ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Other Software > Developer's Corner

How are these AutoHotkey script protected?

(1/6) > >>


I've been researching how to protect my AHK script from decompiling.  I understand that any binary can be decompiled but I'm not talking about people looking at an exe file's assembly language. I'm talking about people taking my compiled AHK script dropping it in to a decompiler and seeing the entire script plain as day.  So I'd given up on script protection and even considered <gasp> leaving AutoHotkey </gasp>.

But then I came across this page

I know the source script is readily available, but out of curiosity, I took a compiled exe and dropped it in to the decompiler and decompiler replied...

<Could not find pattern: >
<File seems not to be a valid compiled AHK Script or it uses an unknown protection.>

So I dropped some of the exe files into PEiD and it says: Microsoft Visual C++ 7.0 [Overlay]

So what is that?  Are these complied AHK scripts or C++ programs?  And if they are AHK scripts are they protected by something?  If so what?


Looks like they've been compressed with UPX, (usually an option when compiling both AutoHK and AutoIT).

Generally, now on DC for any scripts we write in AutoHK/AutoIT we don't compress with UPX after compiling due to the number of false positives given by AV software, (see here).

AV tends to regard almost anything packed with UPX as "possibly nasty" but here, I'll let mouser explain: mouser's pet peeve

[Oooppss! That was his anti-AutoIT pet peeve - oh well, holds true for his other ones :)]

I don't think it is UPX and here is why:

1. I can decompile AHK scripts compressed with UPX but I can't decompile these.

2. PEiD says "Nothing found *" on UPX packed scripts.  Whereas on the Skrommel exe files PEiD says, Microsoft Visual C++ 7.0 [Overlay].

However, it is possible that UPX was used with some command line arguments that I am unaware of but I doubt.

Sorry, my bad - it just happened the first couple I got were UPX'd.

Interesting question!
 AutoHotkey scripts are interpret on runtime, the AHK runtime is  bundled inside the .exe file and then interprets the script after 'unpacking' it from the .exe. Because of this any binary protection solution I've tried doesn't process AHK .exe files because it 'breaks out' the files and then evaluates. (my layman's understanding).

So I was under the impression that it wasn't possible, unless there is a AHK compiler that actually compiles AHK to exe files that do not require interpretation..

EDIT: perhaps it's using IronAHK:

When scripts are compiled the source code is not attached to the binary file so it cannot be decompiled. This is unlike AutoHotkey which stores a full copy of the script with the compiled .exe which can be extracted and decrypted or read from process memory when it is executed.
--- End quote ---


[0] Message Index

[#] Next page

Go to full version