Abyssmedia.com Forum Index Abyssmedia.com
Abyssmedia Support Forums
 
  FAQ    Search    Memberlist    Usergroups   Register 
  Profile    Log in to check your private messages    Log in 

It's really easy to decompile a BFC-file - Quick Batch File Compiler

 
Post new topic   Reply to topic    Abyssmedia.com Forum Index -> Quick Batch File Compiler
View previous topic :: View next topic  
Author Message
Code Cloude



Joined: 20 Oct 2005
Posts: 3

PostPosted: Thu Oct 20, 2005 5:43 pm    Post subject: Reply with quote

1. Delete all(or nearly most) files in C:\windows\temp
2. Run the script and keep the black windows batch window open.
3. Get the 'decompile' file(s) from C:\windows\temp
That's it Very Happy
If the the Batfile is ghosted or don't waits for user input open the it in a hexeditor and replace 'DeleteFileA' with 'DeleteFileW'.
If you want to aviod the script to execute (because it may contain something like 'echo |format c: /q') additionally replace 'CreateProcessA' by 'CreateProcessW'.

Please keep script files what they are - script files !

@Oleg instead trying to deny this - you should at least mention it in one sentence in the manual as 'limitation' -as every good and honest program did - until you fixed or improved it.People have a right to know all about a program they use to deal with their private stuff.
Byway I like BFC - it's pure&simple and nice to use.
You've never tried some stuff to improve 'protection' like
creating the tempfile without shareaccess flags so it becames locked to any other program for readaccess. May this will require to inject some code to cmd.exe process adress space to do so (A Dll is the easiest way but there are others as well like CreateRemoteThread.) Intercept/hook fileaccess API's like CreateFileW or ReadFile to redirect it to your data an keep the whole story in RAM or check out what pipes may do.
Be creative and explore the possiblities !:laugh:



Edited By Code Cloude on 1129832904
Back to top
Oleg Tsheglov
Site Admin


Joined: 13 Feb 2004
Posts: 309

PostPosted: Fri Oct 21, 2005 5:56 am    Post subject: Reply with quote

Ok. This is not a secret, but...anybody known about EXE source? Does you know that your favorite tool created with Visual C++, Visual Basic, Delphi or QuickBFC? Usually no. QuickBFC protect your source from modifications and hide the source code from users.
Your suggestions not so good. We tested shareaccess, dll injection and much more - this solutions can't guarantee stable work on any Windows version. Moreover, we working on byte-code compiler for next versions - it work as Visual Basic, EXE file contain a bytecode+interpreter.

P.S. As I know all our competitors uses same algorithm as our current version and created temporary files in TEMP folder and nobody can't guarantee better protection.
Back to top
Code Cloude



Joined: 20 Oct 2005
Posts: 3

PostPosted: Sat Oct 22, 2005 10:38 pm    Post subject: Reply with quote

>...anybody known about EXE source? Does you know that
> your favorite tool created with Visual C++, Visual Basic,
> Delphi or QuickBFC?
I use the Total Commander and usually view the begin and the end of any unknow exe (especially some I downloaded by emule) with the build in ACCI-Viewer for unwanted code.
If you see MSVBVM60.dll it's VB6.
If you see 'Boolean' and 'Smallint' it's Delphi; when you open it in some resource viewer or in DeDe you get more infos.
quickbfc.exe is for ex. compiled with Delphi 7(enterprise)
and about Visual C++m it usually has '.data' as sectionname and has somewhere "Microsoft Visual C++" (from msvcrt.lib standardlib) or "MFC..."
QuickBFC script exe appears as Delphi exe but they have some 'supicious' data(=packed/encrypted data) attached at the end. That's how I stumble over BFC (google:"Quick Batch File Compiler") and found out that this is some packed script data and no adloader or Trojan 'FileAttachement'...

> Moreover, we working on byte-code compiler for next
> versions - it work as Visual Basic, EXE file contain a
> bytecode+interpreter.
Well that's some real good solution but as I guess also pretty much work. Very Happy



Edited By Code Cloude on 1130021513
Back to top
redrock
Guest





PostPosted: Wed Nov 02, 2005 1:31 am    Post subject: Reply with quote

Code Cloude wrote:
I use the Total Commander and usually view the begin and the end of any unknow exe (especially some I downloaded by emule) with the build in ACCI-Viewer for unwanted code.

emule?

you just lost all credibility

what kind of fool uses emule?
Back to top
sixpack



Joined: 08 Dec 2004
Posts: 13

PostPosted: Wed Nov 02, 2005 3:19 pm    Post subject: Reply with quote

old news ???

but i like Quick Batch File Compiler and i'm stil using it

keep up the good work mr.Tsheglov
btw.. when is the next version comming out?
Back to top
Oleg Tsheglov
Site Admin


Joined: 13 Feb 2004
Posts: 309

PostPosted: Thu Nov 03, 2005 12:55 am    Post subject: Reply with quote

Thank you!
As soon as we resolve problem with all antivirus vendors we will release new version. It will fix problems with %0 and %CD variables.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Abyssmedia.com Forum Index -> Quick Batch File Compiler All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001-2011 phpBB Group