首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
[求助]Autoit反编译
发表于: 2016-2-24 09:49 8507

[求助]Autoit反编译

gaomingwei 活跃值
2016-2-24 09:49
8507
小弟试过各种Autoit反编译工具均失败,不知所云,故请大神们帮忙看看,在此跪谢各位大神!

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

上传的附件:
收藏
免费 0
支持
分享
最新回复 (6)
hulucc
雪    币: 81
活跃值: (105)
能力值: ( LV3,RANK:20 )
在线值:
发帖
回帖
粉丝
私信
2
autoit好像是lua改造的吧
2016-2-24 14:55
0
suetorp
雪    币: 328
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3 
#NoTrayIcon
#Region
#AccAu3Wrapper_Icon=H:\!程序图标修改专家\LABEL.ICO
#AccAu3Wrapper_OutFile_x64=hpbf.exe
#AccAu3Wrapper_UseUpx=Y
#AccAu3Wrapper_UseX64=Y
#AccAu3Wrapper_Res_Description=浏览器首页保护程序,如被安全软件误报,请添加信任或者忽略!
#AccAu3Wrapper_Res_Fileversion=1.0.0.1
#AccAu3Wrapper_Res_ProductVersion=1.0
#AccAu3Wrapper_Res_Language=2052
#AccAu3Wrapper_Res_requestedExecutionLevel=None
#AccAu3Wrapper_Res_Field=Au3.Cc|Au3编程学习网
#AccAu3Wrapper_Run_Tidy=Y
#AccAu3Wrapper_Antidecompile=y
#EndRegion
PROCESSCLOSE  ( "UCAgent.exe"  ) 
PROCESSCLOSE  ( "UCService.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta5.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta6.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta7.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta8.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta9.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta10.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta11.exe"  ) 
PROCESSCLOSE  ( "Protect_2345chrome.exe"  ) 
PROCESSCLOSE  ( "Protect_2345Explorer.exe"  ) 
FILEDELETE  ( "C:\Users\Public\Desktop\软件管理.lnk"  ) 
FILEDELETE  ( "C:\Users\Public\Desktop\网址大全.lnk"  ) 
FILEDELETE  ( "C:\Users\Administrator\Desktop\上网导航.lnk"  ) 
FILEDELETE  ( "C:\Users\Administrator\Desktop\网址大全.lnk"  ) 
FILEDELETE  ( "C:\Users\Administrator\Desktop\淘宝网.lnk"  ) 
FILEDELETE  ( "C:\Users\Administrator\Desktop\好123网址导航.lnk"  ) 
FILEDELETE  ( "C:\Users\Administrator\Desktop\百度一下.lnk"  ) 
FILEDELETE  ( "C:\Users\Administrator\Desktop\绿色浏览器.lnk"  ) 
FILEDELETE  ( "C:\Users\Administrator\Desktop\软件管理.lnk"  ) 
FILEDELETE  ( "C:\Users\Administrator\Desktop\360软件管家.lnk"  ) 
FILEINSTALL  ( "QWeb Data"  , "C:\Users\Administrator\AppData\Local\Tencent\QQBrowser\User Data\Default\Web Data"  , 1  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\360\360se5\se6"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\360\360se5\se6"  , "homepage"  , "REG_SZ"  , "NCxodHRwOi8vd3d3LmllOTkwLmNvbS97NGI3OWFmYzVlYWQ5NjAzMThhYjM2Zjk4NDU4M2Y1Njd9ezNmMjE4MTI4Y2YyMTVhY2M5YTRhNTU5MDdmY2U3OGM2fQ=="  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\360\360se6\Chrome"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\360\360se6\Chrome"  , "homepage"  , "REG_SZ"  , "NCxodHRwOi8vd3d3LmllOTkwLmNvbS97NGI3OWFmYzVlYWQ5NjAzMThhYjM2Zjk4NDU4M2Y1Njd9ezNmMjE4MTI4Y2YyMTVhY2M5YTRhNTU5MDdmY2U3OGM2fQ=="  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\360Chrome\Chrome"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\360Chrome\Chrome"  , "pid"  , "REG_SZ"  , "oemhxtxz"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\360Chrome\Homepage\Default"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\360Chrome\Homepage\Default"  , "homepage"  , "REG_SZ"  , "aHR0cDovL3d3dy5pZTk5MC5jb20vezJhZDk4ODE0NTJhMTNmYTljOWRjZjYzMmNjZTIxYmEyfXtjZjhiYzk5NmIwOTAyOTI3MDcwMWIwMjJjNTUzOTdhYn0="  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\360Chrome\Homepage\Default"  , "urls_to_restore_on_startup"  , "REG_SZ"  , "aHR0cDovL3d3dy5pZTk5MC5jb20vLHs0Yzk5ZDA1MzkxZjEzYWI0ZTgwNDlkMjAzMWZiOTQ5NX17OTUxMzVlOTMzYzJiMGEzMGZmZTM4MDk4NDJiYjc5ZTR9"  ) 
FILEINSTALL  ( "3cWeb Data"  , "C:\Users\Administrator\AppData\Roaming\360Chrome\User Data\Default\Web Data"  , 1  ) 
FILEINSTALL  ( "3Web Data"  , "C:\Users\Administrator\AppData\Roaming\360se6\User Data\Default\Web Data"  , 1  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main"  , "First Home Page"  , "REG_SZ"  , "www.ie880.com"  ) 
REGWRITE  ( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN"  ) 
REGWRITE  ( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN"  , "First Home Page"  , "REG_SZ"  , "www.ie880.com"  ) 
REGWRITE  ( "HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\MAIN"  ) 
REGWRITE  ( "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main"  , "First Home Page"  , "REG_SZ"  , "www.ie880.com"  ) 
REGWRITE  ( "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\2345Explorer"  ) 
REGWRITE  ( "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\2345Explorer"  , "Value7"  , "REG_SZ"  , "www.ie618.com                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   18136"  ) 
REGWRITE  ( "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\2345chrome"  ) 
REGWRITE  ( "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\2345chrome"  , "Value7"  , "REG_SZ"  , "www.ie618.com                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   18136"  ) 
FILEINSTALL  ( "2CPreferencesV2"  , "C:\Users\Administrator\AppData\Local\2345chrome\User Data\Default\PreferencesV2"  , 1  ) 
FILEINSTALL  ( "2Cpage_file.dat"  , "C:\Users\Administrator\AppData\Local\2345chrome\User Data\Default\page_file.dat"  , 1  ) 
FILEINSTALL  ( "2PreferencesV2"  , "C:\Users\Administrator\AppData\Local\2345Explorer\User Data\Default\PreferencesV2"  , 1  ) 
FILEINSTALL  ( "2page_file.dat"  , "C:\Users\Administrator\AppData\Local\2345Explorer\User Data\Default\page_file.dat"  , 1  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\SogouExplorer"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\SogouExplorer"  , "hid"  , "REG_SZ"  , "ED42D09603E55F11E7E371C370CA27B8"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\SogouExplorer\ti"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\SogouExplorer\ti"  , "HardwareID"  , "REG_BINARY"  , "08af965600000000"  ) 
FILEINSTALL  ( "config.xml"  , "C:\Users\Administrator\AppData\Roaming\SogouExplorer\config.xml"  , 1  ) 
FILEINSTALL  ( "commcfg.xml"  , "C:\Users\Administrator\AppData\Roaming\SogouExplorer\commcfg.xml"  , 1  ) 
FILEINSTALL  ( "SPreferences"  , "C:\Users\Administrator\AppData\Roaming\SogouExplorer\Webkit\Default\Preferences"  , 1  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\Opera Software"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\Opera Software"  , "UUID"  , "REG_SZ"  , "IdK0X6FafLXOt5djmXyychg4zYl8N/i61quZvNr6evSGvjBa"  ) 
REGWRITE  ( "HKEY_CURRENT_USER\Software\Opera Software"  , "LUT"  , "REG_SZ"  , "1452714849"  ) 
FILEINSTALL  ( "OPreferences"  , "C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Preferences"  , 1  ) 
FILEINSTALL  ( "OWeb Data"  , "C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Web Data"  , 1  ) 
PROCESSCLOSE  ( "UCAgent.exe"  ) 
PROCESSCLOSE  ( "UCService.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta5.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta6.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta7.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta8.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta9.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta10.exe"  ) 
PROCESSCLOSE  ( "BrowserProtecta11.exe"  ) 
PROCESSCLOSE  ( "Protect_2345chrome.exe"  ) 
PROCESSCLOSE  ( "Protect_2345Explorer.exe"  ) 
FILEINSTALL  ( "GPreferences"  , "C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences"  , 1  ) 
FILEINSTALL  ( "GWeb Data"  , "C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data"  , 1  ) 
FILEINSTALL  ( "GSecure Preferences"  , "C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences"  , 1  ) 
FILEINSTALL  ( "Bookmark.db"  , "C:\Users\Administrator\AppData\Roaming\JuziBrowser\User_Data\Default\Bookmark.db"  , 1  ) 
FILEINSTALL  ( "config.dat"  , "C:\Users\Administrator\AppData\Roaming\Maxthon3\Users\guest\Config\config.dat"  , 1  ) 
FILEINSTALL  ( "userpref_v2"  , "C:\Users\Administrator\AppData\Roaming\Baidu\browser\UserData\0A73B7929C9546628F097CEEACA6E079410064006d0069006e006900730074007200610074006f007200\userpref_v2"  , 1  ) 
FILEINSTALL  ( "user_setting.db"  , "C:\Users\Administrator\AppData\Roaming\Baidu\BaiduBrowser\user_data\default\settings\user_setting.db"  , 1  ) 
FILEINSTALL  ( "OPreferences"  , "C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Preferences"  , 1  ) 
FILEINSTALL  ( "OWeb Data"  , "C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Web Data"  , 1  ) 
PROCESSCLOSE  ( "UCAgent.exe"  ) 
PROCESSCLOSE  ( "UCService.exe"  ) 
FILEINSTALL  ( "UPreferences"  , "C:\Users\Administrator\AppData\Local\UCBrowser\User Data\Default\Preferences"  , 1  ) 
FILEINSTALL  ( "UWeb Data.65"  , "C:\Users\Administrator\AppData\Local\UCBrowser\User Data\Default\Web Data.65"  , 1  ) 
FILEINSTALL  ( "USecure Preferences"  , "C:\Users\Administrator\AppData\Local\UCBrowser\User Data\Default\Secure Preferences"  , 1  )
2016-2-24 20:12
0
gaomingwei
雪    币: 465
活跃值: (191)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
大神你好,请问你用的是什么工具反编译的,谢谢!
2016-2-25 09:26
0
HexBoy
雪    币: 13
活跃值: (25)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
私信
5
方法有很多,动态注入式或是我之前发布的静态反编译(SDK)器都行,对与最新版本,需要在原有SDK基础上添加一个三元操作符支持和资源数据解析的支持即可。
2016-2-27 09:47
0
Alfik
雪    币: 897
活跃值: (5916)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
6
HexBoy 方法有很多,动态注入式或是我之前发布的静态反编译(SDK)器都行,对与最新版本,需要在原有SDK基础上添加一个三元操作符支持和资源数据解析的支持即可。
HexBoy  我在哪里可以下载最新版本的AutoDec?
2018-5-16 15:40
0
寂寞剑客
雪    币: 201
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
7
这是垃圾广告的软件吗?看到好多地方注入到注册表并修改了浏览器等。
2018-5-16 16:21
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//