A while ago I posted a short description on how to decompile 64-bit autoit scripts. Someone pinged me asking on how to actually do it, so I thought it will be handy to simply write a script to do the dirty work for us.
- Download 32-bit AutoIt (older version has the 32-bit stub separately, so it’s handy to use it)
- Unpack it
- You will find the 32-bit stub here:
- autoit-v3.2.8.1.zip\Aut2Exe\AutoItSC.bin
- Copy it to the folder where your 64-bit compiled autoit executable resides
- Now you have to build a 32-bit executable using the autoit script blob you need to extract from the 64-bit executable
- you can do it manually, or
- you can run the perl script below (what it does it extracts the autoit script blob from the 64-bit autoit executable and builds the 32-bit equivalent using the AutoItSC.bin stub mentioned above which is 32-bit); the created file will have a file name:
-
<filename>.a32.exe
-
- Now you can download the Decompiler for AutoIt script from https://exe2aut.com/?download
- Drop it into some virtual environment (VMWare/VirtualBox/Virtual PC)
- Drop your newly created 32-bit executable into exe2aut decompiler
- It should decrypt the script for you
And the 64-to-32 conversion script is shown below (call it autoit64to32.pl or whatever and run perl autoit64to32.pl <64-bit exe>):
use strict;
use warnings;
my $f=shift || die ("Gimme a file name!");
print STDERR "Processing '$f':\n";
print STDERR "- Reading 'AutoItSC.bin'\n";
open F,"<AutoItSC.bin";
binmode F;
read F,my $a, -s 'AutoItSC.bin';
close F;
print STDERR "- Reading '$f'\n";
open F,"<$f";
binmode F;
read F,my $d, -s $f;
close F;
print STDERR "- Looking for the script\n";
if ($d=~/\xA3\x48\x4B\xBE\x98\x6C\x4A\xA9\x99\x4C\x53\x0A\x86\xD6\x48\x7D/sg)
{
my $pd=(pos $d)-16;
print STDERR "- Script found @ ".sprintf("%08lX",$pd)."\n";
print STDERR "- Creating 32-bit version '$f.a32.exe'\n";
open F,">$f.a32.exe";
binmode F;
print F $a.substr($d,$pd,length($d)-$pd);
close F;
}
else
{
print STDERR "- Script not found !\n";
}