Skip to content
/ AutoIt-Ripper Public
forked from nazywam/AutoIt-Ripper

Extract AutoIt scripts embedded in PE binaries

0 stars 43 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rcaroncd/AutoIt-Ripper

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
img
img
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
autoit_unpack.py
autoit_unpack.py
 
 
main.py
main.py
 
 
opcodes.py
opcodes.py
 
 
requirements.txt
requirements.txt
 
 
utils.py
utils.py
 
 

Repository files navigation

AutoIt-Ripper

What is this

This is a (semi) short python script that allows for extraction of "compiled" AutoIt scripts from PE executables.

References

This script heavily bases on 2 resources, definitely check them out if you want to dig a bit deeper into the whole AutoIt stuff:

Support versions

Ready:

  • EA06 AutoIt3.26++

Planned:

  • EA05 AutoIt3.00

Unknown:

  • JB01 AutoHotKey
  • JB01 AutoIT2

Installation

python3 -m pip install -r requirements.txt

Running

python3 main.py input.exe

Format documentation

(In progress)

AU3 header

Field Length LAME seed Notes
"FILE" 4 0x18EE static string
flag 4 0xADBC
auto_str flag * 2 0xB33F + flag UTF-16
path_len 4 0xF820
path path_len * 2 0xF479 + path_len Path of the compiled script
compressed 1 None
data_size 4 0x87BC encoded data size
code_size 4 0x87BC TODO: actual use of this
crc 4 0xA685 uncompressed data hash
unknown 16 None
data data_size 0x2477 script data

About

Extract AutoIt scripts embedded in PE binaries

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%