Jump to content
Sign in to follow this  
ambad4u

Yet another Compiled Script & AV Question

Recommended Posts

Greetings to all,

This may relate in regards to

My question:
If I have 2 different au3 scripts compiled individually as a standalone executable(s) (compilation settings are the same)

OR

If I have one au3 script compiled as a standalone executable(s) with different compilation settings.

Does an Anti Virus see them as one signature for all? or treated as unique signatures?

 

My reason behind this is that I am trying to plan ahead on how to deal with these false positives.
I am a part of a small IT admin team that would like to automate some repeatable tasks using Autoit.
Our AV is Sophos if one is curious.

Any insights are highly appreciated!, many thanks in advance!

Share this post


Link to post
Share on other sites

Often it seems to me, that UPX is a factor in false positives.

So you could have one compiled version that doesn't use UPX compression ... or uses an older version of it ... or uses a different compressor program.

Depends on your file size requirement I guess.

The upx.exe program file can be found in the Aut2Exe folder.

That type of change might give you enough difference.

However, I don't know enough about signatures to comment on that side of it.


Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Share this post


Link to post
Share on other sites

Thank you @TheSaint

I guess I may need to go to Sophos forums for this one and have the real examples for them to see if signatures differs or not.

Share this post


Link to post
Share on other sites

You could also just compile your scripts as .a3x "it's a radio option in the compiler" and then launch them via a shortcut created that points to the autoit3.exe and the .a3x file as a command line option.  I have been slowly moving all my automations over to that as they never seem to get flagged.


hmm... I guess I have to have a signature...

Share this post


Link to post
Share on other sites

Or just associate the .a3x file with wherever you have autoit3.exe located.

A good solution that has never occurred to me. No doubt successful because essentially just text based like a script (plus dependencies), and I have never seen a script flagged by AV. And autoit3.exe has been signed and doesn't change very often.

Edited by TheSaint

Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Exit
      Au3toCmd  ---  Avoid false positives
      Since many virus scanners sometimes prevent a "compiled autoit EXE" from being executed as "false positive", the "*.A3X" format is a suitable format to avoid this problem.
      In order to simplify this procedure, I wrote the Au3toCmd script. Here a *.Cmd file is generated from a *.Au3 file. The necessary files Autoit3.exe and *.A3x are added to the "*.Cmd" file as "alternate data streams".
      Now the Autoit Script can be called by clicking on the cmd file and the anti-virus scanners do not recognize the "false positive".
      If the short-term flashing of the CMD window bothers you, you can click the desktop shutcut that runs in a minimized window.
      Unfortunately, because of the "alternate data streams", this CMD file cannot be distributed via FTP or email.
      Only a USB stick or removable disk formatted with NTFS can be used.
      To solve this problem, Au3toCmd can be used to create a ZIP/EXE  file that is email and FTP compatible. 
      Transfer this file to the target directory on the target system.
      Expand the ZIP file on the target system and execute the "*.ADS.Run-me-first.cmd" script.
      or
      Execute the self extracting Setup.exe.

      The original CMD file is created again and the auxiliary files are deleted.
      Edit (2020.05.16)  The new version also accepts A3X and EXE files. This means that A3X and EXE files that have been compiled with special options can be used. As a side effect, other EXE files can also be included in the CMD file and therefore not detectable by virus scanners.
      Edit (2020.07.18)  Desktop shortcuts created automatically. Just delete them, if you don't like them.
      Edit (2020.07.22)  Using codepage 1252     This version is retained in the spoiler for compatibility
      Edit (2020.12.07) Self extracting Setup.exe added 
      Edit (2020.12.12) 32 Bit Windows enabled. ANSI console enabled. 
      Edit (2020.12.21) Input of remote system target directory added. 
      Here the source of Au3toCmd.au3 
      This is a nice example of peaceful interaction between Autoit (*. au3), Dos (*. cmd), Powershell(*.ps1) and VSBasic (*. vbs)
      ;============================================================================================================== ; Script Name: Au3toCmd.au3 ; Description: Creates a CMD file from any AU3/A3X/EXE file. ; The CMD file will contain the compiled version (A3X) of the AU3 input file ; and the AUTOIT3.EXE file as alternate data streams. ; Alternativly it will contain any EXE file. ; This avoids the problem with the false positives of the virus scanners. ; To avoid the short-term flashing of the CMD window, a shortcut is created on the desktop ; that runs in a minimized window. ; ; Syntax: Au3toCmd (input-file) ; Default: none ; Parameter: Name of an AU3/A3X/EXE file (optional) ; Example: Au3toCmd testfile.au3 ; ; Author: Exit ( http://www.autoitscript.com/forum/user/45639-exit ) ; SourceCode: http://www.autoitscript.com/forum/index.php?showtopic=201562 Version: 2020.12.27 ; COPYLEFT: © 2020 Freeware by "Exit" ; ALL WRONGS RESERVED ;============================================================================================================== Global $Debug = 0 ; change to '1' for debugging informations on output console #AutoIt3Wrapper_AU3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 -w 7 #pragma compile(inputboxres, true) #include <File.au3> #include <String.au3> #include <WinAPIGdi.au3> #include <WinAPIFiles.au3> #include <WinAPIHObj.au3> #include <WinAPIError.au3> Global $iMB, $rc, $sSourcepath, $sTargetpath, $aPathSplit, $sDrive, $sDir, $sFileName, $sExtension, $sIconPath = "", $iIconNumber = 0, $sRDir Exit _Main() Func _Main() FileDelete(@ScriptFullPath & ".console.txt") If Not _Sourcepath() Then Return SetError(1, 0, 0) If Not _IconPath() Then Return SetError(2, 0, 0) If Not _Targetpath() Then Return SetError(3, 0, 0) $iMB = MsgBox(3 + 32 + 512 + 262144, Default, $sTargetpath & " and " & @LF & @DesktopDir & "\" & $sFileName & ".lnk created." & @LF & @LF & "Create a portable EXE/ZIP file? " & @LF & @LF & "YES --> Create a SETUP.EXE file" & @LF & @LF & "NO --> Create a ZIP file" & @LF & @LF & "Cancel --> None" & @LF & @LF, 0) __CW("Er/Ex/L: " & @error & "/" & @extended & "/" & @ScriptLineNumber & " $iMB: " & $iMB & @LF) If $iMB <> 2 Then If Not _CreateZip() Then Return SetError(4, 0, 0) EndIf ;~ If MsgBox(4 + 32 + 256 + 262144, Default, "Run " & $sTargetpath & " ?", 0) = 6 Then ShellExecute(@DesktopDir & "\" & $sFileName & ".lnk") EndFunc ;==>_Main Func _Sourcepath() If StringInStr(@ScriptFullPath, " ") Then Return SetError(7, MsgBox(16 + 262144, Default, "Sorry: Script-Pathnames with embedded blanks not yet supported.", 0), 0) If $cmdline[0] > 0 Then $sSourcepath = $cmdline[1] If Not StringInStr("|.au3|.a3x|.exe|", StringRight($sSourcepath, 4)) Then $sSourcepath &= ".au3" If Not FileExists($sSourcepath) Then Beep(1000, 100) $sSourcepath = FileOpenDialog("Enter AU3/A3X/EXE Inputfile ", "", "Autoit Files(*.au3;*.a3x;*.exe)", 3) If @error Then Return SetError(5, MsgBox(16 + 262144, Default, "Error: No Inputfile given", 0), 0) EndIf $sSourcepath = _PathFull($sSourcepath) $aPathSplit = _PathSplit($sSourcepath, $sDrive, $sDir, $sFileName, $sExtension) If StringInStr($sSourcepath, " ") Then Return SetError(7, MsgBox(16 + 262144, Default, "Sorry: Pathnames with embedded blanks not yet supported.", 0), 0) FileChangeDir($sDrive & $sDir) __CW("Sourcepath: " & $sSourcepath & @LF) Return 1 EndFunc ;==>_Sourcepath Func _IconPath() Local $aTemp If $sExtension = ".exe" Then $sIconPath = $sSourcepath ElseIf FileExists($sDrive & $sDir & $sFileName & ".ico") Then $sIconPath = $sDrive & $sDir & $sFileName & ".ico" Else $aTemp = _StringBetween(FileRead($sSourcepath), "#", ".ico") If Not @error Then $aTemp = StringSplit($aTemp[0], "=, ") If FileExists($aTemp[$aTemp[0]] & ".ico") Then $sIconPath = $sDrive & $sDir & $aTemp[$aTemp[0]] & ".ico" ElseIf FileExists($sDrive & $sDir & $sFileName & ".ico") Then $sIconPath = $sDrive & $sDir & $sFileName & ".ico" Else $sIconPath = @WindowsDir & "\system32\shell32.dll" $iIconNumber = 71 EndIf EndIf EndIf __CW("IconNumber: " & $iIconNumber & " IconPath: " & $sIconPath & @CRLF) Return 1 EndFunc ;==>_IconPath Func _Targetpath() Local $sA3Dir $sTargetpath = $sDrive & $sDir & $sFileName & ".cmd" FileDelete($sTargetpath) If Not FileWriteLine($sTargetpath, _ '@echo on & cd /D %~dp0 ' & @CRLF & _ "for /f ""delims="" %%F in ('dir /R %~nx0 ^| find /C ""$DATA"" ') do set mycount=%%F" & @CRLF & _ 'if .%mycount% == .0 echo Invalid copy of %~nx0. No ADS found. & pause & goto :eof ' & @CRLF & _ 'if .%mycount% == .1 wmic process call create ''"%~f0:prog" %*'' ' & @CRLF & _ 'if .%mycount% == .2 wmic process call create ''"%~f0:prog" "%~f0:a3x" %*'' ') Then _ Return SetError(8, MsgBox(16 + 262144, Default, "Error: Cannot write to output file '" & $sTargetpath & "'", 0), 0) $sA3Dir = RegRead("HKLM\SOFTWARE" & ((@OSArch = 'X64') ? "\Wow6432Node" : "") & "\AutoIt v3\AutoIt", "InstallDir") If Not (FileExists($sA3Dir & "\autoit3.exe") And FileExists($sA3Dir & "\au3check.exe") And FileExists($sA3Dir & "\Aut2Exe\Aut2exe.exe")) Then Return SetError(9, MsgBox(16 + 262144, Default, "Error: Autoit not installed on this system.", 0), 0) Switch $sExtension Case ".au3" If ShellExecuteWait($sA3Dir & "\au3check.exe", ' -q "' & $sSourcepath & '"', "", "", @SW_HIDE) Then Return SetError(10, MsgBox(16 + 262144, Default, "Error: Input file """ & $sSourcepath & """ has Errors.", 0), 0) If ShellExecuteWait($sA3Dir & "\Aut2Exe\Aut2exe.exe", "/In " & $sSourcepath & " /out " & $sTargetpath & ":a3x") Then Return SetError(11, MsgBox(16 + 262144, Default, "Error: Cannot create target file """ & $sTargetpath & ":a3x""", 0), 0) If Not FileCopy($sA3Dir & "\Autoit3.exe", $sTargetpath & ":prog") Then Return SetError(12, MsgBox(16 + 262144, Default, "Error: Cannot create target file """ & $sTargetpath & ":prog""", 0), 0) Case ".a3x" If Not FileCopy($sSourcepath, $sTargetpath & ":a3x") Then Return SetError(13, MsgBox(16 + 262144, Default, "Error: Cannot create target file """ & $sTargetpath & ":a3x""", 0), 0) If Not FileCopy($sA3Dir & "\Autoit3.exe", $sTargetpath & ":prog") Then Return SetError(14, MsgBox(16 + 262144, Default, "Error: Cannot create target file """ & $sTargetpath & ":prog""", 0), 0) Case ".exe" If Not FileCopy($sSourcepath, $sTargetpath & ":prog") Then Return SetError(15, MsgBox(16 + 262144, Default, "Error: Cannot create target file """ & $sTargetpath & ":prog""", 0), 0) EndSwitch If Not FileCreateShortcut($sTargetpath, @DesktopDir & "\" & $sFileName & ".lnk", $sDrive & $sDir, "", "", $sIconPath, "", $iIconNumber, 7) Then Return SetError(16, MsgBox(16 + 262144, Default, "Unable to create shortcut", 0), 0) FileSetTime($sTargetpath, "", 0) ; to erase old modification time of ADS files FileSetTime($sTargetpath, "", 1) ; to erase old creation time of ADS files FileSetTime($sTargetpath, "", 2) ; to erase old access time of ADS files __Run("dir /R """ & @ScriptFullPath & "*.*""") __Run("dir /R """ & $sTargetpath & "*.*""") __CW(" $sTargetpath: " & $sTargetpath & @LF) Return 1 EndFunc ;==>_Targetpath Func _CreateZip() Local $s7za, $sRemExe If Not _Download_7z() Then Return SetError(17, 0, 0) If Not __RemoteTargetDir() Then Return SetError(17, 0, 0) $sRemExe = (StringRight($sSourcepath, 4) = ".exe") ? "rem " : "" FileDelete($sTargetpath & ".~_~.Run-me-first.cmd") If Not FileWriteLine($sTargetpath & ".~_~.Run-me-first.cmd", _ "@echo off && net file 1>NUL 2>NUL" & @CRLF & _ "if not .%errorlevel%. == .0. (powershell Start-Process -FilePath '%~f0 ' -ArgumentList '%* ' -verb runas && goto :eof) else (cd /d %~dp0)" & @CRLF & _ 'echo ' & (Eval('Debug') ? 'On' : 'Off') & @CRLF & _ 'rem pause ' & @CRLF & _ '%~d0 & cd %~dp0' & @CRLF & _ 'chcp 1252' & @CRLF & _ 'set name1=%~n0' & @CRLF & _ 'set name1=%name1:~0,-21%' & @CRLF & _ 'set compare1=%cd% ' & @CRLF & _ 'set compare2=%compare1:AppData\Local\Temp=other% ' & @CRLF & _ 'if .%compare1%==.%compare2% goto :skip' & @CRLF & _ '@mode con lines=7 cols=100' & @CRLF & _ '@echo:xN|choice 2>&1>NUL' & @CRLF & _ '@echo on & cls ' & @CRLF & _ 'echo. ' & @CRLF & _ 'echo Please extract ALL files from ZIP file first and then run this CMD again. Press any key to exit.' & @CRLF & _ 'Pause > NUL: & goto :eof' & @CRLF & _ ':skip ' & @CRLF & _ 'set sRDir="' & $sRDir & '"' & @CRLF & _ 'if NOT .%sRDir%.==."1". goto :skip1 ' & @CRLF & _ 'set olddir="%cd%"' & @CRLF & _ 'cd ..' & @CRLF & _ 'set sRDir=%cd%' & @CRLF & _ 'cd %olddir%' & @CRLF & _ 'goto :skipend ' & @CRLF & _ ':skip1 ' & @CRLF & _ 'if NOT .%sRDir%.==."2". goto :skip2 ' & @CRLF & _ 'rem handle "2" here' & @CRLF & _ 'set sRDir=%ProgramFiles%\%name1%' & @CRLF & _ 'goto :skipend ' & @CRLF & _ ':skip2 ' & @CRLF & _ 'if NOT .%sRDir%.==."3". goto :skip3 ' & @CRLF & _ 'rem handle "3" here' & @CRLF & _ 'set sRDir=%UserProfile%\%name1%' & @CRLF & _ 'goto :skipend ' & @CRLF & _ ':skip3 ' & @CRLF & _ 'if NOT .%sRDir%.==."4". goto :skip4 ' & @CRLF & _ 'rem handle "4" here' & @CRLF & _ 'set sRDir=%UserProfile%\Desktop\%name1%' & @CRLF & _ 'goto :skipend ' & @CRLF & _ ':skip4 ' & @CRLF & _ 'rem handle entered path here' & @CRLF & _ 'set sRDir=%sRDir:"=%' & @CRLF & _ ':skipend ' & @CRLF & _ 'echo sRDir: %sRDir% ' & @CRLF & _ 'rem pause ' & @CRLF & _ 'ren %name1%.cmd.~_~.cmd %name1%.cmd~' & @CRLF & _ 'ren %name1%.cmd.~_~.ico %name1%.ico~' & @CRLF & _ $sRemExe & 'type %name1%.cmd.~_~.a3x > %name1%.cmd~:a3x' & @CRLF & _ $sRemExe & 'del %name1%.cmd.~_~.a3x' & @CRLF & _ 'type %name1%.cmd.~_~.prog > %name1%.cmd~:prog' & @CRLF & _ 'del %name1%.cmd.~_~.prog' & @CRLF & _ 'move /Y %name1%.cmd~ ..' & @CRLF & _ 'move /Y %name1%.ico~ ..' & @CRLF & _ 'cd .. ' & @CRLF & _ 'dir /R %name1%.* ' & @CRLF & _ 'mkdir "%sRDir%" ' & @CRLF & _ 'move /Y %name1%.cmd "%sRDir%" ' & @CRLF & _ 'move /Y %name1%.cmd~ "%sRDir%\%name1%.cmd" ' & @CRLF & _ 'move /Y %name1%.ico~ "%sRDir%\%name1%.ico" ' & @CRLF & _ 'echo Set oWS = WScript.CreateObject("WScript.Shell") > ~~.vbs' & @CRLF & _ 'echo Set oLink = oWS.CreateShortcut("%userprofile%\desktop\%name1%.lnk") >> ~~.vbs' & @CRLF & _ 'echo oLink.TargetPath = "%sRDir%\%name1%.cmd" >> ~~.vbs' & @CRLF & _ 'if exist "%sRDir%\%name1%.ico" echo oLink.IconLocation = "%sRDir%\%name1%.ico" >> ~~.vbs' & @CRLF & _ 'if not exist "%sRDir%\%name1%.ico" echo oLink.IconLocation = "' & $sIconPath & ',' & $iIconNumber & '" >> ~~.vbs' & @CRLF & _ 'echo oLink.WindowStyle = "7" >> ~~.vbs' & @CRLF & _ 'echo oLink.Save >> ~~.vbs' & @CRLF & _ 'rem cscript ~~.vbs >NUL: ' & @CRLF & _ 'cscript ~~.vbs ' & @CRLF & _ 'rem pause ' & @CRLF & _ 'del ~~.vbs ' & @CRLF & _ 'if not exist "%userprofile%\desktop\%name1%.lnk" set _M1=%userprofile%\desktop\%name1%.lnk NOT created due to targetdir invalid. ' & @CRLF & _ 'if not exist "%sRDir%\%name1%.cmd" set _M2=%sRDir%\%name1%.cmd NOT created due to targetdir invalid.' & @CRLF & _ 'rem set _m & pause' & @CRLF & _ 'if exist "%userprofile%\desktop\%name1%.lnk" set _M1=%userprofile%\desktop\%name1%.lnk created. ' & @CRLF & _ 'if exist "%sRDir%\%name1%.cmd" set _M2=%sRDir%\%name1%.cmd created. ' & @CRLF & _ 'rem set _m & pause' & @CRLF & _ 'rem mode con lines=1 cols=16' & @CRLF & _ ' start mshta.exe vbscript:Execute("msgbox ""%_M1% ""&Chr(10)&"" %_M2% "",64+4096,"" End of %name1%.cmd installation"":close") ' & @CRLF & _ 'del .\%name1%.cmd.~_~.zip' & @CRLF & _ 'del .\%name1%.zip' & @CRLF & _ 'dir /R %name1%.* ' & @CRLF & _ 'rem Pause' & @CRLF & _ ' start PING -n 2 127.0.0.1^> & rd /S /Q %name1% ' & @CRLF & _ ' start PING -n 2 127.0.0.1^> & rd /S /Q %name1%.cmd.~_~ ' & @CRLF & _ ' start PING -n 2 127.0.0.1^> & rd /S /Q ~_~ ' & @CRLF & _ 'rem echo:xN|choice 2>&1>NUL' & @CRLF & _ 'rem Pause' & @CRLF & _ 'rem End of script' & @CRLF) Then Return SetError(18, MsgBox(16 + 262144, Default, 'Unable to write >' & $sTargetpath & '.~_~.Run-me-first.cmd<', 0), 0) If Not $sRemExe Then If Not _ExtractADS($sTargetpath & ":a3x", $sTargetpath & ".~_~", ":a3x") Then Return SetError(19, MsgBox(16 + 262144, Default, "Error: Cannot create target file """ & $sTargetpath & ".~_~.a3x""", 0), 0) EndIf If Not FileWrite($sTargetpath & ".~_~.cmd", FileRead($sTargetpath)) Then Return SetError(20, MsgBox(16 + 262144, Default, "Error: Cannot create target file """ & $sTargetpath & ".~_~.cmd""", 0), 0) If Not _ExtractADS($sTargetpath & ":prog", $sTargetpath & ".~_~", ":prog") Then Return SetError(21, MsgBox(16 + 262144, Default, "Error: Cannot create target file """ & $sTargetpath & ".~_~.prog""", 0), 0) _CreateIconfile() __Run("dir /R """ & $sTargetpath & "*.*""") While FileExists($sDrive & $sDir & $sFileName & ".zip") $rc = FileDelete($sDrive & $sDir & $sFileName & ".zip") __CW("Er/Ex/L: " & @error & "/" & @extended & "/" & @ScriptLineNumber & " RC: " & $rc & @LF) Sleep(500) WEnd While FileExists($sTargetpath & ".~_~.zip") $rc = FileDelete($sTargetpath & ".~_~.zip") __CW("Er/Ex/L: " & @error & "/" & @extended & "/" & @ScriptLineNumber & " RC: " & $rc & @LF) Sleep(500) WEnd $s7za = _TempFile(Default, Default, "exe") _ExtractADS(@ScriptFullPath & ":7za.exe", $s7za) __Run($s7za & ' a -mx=0 ' & ($iMB = 7 ? "" : "-t7z ") & """" & $sTargetpath & ".~_~.zip"" """ & $sTargetpath & ".~_~.*""") FileDelete($s7za) If Not FileExists($sTargetpath & ".~_~.zip") Then Return SetError(22, MsgBox(16 + 262144, Default, "Error creating """ & $sTargetpath & ".~_~.zip"" .", 0), 0) FileDelete($sTargetpath & ".~_~.a3x") FileDelete($sTargetpath & ".~_~.cmd") FileDelete($sTargetpath & ".~_~.prog") FileDelete($sTargetpath & ".~_~.ico") FileDelete($sTargetpath & ".~_~.Run-me-first.cmd") While FileExists($sDrive & $sDir & $sFileName & ".zip") $rc = FileDelete($sDrive & $sDir & $sFileName & ".zip") __CW("Er/Ex/L: " & @error & "/" & @extended & "/" & @ScriptLineNumber & " RC: " & $rc & @LF) Sleep(500) WEnd FileMove($sTargetpath & ".~_~.zip", $sDrive & $sDir & $sFileName & ".zip", 1) __Run("dir /R """ & $sDrive & $sDir & $sFileName & ".*.*""") If $iMB = 7 Then Return SetError(23, MsgBox(64 + 262144, Default, $sDrive & $sDir & $sFileName & ".zip created.", 0), 0) _CreateSfx() Return 1 EndFunc ;==>_CreateZip Func _CreateSfx() Local $sCommand FileDelete($sFileName & ".Setup.exe") If Not FileWriteLine(@ScriptFullPath & ".config.txt", _ ';!@Install@!UTF-8!' & @CRLF & _ 'Title="' & $sFileName & '.cmd Installation"' & @CRLF & _ 'BeginPrompt="Should ' & $sFileName & '.cmd be installed?"' & @CRLF & _ 'InstallPath="~_~"' & @CRLF & _ 'Directory="."' & @CRLF & _ 'ExecuteFile="hidcon:' & $sFileName & '.cmd.~_~.Run-me-first.cmd"' & @CRLF & _ ';Delete="~_~"' & @CRLF & _ ';Delete="debug.log"' & @CRLF & _ 'SelfDelete="1"' & @CRLF & _ ';!@InstallEnd@!' & @CRLF) Then Return SetError(24, MsgBox(16 + 262144, Default, "Error: Cannot create " & @ScriptFullPath & ".config.txt", 0), 0) _ExtractADS(@ScriptFullPath & ":7zSDMod.sfx", @ScriptFullPath & ".7zSDMod.sfx") $sCommand = "copy /b """ & @ScriptFullPath & ".7zSDMod.sfx""" & " + """ & @ScriptFullPath & ".config.txt""" & " + """ & $sDrive & $sDir & $sFileName & ".zip"" """ & $sDrive & $sDir & $sFileName & ".Setup.exe""" __Run($sCommand) FileDelete(@ScriptFullPath & ".7zSDMod.sfx") FileDelete(@ScriptFullPath & ".config.txt") While FileExists($sDrive & $sDir & $sFileName & ".zip") $rc = FileDelete($sDrive & $sDir & $sFileName & ".zip") __CW("Er/Ex/L: " & @error & "/" & @extended & "/" & @ScriptLineNumber & " RC: " & $rc & @LF) Sleep(300) WEnd If Not FileExists($sFileName & ".Setup.exe") Then Return SetError(25, MsgBox(16 + 262144, Default, "Error creating """ & $sFileName & ".Setup.exe"".", 0), 0) MsgBox(64 + 262144, Default, $sDrive & $sDir & $sFileName & ".Setup.exe created.", 0) Return 1 EndFunc ;==>_CreateSfx Func _CreateIconfile() Local $hIcon, $hHelp, $sData, $sComp1, $sComp2 $hIcon = _WinAPI_ExtractIcon($sIconPath, $iIconNumber) _WinAPI_SaveHICONToFile($sTargetpath & ".~_~.ico", $hIcon) _WinAPI_DestroyIcon($hIcon) $sComp1 = "0x6AFFA79F6BFFD1BDBCFFE6E6E7FFF4F7F9FFCBCB" $sComp2 = "0xD4FFE4DED3FFBCB7AFFFA9A49DFFA4A099FFE1E0" $hHelp = FileOpen($sTargetpath & ".~_~.ico", 16) FileSetPos($hHelp, 2800, 0) $sData = FileRead($hHelp, 20) FileClose($hHelp) If $sData = $sComp1 Or $sData = $sComp2 Then FileDelete($sTargetpath & ".~_~.ico") EndIf EndFunc ;==>_CreateIconfile Func _ExtractADS($From = @ScriptFullPath, $To = @ScriptFullPath & ".", $Stream = 0) ; =========================================================================================== ; Title ...............: $Stream = 0 ; File Name............: _ExtractADS.au3 ; Description .........: Extract alternate data streams to standard files ; ; Syntax ..............: _ExtractADS([$From = Inputfile], [$To = Outputfile], [$Stream = index or name of ADS]) ; Default .............: $From = @ScriptFullPath ; $To = @ScriptFullPath & "." ; $Stream = 0 ; ; Return Value(s) .....: 1 @error=0 @extended=number of copied ADS ; 0 @error=1 no dataset/ADS found ; 0 @error=2 no ADS found in dataset ; Example .............: ; #include <WinAPIFiles.au3> ; #include <WinAPIHObj.au3> ; FileWrite(@ScriptFullPath & ":ADStest1.txt", "This is ADSTest1") ; FileWrite(@ScriptFullPath & ":ADStest2.txt", "This is ADSTest2") ; _ExtractADS() ; extract all ADS from @ScriptFullPath ; Run(@ComSpec & " /k dir /R " & StringTrimRight(@ScriptFullPath, 4) & "*.*") ; ; Author ..............: Exit ( http://www.autoitscript.com/forum/user/45639-exit ) ; CopyLeft ............: © Freeware by "Exit" ( all wrongs reserved ) ; =========================================================================================== ; needs #include <WinAPIFiles.au3> ; needs #include <WinAPIHObj.au3> Local $sFile, $iOffset, $hFile, $pData, $iBytes, $sToFile, $iCount If $From = "" Or $From = Default Then $From = @ScriptFullPath If $To = "" Or $To = Default Then $To = @ScriptFullPath & "." $sFile = $From $iOffset = StringInStr($From, ":", 1, 1, 3) If $iOffset Then $sFile = StringLeft($From, $iOffset - 1) $Stream = StringTrimLeft($From, $iOffset) EndIf ; Enumerate all existing streams in the file Local $aData = _WinAPI_EnumFileStreams($sFile) If @error Then Return SetError(26, MsgBox(16 + 262144, Default, "Error reading ADS stream """ & $sFile & ":" & $Stream & """ .", 0), 0) ;~ _ArrayDisplay($aData, '_WinAPI_EnumFileStreams') ; Read data from each stream $iCount = 0 For $i = 2 To $aData[0][0] If $Stream <> 0 Then If $i - 1 <> $Stream Then If ":" & $Stream & ":$DATA" <> $aData[$i][0] Then ContinueLoop EndIf EndIf $pData = _WinAPI_CreateBuffer($aData[$i][1]) $hFile = _WinAPI_CreateFile($sFile & $aData[$i][0], 2, 2, 6) _WinAPI_ReadFile($hFile, $pData, $aData[$i][1], $iBytes) _WinAPI_CloseHandle($hFile) $sToFile = $sFile & "." & StringTrimLeft(StringTrimRight($aData[$i][0], 6), 1) If $To <> @ScriptFullPath & "." Then $sToFile = $To If $Stream = 0 Then $sToFile &= "." & StringTrimLeft(StringTrimRight($aData[$i][0], 6), 1) EndIf $hFile = _WinAPI_CreateFile($sToFile, 1) _WinAPI_WriteFile($hFile, $pData, $aData[$i][1], $iBytes) _WinAPI_CloseHandle($hFile) _WinAPI_FreeMemory($pData) $iCount += 1 Next If Not $iCount Then Return SetError(2, 0, 0) ; no defined ads found Return SetError(0, $iCount, 1) EndFunc ;==>_ExtractADS Func _Download_7z() Local $i, $iSV, $s7zr, $s7za, $s7zaOut, $s7zSDMod, $s7zSDModOut, $n = @ScriptFullPath If FileExists($n & ":7zr.exe") And FileExists($n & ":7za.exe") And FileExists($n & ":7zSDMod.sfx") Then Return 1 ; determine latest stable version $i = 21 While InetGetSize("https://7-zip.org/a/7z" & $i & "00.exe") $i += 1 WEnd $iSV = $i - 2 ; latest stable version __CW("Latest stable 7z version: " & $iSV & @CRLF) ; get root 7zr.exe (needed to extract the other *.7z files) ; "https://7-zip.org/a/7zr.exe" $s7zr = _TempFile(Default, Default, "exe") InetGet("https://www.7-zip.org/a/7zr.exe", $s7zr) If @error Then FileDelete($s7zr) MsgBox(16 + 262144, Default, "Cannot access 'www.7-zip.org/a/7zr.exe'" & @LF & @LF & "Check internet connection.", 99) Return SetError(1, 0, 0) EndIf FileCopy($s7zr, @ScriptFullPath & ":7zr.exe") ; get $s7za.exe ; https://7-zip.org/a/7z1900-extra.7z $s7za = _TempFile(Default, Default, "7z") $s7zaOut = _TempFile(Default, Default, "exe") InetGet("https://7-zip.org/a/7z" & $iSV & "00-extra.7z", $s7za) __Run($s7zr & ' e ' & $s7za & " -o" & $s7zaOut & " -y -i!7za.exe") FileCopy($s7zaOut & "\7za.exe", @ScriptFullPath & ":7za.exe") ; get $s7zSDMod.sfx ; https://web.archive.org/web/20160311112737if_/http://7zsfx.info/files/7zsd_150_2712.7z ; for more info see --> https://web.archive.org/web/20160423225741/http://7zsfx.info/en/ $s7zSDMod = _TempFile(Default, Default, "7z") $s7zSDModOut = _TempFile(Default, Default, "Out") InetGet("https://web.archive.org/web/20160311112737if_/http://7zsfx.info/files/7zsd_150_2712.7z", $s7zSDMod) __Run($s7zr & ' e ' & $s7zSDMod & " -o" & $s7zSDModOut & " -y -ir!*.sfx") FileCopy($s7zSDModOut & "\7zSD.sfx", @ScriptFullPath & ":7zSDMod.sfx") FileSetTime(@ScriptFullPath, "", 0) ; to erase old modification time of ADS files FileSetTime(@ScriptFullPath, "", 1) ; to erase old creation time of ADS files FileSetTime(@ScriptFullPath, "", 2) ; to erase old access time of ADS files FileDelete($s7zr) FileDelete($s7za) FileDelete($s7zSDMod) DirRemove($s7zaOut, 1) DirRemove($s7zSDModOut, 1) __Run("dir /R """ & StringTrimRight(@ScriptFullPath, 4) & "*.*""") Return 1 EndFunc ;==>_Download_7z Func __Run($sCommand, $CopyToConsole = Default) Local $iPID, $sTmp, $aTmp, $iEr, $iEx If Not ($CopyToConsole = 0 Or $CopyToConsole = 1) Then $CopyToConsole = Eval("Debug") $iPID = Run(@ComSpec & " /c chcp 1252 & " & $sCommand, "", @SW_HIDE, 8) ; $STDERR_MERGED(8) ProcessWaitClose($iPID) $iEr = @error $iEx = @extended $sTmp = StdoutRead($iPID) StdioClose($iPID) $aTmp = DllCall('user32.dll', 'Int', 'OemToChar', 'str', $sTmp, 'str', '') $sTmp = $aTmp[2] If $CopyToConsole Then __CW("Run command: >" & $sCommand & "<" & @CRLF & $sTmp & @CRLF & "Exit code: " & $iEx & @CRLF) Return SetError($iEx, $iEr, $sTmp) EndFunc ;==>__Run Func __CW($sText) If Not Eval("Debug") Then Return ;~ FileWriteLine(@ScriptFullPath & ".console.txt", $sText) ConsoleWrite($sText) EndFunc ;==>__CW Func __FileDelete($sFilePath) Local $iError, $sMsg, $iRet $iRet = _WinAPI_DeleteFile($sFilePath) $iError = _WinAPI_GetLastError() $sMsg = _WinAPI_GetLastErrorMessage() If $iRet Then Return MsgBox(64 + 262144, Default, $sFilePath & " deleted", 0) MsgBox(64 + 262144, Default, "Delete: " & $sFilePath & @CRLF & "iRet: " & $iRet & " Error: " & $iError & @CRLF & $sMsg, 0) Return 1 EndFunc ;==>__FileDelete Func __RemoteTargetDir() Local $T1 = @TAB, $T2 = @TAB & @TAB, $T5 = @TAB & @TAB & @TAB & @TAB & @TAB $sRDir = InputBox('Specify remote target directory', 'Enter 1, 2, 3 or remote system target directory string: (e.g. "C:\Test\Data")' & @LF & @LF & _ '1 = "."' & $T5 & 'Targetsystem current directory (where ZIP/EXE are stored) = Default' & @LF & _ '2 = "%ProgramFiles%\' & $sFileName & '"' & $T2 & 'Targetsystem programfiles directory' & @LF & _ '3 = "%UserProfile%\' & $sFileName & '"' & $T2 & 'Targetsystem profile directory' & @LF & _ '4 = "%UserProfile%\Desktop\' & $sFileName & '"' & $T1 & 'Targetsystem desktop directory' & @LF & _ '...', "1", " M", 600, 220) $sRDir = StringReplace($sRDir, '"', '') If Not StringInStr("1234%", StringLeft($sRDir, 1)) Then If StringRight($sRDir, 1) = "\" Then $sRDir = StringTrimRight($sRDir, 1) If Not StringInStr($sRDir, ":\") Then MsgBox(16 + 262144, Default, "Invalid target directory: " & $sRDir, 0) __CW("$sRDir is invalid: >" & $sRDir & "<" & @CRLF) Return SetError(27, 0, 0) EndIf EndIf __CW("$sRDir: >" & $sRDir & "<" & @CRLF) Return SetError(0, 0, 1) EndFunc ;==>__RemoteTargetDir ; End of Au3toCmd.au3 script The script can be called with a file name of an AU3 script as a parameter.
      If no name is entered, a query is made.
      Suggestions for improvement and bug reports are welcome.
    • By MarkIT
      Hi AutoIT masters,
      Good day! Sorry to have bothered this forum but we really need help. We are working on an automation project that is running on VDI server. The BOTS are in .exe are running fine until AV detected them and deleted the files. The files were re-compiled and AV kept on deleting them. The copy of the .exe BOT deleted were sent to Symantec for whitelisting. After whitelisting, it is no longer deleted but no longer working as designed (showing Line script error). We checked the scripts and there were no issues since we run it using SciTE editor and it performed the desired task. Good thing we found on this thread the solution using .a3x and the BOTS worked fine and no longer deleted. Now, the problem is they are asking why the BOTS won't run in .EXE and what is the reason behind Symantec AV deleting them. We raised a case with Symantec but they cannot provide further information as they are always seeing the file as "False Positive". We even tested with Symantec turned off and those .EXE files are working fine, however, after re-enabling, it got deleted.
      Just seeking help on how to better convince them that it is really Symantec causing the issue and the .a3x file.
    • By BigDaddyO
      I've recently been getting hammered by Symantec SEP deleting all of my compiled scripts so I'm trying to figure out how I could run my scripts uncompiled.
      Problem is, these scripts are typically launched from inside Citrix sessions that I don't have control of so I can't install AutoIT in there to get all the #Include files that my scripts are using.
      I tried to use AU3Stripper and while, yes that did create a single file and I could run it. it put it in a state that I couldn't easily maintain going forward.
       
      Is there any existing way to pull all the functions and drop them at the end of the main script?  Not sure about the Globals and Constants though, I guess they would have to go to the top which shoves everything else down.  I also need to maintain the current script spacing and comments as I often have to update older scripts and need the comments to help with that.
    • By Jblz619
      Hi there I have The smtp mailer by Jos working perfectly I wrote a user friendly GUI for it and everything. Just one question can you send signatures at the bottom of the email through the smtp. I assume maybe clipboard put and clipboard get to copy and paste the email into the body of the script email. Idk please help. Maybe use html idk im looking every where and can't find any awnsers.
      Maybe if I get the full html code for the email signature save it to a txt file. And then use file read and put it at the bottom of the email body? I will test it and let you guys know.
       
       
    • By Leo1906
      Hey there,
      I didn't really know how to name the titel .. so let me explain it a bit further.
      You all might know that a compiled Autoit-Exe gives an error message containing the Error and the line when it crashes. Often those messages aren't usefull because it states the line in the compiled script is not the line in your script if you have used includes. Decompiling the exe often doesn't help either. Well .. I don't want to start a discussion about the benefits of those messages.
      I just want to disable them. I want my exe to just fail an crash and that's it. Nothing more. When there's an error there's an error. Autoit is the only language I have ever noticed those message boxes.
      I think now you can understand me ..
      Do you know any way to do this?
      Some compiler options or so? Or is it that deep implemented in Autoit that it can't be removed?
      Thanks for your help!
      Leo1906
×
×
  • Create New...