Decompiling an EXE file
I am helping out a friend in dealing with a software issue. He has a Windows machine that on startup executes a .exe file which we have been able to deconstruct into its corresponding .bat file. The execution of that file is expected.
In the .bat file, we see that it calls two other .exe files. They are called myScript5.exe and f11.exe. We are not able to decompile either .exe file as we don't know what language they were originally written in, and no .bat file appears in our temp folder when we execute them.
We know what f11.exe does, at least on the surface. We are pretty certain that it simulates an F11 keypress, essentially blowing up the current window into full screen mode.
We are not able to figure out what myScript5.exe does, except that it changes his mouse pointer to the "loading" icon; clicking anywhere reverts the mouse into the regular icon.
Both .exe files have a green square icon with a white Comic Sans "H". Would anyone know how we can try to decompile myScript5.exe, or if anyone is familiar with the icon I described? I personally think that both .exe files were downloaded from a website that publishes utility applications (such as blowing up a window into full screen mode).
Any help is greatly appreciated. Thanks!
windows batch-file decompile
asked Jan 2 at 22:06
user980233user980233
211
add a comment |
I am helping out a friend in dealing with a software issue. He has a Windows machine that on startup executes a .exe file which we have been able to deconstruct into its corresponding .bat file. The execution of that file is expected.
In the .bat file, we see that it calls two other .exe files. They are called myScript5.exe and f11.exe. We are not able to decompile either .exe file as we don't know what language they were originally written in, and no .bat file appears in our temp folder when we execute them.
We know what f11.exe does, at least on the surface. We are pretty certain that it simulates an F11 keypress, essentially blowing up the current window into full screen mode.
We are not able to figure out what myScript5.exe does, except that it changes his mouse pointer to the "loading" icon; clicking anywhere reverts the mouse into the regular icon.
Both .exe files have a green square icon with a white Comic Sans "H". Would anyone know how we can try to decompile myScript5.exe, or if anyone is familiar with the icon I described? I personally think that both .exe files were downloaded from a website that publishes utility applications (such as blowing up a window into full screen mode).
Any help is greatly appreciated. Thanks!
windows batch-file decompile
asked Jan 2 at 22:06
user980233user980233
211
add a comment |
I am helping out a friend in dealing with a software issue. He has a Windows machine that on startup executes a .exe file which we have been able to deconstruct into its corresponding .bat file. The execution of that file is expected.
In the .bat file, we see that it calls two other .exe files. They are called myScript5.exe and f11.exe. We are not able to decompile either .exe file as we don't know what language they were originally written in, and no .bat file appears in our temp folder when we execute them.
We know what f11.exe does, at least on the surface. We are pretty certain that it simulates an F11 keypress, essentially blowing up the current window into full screen mode.
We are not able to figure out what myScript5.exe does, except that it changes his mouse pointer to the "loading" icon; clicking anywhere reverts the mouse into the regular icon.
Both .exe files have a green square icon with a white Comic Sans "H". Would anyone know how we can try to decompile myScript5.exe, or if anyone is familiar with the icon I described? I personally think that both .exe files were downloaded from a website that publishes utility applications (such as blowing up a window into full screen mode).
Any help is greatly appreciated. Thanks!
windows batch-file decompile
asked Jan 2 at 22:06
user980233user980233
211
I am helping out a friend in dealing with a software issue. He has a Windows machine that on startup executes a .exe file which we have been able to deconstruct into its corresponding .bat file. The execution of that file is expected.
In the .bat file, we see that it calls two other .exe files. They are called myScript5.exe and f11.exe. We are not able to decompile either .exe file as we don't know what language they were originally written in, and no .bat file appears in our temp folder when we execute them.
We know what f11.exe does, at least on the surface. We are pretty certain that it simulates an F11 keypress, essentially blowing up the current window into full screen mode.
We are not able to figure out what myScript5.exe does, except that it changes his mouse pointer to the "loading" icon; clicking anywhere reverts the mouse into the regular icon.
Both .exe files have a green square icon with a white Comic Sans "H". Would anyone know how we can try to decompile myScript5.exe, or if anyone is familiar with the icon I described? I personally think that both .exe files were downloaded from a website that publishes utility applications (such as blowing up a window into full screen mode).
Any help is greatly appreciated. Thanks!
windows batch-file decompile
windows batch-file decompile
asked Jan 2 at 22:06
user980233user980233
211
asked Jan 2 at 22:06
user980233user980233
211
asked Jan 2 at 22:06
user980233user980233
211
asked Jan 2 at 22:06
user980233user980233
211
asked Jan 2 at 22:06
user980233user980233
211
211
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
The icon you describe sounds exactly like a compiled AutoHotkey script:
I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/
Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe
EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me.
However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:
Overview:
Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.
Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
answered Jan 2 at 22:12
wysiwygwysiwyg
2,018416
add a comment |
It depends on the type of your executable.
When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy
However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.
answered Jan 4 at 19:19
Wernfried DomscheitWernfried Domscheit
372111
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389961%2fdecompiling-an-exe-file%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The icon you describe sounds exactly like a compiled AutoHotkey script:
I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/
Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe
EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me.
However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:
Overview:
Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.
Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
answered Jan 2 at 22:12
wysiwygwysiwyg
2,018416
add a comment |
The icon you describe sounds exactly like a compiled AutoHotkey script:
I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/
Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe
EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me.
However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:
Overview:
Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.
Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
answered Jan 2 at 22:12
wysiwygwysiwyg
2,018416
add a comment |
The icon you describe sounds exactly like a compiled AutoHotkey script:
I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/
Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe
EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me.
However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:
Overview:
Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.
Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
answered Jan 2 at 22:12
wysiwygwysiwyg
2,018416
The icon you describe sounds exactly like a compiled AutoHotkey script:
I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/
Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe
EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me.
However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:
Overview:
Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.
Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
answered Jan 2 at 22:12
wysiwygwysiwyg
2,018416
edited Jan 2 at 22:35
answered Jan 2 at 22:12
wysiwygwysiwyg
2,018416
answered Jan 2 at 22:12
wysiwygwysiwyg
2,018416
answered Jan 2 at 22:12
wysiwygwysiwyg
2,018416
2,018416
add a comment |
add a comment |
It depends on the type of your executable.
When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy
However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.
answered Jan 4 at 19:19
Wernfried DomscheitWernfried Domscheit
372111
add a comment |
It depends on the type of your executable.
When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy
However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.
answered Jan 4 at 19:19
Wernfried DomscheitWernfried Domscheit
372111
add a comment |
It depends on the type of your executable.
When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy
However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.
answered Jan 4 at 19:19
Wernfried DomscheitWernfried Domscheit
372111
It depends on the type of your executable.
When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy
However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.
answered Jan 4 at 19:19
Wernfried DomscheitWernfried Domscheit
372111
answered Jan 4 at 19:19
Wernfried DomscheitWernfried Domscheit
372111
answered Jan 4 at 19:19
Wernfried DomscheitWernfried Domscheit
372111
answered Jan 4 at 19:19
Wernfried DomscheitWernfried Domscheit
372111
372111
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389961%2fdecompiling-an-exe-file%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
