Sign in to follow this  
Followers 0
sohfeyr

EXE vs A3X

1 post in this topic

#1 ·  Posted (edited)

This is mostly for my own enlightenment, but also as an investigation into why runtime addition / injection of compiled material would be hard to implement. (If you are going to post a reply just to that sentence, please read the thread already linked to it. I believe JS when he says he thinks it would be hard; I just want to see if I can come up with a solution that might not have already been considered.)

Rest assurred I have no interest in cracking the encryption, and will happily abuse anyone who tries to turn this to nefarious purposes. (I love AutoIt, I hate viruses; I love software engineering, I hate software pirates...)

Question: Why is the compiled code different?

I understand that EXE=AutoIt3.lib + compiled AU3, while A3X is just the compiled AU3.

To see this, I wrote a very, very simple script:

ScriptB.au3

Func C()
    Msgbox(0,"Script B", "Func C")
EndFunc

Func D()
    Msgbox(0,"Script B", "Func D")
EndFunc

When compiled as an EXE, I get:

00030a00:a3 48 4b be 98 6c 4a a9 99 4c 53 0a 86 d6 48 7d £HK¾˜lJ©™LS.†ÖH}

00030a10:41 55 33 21 45 41 30 35 d4 1d 8c d9 8f 00 b2 04 AU3!EA05Ô.ŒÙ.².

00030a20:e9 80 09 98 ec f8 42 7e ff 6d b0 ce b3 29 00 00 é€.˜ìøB~ÿm°Î³)..

00030a30:17 25 d0 c9 e1 d6 ed 8a 23 26 47 dd b2 44 0f 85 .%ÐÉáÖíŠ#&GݲD.…

00030a40:29 00 00 78 51 95 ac 26 fa 72 57 fa dd 0c 67 ce )..xQ•¬&úrWúÝ.gÎ

00030a50:ee 1b fb cf 4f 03 63 16 f5 a6 79 a8 84 cc c8 f1 î.ûÏO.c.õ¦y¨„ÌÈñ

00030a60:8a 4d 71 3b b5 ae fb 46 98 11 7c b0 01 74 45 00 ŠMq;µ®ûF˜.|°.tE.

00030a70:00 3c 47 00 00 5d 99 ed a5 e6 ef c6 01 ca dd 42 .<G..]™í¥æïÆ.ÊÝB

00030a80:85 e6 ef c6 01 ca dd 42 85 6e 72 47 d7 9c 15 70 æïÆ.ÊÝB…nrGל.p

00030a90:e8 41 11 bd 21 6b 7c 01 9e a6 79 86 de 49 cd f2 èA.½!k|.ž¦y†ÞIÍò

00030aa0:39 38 b2 42 38 c3 b7 1f 1b ce 67 f0 f3 80 32 1d 98²B8÷..Îgðó€2.

00030ab0:ff 34 de 11 11 83 db 51 6c a4 b5 41 6b 0e cd a5 ÿ4Þ..ƒÛQl¤µAk.Í¥

00030ac0:a4 8c 53 4b 10 63 9a 55 23 91 67 e4 a0 51 e9 cd ¤ŒSK.cšU#‘gä QéÍ

00030ad0:23 af 30 7e e6 fb 05 d9 ef b5 e3 cf 64 af 47 a2 #¯0~æû.ÙïµãÏd¯G¢

00030ae0:e9 a0 5f 15 20 e7 f3 f8 ae 85 10 28 e5 b9 ec 10 é _. çóø®….(å¹ì.

00030af0:08 91 e7 e4 88 fd c8 2d e6 2a 9b b1 b0 11 34 cd .‘çäˆýÈ-æ*›±°.4Í

00030b00:34 5d 78 40 11 bf f9 2c bc 18 bb 3a 3e 7a 3e f0 4]x@.¿ù,¼.»:>z>ð

00030b10:ea 0e e3 b5 65 7d 1c 9f e3 f2 c1 26 dc eb 84 79 ê.ãµe}.ŸãòÁ&Üë„y

00030b20:62 08 96 13 28 2e fd c8 f7 96 b0 4c ef c8 e4 07 b.–.(.ýÈ÷–°LïÈä.

00030b30:81 84 73 41 83 38 ee fe 7a 65 f5 a4 6d 26 f6 f0 „sAƒ8îþzeõ¤m&öð

00030b40:81 fc bc f0 2f 17 48 54 10 f4 a8 23 c6 5e 25 1a ü¼ð/.HT.ô¨#Æ^%.

00030b50:a0 9d 4f 2c 6a 33 ce da 2b 5b 1c f2 47 68 52 a1 O,j3ÎÚ+[.òGhR¡

00030b60:01 5d c0 28 80 8a ed 41 55 33 21 45 41 30 35 -- .]À(€ŠíAU3!EA05

When compiled as an A3X I get:

00000000:a3 48 4b be 98 6c 4a a9 99 4c 53 0a 86 d6 48 7d £HK¾˜lJ©™LS.†ÖH}

00000010:41 55 33 21 45 41 30 35 d4 1d 8c d9 8f 00 b2 04 AU3!EA05Ô.ŒÙ.².

00000020:e9 80 09 98 ec f8 42 7e ff 6d b0 ce b3 29 00 00 é€.˜ìøB~ÿm°Î³)..

00000030:17 25 d0 c9 e1 d6 ed 8a 23 26 47 dd b2 44 0f 85 .%ÐÉáÖíŠ#&GݲD.…

00000040:29 00 00 78 51 95 ac 26 fa 72 57 fa dd 0c 67 ce )..xQ•¬&úrWúÝ.gÎ

00000050:ee 1b fb cf 4f 03 63 16 f5 a6 79 a8 84 cc c8 f1 î.ûÏO.c.õ¦y¨„ÌÈñ

00000060:8a 4d 71 3b b5 ae fb 4a 98 11 7c b0 01 74 45 00 ŠMq;µ®ûJ˜.|°.tE.

00000070:00 3c 47 00 00 5d 99 ed a5 e6 ef c6 01 c4 72 0d .<G..]™í¥æïÆ.Är.

00000080:f9 e6 ef c6 01 1e d5 0f f9 6e 72 47 d7 9c 15 70 ùæïÆ..Õ.ùnrGל.p

00000090:e8 41 11 bd 21 6b 7c 01 9e a6 79 86 de 49 cd f2 èA.½!k|.ž¦y†ÞIÍò

000000a0:39 38 b2 42 38 c3 b7 1f 1b ce 67 f0 f3 80 32 1d 98²B8÷..Îgðó€2.

000000b0:ff 34 de 11 11 83 db 51 6c a4 b5 41 6b 0e cd a5 ÿ4Þ..ƒÛQl¤µAk.Í¥

000000c0:a4 8c 53 4b 10 63 9a 55 23 91 67 e4 a0 51 e9 cd ¤ŒSK.cšU#‘gä QéÍ

000000d0:23 af 30 7e e6 fb 05 d9 ef b5 e3 cf 64 af 47 a2 #¯0~æû.ÙïµãÏd¯G¢

000000e0:e9 a0 5f 15 20 e7 f3 f8 ae 85 10 28 e5 b9 ec 10 é _. çóø®….(å¹ì.

000000f0:08 91 e7 e4 88 fd c8 2d e6 2a 9b b1 b0 11 34 cd .‘çäˆýÈ-æ*›±°.4Í

00000100:34 5d 78 40 11 bf f9 2c bc 18 bb 3a 3e 7a 3e f0 4]x@.¿ù,¼.»:>z>ð

00000110:ea 0e e3 b5 65 7d 1c 9f e3 f2 c1 26 dc eb 84 79 ê.ãµe}.ŸãòÁ&Üë„y

00000120:62 08 96 13 28 2e fd c8 f7 96 b0 4c ef c8 e4 07 b.–.(.ýÈ÷–°LïÈä.

00000130:81 84 73 41 83 38 ee fe 7a 65 f5 a4 6d 26 f6 f0 „sAƒ8îþzeõ¤m&öð

00000140:81 fc bc f0 2f 17 48 54 10 f4 a8 23 c6 5e 25 1a ü¼ð/.HT.ô¨#Æ^%.

00000150:a0 9d 4f 2c 6a 33 ce da 2b 5b 1c f2 47 68 52 a1 O,j3ÎÚ+[.òGhR¡

00000160:01 5d c0 28 80 8a ed 41 55 33 21 45 41 30 35 -- .]À(€ŠíAU3!EA05

The differences are marked in red. Does anyone know why they are different? (using release 3.2.1)

Edit: Anyone ever noticed you can't use the bold tag inside a code block or a font block?

Edited by sohfeyr

Share this post


Link to post
Share on other sites



Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0