Need help understanding autoit decompilation...
|
02-04-2013, 11:40 AM
(This post was last modified: 02-06-2013 06:50 PM by Unc3nZureD.)
Post: #1
|
|||
|
|||
Need help understanding autoit decompilation...
I'm trying to learn decompiling autoit scripts with more or less success. I can easily extract the a3x, after this using myAutToExe it's easy to get the script. The only problem comes when I try to decompile a script compiled with Au3Camo
It uses some kinda "fuzzier" which makes the a3x itself different, not even readable for the basic stub. How could I reverse it to source? |
|||
02-06-2013, 06:50 PM
Post: #2
|
|||
|
|||
RE: Need help understanding autoit decompilation...
Could you help me?
|
|||
02-16-2013, 06:31 AM
Post: #3
|
|||
|
|||
RE: Need help understanding autoit decompilation...
in MyAut2Exe try the new functions
[More Options >>] [GetCamo's] This uses some RegExp pattern to grab the needed camo vectors from the Au3-exe-stub. ^- Note that this function only works if the target is unpacked. So if it's packed with Upx or other packer just unpack or dump the Exe from memory(via LordPE or Procdump). The dump don't need to be runable or contain the script. Just use the dump file to get the camo vectors and then select the real script file. |
|||
02-19-2013, 06:19 PM
Post: #4
|
|||
|
|||
RE: Need help understanding autoit decompilation...
A guys sent me a script which is protected. I tried to decompile it, here's the result:
- It was protected with AsPack [--- Successfully unpacked---] - Found the a3x (basic place - overlay) - the a3x works with the stub, but not with the original one. I've got no idea how to decrypt it. Here's the file. I hope you can deal with it If so, please help me how you did it Thanks! http://www41.zippyshare.com/v/10804315/file.html |
|||
02-21-2013, 06:12 PM
(This post was last modified: 02-21-2013 06:24 PM by cw2k.)
Post: #5
|
|||
|
|||
RE: Need help understanding autoit decompilation...
Decompiled
See attachment for MyAuT2Exe setting. Well the GetCamo's function is not perfect. And don't come along well with !Au3 Version 3.3.9.4. I'll try to improve the search patterns. So be a little critical about results and may delete 'strange' values to restore the Au3-defaults. Original script: http://blackscripts.net/index.php?/topic...or-script/ |
|||
« Next Oldest | Next Newest »
|
User(s) browsing this thread: 1 Guest(s)