Chimaera

Is there another way to make an.au3 into an exe?

14 posts in this topic

As the title says really, im getting loads of grief at work with AV's killing off scripts as soon as the usb is shoved in (techs forget to turn it off temporarily)

So is there a way to compile it to .exe without using Autoit to compile?

The reason for this is i hope using a different way will stop or reduce the detections.

PS i've already had dozens of tries with AV manufacturers but they seem to operate on AutoIt is bad so they don't care.

I don't want to stop using AutoIt just make the exe differently.

 

Bear in mind im looking at this at a simple level a small program that i can compile with if possible

Admittedly it may not be that simple

 

Share this post


Link to post
Share on other sites



Just to re-iterate the point Jos is making, you don't need to re-distribute the whole AutoIt package e.g. includes, help file, examples etc... just AutoIt3.exe OR AutoIt3_x64.exe. The a3x compiled script is passed as a commandline argument to the executable.

1 person likes this

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Ok so im clear about this

I compile every problem script in the pack i use as .a3x

then paste Autoit3.exe into the main folder and call the script like this

AutoIt3exe /AutoIt3ExecuteScript mymainscript.a3x - (Copied from another answer by Jos) and that will open the script i want.

Wont the AutoIt3exe get stamped by the AV as well?

would i be as easy to add that to a cmd file and start it that way?

2nd question

In my GUI where i have things like this

ShellExecute(@ScriptDir & "\Toolz\backup_transfer\backup_transfer.exe")

I change all the links to

ShellExecute(@ScriptDir & "\Toolz\backup_transfer\backup_transfer.a3x")

and they will still work because i started the main script with the main AutoIt3exe ?

 

Edited by Chimaera

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Compile au3 file to file.a3x and Add file.a3x to AutoItStub.exe* RCDATA/SCRPIT by Reshack.exe
*AutoItStub.exe is AutoIt Compiled EXE, user Reshack.exe delete resource RCDATA/SCRPIT

Edited by Trong

Regards,
 

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

I use RESHack to delete all the AutoIt related stuff from my compiled programs. I reduces AV detections from ~5/42 to ~1/42 and sometimes 0/42. I have had to do this a lot lately while messing around with IRC functions creation since IRC + AutoIt had been used for malicious purposes in the past

Edited by rcmaehl

My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

MY PROJECTS


Active: IRC UDF, WindowEx UDF
Discontinued: GithubBubbleSort UDF

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

can you post a small compiled program with all the 'autoiit related stuff' deleted.  I'm interested in what you elected to remove.

Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

can you post a small compiled program with all the 'autoiit related stuff' deleted.  I'm interested in what you elected to remove.

Not on a Windows computer ATM. Mainly, any debug strings, additional icons other than the application icon I use, and the default tray menu to pause the script. Will post an example in around an hour and a half.

Items below in BOLD are things I've only done once or twice and haven't thoroughly tested.

 

  • In "Icon" delete 1, 2, 3, and anything else that doesn't match your app icon
  • If "Menu" only has 166 delete "Menu" entirely, else just remove 166
  • Delete "String Table"
  • In "Icon Group" delete 162, 164, and 169
  • In "Version Info" learn the additional fields and add them in yourself
  • OPTIONALLY, Change 'BLOCK "080904B0"' to 'BLOCK "040904B0"' and 'VALUE "Translation", 0x0809 0x04B0' to 'VALUE "Translation", 0x0409 0x04B0' in "Version Info" then Delete 2057 to change your language from English UK to English US
  • OPTIONALLY, Change the language of all other Resources in your file to "English_US" or 1033
  • OPTIONALLY, In "Manifest", change which versions of Windows your program says it's supported on by adding/removing supportedOS IDs
Edited by rcmaehl
SupportedOS IDs

My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

MY PROJECTS


Active: IRC UDF, WindowEx UDF
Discontinued: GithubBubbleSort UDF

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

I have had to do this a lot lately while messing around with IRC functions creation since IRC + AutoIt had been used for malicious purposes in the past

I have a similar problem as all my stuff deals with areas the AV's protect, services, registry, special windows folders etc and that's why i always have this problem because of the work i do.

Edited by Chimaera

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

Ok ive managed to sort this now and this is how i did it

I created a small autoit script like this

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=compile\chimaera_black.ico
#AutoIt3Wrapper_Outfile=autoit_stub.exe
#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

and compiled the file then

downloaded Resource Hacker http://www.angusj.com/resourcehacker/  (i grabbed the portable edition)

put the stub into the resource hacker folder and opened resource hacker

resource1.thumb.PNG.5de0d606b88e0d89d632

Then i opened the stub and double clicked the RCData section the select SCRIPT:0

once its highlighted then right click and choose Replace Resource

resource2.thumb.PNG.2172b551e26d683644b3

Then select your previously prepared .a3x which you made from the script you want to add

resource3.thumb.PNG.1b4ee3faf77c622f393d

Then click Replace

Then just save the exe and rename to what the file would have normally been called.

And so far i have not had a single detection :)

 

This may not be for everyone but if you are plagued with AV problems like i am mainly because i work with customer machines all day this may help

Many thanks to Trong for pointing me in the right direction

Edited by Chimaera
1 person likes this

Share this post


Link to post
Share on other sites

mmm... trying to understand how the end result differs from a normal compile as I would guess that should be more or less the same result?

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

No idea ive just followed the suggestions, i dont understand why the AV kick off normally yet if i replace like above AV doesnt even stir when you add the pendrive or run the file?

Normally the second the usb drive is inserted it starts and if i run one file that starts a sequence of others its forever jumping in and trying to stop it as the files that trigger it start.

I have noticed over periods of AutoIt updates it does differ as to which AV is more aggressive to the exes but i dont know what the AV looks at. which may change as AutoIt is made.

With this method ive not seen a single AV event yet... it may happen time will tell

Edited by Chimaera

Share this post


Link to post
Share on other sites

This is great.  I keep on running into similar dead processes and deleted EXEs.  Will try this.  Thanks for sharing


Skysnake

Why is the snake in the sky?

Share this post


Link to post
Share on other sites

Ok ive managed to sort this now and this is how i did it

I created a small autoit script like this

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=compile\chimaera_black.ico
#AutoIt3Wrapper_Outfile=autoit_stub.exe
#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

and compiled the file then

downloaded Resource Hacker http://www.angusj.com/resourcehacker/  (i grabbed the portable edition)

put the stub into the resource hacker folder and opened resource hacker

resource1.thumb.PNG.5de0d606b88e0d89d632

Then i opened the stub and double clicked the RCData section the select SCRIPT:0

once its highlighted then right click and choose Replace Resource

resource2.thumb.PNG.2172b551e26d683644b3

Then select your previously prepared .a3x which you made from the script you want to add

resource3.thumb.PNG.1b4ee3faf77c622f393d

Then click Replace

Then just save the exe and rename to what the file would have normally been called.

And so far i have not had a single detection :)

 

This may not be for everyone but if you are plagued with AV problems like i am mainly because i work with customer machines all day this may help

Many thanks to Trong for pointing me in the right direction

Interesting... and you've had no problems? Secondly, do you think that compiling a script with Reshack something similar to ResHack since its license prohibits unapproved distribution, and then switching out the script file in resources during/before run (FILES WITHIN FILES, how deep does this rabbit hole go!?) could be used to make de-compiling harder? Finally, included updated what I do in my old post.


My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

MY PROJECTS


Active: IRC UDF, WindowEx UDF
Discontinued: GithubBubbleSort UDF

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now