-A GUI shell for compiling AutoHotKey scripts -
Related Forum/download:
http://www.autohotkey.com/forum/topic49952.html
Okay I launched a Diff on the same script.
Once compiled with the 'normal' AHK-Compiler and the other time with HotKeyCamo.
(Make sure the ahkExe is uncompressed. May be decompress it with 'Upx –d *.exe')
Okay here are the changes…
…and how to deal with them to be able to decompile the script with myAutToExe
Hmm well for better understand I put that part on the top(even when it comes last in the File)
The Compiled Script AutoIT File format:
--------------------------------------
AutoIt_Signature size 0x10 Bytes String "£HK..."
SubType size 0x1 Byte Should be 0x03 (0x01 AutoIT2; )
PassphraseLen size 0x4 Bytes [XorKey=0x000FAC1]
Passphrase size (depends on PassphraseLen)[StrKey=C3D2]
ResType size 0x4 Byte eString: "FILE" [ StrKey=16FA]
ScriptType eString ">AUTOIT SCRIPT<" [LenKey=29BC, StrKey=A25E]
CompiledPathName eString "C:\...\Temp\aut26A.tmp" [LenKey=29AC, StrKey=F25E]
IsCompressed size 0x1 Byte
ScriptSize Compressed size 0x4 Byte [XorKey=45AA]
Now the changes in the AHK-Interpreter stub that's at the beginning of each AHKExe
Critical Mod:
This Value is used the get the len of the Passphrase. (see below for FileFormat details)
MyAutToExe need to know that length to correct read in the Password and the data that follows.
So here you'll need to go into the source code
Search for ' FAC1' in the whole Project until you get here:
' ===> Get Script Password
Dim MD5PassphraseHash As New StringReader
If bIsOldScript Then
' Old AutoIT Script if branch...
' Move three bytes back since SubType is only 1 Byte but befroe we read 4 byte
.Move -3
MD5PassphraseHash = GetEncryptStr(64193, 50130, File) '&HFAC1, &HC3D2
Change the last line to
MD5PassphraseHash = GetEncryptStr(&H9484BF97, 50130, File) '&HFAC1, &HC3D2
Now it should work.
; HotkeyCamo ~0.9.5.0>
DetectHiddenText, On
SetTi…
Note that this is the len of the Passphrase. Usually that value will be in a range of 0 to 255
(0x000000 00 to 0x000000 FF).
So the this last three bytes will be the same nearly all the time xx 00 00 00 .
Goto to ScriptStart +0x11 there is 'B7 BF 84 94' or '9484BFB7'. So a search for the hexstring 'BF 84 94' in the uncompressed *.ahkExe will reveal that there a 97 before them and so the Full XorKeyValue is 97 BF 84 94 -> '9484BF97'.
And well there's as well an alternative in case you somehow can't find this '9484BF97' value (or I explained it to messy)
Change the code as the following:
' ===> Get Script Password
Dim MD5PassphraseHash As New StringReader
If bIsOldScript Then
' Old AutoIT Script if branch...
' Move three bytes back since SubType is only 1 Byte but before we read 4 byte
.Move -3
'MD5PassphraseHash = GetEncryptStr(64193, 50130, File) '&HFAC1, &HC3D2
'MD5PassphraseHash = GetEncryptStr(&H9484BF97, 50130, File) '&HFAC1, &HC3D2
.Move 4
Dim StrLen&
StrLen = 32
MD5PassphraseHash = DeCrypt(.FixedString(StrLen), 50130 + StrLen)
-> guess/changing the StrLen = 32 that long till it fits.
Okay now the rest of the changes:
Uncritical:
Hmm well it will mess updetection what script 'flavor' this script is and so the decompiled file will get the extension *.au3 (since AutoIT is the standard). But I think you can handle that ;)
Hint: Rename *.au3 -> *.ahk
Uncritical:
Check if myAutToExe correctly found the start of the script. (It's using the heuristic EndOf_PE-ExeFile => Start of Script)
So in the log there should be:
---> ScriptStartOffset: 00064E00
… else enter '64E00' in the Textbox (for the start offset of the script) manually
Click on yes if myAutToExe complains about invalid File marker.
(This JB01 thing don't comes into games since the script don't gets compressed)