Decompiling an EXE file












4















I am helping out a friend in dealing with a software issue. He has a Windows machine that on startup executes a .exe file which we have been able to deconstruct into its corresponding .bat file. The execution of that file is expected.



In the .bat file, we see that it calls two other .exe files. They are called myScript5.exe and f11.exe. We are not able to decompile either .exe file as we don't know what language they were originally written in, and no .bat file appears in our temp folder when we execute them.



We know what f11.exe does, at least on the surface. We are pretty certain that it simulates an F11 keypress, essentially blowing up the current window into full screen mode.



We are not able to figure out what myScript5.exe does, except that it changes his mouse pointer to the "loading" icon; clicking anywhere reverts the mouse into the regular icon.



Both .exe files have a green square icon with a white Comic Sans "H". Would anyone know how we can try to decompile myScript5.exe, or if anyone is familiar with the icon I described? I personally think that both .exe files were downloaded from a website that publishes utility applications (such as blowing up a window into full screen mode).



Any help is greatly appreciated. Thanks!










share|improve this question



























    4















    I am helping out a friend in dealing with a software issue. He has a Windows machine that on startup executes a .exe file which we have been able to deconstruct into its corresponding .bat file. The execution of that file is expected.



    In the .bat file, we see that it calls two other .exe files. They are called myScript5.exe and f11.exe. We are not able to decompile either .exe file as we don't know what language they were originally written in, and no .bat file appears in our temp folder when we execute them.



    We know what f11.exe does, at least on the surface. We are pretty certain that it simulates an F11 keypress, essentially blowing up the current window into full screen mode.



    We are not able to figure out what myScript5.exe does, except that it changes his mouse pointer to the "loading" icon; clicking anywhere reverts the mouse into the regular icon.



    Both .exe files have a green square icon with a white Comic Sans "H". Would anyone know how we can try to decompile myScript5.exe, or if anyone is familiar with the icon I described? I personally think that both .exe files were downloaded from a website that publishes utility applications (such as blowing up a window into full screen mode).



    Any help is greatly appreciated. Thanks!










    share|improve this question

























      4












      4








      4








      I am helping out a friend in dealing with a software issue. He has a Windows machine that on startup executes a .exe file which we have been able to deconstruct into its corresponding .bat file. The execution of that file is expected.



      In the .bat file, we see that it calls two other .exe files. They are called myScript5.exe and f11.exe. We are not able to decompile either .exe file as we don't know what language they were originally written in, and no .bat file appears in our temp folder when we execute them.



      We know what f11.exe does, at least on the surface. We are pretty certain that it simulates an F11 keypress, essentially blowing up the current window into full screen mode.



      We are not able to figure out what myScript5.exe does, except that it changes his mouse pointer to the "loading" icon; clicking anywhere reverts the mouse into the regular icon.



      Both .exe files have a green square icon with a white Comic Sans "H". Would anyone know how we can try to decompile myScript5.exe, or if anyone is familiar with the icon I described? I personally think that both .exe files were downloaded from a website that publishes utility applications (such as blowing up a window into full screen mode).



      Any help is greatly appreciated. Thanks!










      share|improve this question














      I am helping out a friend in dealing with a software issue. He has a Windows machine that on startup executes a .exe file which we have been able to deconstruct into its corresponding .bat file. The execution of that file is expected.



      In the .bat file, we see that it calls two other .exe files. They are called myScript5.exe and f11.exe. We are not able to decompile either .exe file as we don't know what language they were originally written in, and no .bat file appears in our temp folder when we execute them.



      We know what f11.exe does, at least on the surface. We are pretty certain that it simulates an F11 keypress, essentially blowing up the current window into full screen mode.



      We are not able to figure out what myScript5.exe does, except that it changes his mouse pointer to the "loading" icon; clicking anywhere reverts the mouse into the regular icon.



      Both .exe files have a green square icon with a white Comic Sans "H". Would anyone know how we can try to decompile myScript5.exe, or if anyone is familiar with the icon I described? I personally think that both .exe files were downloaded from a website that publishes utility applications (such as blowing up a window into full screen mode).



      Any help is greatly appreciated. Thanks!







      windows batch-file decompile






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 2 at 22:06









      user980233user980233

      211




      211






















          2 Answers
          2






          active

          oldest

          votes


















          7














          The icon you describe sounds exactly like a compiled AutoHotkey script:



          enter image description here



          I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/



          Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe





          EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me.
          However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:




          Overview:



          Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.




          Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
          enter image description here






          share|improve this answer

































            0














            It depends on the type of your executable.



            When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy



            However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.






            share|improve this answer























              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "3"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389961%2fdecompiling-an-exe-file%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              7














              The icon you describe sounds exactly like a compiled AutoHotkey script:



              enter image description here



              I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/



              Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe





              EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me.
              However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:




              Overview:



              Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.




              Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
              enter image description here






              share|improve this answer






























                7














                The icon you describe sounds exactly like a compiled AutoHotkey script:



                enter image description here



                I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/



                Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe





                EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me.
                However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:




                Overview:



                Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.




                Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
                enter image description here






                share|improve this answer




























                  7












                  7








                  7







                  The icon you describe sounds exactly like a compiled AutoHotkey script:



                  enter image description here



                  I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/



                  Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe





                  EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me.
                  However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:




                  Overview:



                  Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.




                  Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
                  enter image description here






                  share|improve this answer















                  The icon you describe sounds exactly like a compiled AutoHotkey script:



                  enter image description here



                  I have not tried it, but there appears to be a utility to decompile an EXE back to an AHK file. See here: https://autohotkey.com/board/topic/26196-how-can-i-convert-my-autohotkeyexe-file-back-to-ahk-file/



                  Direct link to utility download: http://www.autohotkey.com/download/Exe2Ahk.exe





                  EDIT: I just tried decompiling using the Exe2Ahk utility and it did not work for me.
                  However, I was able to extract the script from an AHK-compliled EXE file using the freeware Resource Hacker:




                  Overview:



                  Resource Hacker™ is a resource editor for 32bit and 64bit Windows® applications. It's both a resource compiler (for .rc files), and a decompiler - enabling viewing and editing of resources in executables (.exe; *.dll; .scr; etc) and compiled resource libraries (.res, *.mui). While Resource Hacker™ is primarily a GUI application, it also provides many options for compiling and decompiling resources from the command-line.




                  Open the EXE file in Resource Hacker, and you should see the script under the RCData folder:
                  enter image description here







                  share|improve this answer














                  share|improve this answer



                  share|improve this answer








                  edited Jan 2 at 22:35

























                  answered Jan 2 at 22:12









                  wysiwygwysiwyg

                  2,018416




                  2,018416

























                      0














                      It depends on the type of your executable.



                      When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy



                      However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.






                      share|improve this answer




























                        0














                        It depends on the type of your executable.



                        When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy



                        However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.






                        share|improve this answer


























                          0












                          0








                          0







                          It depends on the type of your executable.



                          When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy



                          However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.






                          share|improve this answer













                          It depends on the type of your executable.



                          When it is a .NET assembly then you have an easy task. There are several decompilers available, e.g. ILSpy



                          However, other types are very difficult to decompile and most likely you will not manage it. If the program was compiled from VB6, Pascal/Delphi, C++, etc. then you are lost.







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Jan 4 at 19:19









                          Wernfried DomscheitWernfried Domscheit

                          372111




                          372111






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Super User!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1389961%2fdecompiling-an-exe-file%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              Probability when a professor distributes a quiz and homework assignment to a class of n students.

                              Aardman Animations

                              Are they similar matrix