Improved AutoIt3 Decompiler / myAutToExe Decompiler

[PythEch]

People think your decompiler is good. But, it doesn't work for me.
I'm not a Reverse Engineering noobie. I already know how to crack, assembly, ollydbg, peid, decompilers, programming (favorite is C# then C++) etc...

I want to remove the intro scene and look for codes. The exe is AU3!EA06 signatured. I think it has AutoIt 3.3.

Tried to decompile. There were some errors. I looked to that exe with PEiD. Packed with UPX naturaly. I unpacked it successuly. Tried to decompile again. Same errors. Extracted/dumped the a3x file from the exe. Tested and worked correctly. Tried to decompile again... SAME ERRORS . I attachted the UPX'ed, normal and a3x. The following pictures are the kind of errors:

[cw2k]

Please DL the new release - it will fix some problems.

But it will not help with that bug/error. This error has probably to do with ya country codepage settings - because on my windows(german) it works.
Please check the option 'Don't delete temp files' and decompile 'Script.a3x' again.

I attached the resulting files as mhs.7z(+ manually deleted some unimportant *.raw and *.pak files to keep the size down; also I canceled tidy on the first run since it just takes long and is not really necessary at that stage).

To narrow down the error location please compare your resulting temp files with my. (Or pack ya temp file and I'll do that.)
However the source code and VB6 is also on the download page - so you may also try ya luck and find and fix the bug.

(ah yes and to run 'Script_restore_restore.au3' you'll need to manually delete the last three function that were leftovers from the obfuscator)

Update: Add final mhs(Metin2 MultiHackSelector 4.3) after using the function renamer
This even corrects the error you get if you select 'visit website' or 'visit forum' in the menu of that bot

[adfamily]

http://www.mediafire.com/download.php?zmxo5hqddmn

Tidy.exe ExitCode: 1 =>some failure!
Attention: Tidy.exe failed. Deobfucator will probably also fail because scriptfile is not in proper format.

Please see through it.Thank so much!!!

[cw2k]

'Tidy.exe ExitCode: 1' is not critical and cause by leftovers from the obfuscator.

However I fixed that problem - DL new release and try again.

[adfamily]

a great tool, thank you very much

[newbie]

Hello everybody!

I am searching program Autoexe version 2.7 all over the net, but just seems i can not find it. If somebody is willing to help, post the link here for it. I looked on Peppies stuff, but the version I found there (2.07), doesn't work very well, and I am currently using version 2.2.

Both versions cut the important part of the code.

[cw2k]

Try the 2.9 I just released.
... and the option 'Don't delete Temp Files'.
However if it still cuts the important parts - attach the script so I can check and fix it.

[newbie]

Actually, the code is not problem, but there is a big line of checksums. First it cut the line, so I made a backup.au3 and manually took the line.
Than i found out that where checksum ends with zero, it cut it off. Have some fix for it maybe to make it like original exe?

[newbie]

Please explain raw, tok and pak extensions. Is it possible to get au3 from it? The program decompiles exe perfectly, but it changes checksums, so the funcionality would be much better, to leave it as it is. Any idea why the program is doing that?

I can send you the script via email. But i like to try it by myself first.

[ivanw]

cw2k, your works on this decompiler is very good.
I'm newbie. I already decompile file autoit exe. that exe is consist by several autoit file.
But when I decompile it, it bundle in one file. and it doesn't have string #include in that file.
Sorry if i make this stupid question.
Would u mind decompile it?
This is the link
http://rapidshare.com/files/305567419/Script.rar.html
Thanks.

[newbie]

cw2k, your works on this decompiler is very good.
I'm newbie. I already decompile file autoit exe. that exe is consist by several autoit file.
But when I decompile it, it bundle in one file. and it doesn't have string #include in that file.
Sorry if i make this stupid question.
Would u mind decompile it?
This is the link
http://rapidshare.com/files/305567419/Script.rar.html
Thanks.

It should be bundled. Just decompiler gets checksum with errors. I think CW2K that you can get the checksums as well from script in original form (not cutted)?

[newbie]

editnote[by cw2k]: post given to 'newbies'
#includes are pasted into the script before it is compiled so it not possible the safely restore it them from the script. However you can try to restore(cut out) the includes with the FunctionRenamer. Just press F12 to start it. ... Globals are not supported yet so you need to remove them manually...

Don't really get what is the problem with the checksums - maybe include the script so I can see/explorer that on ya own to get a clearer picture of that.

[newbie]

Hello I am posting the script for checksums. Checksums are on the line 7038-7040.

Decompiler does not decompile it well, so maybe you can do it manually. It cut zero at the end of one checksum and some other are corrupted too.

Give it a try!
URL: http://www.megaupload.com/?d=VQ0AZSPC

[newbie]

editnote[by cw2k]: post given to 'newbies'

Hello I am posting the script for checksums. Checksums are on the line 7038-7040.

Okay you're referring to that code

Code: Select all

Global $ATOP[2]
Global $AHCC[141][2] = [["2", "2" ], [4292041286, "2" ], [4155727196, "2" ], [4145698108, "2" ], [3225901287, "2" ], [2490846646, "2" ], [...], [1268539918, "A" ], [1079077429, "A" ], [1013274209, "A" ]]
Global $AHCS[16][2] = [["C", "C" ], [1719343027, "c" ], [2455775269, "c" ], ["D", "D" ], [249890137, "d" ], [3275902104, "d" ], ["H", "H" ], [2495230642, "h" ], [3866447638, "h" ], ["S", "S" ], [1384652630, "s" ], [4204726204, "s" ]][code][/code]


(Beside the LineNr also to paste also some 'unique' code so you someone can also use search to locate the code. )
later this data is used like this:

Code: Select all

Func _CARDNUMBER($X, $Y)
   Local $ICHECKSUM = PixelChecksum($X - 2, $Y - 2 + 14, $X + 10, $Y + 14)
[...]
   Local $SCARD
   For $I = 0 To UBound($AHCC) - 1
      If $ICHECKSUM = $AHCC[$I][0] Then
         $SCARD = $AHCC[$I][1]
      EndIf
   Next

Decompiler does not decompile it well, so maybe you can do it manually. It cut zero at the end of one checksum and some other are corrupted too.

For me a concrete example is better then some vague description!
('The quality the question is like - the quality of the answer will be.'
^ Some Zen saying )

However - that is the detokeniser log - with verbose option enable

Code: Select all

myAut2Exe >The Open Source AutoIT/AutoHotKey script decompiler< 2.9 build(132)
================================================================================
Unpacking: !Test\script\script.exe
...
Trying to DeTokenise: !Test\script\script.tok
00000004 -> Code Lines: 8397   0x000020CD
00000005 -> Token: 37      (Line: 1  TokenCount: 1)
00000009 -> StringSize: 00000007
00000017 -> "#Region"   Type: PreProcessor
00000018 -> Token: 7F      (Line: 1  TokenCount: 2)
>>>  #Region

[...]

________________________________________________________________________________
000883AE -> Token: 30      (Line: 6197  TokenCount: 55458)
000883B2 -> StringSize: 00000006
000883BE -> "GLOBAL"   Type: BlockElement
000883BF -> Token: 33      (Line: 6197  TokenCount: 55459)
000883C3 -> StringSize: 00000004
000883CB -> "ATOP"   Type: Variable
000883CC -> Token: 4E      (Line: 6197  TokenCount: 55460)
000883CC -> "["   Type: operator
000883CD -> Token: 05      (Line: 6197  TokenCount: 55461)
000883D1 -> Int32: 0x00000002   2
000883D2 -> Token: 4F      (Line: 6197  TokenCount: 55462)
000883D2 -> "]"   Type: operator
000883D3 -> Token: 7F      (Line: 6197  TokenCount: 55463)
>>>  GLOBAL $ATOP[2]
________________________________________________________________________________
000883D4 -> Token: 30      (Line: 6198  TokenCount: 55464)
000883D8 -> StringSize: 00000006
000883E4 -> "GLOBAL"   Type: BlockElement
000883E5 -> Token: 33      (Line: 6198  TokenCount: 55465)
000883E9 -> StringSize: 00000004
000883F1 -> "AHCC"   Type: Variable
000883F2 -> Token: 4E      (Line: 6198  TokenCount: 55466)
000883F2 -> "["   Type: operator
000883F3 -> Token: 05      (Line: 6198  TokenCount: 55467)
000883F7 -> Int32: 0x0000008D   141
000883F8 -> Token: 4F      (Line: 6198  TokenCount: 55468)
000883F8 -> "]"   Type: operator
000883F9 -> Token: 4E      (Line: 6198  TokenCount: 55469)
000883F9 -> "["   Type: operator
000883FA -> Token: 05      (Line: 6198  TokenCount: 55470)
000883FE -> Int32: 0x00000002   2
000883FF -> Token: 4F      (Line: 6198  TokenCount: 55471)
000883FF -> "]"   Type: operator
00088400 -> Token: 41      (Line: 6198  TokenCount: 55472)
00088400 -> "="   Type: operator
00088401 -> Token: 4E      (Line: 6198  TokenCount: 55473)
00088401 -> "["   Type: operator
00088402 -> Token: 4E      (Line: 6198  TokenCount: 55474)
00088402 -> "["   Type: operator
00088403 -> Token: 36      (Line: 6198  TokenCount: 55475)
00088407 -> StringSize: 00000001
00088409 -> "2"   Type: UserString
0008840A -> Token: 40      (Line: 6198  TokenCount: 55476)
0008840A -> ","   Type: operator
0008840B -> Token: 36      (Line: 6198  TokenCount: 55477)
0008840F -> StringSize: 00000001
00088411 -> "2"   Type: UserString
00088412 -> Token: 4F      (Line: 6198  TokenCount: 55478)
00088412 -> "]"   Type: operator
00088413 -> Token: 40      (Line: 6198  TokenCount: 55479)
00088413 -> ","   Type: operator
00088414 -> Token: 4E      (Line: 6198  TokenCount: 55480)
00088414 -> "["   Type: operator

First
00088415 -> Token: 10      (Line: 6198  TokenCount: 55481)
0008841D -> Int64: 429204,1286

....

Second
00088429 -> Token: 10      (Line: 6198  TokenCount: 55487)
00088431 -> Int64: 415572,7196


...
00088DE5 -> Token: 05      (Line: 6198  TokenCount: 56315)
00088DE9 -> Int32: 0x3C655661   1013274209
00088DEA -> Token: 40      (Line: 6198  TokenCount: 56316)
00088DEA -> ","   Type: operator
00088DEB -> Token: 36      (Line: 6198  TokenCount: 56317)
00088DEF -> StringSize: 00000001
00088DF1 -> "A"   Type: UserString
00088DF2 -> Token: 4F      (Line: 6198  TokenCount: 56318)
00088DF2 -> "]"   Type: operator
00088DF3 -> Token: 4F      (Line: 6198  TokenCount: 56319)
00088DF3 -> "]"   Type: operator
00088DF4 -> Token: 7F      (Line: 6198  TokenCount: 56320)
>>>  GLOBAL $AHCC[141][2]=[["2","2"],[4292041286,"2"],[4155727196,"2"],[4145698108,"2"],[3225901287,"2"],[2490846646,"2"],[2490126641,"2"],[2008111062,"2"],[691030608,"2"],["3","3"],[144851121,"3"],[4274995851,"3"],[3902297824,"3"],[3195096962,"3"],[244274779,"3"],[1623936901,"3"],[1279023836,"3"],[1060851021,"3"],[563626629,"3"],[349856163,"3"],["4","4"],[3959644167,"4"],[3942343984,"4"],[3803080155,"4"],[3355861158,"4"],[2947441736,"4"],[1601987526,"4"],[614359447,"4"],[324164610,"4"],["5","5"],[4213461048,"5"],[4101528128,"5"],[395216907,"5"],[387883853,"5"],[326043977,"5"],[2238665003,"5"],[2214418871,"5"],[1849972985,"5"],[1785946903,"5"],[1425889399,"5"],[184245739,"5"],["6","6"],[402996362,"6"],[3573240389,"6"],[3547552145,"6"],[3409333962,"6"],[2330682233,"6"],[1458917432,"6"],[1320245239,"6"],[953769589,"6"],[799038226,"6"],[129589604,"6"],["7","7"],[347441883,"7"],[257289839,"7"],[2470466104,"7"],[2214159759,"7"],[1947429002,"7"],[1480485613,"7"],[1280000936,"7"],[1273326201,"7"],[1181697599,"7"],[262695388,"7"],["8","8"],[4293873303,"8"],[3901642172,"8"],[3849740441,"8"],[363169689,"8"],[3244710992,"8"],[2470795357,"8"],[2016499318,"8"],[1756848814,"8"],[1041976248,"8"],[168516961,"8"],["9","9"],[3286588631,"9"],[3216529027,"9"],[3021889594,"9"],[2857454538,"9"],[2637781123,"9"],[2068798406,"9"],[1442338387,"9"],[928997967,"9"],[209080007,"9"],[106908873,"9"],["T","T"],[3939327005,"T"],[2934392575,"T"],[26331266,"T"],[2519092284,"T"],[2281071245,"T"],[1744259892,"T"],[863132974,"T"],[651384341,"T"],[624317925,"T"],[79978616,"T"],["J","J"],[3579666919,"J"],[3052692398,"J"],[2948949171,"J"],[2751684093,"J"],[1843941291,"J"],[1372349038,"J"],[856057544,"J"],[503472888,"J"],[461593674,"J"],[142825622,"J"],["Q","Q"],[392064999,"Q"],[3326499365,"Q"],[2829403957,"Q"],[2338741465,"Q"],[2091537012,"Q"],[1933662963,"Q"],[1827758363,"Q"],[1390236850,"Q"],[824398363,"Q"],[250305334,"Q"],["K","K"],[641939608,"K"],[410309903,"K"],[4009314152,"K"],[3610921459,"K"],[3596114244,"K"],[320584921,"K"],[3089650926,"K"],[1540771179,"K"],[1004756581,"K"],[519920213,"K"],[463099779,"K"],["A","A"],[3762379904,"A"],[3361431545,"A"],[2937474195,"A"],[2544589679,"A"],[2493933299,"A"],[1989632619,"A"],[1657104095,"A"],[1268539918,"A"],[1079077429,"A"],[1013274209,"A"]]
________________________________________________________________________________


00088DF5 -> Token: 30      (Line: 6199  TokenCount: 56321)
00088DF9 -> StringSize: 00000006
00088E05 -> "GLOBAL"   Type: BlockElement
00088E06 -> Token: 33      (Line: 6199  TokenCount: 56322)
00088E0A -> StringSize: 00000004
00088E12 -> "AHCS"   Type: Variable
00088E13 -> Token: 4E      (Line: 6199  TokenCount: 56323)
00088E13 -> "["   Type: operator
00088E14 -> Token: 05      (Line: 6199  TokenCount: 56324)
00088E18 -> Int32: 0x00000010   16
00088E19 -> Token: 4F      (Line: 6199  TokenCount: 56325)
00088E19 -> "]"   Type: operator
00088E1A -> Token: 4E      (Line: 6199  TokenCount: 56326)
00088E1A -> "["   Type: operator
00088E1B -> Token: 05      (Line: 6199  TokenCount: 56327)
00088E1F -> Int32: 0x00000002   2
00088E20 -> Token: 4F      (Line: 6199  TokenCount: 56328)
00088E20 -> "]"   Type: operator
00088E21 -> Token: 41      (Line: 6199  TokenCount: 56329)
00088E21 -> "="   Type: operator
00088E22 -> Token: 4E      (Line: 6199  TokenCount: 56330)
00088E22 -> "["   Type: operator
00088E23 -> Token: 4E      (Line: 6199  TokenCount: 56331)
00088E23 -> "["   Type: operator
00088E24 -> Token: 36      (Line: 6199  TokenCount: 56332)
00088E28 -> StringSize: 00000001
00088E2A -> "C"   Type: UserString
00088E2B -> Token: 40      (Line: 6199  TokenCount: 56333)
00088E2B -> ","   Type: operator
00088E2C -> Token: 36      (Line: 6199  TokenCount: 56334)
00088E30 -> StringSize: 00000001
00088E32 -> "C"   Type: UserString
00088E33 -> Token: 4F      (Line: 6199  TokenCount: 56335)
00088E33 -> "]"   Type: operator
00088E34 -> Token: 40      (Line: 6199  TokenCount: 56336)
00088E34 -> ","   Type: operator
00088E35 -> Token: 4E      (Line: 6199  TokenCount: 56337)
00088E35 -> "["   Type: operator
00088E36 -> Token: 05      (Line: 6199  TokenCount: 56338)
00088E3A -> Int32: 0x667B17B3   1719343027
00088E3B -> Token: 40      (Line: 6199  TokenCount: 56339)
00088E3B -> ","   Type: operator
00088E3C -> Token: 36      (Line: 6199  TokenCount: 56340)
00088E40 -> StringSize: 00000001
00088E42 -> "c"   Type: UserString
00088E43 -> Token: 4F      (Line: 6199  TokenCount: 56341)
00088E43 -> "]"   Type: operator
00088E44 -> Token: 40      (Line: 6199  TokenCount: 56342)
00088E44 -> ","   Type: operator
00088E45 -> Token: 4E      (Line: 6199  TokenCount: 56343)
00088E45 -> "["   Type: operator
00088E46 -> Token: 10      (Line: 6199  TokenCount: 56344)
00088E4E -> Int64: 245577,5269
00088E4F -> Token: 40      (Line: 6199  TokenCount: 56345)
00088E4F -> ","   Type: operator
00088E50 -> Token: 36      (Line: 6199  TokenCount: 56346)
00088E54 -> StringSize: 00000001
00088E56 -> "c"   Type: UserString
00088E57 -> Token: 4F      (Line: 6199  TokenCount: 56347)
00088E57 -> "]"   Type: operator
00088E58 -> Token: 40      (Line: 6199  TokenCount: 56348)
00088E58 -> ","   Type: operator
00088E59 -> Token: 4E      (Line: 6199  TokenCount: 56349)
00088E59 -> "["   Type: operator
00088E5A -> Token: 36      (Line: 6199  TokenCount: 56350)
00088E5E -> StringSize: 00000001
00088E60 -> "D"   Type: UserString
00088E61 -> Token: 40      (Line: 6199  TokenCount: 56351)
00088E61 -> ","   Type: operator
00088E62 -> Token: 36      (Line: 6199  TokenCount: 56352)
00088E66 -> StringSize: 00000001
00088E68 -> "D"   Type: UserString
00088E69 -> Token: 4F      (Line: 6199  TokenCount: 56353)
00088E69 -> "]"   Type: operator
00088E6A -> Token: 40      (Line: 6199  TokenCount: 56354)
00088E6A -> ","   Type: operator
00088E6B -> Token: 4E      (Line: 6199  TokenCount: 56355)
00088E6B -> "["   Type: operator
00088E6C -> Token: 10      (Line: 6199  TokenCount: 56356)
00088E74 -> Int64: 249890,137
00088E75 -> Token: 40      (Line: 6199  TokenCount: 56357)
00088E75 -> ","   Type: operator
00088E76 -> Token: 36      (Line: 6199  TokenCount: 56358)
00088E7A -> StringSize: 00000001
00088E7C -> "d"   Type: UserString
00088E7D -> Token: 4F      (Line: 6199  TokenCount: 56359)
00088E7D -> "]"   Type: operator
00088E7E -> Token: 40      (Line: 6199  TokenCount: 56360)
00088E7E -> ","   Type: operator
00088E7F -> Token: 4E      (Line: 6199  TokenCount: 56361)
00088E7F -> "["   Type: operator
00088E80 -> Token: 10      (Line: 6199  TokenCount: 56362)
00088E88 -> Int64: 327590,2104
00088E89 -> Token: 40      (Line: 6199  TokenCount: 56363)
00088E89 -> ","   Type: operator
00088E8A -> Token: 36      (Line: 6199  TokenCount: 56364)
00088E8E -> StringSize: 00000001
00088E90 -> "d"   Type: UserString
00088E91 -> Token: 4F      (Line: 6199  TokenCount: 56365)
00088E91 -> "]"   Type: operator
00088E92 -> Token: 40      (Line: 6199  TokenCount: 56366)
00088E92 -> ","   Type: operator
00088E93 -> Token: 4E      (Line: 6199  TokenCount: 56367)
00088E93 -> "["   Type: operator
00088E94 -> Token: 36      (Line: 6199  TokenCount: 56368)
00088E98 -> StringSize: 00000001
00088E9A -> "H"   Type: UserString
00088E9B -> Token: 40      (Line: 6199  TokenCount: 56369)
00088E9B -> ","   Type: operator
00088E9C -> Token: 36      (Line: 6199  TokenCount: 56370)
00088EA0 -> StringSize: 00000001
00088EA2 -> "H"   Type: UserString
00088EA3 -> Token: 4F      (Line: 6199  TokenCount: 56371)
00088EA3 -> "]"   Type: operator
00088EA4 -> Token: 40      (Line: 6199  TokenCount: 56372)
00088EA4 -> ","   Type: operator
00088EA5 -> Token: 4E      (Line: 6199  TokenCount: 56373)
00088EA5 -> "["   Type: operator
00088EA6 -> Token: 10      (Line: 6199  TokenCount: 56374)
00088EAE -> Int64: 249523,0642
00088EAF -> Token: 40      (Line: 6199  TokenCount: 56375)
00088EAF -> ","   Type: operator
00088EB0 -> Token: 36      (Line: 6199  TokenCount: 56376)
00088EB4 -> StringSize: 00000001
00088EB6 -> "h"   Type: UserString
00088EB7 -> Token: 4F      (Line: 6199  TokenCount: 56377)
00088EB7 -> "]"   Type: operator
00088EB8 -> Token: 40      (Line: 6199  TokenCount: 56378)
00088EB8 -> ","   Type: operator
00088EB9 -> Token: 4E      (Line: 6199  TokenCount: 56379)
00088EB9 -> "["   Type: operator
00088EBA -> Token: 10      (Line: 6199  TokenCount: 56380)
00088EC2 -> Int64: 386644,7638
00088EC3 -> Token: 40      (Line: 6199  TokenCount: 56381)
00088EC3 -> ","   Type: operator
00088EC4 -> Token: 36      (Line: 6199  TokenCount: 56382)
00088EC8 -> StringSize: 00000001
00088ECA -> "h"   Type: UserString
00088ECB -> Token: 4F      (Line: 6199  TokenCount: 56383)
00088ECB -> "]"   Type: operator
00088ECC -> Token: 40      (Line: 6199  TokenCount: 56384)
00088ECC -> ","   Type: operator
00088ECD -> Token: 4E      (Line: 6199  TokenCount: 56385)
00088ECD -> "["   Type: operator
00088ECE -> Token: 36      (Line: 6199  TokenCount: 56386)
00088ED2 -> StringSize: 00000001
00088ED4 -> "S"   Type: UserString
00088ED5 -> Token: 40      (Line: 6199  TokenCount: 56387)
00088ED5 -> ","   Type: operator
00088ED6 -> Token: 36      (Line: 6199  TokenCount: 56388)
00088EDA -> StringSize: 00000001
00088EDC -> "S"   Type: UserString
00088EDD -> Token: 4F      (Line: 6199  TokenCount: 56389)
00088EDD -> "]"   Type: operator
00088EDE -> Token: 40      (Line: 6199  TokenCount: 56390)
00088EDE -> ","   Type: operator
00088EDF -> Token: 4E      (Line: 6199  TokenCount: 56391)
00088EDF -> "["   Type: operator
00088EE0 -> Token: 05      (Line: 6199  TokenCount: 56392)
00088EE4 -> Int32: 0x52881F56   1384652630
00088EE5 -> Token: 40      (Line: 6199  TokenCount: 56393)
00088EE5 -> ","   Type: operator
00088EE6 -> Token: 36      (Line: 6199  TokenCount: 56394)
00088EEA -> StringSize: 00000001
00088EEC -> "s"   Type: UserString
00088EED -> Token: 4F      (Line: 6199  TokenCount: 56395)
00088EED -> "]"   Type: operator
00088EEE -> Token: 40      (Line: 6199  TokenCount: 56396)
00088EEE -> ","   Type: operator
00088EEF -> Token: 4E      (Line: 6199  TokenCount: 56397)
00088EEF -> "["   Type: operator
00088EF0 -> Token: 10      (Line: 6199  TokenCount: 56398)
00088EF8 -> Int64: 420472,6204
00088EF9 -> Token: 40      (Line: 6199  TokenCount: 56399)
00088EF9 -> ","   Type: operator
00088EFA -> Token: 36      (Line: 6199  TokenCount: 56400)
00088EFE -> StringSize: 00000001
00088F00 -> "s"   Type: UserString
00088F01 -> Token: 4F      (Line: 6199  TokenCount: 56401)
00088F01 -> "]"   Type: operator
00088F02 -> Token: 4F      (Line: 6199  TokenCount: 56402)
00088F02 -> "]"   Type: operator
00088F03 -> Token: 7F      (Line: 6199  TokenCount: 56403)
>>>  GLOBAL $AHCS[16][2]=[["C","C"],[1719343027,"c"],[2455775269,"c"],["D","D"],[249890137,"d"],[3275902104,"d"],["H","H"],[2495230642,"h"],[3866447638,"h"],["S","S"],[1384652630,"s"],[4204726204,"s"]]
________________________________________________________________________________
00088F04 -> Token: 30      (Line: 6200  TokenCount: 56404)
00088F08 -> StringSize: 00000004
00088F10 -> "FUNC"   Type: BlockElement
00088F11 -> Token: 34      (Line: 6200  TokenCount: 56405)
00088F15 -> StringSize: 00000006
00088F21 -> "_CARDS"   Type: UserFunction
00088F22 -> Token: 47      (Line: 6200  TokenCount: 56406)
00088F22 -> "("   Type: operator
00088F23 -> Token: 33      (Line: 6200  TokenCount: 56407)
00088F27 -> StringSize: 00000005
00088F31 -> "ISEAT"   Type: Variable
00088F32 -> Token: 48      (Line: 6200  TokenCount: 56408)
00088F32 -> ")"   Type: operator
00088F33 -> Token: 7F      (Line: 6200  TokenCount: 56409)
>>>  FUNC _CARDS($ISEAT)
________________________________________________________________________________
...
________________________________________________________________________________
000AD422 -> Token: 30      (Line: 8397  TokenCount: 74272)
000AD426 -> StringSize: 00000007
000AD434 -> "ENDFUNC"   Type: BlockElement
000AD435 -> Token: 7F      (Line: 8397  TokenCount: 74273)
>>>  ENDFUNC
________________________________________________________________________________
Keep TmpFile is unchecked => Deleting 'script.tok'
Deleting: !Test\script\script.tok
Converting Unicode to UTF8, since Tidy don't support unicode.
Save/overwrite script to: !Test\script\script.au3
Skipping to run 'tidy\Tidy.exe' onscript.au3' to improve sourcecode readability. (Plz run it manually if you need it.)
Token expansion succeed.
===============================================================================



possible problems can cause big numbers of the type 'Int64'
like this:
429204,1286
Since VB doesn't have such a type I read them in as 'Currency' that is a 64Bit Integer, but with a fix comma at the 4.th digit. I convert that into a string and remove the comma with a search'n'replace.
The problem is that depending on the country setting this number string may look like:
"429204,1286" or
"429204.1286" and a Replace("429204.1286", ",") will not do what it should and in the end the number may be cutted to "429204".
I'll improve that.

The rest should work fine.

With the offsets given in the log file you can check it manually in when you open script.tok in a Hexeditor.

[qalnor]

It's always possible that it's on my side, but could you check to see if your latest upload for this is functional? I'm getting corrupted zips when I try to DL it, and the way it's failing feels like a broken upload. Tia.

[qalnor]

Sorry, ignore the last post. I forgot that I told ESET to be quiet a week or so ago, and apparently it took that so well to heart that it didn't bother to tell me it was killing my connection and quarantining the files. I realized this when I tried dling an older version off of a DL site and had the same problem.

[qalnor]

Any1 got a problem with LZSS under Windows 7
"The applictaion was unable to start correctly (0xc0000018)" ??

LZSS problem and whole myAutToExe fails - cant find ...tok file Read/Write

I ran into a similar problem, although I'm using XP64. I can't promise that this will also work under Windows7, but I recompiled LZSS on my system and was able to get it to work. I've added it as an attachment, just replace your lzss.exe with it and the basic program should work fine.

[SebiF]

Any1 got a problem with LZSS under Windows 7
"The applictaion was unable to start correctly (0xc0000018)" ??

LZSS problem and whole myAutToExe fails - cant find ...tok file Read/Write

I ran into a similar problem, although I'm using XP64. I can't promise that this will also work under Windows7, but I recompiled LZSS on my system and was able to get it to work. I've added it as an attachment, just replace your lzss.exe with it and the basic program should work fine.

jotti.malware.org says it's clean, sandbox behaviour looked great and local test worked. Unpacking a script in Win7 was successful with your LZSS.exe.

Thanks!

[cw2k]

Hmm ya lzss.exe is compiled as debug build and for that 10 times bigger than a release build.
Well I recompiled lzss.exe (without critical options like /align or /merge sections) - but I don't have some windows 7 to test.
So plz DL new release and tell me if lzss.exe works.

[qalnor]

So plz DL new release and tell me if lzss.exe works.

Just grabbed it, and I can confirm that it works on XP64 where I was getting the same error. I don't have Win7 myself to test it with, but I would lean towards guessing that it's ok there now as well.

[vizouk]

cw2k tested and working at windows x64 .
Thank you.

[PythEch]

Please DL the new release - it will fix some problems.

But it will not help with that bug/error. This error has probably to do with ya country codepage settings - because on my windows(german) it works.
Please check the option 'Don't delete temp files' and decompile 'Script.a3x' again.

I attached the resulting files as mhs.7z(+ manually deleted some unimportant *.raw and *.pak files to keep the size down; also I canceled tidy on the first run since it just takes long and is not really necessary at that stage).

To narrow down the error location please compare your resulting temp files with my. (Or pack ya temp file and I'll do that.)
However the source code and VB6 is also on the download page - so you may also try ya luck and find and fix the bug.

(ah yes and to run 'Script_restore_restore.au3' you'll need to manually delete the last three function that were leftovers from the obfuscator)

Update: Add final mhs(Metin2 MultiHackSelector 4.3) after using the function renamer
This even corrects the error you get if you select 'visit website' or 'visit forum' in the menu of that bot

Thanks for your reply. I couldn't follow the forum so I'm sorry Anyway, I couldn't understand the temp files, so I uploaded them. They are almost the same, but not at all.

I think you're right. my windows is Turkish. I will checkout your source code soon...

[PythEch]

Ok I found the problem in source code. It is very simple... The const LocaleID_ENG is German LCID (1031). I changed it to 1055 (Turkish). LCID list -> http://support.microsoft.com/?kbid=221435. Now it works. Also, the 0 and 1024 LCID's work too.

[cw2k]

Thanks for the feedback ! Till I found I real fix, I'll but it this into readme.

[Danny_NL]

Hi,

I've been playing around with this decompiler and noticed there is an issue with finding the valid seperator in the .tbl:

The IsValidSeperator function fails when the seperator has non-unique characters, eg: aba or xxx. The function will assume that only a, or x in this example would be the seperator, while the real seperator is 3 bytes long.

I'm not sure if the seperator is always 3 bytes long, but checking to make sure it is would prevent issues into decoding the function names.