Jump to content
Sign in to follow this  
matwachich

[..] List hidden files (like gmer or IceSword does)

Recommended Posts

matwachich

Hi every body!

I have a question:

- Is it possible with AutoIt to list rootkit hidden files/registry keys/processes? I mean, like does anti-rootkit utilities like gmer or IceSword

- If it's not possible using AutoIt, do you know any command line tool, or external ibrary that would help me doing that.

Thanks!

Share this post


Link to post
Share on other sites
matwachich

Up :)

Share this post


Link to post
Share on other sites
matwachich

your question does not make any sense

:huh:

Sorry but I think the question is simple: How/is it possible to reproduce gmer's behaviour?

AutoIt is a scripting language/interpreter it is not an anti rootkit tool.

So does this mean that it's not possible?

In this case

If it's not possible using AutoIt, do you know any command line tool, or external ibrary that would help me doing that.

PS: I can't make the question better than this! :P

Share this post


Link to post
Share on other sites
matwachich

After surfing on some open source anti-rootkits, I found that it's more complicated than I first thought.

So, I found a small utility called catchme.exe that (I think) will be usefull to me.

Solved. Thanks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • rudi
      By rudi
      Hello,
       
      for some script I need to investigate the states checked/unchecked, hidden/shown, enabled/disabled to several checkbox controls.
       
      Any suggestions to this script to retrieve the information in a better way?
      ; Autoit Version 3.3.14.2 ; GuiCtrlCheckState.au3 #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> $CtrlW = 100 $CtrlH = 30 $GuiW = 250 $GuiH = 300 GUICreate("Test Checkbox Status", $GuiW, $GuiH) $Ctrl = GUICtrlCreateCheckbox("Checkbox", 10, 10, $CtrlW, $CtrlH) Opt("Guicoordmode", 2) $BtnDisable = GUICtrlCreateButton("Disable", -1, 10) $BtnEnable = GUICtrlCreateButton("Enable", -1, 1) $BtnHide = GUICtrlCreateButton("Hide", 10, -$CtrlH * 2 - 1) $BtnUnHide = GUICtrlCreateButton("Show (Unhide)", -1, 1) $BtnCheckChecked = GUICtrlCreateButton("IsChecked", -$CtrlW * 2 - 10, 40) $BtnCheckEnabled = GUICtrlCreateButton("IsEnabled", -1, 1) $BtnCheckHidden = GUICtrlCreateButton("IsHidden", -1, 1) GUISetState() While 1 Switch GUIGetMsg() Case $GUI_EVENT_CLOSE ExitLoop Case $BtnDisable GUICtrlSetState($Ctrl, $gui_disable) Case $BtnEnable GUICtrlSetState($Ctrl, $GUI_Enable) Case $BtnHide GUICtrlSetState($Ctrl, $GUI_Hide) Case $BtnUnHide GUICtrlSetState($Ctrl, $GUI_show) Case $BtnCheckChecked If CheckState($Ctrl, $GUI_CHECKED) Then ConsoleWrite("Checked" & @CRLF) Else ConsoleWrite("not checked" & @CRLF) EndIf Case $BtnCheckEnabled If CheckState($Ctrl, $GUI_Enable) Then ConsoleWrite("enabled" & @CRLF) Else ConsoleWrite("disabled" & @CRLF) EndIf Case $BtnCheckHidden If CheckState($Ctrl, $GUI_Hide) Then ConsoleWrite("Hidden" & @CRLF) Else ConsoleWrite("not hidden" & @CRLF) EndIf EndSwitch WEnd Func CheckState($_CtrlID, $_State = $GUI_CHECKED) ConsoleWrite("---------------------" & @CRLF) ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $_State to check = ' & $_State & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console Local $_Read = GUICtrlRead($_CtrlID) ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $_Read (GuiCtrlRead) = ' & $_Read & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console Local $_StateFound = GUICtrlGetState($_CtrlID) ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $_StateFound (GuiCtrlGetState) = ' & $_StateFound & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console If $_StateFound = -1 Then MsgBox(48, "Control-ID not defined", "Control-ID invalid") Return False ElseIf BitAND($_StateFound, $_State) = $_State Then Return True ElseIf BitAND($_Read, $_State) = $_State Then Return True Else Return False EndIf EndFunc ;==>CheckState Regards, Rudi.
    • BlazerV60
      By BlazerV60
      Hello all,
      I've been trying to figure out how to launch Google Chrome in the background (hidden) but it doesn't seem possible. I've tried the following methods:
      ShellExecute("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe", "", "", "", @SW_HIDE) Also I've tried:
      ShellExecute(@ComSpec, "/c start chrome.exe","","",@SW_HIDE) Lastly I tried:
      RunWait('"'&@ProgramFilesDir&'\Google\Chrome\Application\chrome.exe" --silent-launch',@ScriptDir)  
      But all of them launch my chrome browser without hiding it. Does anyone know a workaround for this or if AutoIT just can't Chrome? 
      Bonus points if you know how to make it launch chrome hidden and make it go to https://www.autoitscript.com
       
      Thank you,
      Brian
    • bstjohn
      By bstjohn
      I'm working on a script to copy a subset of files and folders from a PC to a server.  I'm using the extended info from DirGetSize to show how many files and folders and total size that will be copied (copy being done by RoboCopy).  Then I run DirGetSize against the destination when the copy is done to compare against the DirGetSize from the copy source so I can know if anything got skipped.  I'm finding that a lot of stuff is getting skipped.  This lead me to realize that it's because DirGetSize is including files and folders that are hidden and/or system, and I'm excluding these in RoboCopy.  Is there anyway to excluded these from DirGetSize?   I've been unable to find a UDF as yet, and I'd like to do something a little more elegant than piping the output from DIR into a file and reading that back.
       
       
    • 4b0082
      By 4b0082
      I'm trying to create a pretty simple program that checks for a specific string of text on a website every couple of minutes, but I've never worked with hidden browsers before and I'm not sure how to go about doing it.
      My script's going to follow this basic programming:
      Open website. Scan for text. If text is found, open alert window. If text isn't found, wait five minutes and scan again. I just want this to actively monitor a website in the background, but up to this point all of my experience is working with visually active, directly engaged windows. I want this program to essentially be invisible until it detects that string of text without interfering with anything else I'm doing.

      Can someone point me in the right direction?
    • RedShade
      By RedShade
      Hello guys! I found function >_shellExecuteHidden but can somebody change it to absolutely everything programs runs hidden instead only the first?
      Thanks in advance!
×