zFrank Posted August 26, 2008 Posted August 26, 2008 hi there! i have some exe files in a folder and their attribs are +SHR. anyone can tell me how can i detect the Exe's which are created using AutoIt Script? how can i check them to know if they are autoit compiled exe's or not? maybe any expert or Developer will answer my questions. Thanks, WBR, [font="Georgia"]GSM Expert[/font] but not AutoIt :DProud to be Admin Of : http://www.gsmhosting.net/visit my Forum... http://www.gsmhosting.net/vbb/index.php$Life = "Happy" If @Error Then $Life = "Risk"
baghenamoth Posted August 26, 2008 Posted August 26, 2008 (edited) hi there! i have some exe files in a folder and their attribs are +SHR. anyone can tell me how can i detect the Exe's which are created using AutoIt Script? how can i check them to know if they are autoit compiled exe's or not? maybe any expert or Developer will answer my questions. Thanks, WBR, Well, maybe it can help even if I think that there is more simple solution but here is mine : with reshacker you can extract information about each exe. So you can run this command line : $s_ReshackerPath = "C:\Program Files\AutoIt3\SciTE\AutoIt3Wrapper\ResHacker.exe" $s_Destination = "C:\AutoIT\Test\txt\" $s_ExePath = "C:\toto\test.exe" $s_Destination = StringReplace($s_ExePath,".exe",".txt") RunWait('"' & $s_ReshackerPath & '" -extract ' & '"' & $s_ExePath & '","' & $s_Destination & '",24,1,') you have to read the txt file created and you can see this inside it : <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" processorArchitecture="*" version="6.0.0.0" name="mash" /> <description>AutoIt 3</description> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" /> </dependentAssembly> </dependency> </assembly> so you should extract <description>AutoIt 3</description> to guess Exe's created with AutoIt... Maybe someone have a script to read exe informations, so you'll don't have to use reshacker.... Edited August 26, 2008 by baghenamoth
zFrank Posted August 26, 2008 Author Posted August 26, 2008 but it extracts the info, how can script tell me that it is a Autoit or any other script? [font="Georgia"]GSM Expert[/font] but not AutoIt :DProud to be Admin Of : http://www.gsmhosting.net/visit my Forum... http://www.gsmhosting.net/vbb/index.php$Life = "Happy" If @Error Then $Life = "Risk"
baghenamoth Posted August 26, 2008 Posted August 26, 2008 but it extracts the info, how can script tell me that it is a Autoit or any other script?well, what I noticed in my test : for most of the exe the text file is not created because entry 24 doesn't exist. So you don't have to read it, you know that it's not autoit exe...For some others when entry exists (for exemple 7zG.exe available in 7-zip installation) it returns another description (empty).so you should read the file (which is xml) and search for this string <description>AutoIt 3</description> for exemple with _FileReadToArray()
Moderators SmOke_N Posted August 26, 2008 Moderators Posted August 26, 2008 It was easier to write it than explain it:#include <array.au3> Local $a = _FindAutoItExes() _ArrayDisplay($a) Func _FindAutoItExes() Local $a_wl = WinList("[REGEXPCLASS:AutoIt v3.*?]") Local $a_pl = ProcessList() Local $a_info[$a_pl[0][0] + 1][4], $i_add For $x = 1 To $a_wl[0][0] For $i = 1 To $a_pl[0][0] If WinGetProcess($a_wl[$x][1]) = $a_pl[$i][1] Then $i_add += 1 $a_info[$i_add][0] = $a_pl[$i][0] $a_info[$i_add][1] = $a_pl[$i][1] $a_info[$i_add][2] = $a_wl[$x][0] $a_info[$i_add][3] = $a_wl[$x][1] ExitLoop EndIf Next Next If Not $i_add Then Return SetError(1, 0, 0) ReDim $a_info[$i_add + 1][4] $a_info[0][0] = $i_add Return $a_info EndFunc Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.
weaponx Posted August 26, 2008 Posted August 26, 2008 From the description it looks like you have some exe's in a folder (not running) and you want to know which ones were made with AutoIt. Correct?
Moderators SmOke_N Posted August 26, 2008 Moderators Posted August 26, 2008 From the description it looks like you have some exe's in a folder (not running) and you want to know which ones were made with AutoIt. Correct?Oops. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.
rover Posted August 26, 2008 Posted August 26, 2008 (edited) reads last 8 bytes of exe filethere are many examples on the forum of this method, look for randallc's APITailRW.au3 UDFcppman http://www.autoitscript.com/forum/index.php?showtopic=73672 and otherslatest beta now has _WinAPI_SetFilePointer().this examples based on zorphnogs posthttp://www.autoitscript.com/forum/index.php?showtopic=74775and Smashlys _FileListToArrayR (Recursive)Edit: forgot includesexpandcollapse popup#include <Array.au3> #include <WinApi.au3> Opt("MustDeclareVars", 1) Global $hInFile, $aResult, $hBuffer, $nRead, $aAU3Files[1][4], $aArray Global $sAU3Files, $aFileList, $hBuffer, $sBuffer, $sVer1, $sVer2 Global $sFileDialogTitle = "Select a root folder to recursively search for AutoIt3 executables" Global $sPath = FileSelectFolder($sFileDialogTitle, "", 6, @ScriptDir) If @error Then Exit Local $aFL2AR = _FileListToArrayR($sPath, "exe", 1, 1) If @error Then Exit ConsoleWrite('-Total EXE files to process = ' & $aFL2AR[0] & @CRLF & @crlf) For $i = 1 To $aFL2AR[0] ;ConsoleWrite($aFL2AR[$i] & @CRLF) $hInFile = _WinAPI_CreateFile($aFL2AR[$i], 2, 2, 2) If $hInFile = 0 Then ContinueLoop $aResult = DllCall("Kernel32.dll", "dword", "SetFilePointer", "hwnd", $hInFile, "int", -8, "ptr", 0, "dword", 2) If @error Or IsArray($aResult) = 0 Then _WinAPI_CloseHandle($hInFile) ContinueLoop EndIf ;ConsoleWrite(" File pointer position: " & $aResult[0] & @LF) $hBuffer = DllStructCreate("ubyte buffer[8]") If _WinAPI_ReadFile($hInFile, DllStructGetPtr($hBuffer), 8, $nRead) Then ;ConsoleWrite(" [" & $nRead & "] bytes read" & @LF) $sBuffer = StringTrimLeft(DllStructGetData($hBuffer, "buffer"), 2) ;*char[n], byte[n] and ubyte[n] return all element data when index is omitted. _WinAPI_CloseHandle($hInFile) $hBuffer = "" Else _WinAPI_CloseHandle($hInFile) ContinueLoop EndIf If StringInStr($sBuffer, "41553321454130") Then ;ConsoleWrite($aFL2AR[$i] & @CRLF) ;ConsoleWrite($sBuffer & @CRLF) ;ConsoleWrite(BinaryToString("0x"&$sBuffer) & @CRLF & @CRLF) $sVer1 = FileGetVersion($aFL2AR[$i]) $sVer2 = FileGetVersion($aFL2AR[$i], "CompiledScript") $sAU3Files &= $aFL2AR[$i] & "|" & BinaryToString("0x"&$sBuffer) & "|" & $sVer1 & "|" & $sVer2 & ";" EndIf Next $aFileList = StringSplit(StringTrimRight($sAU3Files, 1), ";") $sAU3Files = 0 $aFL2AR = 0 ReDim $aAU3Files[$aFileList[0]][4] For $i = 0 To $aFileList[0] -1 $aArray = StringSplit($aFileList[$i], "|") For $i2 = 1 To $aArray[0] $aAU3Files[$i][$i2-1] = $aArray[$i2] Next Next $aFileList = 0 _ArrayDisplay($aAU3Files, "AutoIt3 executables", Default, Default, "|") Func _FileListToArrayR($sPath, $sExFilter = "", $iFlag = 0, $iRecurse = 0, $iDepth = 0) Local $hSearch, $sFile, $sRxpFilter, $asFileList If Not $iDepth Then Global $sHoldFiles = '' If Not FileExists($sPath) Then Return SetError(1, 1, "") If StringRegExp($sExFilter, "[\\/<>:*?]", 0) Then Return SetError(2, 2, "") If Not ($iFlag = 0 Or $iFlag = 1 Or $iFlag = 2) Then Return SetError(3, 3, "") If Not ($iRecurse = 0 Or $iRecurse = 1) Then Return SetError(4, 4, "") EndIf If StringRight($sPath, 1) <> "\" Then $sPath &= "\" If $sExFilter = "" Then $sRxpFilter = "." Else $sRxpFilter = "(?i)\.(" & $sExFilter & ")" EndIf $hSearch = FileFindFirstFile($sPath & "*") If $hSearch = -1 Then Return SetError(5, 5, "") While 1 $sFile = FileFindNextFile($hSearch) If @error Then ExitLoop If StringInStr(FileGetAttrib($sPath & $sFile), "D") Then If Not $iRecurse And $iFlag = 1 Then ContinueLoop If $iRecurse Then _FileListToArrayR($sPath & $sFile, $sExFilter, $iFlag, $iRecurse, $iDepth + 1) If $iFlag <> 1 Then $sHoldFiles &= $sPath & $sFile & "|" Else $sHoldFiles &= $sPath & $sFile & "|" EndIf ElseIf StringRegExp($sFile, $sRxpFilter, 0) And $iFlag <> 2 Then $sHoldFiles &= $sPath & $sFile & "|" EndIf WEnd FileClose($hSearch) If Not $iDepth Then $asFileList = StringSplit(StringTrimRight($sHoldFiles, 1), "|") $sHoldFiles = "" Return $asFileList EndIf EndFunc ;==>_FileListToArrayR Edited August 26, 2008 by rover I see fascists...
zFrank Posted August 26, 2008 Author Posted August 26, 2008 From the description it looks like you have some exe's in a folder (not running) and you want to know which ones were made with AutoIt. Correct? yes it's correct. i want to exclude the list of autoit exe's. [font="Georgia"]GSM Expert[/font] but not AutoIt :DProud to be Admin Of : http://www.gsmhosting.net/visit my Forum... http://www.gsmhosting.net/vbb/index.php$Life = "Happy" If @Error Then $Life = "Risk"
zFrank Posted August 26, 2008 Author Posted August 26, 2008 reads last 8 bytes of exe file there are many examples on the forum of this method, look for randallc's APITailRW.au3 UDF cppman http://www.autoitscript.com/forum/index.php?showtopic=73672 and others latest beta now has _WinAPI_SetFilePointer(). this examples based on zorphnogs post http://www.autoitscript.com/forum/index.php?showtopic=74775 and Smashlys _FileListToArrayR (Recursive) Edit: forgot includes expandcollapse popup#include <Array.au3> #include <WinApi.au3> Opt("MustDeclareVars", 1) Global $hInFile, $aResult, $hBuffer, $nRead, $aAU3Files[1][4], $aArray Global $sAU3Files, $aFileList, $hBuffer, $sBuffer, $sVer1, $sVer2 Global $sFileDialogTitle = "Select a root folder to recursively search for AutoIt3 executables" Global $sPath = FileSelectFolder($sFileDialogTitle, "", 6, @ScriptDir) If @error Then Exit Local $aFL2AR = _FileListToArrayR($sPath, "exe", 1, 1) If @error Then Exit ConsoleWrite('-Total EXE files to process = ' & $aFL2AR[0] & @CRLF & @crlf) For $i = 1 To $aFL2AR[0] ;ConsoleWrite($aFL2AR[$i] & @CRLF) $hInFile = _WinAPI_CreateFile($aFL2AR[$i], 2, 2, 2) If $hInFile = 0 Then ContinueLoop $aResult = DllCall("Kernel32.dll", "dword", "SetFilePointer", "hwnd", $hInFile, "int", -8, "ptr", 0, "dword", 2) If @error Or IsArray($aResult) = 0 Then _WinAPI_CloseHandle($hInFile) ContinueLoop EndIf ;ConsoleWrite(" File pointer position: " & $aResult[0] & @LF) $hBuffer = DllStructCreate("ubyte buffer[8]") If _WinAPI_ReadFile($hInFile, DllStructGetPtr($hBuffer), 8, $nRead) Then ;ConsoleWrite(" [" & $nRead & "] bytes read" & @LF) $sBuffer = StringTrimLeft(DllStructGetData($hBuffer, "buffer"), 2) ;*char[n], byte[n] and ubyte[n] return all element data when index is omitted. _WinAPI_CloseHandle($hInFile) $hBuffer = "" Else _WinAPI_CloseHandle($hInFile) ContinueLoop EndIf If StringInStr($sBuffer, "41553321454130") Then ;ConsoleWrite($aFL2AR[$i] & @CRLF) ;ConsoleWrite($sBuffer & @CRLF) ;ConsoleWrite(BinaryToString("0x"&$sBuffer) & @CRLF & @CRLF) $sVer1 = FileGetVersion($aFL2AR[$i]) $sVer2 = FileGetVersion($aFL2AR[$i], "CompiledScript") $sAU3Files &= $aFL2AR[$i] & "|" & BinaryToString("0x"&$sBuffer) & "|" & $sVer1 & "|" & $sVer2 & ";" EndIf Next $aFileList = StringSplit(StringTrimRight($sAU3Files, 1), ";") $sAU3Files = 0 $aFL2AR = 0 ReDim $aAU3Files[$aFileList[0]][4] For $i = 0 To $aFileList[0] -1 $aArray = StringSplit($aFileList[$i], "|") For $i2 = 1 To $aArray[0] $aAU3Files[$i][$i2-1] = $aArray[$i2] Next Next $aFileList = 0 _ArrayDisplay($aAU3Files, "AutoIt3 executables", Default, Default, "|") Func _FileListToArrayR($sPath, $sExFilter = "", $iFlag = 0, $iRecurse = 0, $iDepth = 0) Local $hSearch, $sFile, $sRxpFilter, $asFileList If Not $iDepth Then Global $sHoldFiles = '' If Not FileExists($sPath) Then Return SetError(1, 1, "") If StringRegExp($sExFilter, "[\\/<>:*?]", 0) Then Return SetError(2, 2, "") If Not ($iFlag = 0 Or $iFlag = 1 Or $iFlag = 2) Then Return SetError(3, 3, "") If Not ($iRecurse = 0 Or $iRecurse = 1) Then Return SetError(4, 4, "") EndIf If StringRight($sPath, 1) <> "\" Then $sPath &= "\" If $sExFilter = "" Then $sRxpFilter = "." Else $sRxpFilter = "(?i)\.(" & $sExFilter & ")" EndIf $hSearch = FileFindFirstFile($sPath & "*") If $hSearch = -1 Then Return SetError(5, 5, "") While 1 $sFile = FileFindNextFile($hSearch) If @error Then ExitLoop If StringInStr(FileGetAttrib($sPath & $sFile), "D") Then If Not $iRecurse And $iFlag = 1 Then ContinueLoop If $iRecurse Then _FileListToArrayR($sPath & $sFile, $sExFilter, $iFlag, $iRecurse, $iDepth + 1) If $iFlag <> 1 Then $sHoldFiles &= $sPath & $sFile & "|" Else $sHoldFiles &= $sPath & $sFile & "|" EndIf ElseIf StringRegExp($sFile, $sRxpFilter, 0) And $iFlag <> 2 Then $sHoldFiles &= $sPath & $sFile & "|" EndIf WEnd FileClose($hSearch) If Not $iDepth Then $asFileList = StringSplit(StringTrimRight($sHoldFiles, 1), "|") $sHoldFiles = "" Return $asFileList EndIf EndFunc ;==>_FileListToArrayR i got some error: >"C:\Program Files\AutoIt3\SciTE\..\autoit3.exe" /ErrorStdOut "C:\Documents and Settings\zFrank\Desktop\AutoIt exe.au3" -Total EXE files to process = 19 C:\Documents and Settings\zFrank\Desktop\AutoIt exe.au3 (16) : ==> Unknown function name.: $hInFile = _WinAPI_CreateFile($aFL2AR[$i], 2, 2, 2) $hInFile = ^ ERROR >Exit code: 1 Time: 12.876 [font="Georgia"]GSM Expert[/font] but not AutoIt :DProud to be Admin Of : http://www.gsmhosting.net/visit my Forum... http://www.gsmhosting.net/vbb/index.php$Life = "Happy" If @Error Then $Life = "Risk"
weaponx Posted August 26, 2008 Posted August 26, 2008 i got some error: >"C:\Program Files\AutoIt3\SciTE\..\autoit3.exe" /ErrorStdOut "C:\Documents and Settings\zFrank\Desktop\AutoIt exe.au3" -Total EXE files to process = 19 C:\Documents and Settings\zFrank\Desktop\AutoIt exe.au3 (16) : ==> Unknown function name.: $hInFile = _WinAPI_CreateFile($aFL2AR[$i], 2, 2, 2) $hInFile = ^ ERROR >Exit code: 1 Time: 12.876 You missed his note that he forgot the includes. Re-copy the script from above.
rover Posted August 26, 2008 Posted August 26, 2008 You missed his note that he forgot the includes. Re-copy the script from above.Oops. I see fascists...
zFrank Posted August 26, 2008 Author Posted August 26, 2008 @ rover @ weaponx Thanks to both of you for help! [font="Georgia"]GSM Expert[/font] but not AutoIt :DProud to be Admin Of : http://www.gsmhosting.net/visit my Forum... http://www.gsmhosting.net/vbb/index.php$Life = "Happy" If @Error Then $Life = "Risk"
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now