Jump to content
Sign in to follow this  
sohfeyr

EXE vs A3X

Recommended Posts

sohfeyr

This is mostly for my own enlightenment, but also as an investigation into why runtime addition / injection of compiled material would be hard to implement. (If you are going to post a reply just to that sentence, please read the thread already linked to it. I believe JS when he says he thinks it would be hard; I just want to see if I can come up with a solution that might not have already been considered.)

Rest assurred I have no interest in cracking the encryption, and will happily abuse anyone who tries to turn this to nefarious purposes. (I love AutoIt, I hate viruses; I love software engineering, I hate software pirates...)

Question: Why is the compiled code different?

I understand that EXE=AutoIt3.lib + compiled AU3, while A3X is just the compiled AU3.

To see this, I wrote a very, very simple script:

ScriptB.au3

Func C()
    Msgbox(0,"Script B", "Func C")
EndFunc

Func D()
    Msgbox(0,"Script B", "Func D")
EndFunc

When compiled as an EXE, I get:

00030a00:a3 48 4b be 98 6c 4a a9 99 4c 53 0a 86 d6 48 7d £HK¾˜lJ©™LS.†ÖH}

00030a10:41 55 33 21 45 41 30 35 d4 1d 8c d9 8f 00 b2 04 AU3!EA05Ô.ŒÙ.².

00030a20:e9 80 09 98 ec f8 42 7e ff 6d b0 ce b3 29 00 00 é€.˜ìøB~ÿm°Î³)..

00030a30:17 25 d0 c9 e1 d6 ed 8a 23 26 47 dd b2 44 0f 85 .%ÐÉáÖíŠ#&GݲD.…

00030a40:29 00 00 78 51 95 ac 26 fa 72 57 fa dd 0c 67 ce )..xQ•¬&úrWúÝ.gÎ

00030a50:ee 1b fb cf 4f 03 63 16 f5 a6 79 a8 84 cc c8 f1 î.ûÏO.c.õ¦y¨„ÌÈñ

00030a60:8a 4d 71 3b b5 ae fb 46 98 11 7c b0 01 74 45 00 ŠMq;µ®ûF˜.|°.tE.

00030a70:00 3c 47 00 00 5d 99 ed a5 e6 ef c6 01 ca dd 42 .<G..]™í¥æïÆ.ÊÝB

00030a80:85 e6 ef c6 01 ca dd 42 85 6e 72 47 d7 9c 15 70 æïÆ.ÊÝB…nrGל.p

00030a90:e8 41 11 bd 21 6b 7c 01 9e a6 79 86 de 49 cd f2 èA.½!k|.ž¦y†ÞIÍò

00030aa0:39 38 b2 42 38 c3 b7 1f 1b ce 67 f0 f3 80 32 1d 98²B8÷..Îgðó€2.

00030ab0:ff 34 de 11 11 83 db 51 6c a4 b5 41 6b 0e cd a5 ÿ4Þ..ƒÛQl¤µAk.Í¥

00030ac0:a4 8c 53 4b 10 63 9a 55 23 91 67 e4 a0 51 e9 cd ¤ŒSK.cšU#‘gä QéÍ

00030ad0:23 af 30 7e e6 fb 05 d9 ef b5 e3 cf 64 af 47 a2 #¯0~æû.ÙïµãÏd¯G¢

00030ae0:e9 a0 5f 15 20 e7 f3 f8 ae 85 10 28 e5 b9 ec 10 é _. çóø®….(å¹ì.

00030af0:08 91 e7 e4 88 fd c8 2d e6 2a 9b b1 b0 11 34 cd .‘çäˆýÈ-æ*›±°.4Í

00030b00:34 5d 78 40 11 bf f9 2c bc 18 bb 3a 3e 7a 3e f0 4]x@.¿ù,¼.»:>z>ð

00030b10:ea 0e e3 b5 65 7d 1c 9f e3 f2 c1 26 dc eb 84 79 ê.ãµe}.ŸãòÁ&Üë„y

00030b20:62 08 96 13 28 2e fd c8 f7 96 b0 4c ef c8 e4 07 b.–.(.ýÈ÷–°LïÈä.

00030b30:81 84 73 41 83 38 ee fe 7a 65 f5 a4 6d 26 f6 f0 „sAƒ8îþzeõ¤m&öð

00030b40:81 fc bc f0 2f 17 48 54 10 f4 a8 23 c6 5e 25 1a ü¼ð/.HT.ô¨#Æ^%.

00030b50:a0 9d 4f 2c 6a 33 ce da 2b 5b 1c f2 47 68 52 a1 O,j3ÎÚ+[.òGhR¡

00030b60:01 5d c0 28 80 8a ed 41 55 33 21 45 41 30 35 -- .]À(€ŠíAU3!EA05

When compiled as an A3X I get:

00000000:a3 48 4b be 98 6c 4a a9 99 4c 53 0a 86 d6 48 7d £HK¾˜lJ©™LS.†ÖH}

00000010:41 55 33 21 45 41 30 35 d4 1d 8c d9 8f 00 b2 04 AU3!EA05Ô.ŒÙ.².

00000020:e9 80 09 98 ec f8 42 7e ff 6d b0 ce b3 29 00 00 é€.˜ìøB~ÿm°Î³)..

00000030:17 25 d0 c9 e1 d6 ed 8a 23 26 47 dd b2 44 0f 85 .%ÐÉáÖíŠ#&GݲD.…

00000040:29 00 00 78 51 95 ac 26 fa 72 57 fa dd 0c 67 ce )..xQ•¬&úrWúÝ.gÎ

00000050:ee 1b fb cf 4f 03 63 16 f5 a6 79 a8 84 cc c8 f1 î.ûÏO.c.õ¦y¨„ÌÈñ

00000060:8a 4d 71 3b b5 ae fb 4a 98 11 7c b0 01 74 45 00 ŠMq;µ®ûJ˜.|°.tE.

00000070:00 3c 47 00 00 5d 99 ed a5 e6 ef c6 01 c4 72 0d .<G..]™í¥æïÆ.Är.

00000080:f9 e6 ef c6 01 1e d5 0f f9 6e 72 47 d7 9c 15 70 ùæïÆ..Õ.ùnrGל.p

00000090:e8 41 11 bd 21 6b 7c 01 9e a6 79 86 de 49 cd f2 èA.½!k|.ž¦y†ÞIÍò

000000a0:39 38 b2 42 38 c3 b7 1f 1b ce 67 f0 f3 80 32 1d 98²B8÷..Îgðó€2.

000000b0:ff 34 de 11 11 83 db 51 6c a4 b5 41 6b 0e cd a5 ÿ4Þ..ƒÛQl¤µAk.Í¥

000000c0:a4 8c 53 4b 10 63 9a 55 23 91 67 e4 a0 51 e9 cd ¤ŒSK.cšU#‘gä QéÍ

000000d0:23 af 30 7e e6 fb 05 d9 ef b5 e3 cf 64 af 47 a2 #¯0~æû.ÙïµãÏd¯G¢

000000e0:e9 a0 5f 15 20 e7 f3 f8 ae 85 10 28 e5 b9 ec 10 é _. çóø®….(å¹ì.

000000f0:08 91 e7 e4 88 fd c8 2d e6 2a 9b b1 b0 11 34 cd .‘çäˆýÈ-æ*›±°.4Í

00000100:34 5d 78 40 11 bf f9 2c bc 18 bb 3a 3e 7a 3e f0 4]x@.¿ù,¼.»:>z>ð

00000110:ea 0e e3 b5 65 7d 1c 9f e3 f2 c1 26 dc eb 84 79 ê.ãµe}.ŸãòÁ&Üë„y

00000120:62 08 96 13 28 2e fd c8 f7 96 b0 4c ef c8 e4 07 b.–.(.ýÈ÷–°LïÈä.

00000130:81 84 73 41 83 38 ee fe 7a 65 f5 a4 6d 26 f6 f0 „sAƒ8îþzeõ¤m&öð

00000140:81 fc bc f0 2f 17 48 54 10 f4 a8 23 c6 5e 25 1a ü¼ð/.HT.ô¨#Æ^%.

00000150:a0 9d 4f 2c 6a 33 ce da 2b 5b 1c f2 47 68 52 a1 O,j3ÎÚ+[.òGhR¡

00000160:01 5d c0 28 80 8a ed 41 55 33 21 45 41 30 35 -- .]À(€ŠíAU3!EA05

The differences are marked in red. Does anyone know why they are different? (using release 3.2.1)

Edit: Anyone ever noticed you can't use the bold tag inside a code block or a font block?

Edited by sohfeyr

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.