DonationCoder.com Software > Post New Requests Here

All AutoHotkey (AHK) coders read: No more upx packing of compiled ahk utils

<< < (2/8) > >>

f0dder:
The AV vendors really need to get their sh!t together if merely being packed with a (non-modified) UPX sends their heuristics engines off the tracks... come on, it's easy to identify and unpack.

That said, I'm generally against packing of executable unless there's special reason for it; false positives isn't the only negative aspect of exepacking.

Stoic Joker:
That said, I'm generally against packing of executable unless there's special reason for it; false positives isn't the only negative aspect of exepacking.
-f0dder (January 08, 2010, 06:54 AM)
--- End quote ---
I never really got into the architecture stuff quite that far ... but I can follow it. I will have to (once again) conclude (as I did the first time I read that) that you have a solid case/argument against packers (I did already mention that I'd quite using them above...).

Nod5:
I completely understand the worries here. All my small programs fall into this category and some have been FP flagged before. I see that Mouser also posted at the AHK forum: http://www.autohotkey.com/forum/topic53129.html . Let's see what folks there reply. As mouser says (in that thread), as long UPX packing is default mode for Autohotkey any site admin that wants to avoid FP deflecting work would have to manually monitor compiled AHK uploads for UPX. Quick idea: maybe autohotkey could be changed so that is uses different colored icons for files compiled with UPX (standard green H) and withoug UPX (same H but blue background, for example)?  That would make spotting the UPX ones easier once you've got the files down into a folder.

ewemoa:
SO: If you are an ahk coder, go to your autohotkey /Compiler folder and delete the upx.exe executable.
-mouser (January 08, 2010, 05:48 AM)
--- End quote ---
For reference, renaming the upx.exe executable seems to be enough.

In my case I made a duplicate of the Compiler folder with a different name (plus renaming upx.exe) and pointed the custom scripts that build my AHK executables at the Ahk2Exe.exe that lives in this folder.  That seemed to work. 

So the contents of my AutoHotkey folder now look like:


* AutoScriptWriter\
* Compiler\
* CompilerNoUPX\  <-- this is the new folder that contains a renamed upx.exe
* Extras\
* AU3_Spy.exe
* AutoHotkey Website
* AutoHotkey.chm
* AutoHotkey.exe
* license.txt
I still have the option of using upx.exe locally -- though reading f0dder's "Packing, data handling, stuff - revision 2" posted above (thanks f0dder!) I wonder if I'll ever have use for upx.exe for the sorts of things I'm likely to do.

f0dder:
though reading f0dder's "Packing, data handling, stuff - revision 2" posted above (thanks f0dder!) I wonder if I'll ever have use for upx.exe for the sorts of things I'm likely to do.
-ewemoa (January 08, 2010, 05:45 PM)
--- End quote ---
Keep in mind that I'm not flat-all-out-against exepacking - it makes sense, for instance, if you distribute small tools as .exe downloads rather than .zip (which isn't necessarily a good idea, but for some stuff it's convenient). Or if your application is designed to occupy very little space (fSekrit comes to mind, since it saves it's executable with every encrypted note you make).

But for most stuff, you really should let the user decide, for the reasons mentioned in my article. Oh, and I see that the article doesn't even mention Windows Terminal Servers :) - even if your app is single-instance (and you thus don't expect much gain from code/data page sharing), on WTS it could be multiple-instance (across multiple user accounts, of course).

There's also the issue of virus scanners not just being anal about compression, but also scanning the files quite a bit slower than non-packed executables... I recall Jibz (iirc) being annoyed with FileZilla by default being compressed. And I've worked with machines slow enough that you could definitely tell loading speed difference, at least when the machine had antivirus software running.

This is drifting slightly off-topic - I'm pretty good at that :)

Navigation

[0] Message Index

[#] Next page

[*] Previous page