Codefuser

Still looking for help with this. HMU.

Still looking for help. Someone's help would be greatly appreciated.

Still looking for help. Someone's help would be greatly appreciated.

Still looking for help. Would love to get some.

Still looking for help with this, any will be appreciated.

Yes it is indeed for my obfuscation project. It is for scanning the memory for known signature of unwanted softwares (Debuggers, decompilers, dissasemblers, VMWare, etc). It is also for a part of another heuristic memory scanner project of mine.

I have tried searching and I found this example: https://www.autoitscript.com/forum/topic/66210-_searchprocessmemory/ However it does not work. After some debugging I found that $lpMinimumApplicationAddress is positive and $lpMaximumApplicationAddress is negative. Tried switching them around and that didn't work either. Can anyone help?

Thanks for your help, I was confused by the self-referencing in the structure

There is a way for you to sorta do it if the file you are downloading will still work with normal integrity. You can try to edit the manifest of the file in the resource to set the execution level to asInvoker instead of RequireAdministrator and that will remove the prompt.

How do I process this type of structure? I have never seen anything like this before Also how do I create a structure like this in AutoIt using DllStructCreate? I need to create one in order to call ReadProcessMemory to copy a remote structure that's like this into my own process.

It is to patch a few bytes in UPX-ed executables to make it slightly harder to unpack.

So something like $file = FileOpen("file.exe",1) FileSetPos($file, "0x45FFF", 0) But then how many characters are in an offset?

Any ideas on how I can patch an offset of an external file from AutoIt? I want to figure out to overwrite that offset with random data.

Thanks for the help. Fixed the error.

Script: http://pastebin.com/faUJweAG Screenshot of error: https://gyazo.com/0bbe7c840b8872ca98bec57d02e1f4bc I don't see anything wrong with the script and it runs perfectly (It creates a messagebox). It is an output from my obfuscator if you are wondering if only junk code is generated. Scite output:http://pastebin.com/0rUVJb6F

That isn't mine. That is one of my friend's and I am basing a small part of my obfuscator on it. Worked with him on some part of it but then he got busy so I took over. And it won't be open sourced as the more open it is the easier it is for attackers to reverse. Told him to delete the rep on skype as everything in it is gone already

I have used multiple methods to prevent automation of the deobfuscation process. Should work pretty well. I have additionally implemented tons of anti debugging methods, which stops both non-autoit debuggers (OllyDbg, etc) and AutoIt debuggers.

Added confusion method using ternary operators. That should do for now.

Try Or you can double encrypt it. The most reliable solution would be to obfuscate your script using an obfuscator/obfuscating it manually.

I would suggest C++/C in order to do it. AutoIt is limited and therefore won't be able to do this (especially since multithreading is not supported, the firewall will be very slow).

@trancexxI am encrypting and then apply obfuscation through Chr + some math generation stuffs And yes I am doing the proxy call through assign functions to variables as well. Scripting.Dictionary does look interesting and I will look at it. Looks like some powerful stuffs right there

Last I checked decompilation is not allowed but discussions of obfuscation is, so I can still post obfuscated scripts/obfuscated crackmes right? And I am still looking for ideas to be implemented into my obfuscator. Regarding performance, it will have a certain degree of impact as strings are encrypted and obfuscated. I am currently using AES but I will consider using a shellcode with Xor as Xor is much faster.

I know autoit is not secure and the dev teams are not interested in working on that, which is why I am working on it. I have implemented many complications and methods to avoid automated deobfuscation. However I feel that it would still be too easy since RegExp could be used. If anyone has any ideas, that would greatly help. And yes this will be available, not sure if for free or not yet since I spent a lot of times debugging and working on this.

I am writing an obfuscator currently with quite a few features, as I have found no good obfuscators yet that are complex enough to be nearly impossible to deobfuscate (as of course it is impossible to reach a 100% level of obfuscation where no one can deobfuscate it). Current obfuscation methods include flow obfuscation, string encryption, proxy calls, unique renaming scheme (create gibberish WinAPI like name), junk codes, and removing all functions (merging them with the main script), traps to prevent automated deobfuscation, debugger detection, VM detection, moving strings to other parts of scripts (functions, proxy strings, etc), exit if not compiled, file integrity check. Decompile protection is also added (nothing that violates the reverse engineering clause of the ToS, I am using a PE loader with protections built into it.) Does anyone have any ideas for more obfuscation methods to add?