LostUser

Yeah, very interesting article on tempest fonts. When I was in the AF, we were all briefed on tempest preventative procedures. One of the big ones was typing (keyboard or electric typewriter) while on a tempest *unsecure* phone. Because the EMR could be detected over the phone and possibly retranslated. I am sure there are experts out there with a database of signals from keyboards/typewriters/who-knows-what-else to detect that kind of thing. I suppose any kind of signal with repetition can be detected with equipment that is sensitive enough, recorded, then translated. I suppose if you want to go that far, it is plausible to translate what someone is writing on a notepad by sounds the writing makes. Hahaha. We are never safe from prying eyes. Of course, if you have nothing to hide ...

So, how's it going with that game? I've had an idea that I've been taking notes on for quite a while but haven't written any code yet. I like the text based rpg's/muds and I wanted to create something like that and make it interesting but expandable. Things like adding weather, options to travel off the normal routes, quests that change based on characteristics of the player, NPCs that interact differently with different players. It is just fun to think of things I'd like to add but I should start with the basics for a map and movement. I am just trying to think of some things ahead of time so including them later won't be as big a problem to work in. I really need to work on my programming as far as being more structured to keep things clearer. Anyway, do you have any screen shots of yours?

Thanks for the help guys. I ended up using Psalty's WMI w/o the explorer.exe check. It seems to work fine with my initial testing. I did see that it must error out if the computer is not logged in or is locked out and it gives a 0 for the username. I really want to learn more on how to access WMI. I've used the WMI explorer but I tried to make a laptop battery monitor once and there were some things in WMI that weren't referenced (from what I could find) at Microsoft's WMI references. Someone using vbs or AutoIt had gotten the information on that though.

I copied your script but haven't tried it yet. I was wondering, what is with all the scrambled info at the bottom of the script? Oh, and for offline windows updates, I don't know if anyone included AutoPatcher. It seems to work ok for many people. I have some odd issues with it but maybe only because I am tinkering with the .apm files. I have used the option to force particular updates to install (if they aren't) using the command file and that has worked well.

Sorry, been busy for replying. I use the AutoIt script @username. I think this pulls from a registry key but I don't remember where in the AutoIt help it mentions that. I have been checking other areas in the registry to see where I could pull this info from but the SIDs don't come right out and point directly to a specific user name ... at least not that I've found looking in the registry. I found this key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" which has the SID numbers then the subkey "ProfileImagePath" which shows the location of the user directory, eg. (%SystemDrive%\Documents and Settings\Administrator). I am sure I can hash it out that way too. I just have to find out a consistent location of which SID is authenticated. Thanks Turion and Psalty. I'll check both of those options out. I am finding all kinds of new things that I hadn't dealt with before because most of the workstation users do not have administrative rights. In my last job, the PCs logged on through Novell with an automatic windows login of a specific user and that user was the same for all the PCs. That user also had full admin rights so installs, settings, and other changes were never a problem as far as rights to the workstation were concerned. It's just something new and different to work with.

Hi all. I run an AutoIt compiled script that gets some general PC information. Username, IP, domain, memory, etc. My issue is this. I have pushed the program from our Kaspersky administration kit and the user name that comes up is SYSTEM (because that is how kaspersky agent runs the software remotely). When I run it this way, is there a way to pull the username of whomever is currently logged on rather than retrieving the SYSTEM administrator login? Thanks

Hey there. I am trying to trouble shoot a script after it is compiled but I need a way to see which line of code it is sticking on. I thought there was some code that could be put into a script used to show the current line of code that is executing. Like having a function to display the code as a tooltip or being able to throw it out to a log file. A log file would probably be best as I am using it as a package for installs over our network and I don't necessarily want tooltips showing up while people are working. The compiled script works on my machine but I have seen it hang from our administrative software onto other PCs. Any ideas? Thanks

I was going to do it that way but I think the reason I was using an array was that I wanted to limit disk activity until the process was all done. However, upon reflection, there probably won't be much disk writing activity as the actual files that meet the criteria are usually (in my experience) very few ... usually less than 20 or 30 (in my work environment). I think that I'll work it out writing the ini file as it finds qualified files. Thanks for all the help folks. If anyone has anymore suggestions I'd be glad to see any other ideas. The 'idea' that this is all a part of is still in its infancy.

Thanks SmOke_N that is basically what I am wanting to do. I was just wondering if ReDim (over and over) is an efficient way to do it. Sorry about not posting my code, I just was wonder if using ReDim over and over could be good or bad. Also, I haven't looked at this script in a few weeks and I think I may have mis-stated some of what I am already doing also. Looking back at my script, I think I see that I am getting a list of files that meet the modified criteria initially but then I go back through and use the FileGetVersion command to get all the other file information. Then I put that into a .ini file. I thought it was going back completely through all the files twice but it isn't. However, if it is faster to get the Version information as soon as a file meets the criteria. After all that information is in an array, save that information into a .ini file ... it might be faster? I also intend on only checking the file versions of executables but this is only the beginning stages.

Ok, what I am trying to do is make an automated process that mimics what I do when I am removing/finding malware on a PC. I could run AdAware (which I do), but my initial scan on a computer is to look at specific locations and other things and see what is there. There are beginning comment sections that are for things later in the program. Ok, here is my code. I don't always fully 'get' when to use global or local variables and this is 'in work' so forgive my ignorances and variable names. Any suggestions to what I am trying to do are appreciated. ; ---------------------------------------------------------------------------- ; ; AutoIt Version: v3.2.12.1 ; ; ; Script Function: Testing for common malware file locations, registry locations, pointers, etc. ; Template AutoIt script. ; ; ---------------------------------------------------------------------------- #include <guiconstants.au3> #include <date.au3> #cs Use .ini file to hold common file locations and registry locations, registry run, registry BHO locations, registry locations for disabled items like taskbar and display properties tabs, etc.. Files will be listed in suspect locations based on newer date/time, lack of version and/or identifying information. possibly embed these into the script later? #ce #cs Registry keys run location keys HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler Maybe check here for files found below. [HKEY_CLASSES_ROOT\CLSID #ce #cs FIle locations Check the local user and the All Users sections C:\Documents and Settings\[local user]\Start Menu\Programs\Startup C:\Documents and Settings\[local user]\Local Settings\Temp C:\Documents and Settings\[local user]\Local Settings\Temporary Internet Files C:\Documents and Settings\[local user]\Local Settings\Temporary Internet Files\Content.IE5 C:\Documents and Settings\[local user]\Application Data C:\Documents and Settings\[local user]\Local Settings\Application Data C:\Temp C:\WINDOWS\Temp C:\WINDOWS\system32 #ce ;@UserName #cs ini file format [paths] path1=C:\Documents and Settings\[local user]\Start Menu\Programs\Startup path1=C:\Documents and Settings\[local user]\Local Settings\Temp path1=C:\Documents and Settings\[local user]\Local Settings\Temporary Internet Files path1=C:\Documents and Settings\[local user]\Local Settings\Temporary Internet Files\Content.IE5 path1=C:\Documents and Settings\[local user]\Application Data path1=C:\Documents and Settings\[local user]\Local Settings\Application Data path1=C:\Temp path1=C:\WINDOWS\Temp path1=C:\WINDOWS\system32 #ce #cs Command line applictations to help with finding malware netstat -a or -na or -nao [time] reg query [registry key you want to query] dir /a (finds all files, including hidden and system) net users (shows user accounts on the system) localgroup administrators (shows users that are members of the administrators group) tasklist /svc (shows processes along with all the services running from each process) #ce ; Global $arr_FileList[12] Global $arr_FileInfo[12]=["Comments","InternalName","ProductName","CompanyName","LegalCopyright","ProductVersion","FileDescription","LegalTrademarks","PrivateBuild","FileVersion","OriginalFilename","SpecialBuild"] Global $SearchPath="C:\windows\" Global $Filter="*.*" Global $v_FileName="" $FullPath="" If FileExists("C:\Test.ini") Then FileDelete("C:\Test.ini") _MalFileFind () ;MsgBox(0,"","Array size = " & UBound($arr_FileList) & @CRLF & "contents = " & $arr_FileList[1]) For $z=1 To UBound($arr_FileList)-1 ;MsgBox(0,"","Doing the For Next Loop") $s_GetName=$arr_FileList[$z] ;Look for the last '\' or '/' and separate the file name from the end of the path if necessary If StringInStr($v_FileName,"\") Then $v_FileName=StringMid($s_GetName,StringInStr($s_GetName,"\",0,-1)+1,StringLen($s_GetName)) Else If StringInStr($v_FileName,"/") Then $v_FileName=StringMid($s_GetName,StringInStr($s_GetName,"/",0,-1)+1,StringLen($s_GetName)) Else $v_FileName=$s_GetName EndIf EndIf $FullPath=$SearchPath&$v_FileName ;MsgBox(0,"","Full Path=" & $FullPath) If FileExists($FullPath) Then IniWrite("C:\Test.ini",$v_FileName,"Location",$FullPath) $count=0 If StringInStr(FileGetAttrib($FullPath),"D") Then IniWrite("C:\Test.ini",$s_GetName,"Type","Directory") Else IniWrite("C:\Test.ini",$s_GetName,"Type","File") while 1 If $count=12 Then ExitLoop $value=FileGetVersion($FullPath,$arr_FileInfo[$count]) IniWrite("C:\Test.ini",$s_GetName,$arr_FileInfo[$count],$value) $count+=1 WEnd EndIf IniWrite("C:\Test.ini",$v_FileName,".","********************") EndIf Next Run("notepad.exe c:\test.ini") Func _MalFileFind () ;Find malware or suspect files based on just being newer. $Hours=192 $Today=_NowCalc() $NewCount=0 $count=0 $TotalCount=0 $hnd_search=FileFindFirstFile($SearchPath&$Filter) ; MsgBox(0,"","FindFirstFile error = " & $hnd_search) ;First check and see if there are any files newer than 192 hours (8 days * 24 hours) While 1 $TotalCount+=1 $s_File=FileFindNextFile($hnd_search) $err=@error If $err=1 Then ExitLoop $s_FTime=FileGetTime($SearchPath&$s_File,0,1) $s_FTime=StringMid($s_FTime,1,4)&"/"&StringMid($s_FTime,5,2)&"/"&StringMid($s_FTime,7,2)&" "&StringMid($s_FTime,9,2)&":"&StringMid($s_FTime,11,2)&":"&StringMid($s_FTime,13,2) $diff=_DateDiff('h', $s_FTime,$Today) If $diff < $Hours Then $count+=1 EndIf WEnd ; FileClose($hnd_search) ; MsgBox(0,"","Error = " & $err) ; MsgBox(0,"","Done checking. Found "&$count&" files less than "&$Hours&" hours old out of "&$TotalCount&" files.") ;If there were any files found newer that 168 hours, then go back through and recheck and store the file ; names in an array. Have not tested doing one loop and using ReDim. $OldCount=$count $OldTotal=$TotalCount $TotalCount=0 $count=0 If $OldCount > 0 Then ReDim $arr_FileList[$OldCount+1] ; MsgBox(0,"","Array size = " & UBound($arr_FileList) & @CRLF & "contents = " & $arr_FileList[1]) $hnd_search=FileFindFirstFile($SearchPath&$Filter) While 1 $TotalCount+=1 ; If $TotalCount=0 Then ExitLoop $s_File=FileFindNextFile($hnd_search) $err=@error ;ToolTip("Error = " &$err & @CRLF & "TotalCount = " & $TotalCount & @CRLF & "File = " & $s_File & @CRLF & "File Modified = "&$s_FTime) If $err=1 Then ExitLoop $s_FTime=FileGetTime($SearchPath&$s_File,0,1) $s_FTime=StringMid($s_FTime,1,4)&"/"&StringMid($s_FTime,5,2)&"/"&StringMid($s_FTime,7,2)&" "&StringMid($s_FTime,9,2)&":"&StringMid($s_FTime,11,2)&":"&StringMid($s_FTime,13,2) $diff=_DateDiff('h', $s_FTime,$Today) If $diff < $Hours Then $count+=1 If $count > $OldCount Then ReDim $arr_FileList[$count] MsgBox(0,"Change of number of files scanned.","The second scan shows a different number of files than the first scan." & @CRLF & "A second message will display once all the files are done" & @CRLF & "being scanned. It will show the number of files from the first and second scans.") EndIf ; MsgBox(0,"","NewCount = " & $count & @CRLF & "File = " & $s_File & @CRLF & "File Modified = "&$s_FTime) $arr_FileList[$count]=$s_File ; MsgBox(0,"","File: " & $arr_FileList[$Count]) EndIf WEnd FileClose($hnd_search) EndIf If $TotalCount <> $OldTotal Or $count<>$OldCount Then MsgBox(0,"Change of number of files scanned - report","First scan:" & @CRLF & "All files counted =" & $OldTotal & @CRLF & "Modified files counted =" & $OldCount & @CRLF & "Second scan:" & @CRLF & "All files counted =" & $TotalCount & @CRLF & "Modified files counted ="&$count) EndIf ToolTip("") EndFunc;_MalFileFind ;Get file information to determine if there is missing and possibly missing information ; which could mean that the file is malware. ;Should values be assigned to certain indicators with the idea that higher values mean ; that it is more likely that a file is malware? Good luck reading this.

That's a good idea but I only want to get an array the size of what I need. Since I have specific criteria for the files, I just want an array that size. I checked out the code for this and it is basically using FileFindNextFile. The thing is, it doesn't have a way to check for file attributes other than being a Directory or not. I suppose I could modify the structure and create my own function to allow for File Modification (or other attributes) but I don't know if I want to work on other code. Though I may borrow something from that UDF .

Thanks Nahuel. I didn't even think about looking the UDFs for ReDim. I'll check out the UDF's and see what goes on behind the scenes. That is how I am getting the list of files in the directory.

I am making a program to get a list of files that were modified during a specified time frame. Currently I read the entire directory once to find those files. Once I have the total number of files that meet that criteria, I dimension an array for the number of files found and read properties from only the files that meet that criteria specified. What I would like to do is only read the directory once (making it run a little faster), getting the names of the files that meet the criteria and saving the properties of those files at the same time. I would (afaik) have to use ReDim to keep enlarging the size of the array as I find more files that fit the criteria. What I am wondering is if there are any problems using ReDim on a variable over and over ... Memory, slowness, bad programming, etc.

You could also make your second loop a function that runs for two seconds and call it rather than sleeping in your While loop.

You can't run them both at the same time (that would be some kind of multi-tasking) BUT I think there are some things in AutoIt that let you run functions at intervals (preset or not). Check out AdlibEnable but that may be just a silly work around to doing what you want to do. Using AdlibEnable, I think, AutoIt will run whatever function you assign to AdlibEnable but it pauses the rest of AutoIt. This isn't exactly what it was designed for but more for handling those unexpected errors/messages that don't happen everytime during during installs. I am sure there are a few nicer ways to do that though.