Universal AutoIT Extractor and De-obfuscator
本帖最后由 风吹屁屁凉 于 2022-3-8 15:21 编辑Before use this tool I must warn you, that this tool should be used in VM (Virtual Machine), you can use it on a real OS, but I won't be responsible for any damage! You take responsibility for using this tool.
Also, some of the tools used are detected and blocked by some AV, so, please consider use the VM (eventually with AV disabled), or disable the AV for your own risk, if it won't work with any AutoIT compiled programs.
Q: Is the restarting the OS is really needed?
Reboot the OS is really needed
A: Yes, for firmly protected programs restarting the OS is really needed because of the missing device, the device will be available after restarting the OS. So, also because of that you should use the VM, instead of real OS.
Before restarting the OS, script adds itself to the run section for current user, so, it will be automatically executed after the OS starting again with current file to extract.
If you want to remove the the auto-execution after OS restarting, just execute it again and close - it will delete the run entry. For example, if you change decision.
I saw that some scripts after extraction has some function with random name before the "#NoTrayIcon", you need to comment it or delete, if the script does not work after compilation.
By the way, I added that now it saves All Resources of *.exe to a *.res file - use the "Resource Hacker" after re-compilation, to import all resources from extracted *.res file (with overwrite) for the newly compiled file.
Please take in mind that some AutoIT compiled programs can be dangerous for your OS and/or for the files you have!
Down:https://github.com/Wilenty/Universal-AutoIT-Extractor-and-De-obfuscator/releases 给个提醒,小心使用。
因为它要求必须无视杀毒软件,而且还需要重启系统。
我们最好提防它偷偷安装什么服务或驱动? 或是偷偷修改我们系统。
由于有源代码,最好是亲自检查过源代码,确定没问题之后,再自己编译一份来使用。 真机上使用过,好像会删除文件,还是不要在真机上用 下载试用了!只能用垃圾来表达 感谢提醒@ZeNiX @redapple2015 ZeNiX 发表于 2022-3-9 16:25
给个提醒,小心使用。
因为它要求必须无视杀毒软件,而且还需要重启系统。
github 没有源代码吧? 小小随 发表于 2022-3-10 11:48
github 没有源代码吧?
谢谢提醒,我去下载了 Source Code 回来看,确实里面放的不是源代码。 能支持那些可 本帖最后由 冥界3大法王 于 2022-5-11 09:07 编辑
记得这玩意和AHK出于本源,一个dump,大部分脚本加密都是瞎忙。
这玩意有点古怪。 嗯嗯嗯,我就不客气的收走了哈,感谢楼主~!{:1_893:}
页:
[1]
2