It's really easy to decompile a BFC-file - Quick Batch File Compiler

Convert your BATch files into EXEcutable format in one click.
Post Reply
Code Cloude
Posts: 3
Joined: Thu Oct 20, 2005 5:33 pm

Post by Code Cloude » Thu Oct 20, 2005 5:43 pm

1. Delete all(or nearly most) files in C:\windows\temp
2. Run the script and keep the black windows batch window open.
3. Get the 'decompile' file(s) from C:\windows\temp
That's it :D
If the the Batfile is ghosted or don't waits for user input open the it in a hexeditor and replace 'DeleteFileA' with 'DeleteFileW'.
If you want to aviod the script to execute (because it may contain something like 'echo |format c: /q') additionally replace 'CreateProcessA' by 'CreateProcessW'.

Please keep script files what they are - script files !

@Oleg instead trying to deny this - you should at least mention it in one sentence in the manual as 'limitation' -as every good and honest program did - until you fixed or improved it.People have a right to know all about a program they use to deal with their private stuff.
Byway I like BFC - it's pure&simple and nice to use.
You've never tried some stuff to improve 'protection' like
creating the tempfile without shareaccess flags so it becames locked to any other program for readaccess. May this will require to inject some code to cmd.exe process adress space to do so (A Dll is the easiest way but there are others as well like CreateRemoteThread.) Intercept/hook fileaccess API's like CreateFileW or ReadFile to redirect it to your data an keep the whole story in RAM or check out what pipes may do.
Be creative and explore the possiblities !:laugh:



Edited By Code Cloude on 1129832904

Oleg Tsheglov
Site Admin
Posts: 309
Joined: Fri Feb 13, 2004 5:55 pm
Contact:

Post by Oleg Tsheglov » Fri Oct 21, 2005 5:56 am

Ok. This is not a secret, but...anybody known about EXE source? Does you know that your favorite tool created with Visual C++, Visual Basic, Delphi or QuickBFC? Usually no. QuickBFC protect your source from modifications and hide the source code from users.
Your suggestions not so good. We tested shareaccess, dll injection and much more - this solutions can't guarantee stable work on any Windows version. Moreover, we working on byte-code compiler for next versions - it work as Visual Basic, EXE file contain a bytecode+interpreter.

P.S. As I know all our competitors uses same algorithm as our current version and created temporary files in TEMP folder and nobody can't guarantee better protection.

Code Cloude
Posts: 3
Joined: Thu Oct 20, 2005 5:33 pm

Post by Code Cloude » Sat Oct 22, 2005 10:38 pm

>...anybody known about EXE source? Does you know that
> your favorite tool created with Visual C++, Visual Basic,
> Delphi or QuickBFC?
I use the Total Commander and usually view the begin and the end of any unknow exe (especially some I downloaded by emule) with the build in ACCI-Viewer for unwanted code.
If you see MSVBVM60.dll it's VB6.
If you see 'Boolean' and 'Smallint' it's Delphi; when you open it in some resource viewer or in DeDe you get more infos.
quickbfc.exe is for ex. compiled with Delphi 7(enterprise)
and about Visual C++m it usually has '.data' as sectionname and has somewhere "Microsoft Visual C++" (from msvcrt.lib standardlib) or "MFC..."
QuickBFC script exe appears as Delphi exe but they have some 'supicious' data(=packed/encrypted data) attached at the end. That's how I stumble over BFC (google:"Quick Batch File Compiler") and found out that this is some packed script data and no adloader or Trojan 'FileAttachement'...

> Moreover, we working on byte-code compiler for next
> versions - it work as Visual Basic, EXE file contain a
> bytecode+interpreter.
Well that's some real good solution but as I guess also pretty much work. :D



Edited By Code Cloude on 1130021513

redrock

Post by redrock » Wed Nov 02, 2005 1:31 am

Code Cloude wrote:I use the Total Commander and usually view the begin and the end of any unknow exe (especially some I downloaded by emule) with the build in ACCI-Viewer for unwanted code.
emule?

you just lost all credibility

what kind of fool uses emule?

sixpack
Posts: 13
Joined: Wed Dec 08, 2004 9:16 am

Post by sixpack » Wed Nov 02, 2005 3:19 pm

old news ???

but i like Quick Batch File Compiler and i'm stil using it

keep up the good work mr.Tsheglov
btw.. when is the next version comming out?

Oleg Tsheglov
Site Admin
Posts: 309
Joined: Fri Feb 13, 2004 5:55 pm
Contact:

Post by Oleg Tsheglov » Thu Nov 03, 2005 12:55 am

Thank you!
As soon as we resolve problem with all antivirus vendors we will release new version. It will fix problems with %0 and %CD variables.

Post Reply