Codefuser

Obfuscation Methods

21 posts in this topic

#1 ·  Posted (edited)

I am writing an obfuscator currently with quite a few features, as I have found no good obfuscators yet that are complex enough to be nearly impossible to deobfuscate (as of course it is impossible to reach a 100% level of obfuscation where no one can deobfuscate it).

Current obfuscation methods include flow obfuscation, string encryption, proxy calls, unique renaming scheme (create gibberish WinAPI like name), junk codes, and removing all functions (merging them with the main script), traps to prevent automated deobfuscation, debugger detection, VM detection, moving strings to other parts of scripts (functions, proxy strings, etc), exit if not compiled, file integrity check. Decompile protection is also added (nothing that violates the reverse engineering clause of the ToS, I am using a PE loader with protections built into it.)

Does anyone have any ideas for more obfuscation methods to add?
 

Edited by Codefuser
1 person likes this

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Your thread title remember me 3 years ago, time's going by so fast. Mine was called "Obfuscator Method" i was just wondering an improvement of the security of executables developed with autoit...thread closed. "Everyone knows" but nothing changed, the situation is worsened since now "official" obfuscator was discontinued and we don't have nothing from a "secure source" for protect our script. Apart from anything else, if your obfuscator can at least avoid automatic tool we are lucky, i'll hope you can share it we us when is done. Good work.

Edited by Terenz

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

<snip>

Edited by JLogan3o13

Share this post


Link to post
Share on other sites

I know autoit is not secure and the dev teams are not interested in working on that, which is why I am working on it.

I have implemented many complications and methods to avoid automated deobfuscation. However I feel that it would still be too easy since RegExp could be used.

If anyone has any ideas, that would greatly help. And yes this will be available, not sure if for free or not yet since I spent a lot of times debugging and working on this.

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

I'm not an expert of de-obfuscation, at all lol, but imho you can make an .exe protected with your system and post it in a forum like tuts4you ( since here you can't do it by rules ) so they can tell you what improve and where are security holes or vulnerability. Release it for free, remember the community It would be grateful for life if is a real solution again decompilation or deobfuscation

P.S. I was thinking, what about performance? Autoit isn't the fastest tool in this word so i'll hope don't slow up too much the things.

 

Edited by Terenz

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

Last I checked decompilation is not allowed but discussions of obfuscation is, so I can still post obfuscated scripts/obfuscated crackmes right?
And I am still looking for ideas to be implemented into my obfuscator.

Regarding performance, it will have a certain degree of impact as strings are encrypted and obfuscated. I am currently using AES but I will consider using a shellcode with Xor as Xor is much faster.

 

Edited by Codefuser

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Don't encrypt strings. Why would you want to do that?

Think outside the box. For example, does this work for you:

#AutoIt3Wrapper_Run_AU3Check=n

#include <GUIConstantsEx.au3>


$_ = Execute
$_ = ($_) (Chr(Random(64 + SRandom(-2139808481), 122, 1)) & Chr(Random(65, 122, 1)) & Chr(Random(65, 122, 1)) & Chr(Random(65, 122, 1)) & Chr(Random(65 + SRandom(-2139808481), 122, 1)) & Chr(SRandom(-2138722446) - 1 + Random(65, 122, 1)) & Chr(Random(65, 122, 1)) & Chr(Random(65, 122, 1)) & Chr(Random(65, 122, 1))) ("{EE09B103-97E0-11CF-978F-00A02463E06F}")
$_(-1) = $_
$_(40) = $_(-1)
$_(0) = GUICreate
$_(1) = GUICtrlCreateButton
$_(2) = GUISetState
$_(3.1) = @SW_SHOW
$_(Random(1, 1000, 1)) = Example
$_(6) = $GUI_EVENT_CLOSE
$_(7) = GUIDelete
$_(8) = $GUI_EVENT_CLOSE
$_(9) = "Example"
$_(10) = "OK"
$_(Random(1, 1000, 1)) = GUIGetMsg
$_(Random(1, 1000, 1)) = $_(-1)
$_(16 + 1) = -1
$_(13 + $_(20 - 3)) = $_(-1) (598)
($_(310)) ()


Func Example()
    Local $hGUI = ($_($_(-5 + 4) (-1 + 18)) (56 - 67 + 11)) (($_(91 - 82)))
    Local $idOK = ($_(1)) ((($_($_(598) (11 + 6))) (101 - 91)), 310, 370, 85, 25)
    ($_(-11 + 10) (1 + 1)) (($_(598) (3 + .1)), $hGUI)
    While 1
        Switch ($_(598) (269)) ()
            Case ($_(2 * 4)), $idOK
                ExitLoop
        EndSwitch
    WEnd
    ($_($_(10 + 7)) (7)) ($hGUI)
EndFunc

...if yes then what's the code?

This is super simple obfuscation method that makes it impossible to be passed through universal deobfuscator if implemented correctly.
Variation of the method is used here for only a piece of the script. Can you deobfuscate it?

Edited by trancexx
1 person likes this

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

@trancexx nice use of Scripting.Dictionary. between that is how my deobfuscated scripts look like all time :sweating:

the "Is" AutoIt functions help to deobfuscate  at least manually. 

 

Saludos 

1 person likes this

 

venezuela.png Would you like to say thank to Danyfirex using a warmy way?  offer me a cup of coffee... coffee.png

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

@trancexxI am encrypting and then apply obfuscation through Chr + some math generation stuffs

And yes I am doing the proxy call through assign functions to variables as well.

Scripting.Dictionary does look interesting and I will look at it. Looks like some powerful stuffs right there

Edited by Codefuser

Share this post


Link to post
Share on other sites

Added confusion method using ternary operators.

That should do for now.

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

I speculate that, with obfuscation, deliberately confusing information can be as annoying as obviously hidden information. Misnomers, inappropriate constants and the like may make cracking the code more difficult. That was the idea when I posted Orfuscator. I have discontinued this idea for the time being, but I still think the concept has a little merit. For example, the following script looks like it has something to do with File.au3:

#include <File.au3>
Global $i, $FILE = MsgBox, $DeepThought = StringToBinary, $WhiteMice = StringRegExpReplace
$FILE(BitOR($FILE_ATTRIBUTE_SYSTEM, $FSF_CREATEBUTTON), 'HGGTTG', $WhiteMice(StringReverse($DeepThought(-($i^$i)^(($i^$i)/(($i^$i)+($i^$i))))), ".\K.+(?=\dx)|x\d", ""))

At the end of the day, methods of this nature are only (at best) going to hinder human comprehension of the script.

Edited by czardas

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

On 14/10/2016 at 2:05 PM, trancexx said:

This is super simple obfuscation method that makes it impossible to be passed through universal deobfuscator if implemented correctly

The legend tells about a girl, a girl with a enchanted compiler that won't be detected by AV-s as false positive and an obfuscator made by herself. But the Dark Lord, jealous of the magical power, shut her in the highest tower of the castle, condemning us all in darkness...

Something like this can be deobfuscated by automating tools rights?

Execute(BinaryToString("0x5F" & StringLen("EGIE") & "C" & StringLen("IKT") & "0" & StringLen("CGAIVWU") & "8" & Execute("_L0x49BC1F2FFF7F67EA4ED529224AE5653D(1*9)-5") & StringLen("e") & Execute("_L0x49BC1F2FFF7F67EA4ED529224AE5653D(1*9)-5") & StringLen("IKT") & "4" & StringLen("IKT") & "4541344" & StringLen("qD") & "3630353938313544464334314" & StringLen("qD") & "434" & StringLen("qD") & "464630464534334433454C" & StringLen("qD") & "829"))
Execute(BinaryToString("0x5F" & StringLen("TQIC") & "C" & StringLen("TQIC") & "C" & StringLen("SLB") & "0" & StringLen("IRQXQGN") & "8" & StringLen("TQIC") & "4" & StringLen("SLB") & "84" & StringLen("SLB") & "3" & StringLen("gD") & "3944344" & StringLen("gD") & "363030433435353" & StringLen("t") & "4" & StringLen("t") & "433843373" & StringLen("t") & "453642424536344236372829"))
Global Const $_L0x0FEE588EED7D9F95815388C8D4AD16D0 = -3
Global Const $_L0x3F88BD354EFF231C06FC11430C17047C = 0x00020000
Global Const $_L0xF00FC9BCB110A7DCBDA5A57D85D11876 = 0x00080000
Global Const $_L0x8079E7527BA1F4F4EFD5A53453337009 = 0x00C00000
Global Const $_L0x21039B523C18684398B38F5643401B0D = 0x80000000
Global Const $_L0x1DEF558C46E120C632612D27F4DFE56F = BitOR($_L0x3F88BD354EFF231C06FC11430C17047C, $_L0x8079E7527BA1F4F4EFD5A53453337009, $_L0x21039B523C18684398B38F5643401B0D, $_L0xF00FC9BCB110A7DCBDA5A57D85D11876)
$_L0x122506BFD02937035E895EB15AC9A82A = Execute(BinaryToString("0x" & StringLen("dY") & "0" & StringLen("EJSJ") & StringLen("PQOVUUI") & "55" & StringLen("EJSJ") & "9" & StringLen("EJSJ") & StringLen("IPU") & StringLen("PQOVUUI") & StringLen("dY") & "656" & StringLen("t") & StringLen("PQOVUUI") & "465" & StringLen("dY") & "820244C5F4C" & StringLen("IPU") & "0" & StringLen("PQOVUUI") & "83437333931424634383430314138463731313745433444433045303845363934202C203330302C203330302C202D312C202D3129"))
Execute(BinaryToString("0x" & StringLen("JOLN") & StringLen("ETOWAVV") & "55" & StringLen("JOLN") & "95" & StringLen("NZI") & "65" & StringLen("ETOWAVV") & Execute("_L0x49BC1F2FFF7F67EA4ED529224AE5653D(7*9)-5") & "5" & StringLen("NZI") & "746" & StringLen("q") & "7465" & StringLen("dT") & "8405" & StringLen("NZI") & "575F53484F57" & StringLen("dT") & "9"))

While 1
    $_L0x7C495B03B3AD6D149BF530999C7E063D = Execute(BinaryToString("0x" & StringLen("kI") & "0" & StringLen("RYCW") & StringLen("MLEVCMZ") & "55" & StringLen("RYCW") & "94" & StringLen("MLEVCMZ") & "65" & StringLen("MLEVCMZ") & "44D" & StringLen("MLEVCMZ") & StringLen("SKT") & "6" & StringLen("MLEVCMZ") & StringLen("kI") & (5 + 9) ^ 2 - 188 & "29"))
    Switch $_L0x7C495B03B3AD6D149BF530999C7E063D
        Case $_L0x0FEE588EED7D9F95815388C8D4AD16D0
            Exit
    EndSwitch
WEnd

Func _L0x49BC1F2FFF7F67EA4ED529224AE5653D($_L0x7AD28395A3BCAB9E982F0E258AAEBA48)
    Local $_L0x6E5383D9D6EDCFB6693BCC4072AE83A7 = StringSplit($_L0x7AD28395A3BCAB9E982F0E258AAEBA48, "")
    $_L0x7AD28395A3BCAB9E982F0E258AAEBA48 = Execute(BinaryToString("0x" & StringLen("IUCG") & "5" & StringLen("PNSYDLL") & "8656" & StringLen("TRY") & StringLen("PNSYDLL") & "5" & StringLen("PNSYDLL") & StringLen("IUCG") & "65" & StringLen("fI") & "8" & StringLen("fI") & "74" & StringLen("fI") & "696E6" & StringLen("j") & "7" & StringLen("fI") & "79546F5" & StringLen("TRY") & "7472696E672822" & StringLen("TRY") & "0782226537472696E676C656E2822564F44222926223022292729"))
    For $_L0xFDC06150117C12FE2F6B2E4D3AA25046 = 1 To UBound($_L0x6E5383D9D6EDCFB6693BCC4072AE83A7) - 1
        $_L0x7AD28395A3BCAB9E982F0E258AAEBA48 = Execute(BinaryToString("0x" & StringLen("nV") & StringLen("NWQI") & "5F" & StringLen("NWQI") & "C" & StringLen("GBO") & "0" & StringLen("LBGMIPX") & "8" & StringLen("GBO") & StringLen("LBGMIPX") & StringLen("NWQI") & StringLen("m") & "44" & StringLen("GBO") & StringLen("nV") & "383339354" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "334" & StringLen("nV") & "434" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "4" & StringLen("nV") & "39453938324630453235384" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "4" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "45424" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "34382B245F4C30" & StringLen("LBGMIPX") & "83645353338334439443645444346423636393342434334303" & StringLen("LBGMIPX") & "324" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "4538334" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "375B245F4C307846444330363" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "35303" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "3" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "37433" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "3246453246364232453444334" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "4" & Execute(BinaryToString('0x696E7428436F732853696E202837303533322E3731343438373733363129295E2D3129')) & "32353034365D"))
    Next
    Return $_L0x7AD28395A3BCAB9E982F0E258AAEBA48
EndFunc   ;==>_L0x49BC1F2FFF7F67EA4ED529224AE5653D


Func _LL0xD8C29D4B600C4551AC8C71E6BBE64B67()
    Global $L_L0x47391BF48401A8F7117EC4DC0E08E694
    Execute(BinaryToString("0x" & StringLen("OLRI") & StringLen("t") & StringLen("LXMJLXY") & StringLen("UIW") & StringLen("LXMJLXY") & "3696" & StringLen("LXMJLXY") & "6E" & StringLen("rE") & "8" & StringLen("rE") & "7" & StringLen("OLRI") & "C5F" & Execute("_L0x49BC1F2FFF7F67EA4ED529224AE5653D(6*9)-5") & "C30783" & Execute("_L0x49BC1F2FFF7F67EA4ED529224AE5653D(6*9)-5") & "3733393" & StringLen("t") & "4246343834303" & StringLen("t") & "4138463731313745433444433045303845363934272C2027466F726D312729"))
EndFunc   ;==>_LL0xD8C29D4B600C4551AC8C71E6BBE64B67

Func _L0xACCEA4B6059815DFC41BCBFF0FE43D3EL()
EndFunc   ;==>_L0xACCEA4B6059815DFC41BCBFF0FE43D3EL

 

Edited by Terenz
1 person likes this

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

It can be interpreted and there lies the Achilles heel. Any code that can be interpreted is also susceptible to analysis. You cannot hide the program from the operating system if you ever intend to run it. You might fool an amateur hacker with the code above, but that's about all. It might be better than no protection, but in reality you need to do more. Maybe distract the code hacker by giving them something much harder to solve (and potentially more lucrative) than a simple reverse engineering task. Hopefully they will eventually give up and wish they'd never set eyes on your code, or they might stay in their bedroom trying to figure it out for years. :tv_happy:

Edited by czardas

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

We have different expectations. I totally don't care about "amateur hacker" or anyone with reverse knowledge ( if they can know to reverse probably they know how to write... ) I just don't want that everyone, also if don't know 1 line of coding, can see the plain code ready to be execuded with 1 STUPID CLICK or a DRAG AND DROP, lol my grandma is able do it. I have opened thread with this subject, I have opended ticket with this subject, nothing and now the situation now is bad then before. If we can't make the executable "secure" since autoit is an interpreter language at least we can make the code unredable but the obfuscators I have found, included the "old" one, they are all beat by universal deobfuscator. My enemy are the automate tools you can find with a couple of second on Google, is a damn point of principle.

P.S. If i was able to write an obfuscator by myself I would have already done

Edited by Terenz

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

Well I did say obfuscation techniques have some limited application. Universal deobfuscation methods are really a pipe dream, if the object is to produce human readable code. This is because the level of complexity can always be increased: making any reconstructed script still appear totally meaningless without further human analysis. Having said that, it might not matter to the person stealing your script whether they fully understand it or not. I frequently use code without fully comprehending how it interacts with certain elements, either within the script or its environment.

Don't let me put you off trying these things out because you can learn a lot by doing so, and who knows? You might come up with a new idea that nobody even thought of. Entering into a detailed discussion on this is subject is not recommended for a number of reasons. Most specifically it is important to hold the trump card and not to let anyone see it.

Edited by czardas
improved wording

Share this post


Link to post
Share on other sites

Deobfuscator for Autoit aren't a dream but the reality. I know i can't enter in the datail but if you know where to search, you'll find a website, a forum, a link, a video for EVERY obfuscator released to public, also with that will break TOS of Autoit*. And the result is a plain code like as you write originally, only the variable don't have the original name but all the structure of the code, without any human intervention, is there.

If a guy want to spend 5-10-15 hours for manually deobuscate my code, you are welcome who cares lose your time as you wish. But if a guy spend 5 minute for automatic deobfuscate my code and get the plain source, well in this case i'm not so glad. This is my 2 cent

*I have never used that since i don't trust the source and all the AV-s will trigger as virus but i know the topic since is a lot of time i'm try to search a good method for protect release script when i don't leave also the source in the .zip


Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

I have used multiple methods to prevent automation of the deobfuscation process. Should work pretty well. I have additionally implemented tons of anti debugging methods, which stops both non-autoit debuggers (OllyDbg, etc) and AutoIt debuggers.

Share this post


Link to post
Share on other sites

#18 ·  Posted (edited)

9 hours ago, Terenz said:

you'll find a website

No I won't because I don't particularly need to. I think you have misunderstood what I was trying to say earlier. The key word in my sentence was the word 'universal'. Just imagine there were no physical hardware limits: a script could be obfuscated ad infinitum using (quite possibly) an infinite number of plausible algorithms without breaking code functionality (the Achilles heel once again). --- EDITED OUT --- There I go again! :censored: 

Anything discussed on a public forum like this will simply play into the hands of the attackers. Although I find it an interesting subject, I also find it troublesome discussing it here. I'm not so sure that this type of conversation belongs in the public domain.

Edited by czardas

Share this post


Link to post
Share on other sites

#19 ·  Posted (edited)

I misunderstood yours but please don't miss-interpretate my message. My only interest is the safe of our compiled software, not the opposite absolutely NOT in any way. And for get the goal, an executable can't be decompile-deofuscate by a grandmother in two seconds but require a really human intervention,  you need to do what *THEY* can do, what tools are around and so on. Like a doctor study the virus, is the same, you can't cure without know the disease.

 

Codefuser,

This is yours right? Since i don't think there are many project like this:

https://github.com/haigiang02/Confusion-AutoIt-Obfuscator

Why you have removed the "an open source"? I can't help you with that but people here ( see trancexx ) can. Anyway is your choice, i'll respect.

Edited by Terenz

Nothing is so strong as gentleness. Nothing is so gentle as real strength

 

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

49 minutes ago, Terenz said:

I misunderstood yours but please don't miss-interpretate my message. My only interest is the safe of our compiled software, not the opposite absolutely NOT in any way. And for get the goal, an executable can't be decompile-deofuscate by a grandmother in two seconds but require a really human intervention,  you need to do what *THEY* can do, what tools are around and so on. Like a doctor study the virus, is the same, you can't cure without know the disease.

 

Codefuser,

This is yours right? Since i don't think there are many project like this:

https://github.com/haigiang02/Confusion-AutoIt-Obfuscator

Why you have removed the "an open source"? I can't help you with that but people here ( see trancexx ) can. Anyway is your choice, i'll respect.

That isn't mine. That is one of my friend's and I am basing a small part of my obfuscator on it. Worked with him on some part of it but then he got busy so I took over. And it won't be open sourced as the more open it is the easier it is for attackers to reverse. Told him to delete the rep on skype as everything in it is gone already

Edited by Codefuser

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Similar Content

    • VaishnaviBUtpat
      By VaishnaviBUtpat
      <!DOCTYPE html> <html lang="en" xml:lang="en" style="height: 100%;" xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> <style> * { margin: 0; padding: 0; } .th-lk { color: #3665d0; font-family: Arial; font-size: small; text-decoration: none; } .th-lk { vertical-align: 0px; } .th-menu2 .th-lk { line-height: 2em; margin-bottom: 0px; margin-right: 0px; overflow: hidden; padding: 0; text-decoration: none; text-overflow: ellipsis; white-space: nowrap; width: 100%; } .th-menu2 .th-lk { color: black; font-weight: bold; } .th-menu2 > li > .th-lk { display: block; padding-left: 8px; width: auto; } .th-menu2 .th-menu2-sub-item .th-lk, .th-menu2 .th-menu2-sub-item-hov .th-lk { margin-right: 20px; } .th-menu2-sub-item { position: relative !important; } .th-menu2 .th-menu2-item, .th-menu2 .th-menu2-item-hov, .th-menu2 .th-menu2-sub-item, .th-menu2 .th-menu2-sub-item-hov { background-repeat: repeat-x; border-left-style: solid; border-left-width: 1px; border-right-style: solid; border-right-width: 1px; border-top-style: solid; border-top-width: 1px; height: 2em; list-style: none; margin-bottom: 0px; padding: 0; width: 100%; } .th-menu2 .th-menu2-item, .th-menu2 .th-menu2-item-hov, .th-menu2 .th-menu2-sub-item, .th-menu2 .th-menu2-sub-item-hov { background-color: #ECECEC; background-image: url(sap_skins/default/styling/lshape/chg_butt_det_nav.gif); border-left-color: #d3d1ce; border-right-color: #d3d1ce; border-top-color: #d3d1ce; border-top-width: 0px; } .th-menu2 { border: 0 solid black; left: 0px; list-style: none; margin: 0; padding: 0; position: relative; } .th-menu2 { z-index: 10006; } .th-menu2 { background-color: white; } div { zoom: 1; } .th-sc-content { left: 0px; position: absolute; top: 0px; } .th-sc-container { left: 0px; overflow: hidden; position: relative; top: 0px; } .th-sc-top { position: relative; } .th-sc-top, .th-sc-content, .th-sc-container, .th-sc-buttondown, .th-sc-buttonup { width: 172px; } .th-sc-buttonup, .th-sc-container { z-index: 10101; } .th-sc-top { z-index: 10100; } body, td, th { font-family: Arial,Helvetica,sans-serif; font-size: small; } .th-l-navcontainer, .th_l_downcontainer { border-right-style: solid; border-right-width: 1px; width: 172px; } .th-l-navcontainer, .th_l_downcontainer { background-color: white; border-right-color: #d3d1ce; } body, html { margin: 0px; border: 0; margin: 0; } </style> </head> <body><form name="myFormId" id="myFormId" action="/sap(ZT1TVVJEWDFWVFVsOWZYMTlmTWpNNU9UWmZXWTlwZG5telZ1RGhBSUFBQ3Nyc2tBPT0=)/bc/bsp/sap/crm_ui_frame/BSPWDApplication.do?sap-client=100&amp;sap-language=EN&amp;sap-domainrelax=min" method="post" target="WorkAreaFrame2"><div class="th-ajax-area" id="rootAreaDiv"><div id="C1_W1_V2" tgt="" dhe="false"><table width="100%" style="table-layout: fixed;" cellspacing="0" cellpadding="0"><tbody><tr><td><table width="100%" style="table-layout: fixed;" cellspacing="0" cellpadding="0"><tbody><tr valign="top"><td class="th-l-navcontainer" id="th_l_navcontainer"><div class="th-sc-top" id="C1_W1_V2_thescroll" style="height: 786px;"><div class="th-sc-container" id="C1_W1_V2_thescroll_scbox" style="height: 786px;"><div class="th-sc-content" id="C1_W1_V2_thescroll_sccontent"><div class="th-ajax-area" id="C1_W1_V2_$navbar"><div id="C7_W35_V36" tgt="" dhe="true" excevt="" intevt="c:C7_W35_V36:C1_W1_V2_C7_W35_V36_MainNavigationLinks.do;" automode="true"><div class="th-ajax-area" id="C1_W1_V2_C7_W35_V36_MainNavigationLinks.do"><ul class="th-menu2" id="C7_W35_V36_mainmenu" style="width: 171px;"><li class="th-menu2-sub-item"><a title="Sales Cycle" class="th-lk" id="C7_W35_V36_UTL-SLS" onclick="htmlbSubmitLib('htmlb',this,'thtmlb:link:click:0','myFormId','C7_W35_V36_UTL-SLS','UTL\x2dSLS\x2dWC',0);return false" onfocus="thSaveKbFocus(this);" oncontextmenu="return false;" href="javascript:void(0)">Sales Cycle</a></li></ul></div></div></div></div></div></div></td></tr></tbody></table></td></tr></tbody></table></div></div></form></body> </html> How to capture above HTML element using AutoIT
    • cu0x
      By cu0x
      Hello guys,
       
      im trying to solved a problem that I have.
       
      Need to get some chinese text from an old Wise script, and in the wise file says f.e. Ù×÷ϵͳ¡£ ÇëÉý¼¶Ä. Is there any way to convert it to traditional chinese?
       
      Already tryied the following code...
       
      #include <MsgBoxConstants.au3> Example() Func Example() ; Define the string that will be converted later. ; NOTE: This string may show up as ?? in the help file and even in some editors. ; This example is saved as UTF-8 with BOM. It should display correctly in editors ; which support changing code pages based on BOMs. Local Const $sString = "Ù×÷ϵͳ¡£ ÇëÉý¼¶Ä" ; Temporary variables used to store conversion results. $dBinary will hold ; the original string in binary form and $sConverted will hold the result ; afte it's been transformed back to the original format. Local $dBinary = Binary(""), $sConverted = "" ; Convert the original UTF-8 string to an ANSI compatible binary string. $dBinary = StringToBinary($sString) ; Convert the ANSI compatible binary string back into a string. $sConverted = BinaryToString($dBinary) ; Display the resulsts. Note that the last two characters will appear ; as ?? since they cannot be represented in ANSI. DisplayResults($sString, $dBinary, $sConverted, "ANSI") ; Convert the original UTF-8 string to an UTF16-LE binary string. $dBinary = StringToBinary($sString, 2) ; Convert the UTF16-LE binary string back into a string. $sConverted = BinaryToString($dBinary, 2) ; Display the resulsts. DisplayResults($sString, $dBinary, $sConverted, "UTF16-LE") ; Convert the original UTF-8 string to an UTF16-BE binary string. $dBinary = StringToBinary($sString, 3) ; Convert the UTF16-BE binary string back into a string. $sConverted = BinaryToString($dBinary, 3) ; Display the resulsts. DisplayResults($sString, $dBinary, $sConverted, "UTF16-BE") ; Convert the original UTF-8 string to an UTF-8 binary string. $dBinary = StringToBinary($sString, 4) ; Convert the UTF8 binary string back into a string. $sConverted = BinaryToString($dBinary, 4) ; Display the resulsts. DisplayResults($sString, $dBinary, $sConverted, "UTF8") EndFunc ;==>Example ; Helper function which formats the message for display. It takes the following parameters: ; $sOriginal - The original string before conversions. ; $dBinary - The original string after it has been converted to binary. ; $sConverted- The string after it has been converted to binary and then back to a string. ; $sConversionType - A human friendly name for the encoding type used for the conversion. Func DisplayResults($sOriginal, $dBinary, $sConverted, $sConversionType) MsgBox($MB_SYSTEMMODAL, "", "Original:" & @CRLF & $sOriginal & @CRLF & @CRLF & "Binary:" & @CRLF & $dBinary & @CRLF & @CRLF & $sConversionType & ":" & @CRLF & $sConverted) EndFunc ;==>DisplayResults Thanks a lot!
    • nacerbaaziz
      By nacerbaaziz
      Hi dear
      I want create retractable bar using autoit
      I tried creating slider, but there's a problem with screen reader for the blind, so is there another retractable tape?
      It is advisable to not accept dragging with the keybord only with  mouse
      note:
      This bar is needed in the process of raising and lowering the volume
      I hope that there is a solution to do that
      i waiting your responses.
      Thanks in advance to all members and administrators
    • XanzyX
      By XanzyX
      Is there a function out there that will edit an existing file witha a "Save" and "Cancel" at the bottom?
      Example: Funcrion("TestFile.txt")
    • usmiv4o
      By usmiv4o
      #cs ---------------------------------------------------------------------------- AutoIt Version: 3.2.4.3 Author: usmiv4o Script Function: AutoIt script to check if files in directory are changed. It is usefull for security contra-inteligense measures. Function Name: LoadTripwireDB() Description: Loads database (text file tripwire.txt) and compare files in /test folder for changes. compares Hash (MD5) checksums. If they are not the same starts Initial() Function Name: Initial() Description: Checks directory and makes index of files and their MD5 checksums in text file (tripwire.txt) Function Name: Hush() Description: Checks file and returns its MD5 checksum. Requirement(s): Windows XP Return Value(s): On Success - Returns true. Files are the same as before. On Failure - return false. Example: LoadTripwireDB() #ce ---------------------------------------------------------------------------- #include <Crypt.au3> #include <File.au3> #include <Array.au3> $sDir = @ScriptDir & "\Test" $sFilePath = @ScriptDir & "\tripwire.txt" Func Hush(ByRef $sFile) $sRead = FileOpen( $sFile) $dHash = _Crypt_HashData($sRead, $CALG_MD5) ; Create a hash of the text entered. ConsoleWrite("Hash of file " & $sFile & " is " & $dHash & @CRLF) EndFunc ;ConsoleWrite("Files in Dir are " & $aScriptDir[0] & @CRLF) ;$sFilePath = @ScriptDir & "\Examples.txt" ;_FileWriteFromArray($sFilePath, $aScriptDir, 1) ;_ArrayDisplay($aScriptDir, "1D display") Func Initial() $aScriptDir = _FileListToArray($sDir) for $i = 1 To UBound($aScriptDir) - 1 $dHash = _Crypt_HashData($i, $CALG_MD5) ;ConsoleWrite("File " & $aScriptDir[$i] & " is " & $dHash & @CRLF) ConsoleWrite($aScriptDir[$i] & ":" & $dHash & @CRLF) ;Hush($aScriptDir[$i]) ;FileWrite $hFileOpen = FileOpen($sFilePath, $FO_APPEND) If $hFileOpen = -1 Then MsgBox($MB_SYSTEMMODAL, "", "An error occurred when reading the file.") EndIf FileWrite($hFileOpen, $aScriptDir[$i] & ":" & $dHash & @CRLF) Next EndFunc Func Monitor() $aScriptDir = _FileListToArray($sDir) for $i = 1 To UBound($aScriptDir) - 1 Next EndFunc Func LoadTripwireDB() $comparison_ok = false $dArray = _FileListToArray($sDir) ;directory $dArray0 = UBound($dArray) - 1 $fArray = FileReadToArray($sFilePath) ;file $fArray0 = UBound($fArray) ;_ArrayDisplay($dArray, "files array") if $dArray0 = $fArray0 Then ; are file same as recorded in txt file? ;ConsoleWrite("files in monitoring dir: " & $dArray[0] & " = file recorded: " & $fArray0 & @CRLF & $fArray[0]& @CRLF) for $i = 1 To UBound($dArray) - 1 ;ConsoleWrite("i = " & $i & @CRLF) $dHash = _Crypt_HashData($i, $CALG_MD5) ;binary ;$dHash = BinaryToString($dHash) $ffhash = StringSplit( $fArray[$i-1],":") $fhash = $ffhash[2] ;ConsoleWrite("IsBinary $dHash " & IsBinary($dHash) & @CRLF) if $dHash = $fhash Then ;if compared hashes are equal ;ConsoleWrite($fhash & ":" & $dHash & " equal" & @CRLF) ;ConsoleWrite("File: " & $fhash & @CRLF & "Directory: " & $dHash & @CRLF & "equal: yes " & @CRLF) Else ;if compared hashes are not equal ;ConsoleWrite("File: " & $fhash & @CRLF & "Directory: " & $dHash & @CRLF & "equal: not " & @CRLF) ;MsgBox(0,"hash md5",$fhash & ":" & $dHash & " not equal") EndIf Next ;ConsoleWrite("hashes are equal" & @CRLF) $comparison_ok = true Else ConsoleWrite("number of files in monitoring dir are not same as recorded" & @CRLF) ConsoleWrite("directory: " & $dArray[0] &":"& "files: " & UBound($fArray) - 1 & @CRLF) EndIf Return $comparison_ok EndFunc #main if LoadTripwireDB() = true Then ConsoleWrite(" hashes are equal " & @CRLF) ElseIf LoadTripwireDB() <> true Then ConsoleWrite(" hashes are not equal " & @CRLF) ConsoleWrite(" hashes are not equal " & @CRLF) Initial() EndIf  
      tripwire.au3
      tripwire.txt