Sign in to follow this  
Followers 0
Synthesis

WinTools v1.0

13 posts in this topic

After I've started learning AutoIT in Winter 2008, I've began writing a Command Prompt based program, but with GUI.

After 2 months of working, I finally finished the program (21 April 2009)

Posted Image

Download exe

Download source

PS : The program is made not only with AutoIT, but also some other stuff

PS2 : I will make a v2.0 of the program in autumn 2009

PS3 : Note that this is my first program with GUI. I know know that the script sucks, and I will make v2.0 only in AutoIT.

PS4 : The source code can be a little different that the exe because I tryed to update it, but failed. V2.0 will be better.

PS5 : Not advertising with this program. I was dedicated to other forums (=another idiot) when I made the script.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Would like to try it, but...

My Avast saying there is trojan in the archive, even before i downloaded it:

http://doomclip.webs.com/wintools.rar\WiN tools v1.0 public edition\db\batch\16.exe
Win32:Agent-AEPJ [Trj]

>_<

P.S

Online check with drweb.com also showing that there is a virus: http://online.drweb.com/result?url=http://doomclip.webs.com/wintools.rar

Edited by MrCreatoR

Using OS: Win 7 Professional, Using AutoIt Ver(s): 3.3.6.1 / 3.3.8.1

AutoIt_Rus_Community.png AutoIt Russian Community

My Work...

AutoIt_Icon_small.pngProjects: ATT - Application Translate Tool {new}| BlockIt - Block files & folders {new}| SIP - Selected Image Preview {new}| SISCABMAN - SciTE Abbreviations Manager {new}| AutoIt Path Switcher | AutoIt Menu for Opera! | YouTube Download Center! | Desktop Icons Restorator | Math Tasks | KeyBoard & Mouse Cleaner | CaptureIt - Capture Images Utility | CheckFileSize Program

AutoIt_Icon_small.pngUDFs: OnAutoItErrorRegister - Handle AutoIt critical errors {new}| AutoIt Syntax Highlight {new}| Opera Library! | Winamp Library | GetFolderToMenu | Custom_InputBox()! | _FileRun UDF | _CheckInput() UDF | _GUIInputSetOnlyNumbers() UDF | _FileGetValidName() UDF | _GUICtrlCreateRadioCBox UDF | _GuiCreateGrid() | _PathSplitByRegExp() | _GUICtrlListView_MoveItems - UDF | GUICtrlSetOnHover_UDF! | _ControlTab UDF! | _MouseSetOnEvent() UDF! | _ProcessListEx - UDF | GUICtrl_SetResizing - UDF! | Mod. for _IniString UDFs | _StringStripChars UDF | _ColorIsDarkShade UDF | _ColorConvertValue UDF | _GUICtrlTab_CoverBackground | CUI_App_UDF | _IncludeScripts UDF | _AutoIt3ExecuteCode | _DragList UDF | Mod. for _ListView_Progress | _ListView_SysLink | _GenerateRandomNumbers | _BlockInputEx | _IsPressedEx | OnAutoItExit Handler | _GUICtrlCreateTFLabel UDF | WinControlSetEvent UDF | Mod. for _DirGetSizeEx UDF
 
AutoIt_Icon_small.pngExamples: 
ScreenSaver Demo - Matrix included | Gui Drag Without pause the script | _WinAttach()! | Turn Off/On Monitor | ComboBox Handler Example | Mod. for "Thinking Box" | Cool "About" Box | TasksBar Imitation Demo

Like the Projects/UDFs/Examples? Please rate the topic (up-right corner of the post header: Rating AutoIt_Rating.gif)

* === My topics === *

==================================================
My_Userbar.gif
==================================================

AutoIt is simple, subtle, elegant. © AutoIt Team

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

I know, I know it is detected by AV-s. I don't know what I messed up in the code.

Take the script and run it in AutoIT. It is simpler this way.

I dont think (hope) that anything is messed up in your code.

I can think of three possible reasons for the virus.

1. As you say, the application is not compiled with the latest version of AutoIT. And it might be an old false positive.

2. Some of all the files that you supply with the sources might be infected

3. This specific file/application is a virus and the AV-companies have flagged it as one.

And why have all those small exes anyway?

Why not use:

case $msg = $calc
run (@Windir & "\system32\calc.exe") ;@Windir & "\system32\" not really needed as the folder is in the environment variable %path%

Instead of

case $msg = $calc
run ("db\batch\12.exe")
Edited by colafrysen

[font="Impact"]Use the helpfile, It´s one of the best exlusive features of Autoit.[/font]http://support.microsoft.com/kb/q555375ALIBI Run - a replacement for the windows run promptPC Controller - an application for controlling other PCs[size="1"]Science flies us to the moon. Religion flies us into buildings.[/size][size="1"]http://bit.ly/cAMPZV[/size]

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

I dont think (hope) that anything is messed up in your code.

I can think of three possible reasons for the virus.

1. As you say, the application is not compiled with the latest version of AutoIT. And it might be an old false positive.

2. Some of all the files that you supply with the sources might be infected

3. This specific file/application is a virus and the AV-companies have flagged it as one.

And why have all those small exes anyway?

Why not use:

case $msg = $calc
run (@Windir & "\system32\calc.exe") ;@Windir & "\system32\" not really needed as the folder is in the environment variable %path%

Instead of

case $msg = $calc
run ("db\batch\12.exe")

@ 1. I created it in April 2009.

@ 2. I used to make as you say "run ("db\batch\XX.exe")" instead of "_rundos ("COMMAND")"

Edit : now i know why it is detected. The 1,2,3,4,5.exe stuff are compiled batch files which are mostly detected..

Edited by Nephentes

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

Edit : now i know why it is detected. The 1,2,3,4,5.exe stuff are compiled batch files which are mostly detected..

Compiled batch files? I am just curious but what batch file compiler did you use to fabricate them?

I am curious because it uses a method of embedding another Executable within the data

section of the primary binary (which is simply packed with upx)

The flags are likely if an Av detects 2 or more executable headers in a single file,

quite a few will detect this as a classic (but oldschool) dropper tactic. even if no harm is meant.

Not slinging any mud here dude, like I said just curious. besides the only batch compilers I have come across

are either ancient or require some sort of stub to work.

I would really consider doing those n.exe parts as pure Au3 code (like others suggested),

since for the most part each just executes a particular module or feature in windows. It would decrease the size of your project and lose 'some' of those Av flags.

Vlad

Edited by Mobius

Share this post


Link to post
Share on other sites

I just saw couple minutes ago the auther's link.

http://www.autoitscript.com/forum/index.php?showtopic=99541

Very interesting chat...


Be Green Now or Never (BGNN)!

Share this post


Link to post
Share on other sites

Compiled batch files? I am just curious but what batch file compiler did you use to fabricate them?

I am curious because it uses a method of embedding another Executable within the data

section of the primary binary (which is simply packed with upx)

The flags are likely if an Av detects 2 or more executable headers in a single file,

quite a few will detect this as a classic (but oldschool) dropper tactic. even if no harm is meant.

Not slinging any mud here dude, like I said just curious. besides the only batch compilers I have come across

are either ancient or require some sort of stub to work.

I would really consider doing those n.exe parts as pure Au3 code (like others suggested),

since for the most part each just executes a particular module or feature in windows. It would decrease the size of your project and lose 'some' of those Av flags.

Vlad

The source of the batch files look something like :

@echo off

start calc.exe

It is compiled with...upx..

Share this post


Link to post
Share on other sites

I guess it's best if you simply write the commands in ONE autoit script. It won't give you any virus alarms, and no one has a reason not to trust you. >_


[font="Courier New"]http://RomanK.hondadesigns.com[/font]

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

The source of the batch files look something like :

@echo off

start calc.exe

I am staring right at all that sort of stuff in my string dump.

ok ok, it is not a batch file compiler just some sort of home made hybrid.... you could of just said that.

What I do find interesting is that in the AutoHotkey part of your project, you have correctly used the 'Run'

function on the targets that the 'batches' are used to execute in the AutoIt3 script....... hmmm,

why not just use the Run function from Au3??? (rhetorical question) or just batch files?? (another)

After shredding the entire thing, the only part of your project that actually gives me pause for thought

is the 'graf.exe' tool, which uses functionality and api that a 'Graffiti program' has no real excuse to be using.

(This could well just be the .net MSIL stub that was used at build time however.)

It is compiled with...upx..

upx is an Executable compressor and not a compiler.

Ed: 15yr old! Noooooooooooooooooooooooooooooooo

Vlad

Edited by Mobius

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0