change pwd / recompile doesn't have expected effect.

[5ball]

I've been using AHK_H for a long time, I'm finally wanting to change the default 'AutoHotkey' pass to make compiled scripts more secure.


I've downloaded source from https://github.com/HotKeyIt/ahkdll.
I've opened the project (and later recompiled) by following the steps in (https://autohotkey.com/boards/viewtopic.php?t=13373) thread.
I made changes to the password in script.cpp by changing the chars like g_default_pwd0 = 'A'; to g_default_pwd0 = 'j'; and recompiled.
Then I replaced my "Program Files/Autohotkey/Autohotkey.exe" with this new compile, and also copied this new compile and renamed it to "Program Files/Autohotkey/Compiler/Ahk2Exe.exe".

Here is the issue:
When I compile a script now, Ahk2Exe compiles just fine using the OLD 'AutoHotkey' password. If I change the the password field in Ahk2Exe (to anything, even the new password I made when I recompiled Autohotkey) it compiles but I get an error message:

Error at line 0.

Line Text: PK�b��
Error: This line does not contain a recognized action.

The program will exit.

I'm sure I replaced the AutoHotkey.exe and Ahk2Exe.exe files with my new compile.

[HotKeyIt]

Did you use AutoHotkey.exe as Bin file for compilation, if you use AutoHotkeySC.bin for compilation then you will need to compile and use it?
If you changed the password and the script still works after compiling with 'AutoHotkey' password then you are using wrong Base File!

You don't need to replace Ahk2Exe.exe with your compiled AutoHotkey, only the Base File needs to be changed

[5ball]

Ah OK so in AHk2Exe I should change (in the 'Base File (.bin)' DropDownList) to v1.1.25.0 AutoHotkey.exe (..\..)?
That seems to work , just want to make sure I'm doing it correctly.

Edit: In the future how can I know which file to select from that DropDownList?

[HotKeyIt]

You need to decide yourself whether you need ANSI/UNICODE/X64.
You can compile exe, dll and bin, the difference bin to exe is that exe is able to run code dynamically (addFile, addScript, ahkExec) and from file (using /E switch) while bin can only run compiled code!

[5ball]

I have this working. Thank you.
But now I'm hoping to learn more about how this all works, if you can bear with me for a moment

My guesses are:
1). a 'Base file' is the actual AutoHotkey source code.
2). Compiling an AHK script with a Base file is like handing somebody an AutoHotkey.exe, but with your script embedded in it. But instead of the this new compiled exe being able to interpret other scritps (like AutoHotkey.exe does), it can only execute the script you embedded in it.

Some questions:
A). What did I get right and wrong about my guesses above?
B). Can you explain how .bin and .exe base files differ? I saw that you said with .bin you can't run code dynamically and with .exe you can, but I'm not sure why.
B-2). Is there any trade-offs with .bin vs .exe beside dynamic code? is one more secure against decompilation? When I check the Ahk2Exe.ahk code I see this (although it is commented out)

Code: Select all

; else If (UseEncrypt && SubStr(BinFile,-3)!=".bin")
; {
	; if !CLIMode
		; MsgBox, 64, Ahk2Exe, Resulting exe will not be protected properly, use AutoHotkeySC.bin file to have more secure protection.
	; else
		; FileAppend, Warning`, Resulting exe will not be protected properly`, use AutoHotkeySC.bin file to have more secure protection.: %ExeFile%`n, *
; }

Thanks again!

[HotKeyIt]

1. A Base file is the AutoHotkey executable
2. correct
B) See source code for AutoHotkey for #ifdef AUTOHOTKEYSC, basically it does not check script for syntax errors and does not allow running other file than embedded one.
B2) This is not the case anymore and both have the same protection.

[5ball]

Thank you.

I'm just noticing that when I compile AHK_H from source like this -- there is a lot of plain text viewable in the resulting Autohotkey.exe. And when I compile one of my [file].ahk's with said Autohotkey.exe file, some info from my script is readable as well (as far as I can tell it's only FileInstall paths). This isn't an issue with the Autohotkey.exe from your github ahkdll-v1-release branch.

Any idea what this could be? And does it mean the script's contents any less secure in the compiled exe?

Not sure if this is related, but I get a "1>upx.exe disabled or not found, skipping compression" message when compiling in VS2017. Adding upx.exe to the ahkdll folder looks like it fixes it, but the resulting Autohotkey.exe is a tiny 500kb file which results in compiled ahk scripts that can't run.

[HotKeyIt]

When you use compression, all files should be compressed, also includes and fileinstall.
upx should be applied to compiled scripts only, not in VS!