mrexodia Posted November 5, 2016 Posted November 5, 2016 @kao That was a fail I have slightly 'strengthened' the protection and it now shows: Attached v2 binaries, also updated the repository. @JohnReese Try your tools on this protected script. It was really easy to make Exe2Aut fail and it shouldn't be hard to extend this with more methods of protection against specific tools that people might try before actually having to reverse something manually. It's completely open source and free too! test1337_v2.rar 1
Happening Posted November 16, 2016 Posted November 16, 2016 On 05/11/2016 at 7:37 PM, mrexodia said: @kao That was a fail I have slightly 'strengthened' the protection and it now shows: Attached v2 binaries, also updated the repository. @JohnReese Try your tools on this protected script. It was really easy to make Exe2Aut fail and it shouldn't be hard to extend this with more methods of protection against specific tools that people might try before actually having to reverse something manually. It's completely open source and free too! test1337_v2.rar Decompiled test1337.exe.au3
mrexodia Posted November 17, 2016 Posted November 17, 2016 (edited) 15 hours ago, Happening said: Decompiled test1337.exe.au3 Congratulations... My point was that without some manual reverse engineering you couldn't do it. What did you do to decompile? Edited November 17, 2016 by mrexodia
evlncrn8 Posted November 17, 2016 Posted November 17, 2016 hang on a second, johnreese. your english isnt exactly fornicating perfect either "people here has understood" .. what ? and you claim to be in usa... oh you're out.. ok, byes... 1
Happening Posted December 4, 2016 Posted December 4, 2016 On 11/17/2016 at 1:52 PM, mrexodia said: Congratulations... My point was that without some manual reverse engineering you couldn't do it. What did you do to decompile? seek for a part of the AutoIt signature in memory (AU3!EA06 what's after the ! can change on older autoit versions), dump the memory page, execute myAut2Exe on it, or re-insert the script into the AutoIt stub (same version as original executable, version can be gotten by using the /AutoIt3ExecuteLine switch and macros), then use Exe2Aut (the reason to that is plain myAut2Exe may not support all scripts from newest versions of autoit while Exe2Aut does) impossible to prevent unless core autoit script storage and parsing is modified, too sad its closed source, good luck modifying the autoit bin by hand if you want to be "protected" 1
schoolboy Posted July 5, 2019 Posted July 5, 2019 @mrexodia https://github.com/mrexodia/SimpleAutoItCrypter/blob/master/README.md What exactly does he mean, can someone describe it?
evlncrn8 Posted July 5, 2019 Posted July 5, 2019 (edited) new to github huh ? or just too lazy ?.. https://github.com/mrexodia/SimpleAutoItCrypter read the readme.. its right there on the page when you visit... grab the code either git clone, or grab the zip etc... its simple... even an idiot could understand it... oh wait.. Edited July 5, 2019 by evlncrn8
schoolboy Posted July 5, 2019 Posted July 5, 2019 (edited) Not to download! i am asking to apply it to my autoit exe file. But there is a complex narrative ... Where is the SCRIPT.bin file? and How to make PSAPI.DLL file "C: \ Windows \ System32 \ psapi.dll" or "C: \ Windows \ SysWOW64 \ psapi.dll" I need to change the file PSAPI.DLL in the import directory. Edited January 3, 2020 by SoloTurk 1
evlncrn8 Posted July 6, 2019 Posted July 6, 2019 (edited) oh wow.. you dont make psapi.dll.. its a windows system component... you load it using LoadLibrary api or in the imports.. a simple psapi.dll .. no path nothing.. and the system decides which one to run, depending on what bitness the process is... do you even know what you're doing ? or what wow64 actually is ? did you even read the instructions on the github page ? (they explain where script.bin would be... hint : resources)... also, your picture isnt viewable (403)... Edited July 6, 2019 by evlncrn8
schoolboy Posted July 6, 2019 Posted July 6, 2019 @evlncrn8 edited image edited I don't have any script.bin
evlncrn8 Posted July 7, 2019 Posted July 7, 2019 open the exe in a resource editor, check its resources for the script...
schoolboy Posted July 12, 2019 Posted July 12, 2019 (edited) Sorry where did I fail. Does anyone know about how to do it? Edited January 3, 2020 by SoloTurk
evlncrn8 Posted July 12, 2019 Posted July 12, 2019 well that was painful to watch, i suggest you re-read the instructions before... and perhaps also learn how to use cff explorer...
schoolboy Posted April 15, 2020 Posted April 15, 2020 @mrexodia crypt.dll When we apply this, it cannot be packaged with any packers, for example, I think there is an error in Upx,dll encoding. Can you fix this, thanks. Created dll She searches the memory for the api address and makes an error when it reaches the end of the memory because she is not allowed to read other parts of the memory.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now