AHK-Hacker - AutoHotkey Decompiler

Extracts source code from compiled AutoHotkey executables (.exe) by extracting the embedded RCDATA resource. Integrates with Windows right-click context menu for seamless decompilation workflow.

What This Skill Does

This skill helps you understand, modify, or extend the AHK-Hacker codebase—an AutoHotkey v2.0 decompiler that uses Resource Hacker™ to extract embedded scripts from compiled .exe files. It handles multiple AutoHotkey formats, UPX-packed executables, and legacy resource naming schemes through automatic fallback chains.

Architecture Overview

**Tech Stack:**

Language: AutoHotkey v2.0

External Tools: Resource Hacker™ v5.x (downloaded automatically), Resource Hacker™ v4.x (bundled), UPX (downloaded on-demand), myAutToExe (optional download)

Platform: Windows 10+

**Decompilation Strategy:**

1. Resource Hacker™ 5.x → extracts `RCDATA1_1.bin` from modern AHK executables

2. Resource Hacker™ 4.x → fallback for older AHK executables with `>AHK WITH ICON<` resource naming (v5.x has a bug with special characters in resource names)

3. UPX unpacking → automatic detection and unpacking of compressed executables, then retry RH5 → RH4

4. myAutToExe GUI → manual decompilation offer for very old AHK (v1.0.48.5 and earlier)

**Key Components:**

`src/AHK-Hacker.ahk` — Main decompiler with 4-stage fallback chain

`src/Install.ahk` — Downloads Resource Hacker™, unblocks files, registers context menu

`src/Uninstall.ahk` — Removes context menu, cleans up downloaded binaries

`src/lib/Update-ResourceHacker.ahk` — HTTP-based updater with Last-Modified caching

`src/lib/Install-ContextMenu.ahk` — Registry script for `HKEY_CURRENT_USER\Software\Classes\exefile\shell\AHK-Hacker`

`src/lib/Unpack-Exe.ahk` — UPX detection (PE header analysis) and unpacking

`src/lib/Launch-MyAutToExe.ahk` — Downloads and launches myAutToExe GUI for legacy AHK

`src/lib/Notifications.ahk` — Shared notification library for progress feedback

Instructions

1. Understanding the Codebase

Start by reading the project structure:

```bash

View directory structure

ls -R src/

Read main decompiler logic

cat src/AHK-Hacker.ahk

Read installer/uninstaller

cat src/Install.ahk

cat src/Uninstall.ahk

Review library functions

cat src/lib/*.ahk

```

**Key concepts to understand:**

Resource Hacker™ 5.x fails to extract resources with special characters (`<`, `>`) in names due to Windows filename restrictions

UPX detection uses PE header parsing (checks for "UPX0", "UPX1", "UPX2" section signatures)

Context menu registration requires no admin rights (uses `HKEY_CURRENT_USER`)

Temporary unpacked files use naming pattern: `{filename}.unpacked.{timestamp}.tmp`

2. Setting Up Development Environment

Before making changes, ensure you have:

```bash

Install AutoHotkey v2.0 (if not already installed)

Download from https://www.autohotkey.com/

Clone repository structure

cd /path/to/AHK-Hacker

Verify file structure matches CLAUDE.md

ls src/lib/

ls src/res/

```

3. Testing Changes

**Manual testing workflow:**

```bash

1. Run installer (downloads Resource Hacker™ to bin/)

Right-click src/Install.ahk → Run Script

2. Test decompilation on sample .exe

Right-click any AHK-compiled .exe → "AHK-Hacker - Decompile"

3. Check logs

cat src/log/*.txt

4. Verify output

cat path/to/filename_decompiled.ahk

```

**Testing specific scenarios:**

**Modern AHK (v1.1.30+)**: Should extract via RH5 → `RCDATA1_1.bin`

**Legacy AHK (v1.1.30 and older)**: Should fallback to RH4 → `RCData.bin`

**UPX-packed executables**: Should detect UPX → unpack → retry RH5 → RH4

**Very old AHK (≤v1.0.48.5)**: Should offer myAutToExe GUI

4. Common Development Tasks

#### Adding a new fallback method

1. Read `src/AHK-Hacker.ahk` lines 145-187 (fallback chain logic)

2. Add new function to `src/lib/` folder (follow naming: `Action-Target.ahk`)

3. Insert fallback call after UPX unpacking but before myAutToExe offer

4. Update `CLAUDE.md` file structure section

5. Test with all AHK format variants

#### Modifying context menu registration

1. Read `src/lib/Install-ContextMenu.ahk` and `src/lib/Uninstall-ContextMenu.ahk`

2. Modify registry path: `HKEY_CURRENT_USER\Software\Classes\exefile\shell\AHK-Hacker`

3. Test installation: Run `src/lib/Install-ContextMenu.ahk` → check `regedit`

4. Test uninstallation: Run `src/lib/Uninstall-ContextMenu.ahk` → verify removal

5. Restart Explorer if context menu doesn't update: `taskkill /f /im explorer.exe && start explorer.exe`

#### Updating Resource Hacker™ download logic

1. Read `src/lib/Update-ResourceHacker.ahk` (HTTP HEAD request + ZIP extraction)

2. Modify download URL or version caching logic

3. Test updater: Run with `/silent` parameter → check `src/bin/.rh_version`

4. Verify files are unblocked (no "downloaded from internet" flag)

#### Adding UPX detection improvements

1. Read `src/lib/Unpack-Exe.ahk` function `IsUPXPacked()`

2. Current detection: PE section headers matching `^UPX[0-9]$` regex

3. Add additional signatures or heuristics

4. Test with UPX-packed and non-UPX executables

5. Verify performance improvement (should skip download for non-UPX files)

5. Building and Releasing

**Development build (unsigned):**

```bash

Compile with AutoHotkey v2.0 compiler

Right-click src/AHK-Hacker.ahk → "Compile Script"

```

**Production build (signed):**

```powershell

Run build script (requires code signing certificate)

cd src/res

.\compile_and_sign.ps1

Verify signature

Get-AuthenticodeSignature ..\AHK-Hacker.exe

```

**Release workflow (GitHub Actions):**

Push to `main` branch or create Git tag

`.github/workflows/release.yml` automatically copies `src/res/ResourceHacker4.exe` to `src/bin/`

Creates ZIP with all required files

6. Debugging Common Issues

**"ResourceHacker.exe not found in bin folder"**

Cause: `src/lib/Update-ResourceHacker.ahk` failed or not run

Fix: Run `src/lib/Update-ResourceHacker.ahk` manually → check HTTP response in log

Verify: `ls src/bin/ResourceHacker.exe`

**"Failed to extract script data"**

Cause: Not an AHK executable, encrypted, or unsupported format

Fix: Check `src/log/*.txt` for Resource Hacker™ output

Test: Run `ResourceHacker.exe` GUI manually on the .exe to inspect resources

**Context menu doesn't appear**

Cause: Registry keys not set or Explorer cache

Fix: Run `src/lib/Install-ContextMenu.ahk` → restart Explorer

Verify: `reg query "HKCU\Software\Classes\exefile\shell\AHK-Hacker"`

**UPX unpacking fails**

Cause: UPX not found or invalid UPX-packed file

Fix: Check if `src/bin/upx.exe` exists → verify PE header in log

Test: Run `upx -d input.exe -o output.tmp` manually

**Empty or invalid RCDATA output**

Cause: Resource name mismatch or RH5 bug with special characters

Fix: Fallback to RH4 should trigger automatically (check log at AHK-Hacker.ahk:145-187)

Verify: `ls src/bin/ResourceHacker4.exe` (should exist in releases)

7. Important Constraints

**No Admin Rights Required**: Context menu uses `HKEY_CURRENT_USER`, updater writes to `src/bin/`

**Resource Hacker™ 4.x is Mandatory**: RH5 cannot extract resources with `<>` in names (confirmed bug)

**UPX Detection Before Download**: Always check PE headers to avoid unnecessary 6-13 second download

**Temporary File Cleanup**: Always delete `*.unpacked.*.tmp` files after decompilation

**Line Ending Normalization**: Convert extracted scripts to Windows CRLF (AutoHotkey requirement)

**Silent Mode Support**: All lib scripts accept `/silent` parameter for automation

8. Key Files Reference

| File | Purpose | Key Functions |

|------|---------|---------------|

| `src/AHK-Hacker.ahk` | Main decompiler | 4-stage fallback chain (RH5 → RH4 → UPX → mATE) |

| `src/lib/Unpack-Exe.ahk` | UPX handling | `IsUPXPacked()`, `TryUnpackExe()`, `DownloadUpx()` |

| `src/lib/Update-ResourceHacker.ahk` | RH updater | HTTP HEAD, ZIP extraction, version caching |

| `src/lib/Install-ContextMenu.ahk` | Registry setup | `HKCU\Software\Classes\exefile\shell` |

| `src/lib/Launch-MyAutToExe.ahk` | Legacy fallback | `OfferMyAutToExe()`, `DownloadMyAutToExe()` |

| `src/lib/Notifications.ahk` | UI feedback | `ShowProgress(message, iconType, title)` |

9. External Tool References

**Resource Hacker™ 5.x**: http://www.angusj.com/resourcehacker/ (auto-downloaded)

**Resource Hacker™ 4.x**: Bundled in `src/res/` (source) / `src/bin/` (releases)

**UPX**: https://github.com/upx/upx/releases (auto-downloaded)

**myAutToExe**: https://github.com/KnifMelti/SandboxStart (auto-downloaded)

10. Code Style Guidelines

Use AutoHotkey v2.0 syntax (not v1.1)

Prefer `FileOpen()` over `FileRead()` for binary operations

Always log operations to `src/log/` with timestamps

Use `ShowProgress()` for user feedback (not `MsgBox` in silent mode)

Include `/silent` parameter support in all lib scripts

Comment complex PE header parsing or registry operations

Example Workflows

**Add a new extraction method:**

1. Read `src/AHK-Hacker.ahk` fallback chain (lines 145-187)

2. Create `src/lib/Extract-NewMethod.ahk` with `TryNewMethod(exePath, logFile)` function

3. Insert call after UPX unpacking: `if (newResult := TryNewMethod(exePath, logFile)) { ... }`

4. Update `CLAUDE.md` file structure and key components sections

5. Test with various AHK .exe formats

**Improve UPX detection accuracy:**

1. Read `src/lib/Unpack-Exe.ahk` function `IsUPXPacked()`

2. Add additional PE section signatures or entropy analysis

3. Test with 20+ UPX-packed and non-UPX executables

4. Measure performance impact (target: <1 second overhead)

5. Update detection state documentation (-1 = error, 0 = not UPX, 1 = UPX detected)

**Debug Resource Hacker™ extraction failure:**

1. Check `src/log/*.txt` for Resource Hacker™ command output

2. Verify `src/bin/ResourceHacker.exe` and `src/bin/ResourceHacker4.exe` exist

3. Run Resource Hacker™ GUI manually: `ResourceHacker.exe -open "input.exe"`

4. Inspect resource tree for RCDATA entries (look for numeric IDs vs `>AHK WITH ICON<`)

5. If RH5 failed but RH4 succeeded, verify `<>` character bug (see CLAUDE.md:165-220)

AHK-Hacker - AutoHotkey Decompiler

AHK-Hacker - AutoHotkey Decompiler

What This Skill Does

Architecture Overview

Instructions

1. Understanding the Codebase

View directory structure

Read main decompiler logic

Read installer/uninstaller

Review library functions

2. Setting Up Development Environment

Install AutoHotkey v2.0 (if not already installed)

Download from https://www.autohotkey.com/

Clone repository structure

Verify file structure matches CLAUDE.md

3. Testing Changes

1. Run installer (downloads Resource Hacker™ to bin/)

Right-click src/Install.ahk → Run Script

2. Test decompilation on sample .exe

Right-click any AHK-compiled .exe → "AHK-Hacker - Decompile"

3. Check logs

4. Verify output

4. Common Development Tasks

5. Building and Releasing

Compile with AutoHotkey v2.0 compiler

Right-click src/AHK-Hacker.ahk → "Compile Script"

Run build script (requires code signing certificate)

Verify signature

6. Debugging Common Issues

7. Important Constraints

8. Key Files Reference

9. External Tool References

10. Code Style Guidelines

Example Workflows

Reviews (0)