From caa37372f4b8021a7b1af5a72dd2ce644e09a93c Mon Sep 17 00:00:00 2001
From: Philip Okoh <pco23@scarletmail.rutgers.edu>
Date: Mon, 8 Aug 2022 14:54:11 -0400
Subject: [PATCH 1/2] new read me

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index 0889aa0..95848e8 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,11 @@
 # AutoIt-Ripper
 
+FORK UPDATE
+
+* Noticed that the previous implementation didn't take into account that compiled scripts could be stored in the overlay
+  of a PE so this fork will implement that change.
+
+
 ## What is this
 This is a short python script that allows for extraction of "compiled" AutoIt scripts from PE executables.
 

From 914d2695fe9bc16bc0621596463f80ef75715da7 Mon Sep 17 00:00:00 2001
From: Philip Okoh <pco23@scarletmail.rutgers.edu>
Date: Mon, 8 Aug 2022 18:53:47 -0400
Subject: [PATCH 2/2] Added overlay

---
 autoit_ripper/autoit_unpack.py | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/autoit_ripper/autoit_unpack.py b/autoit_ripper/autoit_unpack.py
index cf20cf3..a1a32ba 100644
--- a/autoit_ripper/autoit_unpack.py
+++ b/autoit_ripper/autoit_unpack.py
@@ -174,13 +174,38 @@ def unpack_ea06(binary_data: bytes) -> Optional[List[Tuple[str, bytes]]]:
 
     pe.parse_data_directories()
     if not pe.DIRECTORY_ENTRY_RESOURCE:
+
         log.error("The input file has no resources")
-        return None
+        log.info("Checking overlay")
+
+        data = pe.get_overlay()
+        if data is None:
+            log.error("No overlay")
+            return None
+        
+        data = ByteStream(bytes(data)[0x18:])
+        parsed_data = parse_all(data, AutoItVersion.EA06)
+        if not parsed_data:
+            log.error("Couldn't decode the autoit script")
+            return None
+        return parsed_data
 
     script_resource = get_script_resource(pe)
     if script_resource is None:
         log.error("Couldn't find the script resource")
-        return None
+        log.info("Checking overlay")
+
+        data = pe.get_overlay()
+        if data is None:
+            log.error("No overlay")
+            return None
+        
+        data = ByteStream(bytes(data)[0x18:])
+        parsed_data = parse_all(data, AutoItVersion.EA06)
+        if not parsed_data:
+            log.error("Couldn't decode the autoit script")
+            return None
+        return parsed_data
 
     data_rva = script_resource.OffsetToData
     data_size = script_resource.Size