Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate

Include functions located in an compressed (upx) exe

Started by supercalifragilistic , Sep 10 2011 10:21 AM

  • Please log in to reply
30 replies to this topic
tidbit
  • Administrators
  • 2709 posts
  • Hates playing Janitor
  • Last active: Jan 15 2016 11:37 PM
  • Joined: 09 Mar 2008
not sure if this matters, but:
if you compile your script to an EXE, you do not need to give your users all the .ahk files aswell.
when you #include something and then compile, all the stuff that you #included will be copied into the EXE. so you only have to give your users 1 file. the .exe.

so: compile the main script before you release it. not just the functions. then hand out only the main compiled script (.exe).
#16 - Posted 11 September 2011 - 02:57 PM

rawr. be very afraid
*poke*
. Populate the AutoHotkey city. Pointless but somewhat fun. .

supercalifragilistic
  • Guests
  • Last active:
  • Joined: --
@tidbit
If you compile the code with ahk2exe (and so the functions incuded) to an exe, you can see all the code by editing the exe file in an hex editor and so you can see also the code of the functions near as simply as editing the ahk files in a text editor.
@Lexicos
I think that the goal of my suggestion isn't to make an ahk file similar to Fort Knox but to discourage people that would like to inspect your code but that don't want |know how|haven't the time to crack it (if it is crypted).
I think that a crypted file which is decrypted in memory would be, if the file is well protected, largely sufficent because it is very easy to edit a binary file with an hex editor but it is can be more difficult to edit a memory place (at least because you have, prior to read it, to locate it each time you want to access it, which needs more knowledge than to just edit a binary file).
Of course, somebody that knows C++ would be able to programm a de-crypter, but he can also crack the crypted file if he wants to.
So, for me, to say that that level of protection can't avoid somebody to inspect your code if he has knowledge in C++, in editing memory places, is for me an unsificient argument to not implement this type of protection which is mainly done to discourage people who are simply too curious.
As it was said before in this topic, when somebody leaves its apartment/home to go to work, he close the door. He knows that it is not necessarily sufficient to prevent a thief to enters in the home, but anyway, in its POV, he prefers to close the door rather than leave it open !!!
The spirit of this request is the same. Provide a correct level of security to allow those who want to protect their work, because an application may be the result of a long and difficult work. I think that we have the right to not want to share our work and code (even if it is not in the spirit of the forum and probably ahk), and that actually, we have no simple solution to protect it.
May be there is a dll in Window that can be used for that.
If I was able to do it, I will, but I don't know how to put an ahk file containing functions in memory and how to call them.
I would gratefully thanks you if you could, within the limits of your precious time, introduce this possibility, in the way proposed or in another way you feel better.
#17 - Posted 11 September 2011 - 04:31 PM
  • Guests
  • Last active:
  • Joined: --

Enterprises can't use such language. Are you suggesting that AHK is used for personal use only? That sounds ridiculous to me.

Nonsense. The internet industry (small and large companies) thrive on open source (linux, apache, the list is endless). No matter what kind of protection ahk gets builtin it will always be very easy to obtain the source code however illegal you think it is. A license can protect you, but hiding the source code won't give you any extra "legal" protection at all (but you don't seem to get that point).

You the same person who wanted to make the ahk source smaller because of your bandwith programs because your program has thousands of downloads a day aren't you?
#18 - Posted 11 September 2011 - 05:32 PM
  • Guests
  • Last active:
  • Joined: --

Nonsense. The internet industry (small and large companies) thrive on open source (linux, apache, the list is endless).

And users' files can be proteced with those applications. Don't get confused with AutoHotkey's language source code written in C++ and AutoHotkey users' code. We are talking about the latter.

No matter what kind of protection ahk gets builtin it will always be very easy to obtain the source code however illegal you think it is.

Again, not very easy for everybody. Don't think everybody has the same skill level as you have.

A license can protect you, but hiding the source code won't give you any extra "legal" protection at all (but you don't seem to get that point).

Exposing the code and prohibiting seeing it at the same time does not work.
#19 - Posted 11 September 2011 - 07:21 PM
  • Guests
  • Last active:
  • Joined: --

... AutoHotkey users' code. We are talking about the latter.

Yes I know. Afaik it is by "design" that it will always be possible to retreive the source code of a compiled script. Learn to live with it. Just compile your script, compress it if that makes you feel more comfortable (and prepare to deal with the subsequent complaints about possible virus false-positives, see the FAQ)

Exposing the code and prohibiting seeing it at the same time does not work.

I can still shoot tresspassers if I leave my gate open, the sign right next to the gate says so. I can also shoot them if the gate is closed. It doesn't matter, the end result is the same, they will be shot :wink:
#20 - Posted 11 September 2011 - 08:29 PM
  • Guests
  • Last active:
  • Joined: --

Yes I know. Afaik it is by "design" that it will always be possible to retreive the source code of a compiled script. Learn to live with it. Just compile your script, compress it if that makes you feel more comfortable (and prepare to deal with the subsequent complaints about possible virus false-positives, see the FAQ)

So you are not getting the point at all. Please read the entire thread before starting discussion if you haven't and think about why the OP posted his suggestion.

I can still shoot tresspassers if I leave my gate open, the sign right next to the gate says so. I can also shoot them if the gate is closed. It doesn't matter, the end result is the same, they will be shot :wink:

You cannot shoot a passenger who saw your daughter naked taking a shower with the window open because the sign right next to the window says so.
#21 - Posted 11 September 2011 - 08:57 PM
  • Guests
  • Last active:
  • Joined: --

So you are not getting the point at all. Please read the entire thread before starting discussion if you haven't and think about why the OP posted his suggestion.

I've read it, and I've read the same/similar requests a dozen times and all the experts here (and I'm not one) say that although it is possible to make it (a lot) harder in the end the source code can be obtained. The question is why try and create a better lock than the current one (compile + compression which is already "hard" enough for a regular user). The "better" lock is only an illusion, the key is always nearby (Google). If AutoHotkey does get builtin protection, someone, somewhere at some point will create an easy to use tool to pick the lock, it would be an endless loop (and your previous released versions of your program would no longer be safe. You already published your program so you already have a problem, that goes for all compiled scripts so your not alone).

I much rather see new features, bug fixes, optimised for speed, the language progress etc than having any of its developers spend time on "security". Unless they want to of course, I won't stop anybody, they may enjoy the intellectual challenge.
#22 - Posted 11 September 2011 - 09:39 PM
  • Guests
  • Last active:
  • Joined: --

I've read it, and I've read the same/similar requests a dozen times and all the experts here (and I'm not one) say that although it is possible to make it (a lot) harder in the end the source code can be obtained.

It seems you have to read it again. I repeat it does not matter if somebody eventually cracks it. A locked file means that the author did an effort of protecting the file, which will be an advantage for the author in the court.

(compile + compression which is already "hard" enough for a regular user).

I disagree. As a regular user, I opened a compiled file with ResouceHacker and accidentally knew the file is just visible. A person who can open Notepad will be able to view it. It's too easy.

The "better" lock is only an illusion, the key is always nearby (Google).

Not an illusion. Again, locking a file requires a cracker to crack it intentionally, which is different from what a user sees the file in a compiled script unintentionally. I think I'm just repeating what I said earlier.
#23 - Posted 11 September 2011 - 10:31 PM
  • Guests
  • Last active:
  • Joined: --

A locked file means that the author did an effort of protecting the file, which will be an advantage for the author in the court.

No it won't, that is my point. (Remember I can prosecute trespassers if the gate is open, closed or locked) And I repeat: compress your exe after you compile it and they won't see a thing in Notepad or ResourceHacker at first glance. The law protects your rights, not the lock.

And in this library case: I wouldn't touch a "compiled + protected" library with a ten foot pole and wouldn't include it in my scripts. You never know what is in there if you can't see it. Say it would be possible to do, would you include something in your program which may contain malicious code and sell (or give) it to your users? You would be responsible, how would you like that? :D
#24 - Posted 12 September 2011 - 07:10 AM
  • Guests
  • Last active:
  • Joined: --

compress your exe after you compile it and they won't see a thing in Notepad or ResourceHacker at first glance.

Go to a web site and you'll see a web page, not the source code at first glance. The publisher cannot claim that the viewer should not view the source code. Similarly, AutoHotkey users' code can be accessed with the officially supported method; ResourceHacker is bundled and installed with the installer.

The law protects your rights, not the lock.

The law does not protect our safety. It would be too late if a trespasser raped your daughter. The law follows the crime. So we should have something to prevent it at the first place.

And in this library case: I wouldn't touch a "compiled + protected" library with a ten foot pole and wouldn't include it in my scripts. You never know what is in there if you can't see it.

You many not, but some may if there are something beneficial to them, techniques, ideas, and personal information etc..

Say it would be possible to do, would you include something in your program which may contain malicious code and sell (or give) it to your users? You would be responsible, how would you like that? :D

Embedding a library is not the only case. Also if you know there are no malicious code or even it's malicious if there are more important information in there, some will open it and use the part that is useful.
#25 - Posted 12 September 2011 - 10:34 AM
  • Guests
  • Last active:
  • Joined: --

ResourceHacker is bundled and installed with the installer.

Where do you get that silly notion?
#26 - Posted 12 September 2011 - 10:39 AM
  • Guests
  • Last active:
  • Joined: --

Where do you get that silly notion?

Ah, there is a ResHacker.exe in my Compiler folder and it's actually from Compile_AHK. So it is not official but a well-known method.
#27 - Posted 12 September 2011 - 11:12 AM
  • Guests
  • Last active:
  • Joined: --

So it is not official but a well-known method.

So is using a sledge hammer, you can get it for 9.99$ at most hardware stores and open 9 out 10 doors. :wink:
We can go on an on but by the looks of it, new methods of protection won't be added to AutoHotkey in the near future (say next couple of weeks).
So deal with it. Use mpress or an other packer you prefer if that helps you sleep.

Just curious though: whats the name of your program?
#28 - Posted 12 September 2011 - 12:04 PM
  • Guests
  • Last active:
  • Joined: --

So is using a sledge hammer, you can get it for 9.99$ at most hardware stores and open 9 out 10 doors. :wink:

However, most people lock their doors anyway for safety when going out although there are well known methods to break them.

We can go on an on but by the looks of it, new methods of protection won't be added to AutoHotkey in the near future (say next couple of weeks).
So deal with it. Use mpress or an other packer you prefer if that helps you sleep.

It seems you don't understand what suggest means. Nobody would make a suggestion if everybody liked a current situation and didn't have an idea to improve it.

Just curious though: whats the name of your program?

Just curious, what is your real name and place you live in? Haha, I'm joking. :p
#29 - Posted 12 September 2011 - 12:49 PM
  • Guests
  • Last active:
  • Joined: --

It seems you don't understand what suggest means.

I do, I looked it up - it has been suggested by others as well and the result - so far - has always been the same. So, for the near future chances of it being added as a new feature are slim.
But like unicode support it may happen all of a sudden and you and others can start jumping around with joy.

... place you live in?

You're too late, I already asked her close the curtains :wink:
#30 - Posted 12 September 2011 - 01:31 PM
Back to Suggestions
  1. AutoHotkey Community
  2. AutoHotkey
  3. Suggestions