreter I would expect. The latter may not find the Std include folder if the interpreter is a compiled script that is not next to the Std include folder. :)

Share this post


Link to post
Share on other sites
storme

An A3X file is the script with includes encoded into 1 file. There is no interpreter so no compile as X86 or compile as X64 involved.

That is what I originally thought but there are differences between a X64 & X32 compiled A3X files.

Try compiling this script

#RequireAdmin
#region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile_type=a3x
#AutoIt3Wrapper_Outfile=test32.a3x
#AutoIt3Wrapper_Outfile_x64=test64.a3x
#AutoIt3Wrapper_UseUpx=n
#AutoIt3Wrapper_Compile_Both=y
#AutoIt3Wrapper_UseX64=y
#AutoIt3Wrapper_AU3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_Run_Tidy=y
#AutoIt3Wrapper_Run_Obfuscator=y
#Obfuscator_Parameters=/striponly
#endregion ;**** Directives created by AutoIt3Wrapper_GUI ****

MsgBox(0, "test", "High there")
Exit
then compare the 2 files with winmerge.

I'm assuming that these differences are related to X32 & X64 as there are no other changes and they are both compile at the same time.

 

The interpreter that you choose to run the A3X file is what X?? is is going to run as. And as you show, the registry is set for X86 by default. It may be X64 if you chose X64 as default if you installed AutoIt which I would guess the installer does.

What I was hoping is that the differences in the X64 A3X were used by AutoIT.exe to swap over to AutoIt3_x64.exe.

Wouldn't be that hard to implement, just detect the difference reload the file using the right interpreter OR throw and error if it's not found.

Anyway...

I was looking at changing to using A3X instead of EXE to avoid false positive virus detections. I just wanted to make sure that I wasn't going to hit a brick wall in future.

If AutoIT can't handle a X64 A3X file automatically then I'll have to put something together to look at the differences that will handle it.

Just have to check my assumptions with those that know. :)

 

Q. So what happens when you run an A3X on a 64 bit system? A. The same as an AU3 by the same interpreter I would expect.

And that is the problem. I've seen plenty of posts here that state for certain things (e.g. 64bit registry entries) you need to compile to 64Bit. So a A3X 64bit application couldn't be trusted across different systems.

Thanks for your feedback

John

Share this post


Link to post
Share on other sites
MHz

Compared with WinMerge and agree are different. Now, I also compiled the existing obfuscated file as 32 bit in Aut2Exe with same settings as 2 different named a3x files and they are different. So it appears that no 2 compiles are alike.

I remember you changing to a3x as to antivirus behavior and is good idea. Losing the interpreter is better then losing both the interpreter and the script combined.

There exists no switching interpreters that I know of except for au3 files with directives that AutoIt3Wrapper or other similar tools handle.

So, the problem as to what interpreter should run the A3X file. That is a good question. I only know of people using _x64 in the filename. Even an executable is unknown if it is x86 or x64. In the header of an executable is marked as x86 or x64 but the file properties window will tell you nothing. I tend to stick with x86 by default and disable redirection etc as needed. :mellow:

Share this post


Link to post
Share on other sites
storme

Compared with WinMerge and agree are different. Now, I also compiled the existing obfuscated file as 32 bit in Aut2Exe with same settings as 2 different named a3x files and they are different. So it appears that no 2 compiles are alike.

DAM! I never thought each compile would be different. I wonder what they are putting in there.

As you and I thought the A3X should only be the compiled AutoIT code what else is in there???

I remember you changing to a3x as to antivirus behavior and is good idea. Losing the interpreter is better then losing both the interpreter and the script combined.

I've been using an A3X for while now with a Bat file calling AutoIT with the program as a parameter. (God that's a mangled sentenance :()

Anyway so far the AutoIT.exe hasn't been touched by any AV so it looks like the exceptions have been entered for the main exe and it's safe. :)

There exists no switching interpreters that I know of except for au3 files with directives that AutoIt3Wrapper or other similar tools handle.

It'd be simple (and make sense) to add a byte or 2 at compile time to the A3X but as I'm not a DEV that is out of the question.

The other option would be to force the situation and add some piece of code that the switcher could use to ID the 64 Bit apps.

I have no idea (??Fileinstall maybe??), how that could be done but it is doable. :)

So, the problem as to what interpreter should run the A3X file. That is a good question. I only know of people using _x64 in the filename.

I thought of that then found the "differences" and "thought" I'd found the solution...sigh...

But yes that is the simplest solution. Then the switcher could change to X64 based on the file name.

Even an executable is unknown if it is x86 or x64. In the header of an executable is marked as x86 or x64 but the file properties window will tell you nothing. I tend to stick with x86 by default and disable redirection etc as needed. :mellow:

I usually (well Always) use x86 (sorry for the X32 references you knew what I meant :)).

I was just trying to make allowances for future necessity.

Share this post


Link to post
Share on other sites
MHz

You may find that the difference between each a3x might be the encryption key amongst other things. And perhaps it is more fun to add a Msgbox which tells you, "No dummy. Run me as x64. Do you want to restart now?" :doh:.

Share this post


Link to post
Share on other sites
storme

You may find that the difference between each a3x might be the encryption key amongst other things. And perhaps it is more fun to add a Msgbox which tells you, "No dummy. Run me as x64. Do you want to restart now?" :doh:.

OK now I'll sound stupid(er) :)

How can the script tell if it's being run from the 32bit or 64bit version of autoit?

Because if it's easy then a function could check if it's being run as a 32bit then find the 64bit version of AutoIT and rerun itself using the 64bit version. Without letting the user know.

Though it would be more fun to bring up your message box :evil:

Share this post


Link to post
Share on other sites
storme

Found it

@AutoItX64

Now just need to do some playing and see if I can easily/reliablly find autoit_X64...

thanks for the idea...

Share this post


Link to post
Share on other sites
MHz

If X64, then @AutoItX64 return 1, otherwise 0.

:lmao:  Yes, you could do that. Oh, for another user, how cruel. :poke:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×