Open tlansec opened 1 year ago
ByridianBlack
commented
1 year ago Hello, yeah I saw this issue a couple months ago as well and actually solved it. If you look at my profile you can find this new updated version of it.
https://github.com/ByridianBlack/AutoIt-Ripper-Form
Will be making a pull request soon though
tlansec
commented
1 year ago Nice! I'll take a look at your repo. I hope your subsequent PR gets merged in here.
tlansec
commented
1 year ago I got around to looking at this and I note that even with trying to parse the overlay that the method in the PR doesn't deal with all cases. Here's an example that doesn't parse with the code in the PR:
6606d759667fbdfaa46241db7ffb4839d2c47b88a20120446f41e916cad77d0b
I don't think there is anything weird at play (like messing about with filemagic and so on) because compiled auto-it decompilers like exe2aut correctly parse the embedded code.
Hi,
I recently encountered the following AutoIT3 file which this project is not able to extract a source AU3 file from:
6606d759667fbdfaa46241db7ffb4839d2c47b88a20120446f41e916cad77d0bTools that try to dynamically extract the tool using an interpreter succeed, but I'm not sure if the same principles can be applied to this project. Notably the file above does not have the characteristics PE Resources that you would expect to find in a compile AutoIT binary. If I had to guess, I'd guess that the script is stored in the overlay in this file, but thats purely based on its size.
If it can't be resolved, its no big deal, just thought id highlight it.
Cheers, Tom