Sign in to follow this  
Followers 0
guinness

Find container path of a TrueCrypt drive.

7 posts in this topic

The function (see below) I use to check if a drive is indeed a TrueCrypt drive, but I was wondering how would I go about finding the container path of a TrueCrypt drive. So for example if I've mounted the container C:\Test.tc using the P:\ drive, how would I go about retrieving C:\Test.tc? I've searched the registry but to no avail and have searched using a popular search engine :mellow: Thanks to those who help.

#AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 -w 7
#include <WinAPIEx.au3> ; www.autoitscript.com/forum/topic/98712-winapiex-udf/ - By Yashied.

Global $aArray

$aArray = DriveGetDrive("ALL")
For $A = 1 To $aArray[0]
    ConsoleWrite(StringUpper($aArray[$A]) & "\ is " & _IsTrueCrypt($aArray[$A]) & @LF)
Next

Func _IsTrueCrypt($sDrive) ; Returns True Or False.
    Return StringRegExp(_WinAPI_QueryDosDevice(StringLeft($sDrive, 1) & ":"), '(?i)TrueCrypt') = 1
EndFunc   ;==>_IsTrueCrypt

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites



hi,

Hmm, a tricky one indeed, after some quick research I came up empty handed wrt binding drive letter to TrueCrypt container.

However, I can offer a way to possibly detect the currently mounted containers. This can be done by iterating through system's open file handles and performing some tests as suggested here.

TrueCrypt volumes do not contain known file headers and their content is indistinguishable from random data, so while it is theoretically impossible to prove that certain files are TrueCrypt volumes without knowing their passwords, their presence can provide reasonable suspicion (probable cause)[18] that they contain encrypted data. TrueCrypt volume files have file sizes that are evenly divisible by 512 and their content passes chi-square randomness tests. These features give reason to suspect a file to be a TrueCrypt volume.

Hope this helps, :mellow:

-smartee

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Thanks smartee, I will have a try at enumerating open file handles. The reason behind this question is I'm creating an application in which it would help to know if a particular container is mounted, especially running from a USB drive I want to dismount.

Edited by guinness

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Even though this was the last method I wanted to use, it still retrieves the container path of the drive utilising & the TrueCrypt executable.

Example use of Function:

#AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 -w 7
#AutoIt3Wrapper_UseX64=N

#include <Array.au3>
#include <GUIListView.au3>
#include <WinAPIEx.au3> ; www.autoitscript.com/forum/topic/98712-winapiex-udf/ - By Yashied.

MsgBox(64, "_GetTrueCryptVolume()", _GetTrueCryptVolume("U:\", @ScriptDir & "\TrueCrypt.exe"))

Func _GetTrueCryptVolume($sDrive, $sTrueCrypt = "TrueCrypt.exe") ; By guinness 2011.
    Local $aArray, $aTrueCrypt[4] = [3, @ScriptDir & "\TrueCrypt.exe", EnvGet("PROGRAMFILES(X86)") & "\TrueCrypt.exe", EnvGet("PROGRAMFILES") & "\TrueCrypt.exe"], _
            $hControl, $iPID, $sTitle = "[TITLE:TrueCrypt; CLASS:CustomDlg]"

    $sDrive = StringLeft($sDrive, 1) & ":"
    If FileExists($sTrueCrypt) = 0 Then
        $sTrueCrypt = ""
        For $A = 1 To $aTrueCrypt[0]
            If FileExists($aTrueCrypt[$A]) Then
                $sTrueCrypt = $aTrueCrypt[$A]
                ExitLoop
            EndIf
        Next
        If $sTrueCrypt = "" Then
            Return SetError(1, 0, "NO_TRUECRYPT")
        EndIf
    EndIf

    $iPID = Run($sTrueCrypt, @ScriptDir, @SW_HIDE)
    WinWait($sTitle, "", 5)
    $hControl = ControlGetHandle($sTitle, "", "[CLASS:SysListView32; INSTANCE:1]")
    $aArray = _GUICtrlListView_CreateArray($hControl)
    ProcessClose($iPID)

    _Taskbar_Refresh() ; Remove the leftover icon.
    For $A = 1 To $aArray[0][0]
        If $sDrive = $aArray[$A][0] Then
            If $aArray[$A][1] = "" Or StringIsSpace($aArray[$A][1]) Then
                Return SetError(2, 0, "EMPTY_DRIVE")
            EndIf
            Return $aArray[$A][1]
        EndIf
    Next
    _Taskbar_Refresh() ; Remove the leftover icon.
    Return SetError(3, 0, "NOT_TRUECRYPT")
EndFunc   ;==>_GetTrueCryptVolume

; #AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
; #FUNCTION# =========================================================================================================
; Name...........: _GUICtrlListView_CreateArray()
; Description ...: Creates a 2-dimensional array from a lisview.
; Syntax.........: _GUICtrlListView_CreateArray($hListView, [$sDelimeter = "|"])
; Parameters ....: $hListView - Handle of the ListView.
;                  [Optional] $sDelimeter - One or more characters to use as delimiters (case sensitive). Default = "|"
; Requirement(s).: v3.2.12.1 or higher & GUIListView.au3.
; Return values .: Success - The array returned is two-dimensional and is made up as follows:
;                                $aArray[0][0] = Number of rows
;                                $aArray[0][1] = Number of columns
;                                $aArray[0][3] = Delimited string of the column name(s) e.g. Column 1|Column 2|Column 3|Column nth

;                                $aArray[1][0] = 1st row, 1st column
;                                $aArray[1][1] = 1st row, 2nd column
;                                $aArray[n][0] = nth row, 1st column
;                                $aArray[n][1] = nth row, 2nd column
;                                $aArray[n][1] = nth row, 3rd column
;                  Failure - Returns array with @error = 1 if the number of rows is equal to 0
; Author ........: guinness
; Example........; Yes
;=====================================================================================================================
Func _GUICtrlListView_CreateArray($hListView, $sDelimeter = "|")
    Local $aColumns, $iDim = 0, $iError = 0, $sIndex, $sSubItem
    Local $iColumnCount = _GUICtrlListView_GetColumnCount($hListView)
    Local $iItemCount = _GUICtrlListView_GetItemCount($hListView)
    If $iColumnCount < 3 Then
        $iDim = 3 - $iColumnCount
    EndIf
    Local $aReturn[$iItemCount + 1][$iColumnCount + $iDim] = [[$iItemCount, $iColumnCount, ""]]

    For $A = 0 To $iColumnCount - 1
        $aColumns = _GUICtrlListView_GetColumn($hListView, $A)
        If $A = $iColumnCount - 1 Then
            $sDelimeter = ""
        EndIf
        $aReturn[0][2] &= $aColumns[5] & $sDelimeter
    Next

    For $A = 0 To $iItemCount - 1
        $sIndex = _GUICtrlListView_GetItemText($hListView, $A)
        $aReturn[$A + 1][0] = $sIndex
        If $iColumnCount > 0 Then
            For $B = 1 To $iColumnCount - 1
                $sSubItem = _GUICtrlListView_GetItemText($hListView, $A, $B)
                $aReturn[$A + 1][$B] = $sSubItem
            Next
        EndIf
    Next
    If $aReturn[0][0] = 0 Then
        $iError = 1
    EndIf
    Return SetError($iError, 0, $aReturn)
EndFunc   ;==>_GUICtrlListView_CreateArray

Func _Taskbar_Refresh() ; By rasim - http://www.autoitscript.com/forum/topic/66629-systemtray-refresh/
    Local $aMouseGetPos, $hHandle, $hParent, $hTaskBar, $tLeft, $tRight, $tTop, $tWinRect

    $hTaskBar = _WinAPI_FindWindow("Shell_TrayWnd", "")
    $hParent = ControlGetHandle($hTaskBar, "", "TrayNotifyWnd1")
    $hHandle = ControlGetHandle($hParent, "", "ToolbarWindow321")
    $tWinRect = _WinAPI_GetWindowRect($hHandle)
    $aMouseGetPos = MouseGetPos()
    $tLeft = DllStructGetData($tWinRect, "Left")
    $tRight = DllStructGetData($tWinRect, "Right")
    $tTop = DllStructGetData($tWinRect, "Top")
    For $A = $tLeft To $tRight
        MouseMove($A, $tTop, 0)
    Next
    MouseMove($aMouseGetPos[0], $aMouseGetPos[1], 0)
EndFunc   ;==>_Taskbar_Refresh

WARNING: Only works when compiled as x32.

Edited by guinness

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

Yup, I guess there's no dodging the use of the TrueCrypt exe, anyway if we found the path using some fancy magic, we'd still have to find a way to safely unmount it so the thumb drive can be safely ejected, and something about just closing the open file handle would feel very dirty. :mellow:

Glad you found a solution. :)

Share this post


Link to post
Share on other sites

This is really not the most elegant solution, i thought about that too and thank you, that you posted the code, so i dont have to write that myself.

but, for sure not an autoit topic, isnt tc opensource? im sure some geek could relatively easy "extract" the respecting parts of code and compile a tiny version, which just outputs the mount configuration.

i didnt find such a thing, but perhaps its already done?!

Share this post


Link to post
Share on other sites

I've still not come across anything similar.


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0