Windows – Decompiling an EXE file

batch filedecompilewindows

I am helping out a friend in dealing with a software issue. He has a Windows machine that on startup executes a .exe file which we have been able to deconstruct into its corresponding .bat file. The execution of that file is expected.

In the .bat file, we see that it calls two other .exe files. They are called myScript5.exe and f11.exe. We are not able to decompile either .exe file as we don't know what language they were originally written in, and no .bat file appears in our temp folder when we execute them.

We know what f11.exe does, at least on the surface. We are pretty certain that it simulates an F11 keypress, essentially blowing up the current window into full screen mode.

We are not able to figure out what myScript5.exe does, except that it changes his mouse pointer to the "loading" icon; clicking anywhere reverts the mouse into the regular icon.

Both .exe files have a green square icon with a white Comic Sans "H". Would anyone know how we can try to decompile myScript5.exe, or if anyone is familiar with the icon I described? I personally think that both .exe files were downloaded from a website that publishes utility applications (such as blowing up a window into full screen mode).

Any help is greatly appreciated. Thanks!

Best Answer

The icon you describe sounds exactly like a compiled AutoHotkey script:

I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/

Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe

EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me. However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:

Overview:

Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.

Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:

How do I copy/replace files from a relative path to a .lnk target location?

Use the following batch file:

@echo off
setlocal
rem get the .lnk target directory
for /f "tokens=* usebackq" %%i in (`type "C:\Users\Home\Desktop\Example.lnk" ^| find "\" ^| findstr/b "[a-z][:][\\]"`) do (
  set _targetdir=%%~dpi
  )
rem copy the files
copy /y file1.exe %_targetdir%
copy /y file2.exe %_targetdir%
endlocal

My code gives an error "the syntax of the command is incorrect".

You are missing the " after lnk in the for command.
%_target% should be %_targetdir% (that was a mistake in my batch file - now fixed).

Here is the corrected version of your batch file:

@echo off
setlocal
rem get the .lnk target directory
for /f "tokens=* usebackq" %%i in (`type "C:\Users\Abdo\Desktop\Gravity.lnk" ^| find "\" ^| findstr/b "[a-z][:][\\]"`) do (
  set _targetdir=%%~dpi
  )
rem copy the files
copy /y Gravity.pdf %_targetdir%
endlocal

Best Answer

Related Solutions

Windows – CMD window will not close if folder is closed during execution of bat file

CMD or BAT to copy/replace files from a relative path to a .lnk target location

How do I copy/replace files from a relative path to a .lnk target location?

My code gives an error "the syntax of the command is incorrect".

Further Reading

Related Question