A while ago I posted a short description on how to decompile 64-bit autoit scripts. Someone pinged me asking on how to actually do it, so I thought it will be handy to simply write a script to do the dirty work for us.
- Download 32-bit AutoIt (older version has the 32-bit stub separately, so it’s handy to use it)Unpack it
- You will find the 32-bit stub here:Copy it to the folder where your 64-bit compiled autoit executable resides
- autoit-v3.2.8.1.zipAut2ExeAutoItSC.bin
- Now you have to build a 32-bit executable using the autoit script blob you need to extract from the 64-bit executableNow you can download the Decompiler for AutoIt script from https://exe2aut.com/?download
- you can do it manually, or
- you can run the perl script below (what it does it extracts the autoit script blob from the 64-bit autoit executable and builds the 32-bit equivalent using the AutoItSC.bin stub mentioned above which is 32-bit); the created file will have a file name:
-
<filename>.a32.exe
-
- Drop it into some virtual environment (VMWare/VirtualBox/Virtual PC)
- Drop your newly created 32-bit executable into exe2aut decompiler
- It should decrypt the script for you
And the 64-to-32 conversion script is shown below (call it autoit64to32.pl or whatever and run perl autoit64to32.pl <64-bit exe>):
use strict;
use warnings;
my $f=shift || die ("Gimme a file name!");
print STDERR "Processing '$f':
";
print STDERR "- Reading 'AutoItSC.bin'
";
open F,"<AutoItSC.bin";
binmode F;
read F,my $a, -s 'AutoItSC.bin';
close F;
print STDERR "- Reading '$f'
";
open F,"<$f";
binmode F;
read F,my $d, -s $f;
close F;
print STDERR "- Looking for the script
";
if ($d=~/xA3x48x4BxBEx98x6Cx4AxA9x99x4Cx53x0Ax86xD6x48x7D/sg)
{
my $pd=(pos $d)-16;
print STDERR "- Script found @ ".sprintf("%08lX",$pd)."
";
print STDERR "- Creating 32-bit version '$f.a32.exe'
";
open F,">$f.a32.exe";
binmode F;
print F $a.substr($d,$pd,length($d)-$pd);
close F;
}
else
{
print STDERR "- Script not found !
";
}