Jump to content

Recommended Posts

A nice idea and UDF. May I provide some suggestions?

; Firstly, Global variables should be at the top a script and not in a function.
; Secondly, how about removing Global variables and doing something like this?

Global Const $__sVirusTotal_Page = 'www.virustotal.com'

Func Example()
    Local $hVirusTotal = VT_Open() ; Pass the 'handle' to the appropriate functions.
    ConsoleWrite(VT_Url_Scan($hVirusTotal, 'someurl.com', 'API') & @CRLF)
    VT_Close($hVirusTotal) ; Pass the 'handle' from $hVirusTotal.
EndFunc   ;==>Example

Func VT_Open() ; Pass
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    Local $aAPI[2] = [0, 0]
    $aAPI[$eAPI_HttpOpen] = _WinHttpOpen()
    If @error Then $aAPI[$eAPI_HttpOpen] = -1
    $aAPI[$eAPI_HttpConnect] = _WinHttpConnect($aAPI[$eAPI_HttpOpen], $__sVirusTotal_Page)
    If @error Then $aAPI[$eAPI_HttpConnect] = -1
    Return $aAPI
EndFunc   ;==>VT_Open

Func VT_Close(ByRef Const $aAPI)
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    _WinHttpCloseHandle($aAPI[$eAPI_HttpOpen])
    _WinHttpCloseHandle($aAPI[$eAPI_HttpConnect])
    Return True
EndFunc   ;==>VT_Close

Func VT_Url_Scan(ByRef $aAPI, $sURL, $sAPIkey)
    Local Enum $eAPI_HttpOpen, $eAPI_HttpConnect ; These could be in the Global space too.
    If $aAPI[$eAPI_HttpConnect] = -1 Then $aAPI = VT_Open() ; Check if HttpConnect isn't -1, if it is then connect to VirusTotal.
    Return _WinHttpSimpleRequest($aAPI[$eAPI_HttpConnect], 'POST', '/vtapi/v2/url/scan', Default, 'url=' & $sURL & '&key=' & $sAPIkey)
EndFunc   ;==>VT_Url_Scan

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites

Nice start!

Do you have any plans to marry it up to one of the JSON UDFs to extract the info?

Have fun!

John Morrison

Share this post


Link to post
Share on other sites

Thanks mates.

 

A nice idea and UDF. May I provide some suggestions?

...

 

Thanks for your suggestions I'will update it. maybe use JSON UDF to Get response returns Error too.

 

I thought some like this for Http 

 

If @Error Return SetError(@Error,0,0)

or 

Simple return @error

obvious I need split the response to manage page returns.

regards

Share this post


Link to post
Share on other sites

Hello,

thanks, very useful, How can I connect through a proxy?

 

change  _WinHttpOpen parameters.

_WinHttpOpen([$sUserAgent = Default [, $iAccessType = Default [, $sProxyName = Default [, $sProxyBypass = Default [, $iFlag = Default ]]]]])

regards

Share this post


Link to post
Share on other sites

Awesome, you went with my design. Thanks for that.


UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites

I had a bit of a play with the UDF and I don't appear to be getting anything back from "$fScan" and subsequent checks indicate that the file wasn't uploaded.

My Code (well actually just your example modified).

Local $hVirusTotal = VT_Open()
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF)
    ConsoleWrite("@error = " & @error & @cr)
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;1 = queued for rescanning. -1 = not present. 0 = unexpected error
    ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    VT_Close($hVirusTotal) ;

The result

 

----------------------------------------------------------------------------------
::
@error = 0
----------------------------------------------------------------------------------
{"response_code": 0, "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "verbose_msg": "The requested resource is not among the finished, queued or pending scans"}
----------------------------------------------------------------------------------

 

The file exists...... Any ideas what's going on?

Thanks!

Share this post


Link to post
Share on other sites

storme, 

Probably best to actually post what data the other variables contain instead of second guessing. Thanks.


UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites

storme, 

Probably best to actually post what data the other variables contain instead of second guessing. Thanks.

No Guessing necessary.

The code is basically a cut and paste from the example in the OP.

This is the important line
VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey)

$hVirusTotal is set in the line above

$fscan is a UDF constant

$sFileName is the full path of the file (useless to anyone else, I stated it exists...and I checked with fileexists() to make sure it was ok)

$sVirusTotalAPIkey is my Virus total API key (Private not to be published)

The API states there should be a return from the file scan ($fScan) but as you see from the results it returns nothing.

Share this post


Link to post
Share on other sites

@storme I think the problem is that you'r not waiting the file scan and you trying to get the report.

When you upload some file for scanning you should wait some time to get the report file.

So

if I get this "The requested resource is not among the finished, queued or pending scans"  So I should wait. I'll try some minutes later.

regards

Edited by Danyfirex

Share this post


Link to post
Share on other sites

@storme I think the problem is that you'r not waiting the file scan and you trying to get the report.

 

When you upload some file for scanning you should wait some time to get the report file.

Yep understand that, the script I'm writing will do that when I can get it to submit a file to be scanned.

However, I'm not getting anything back from the submit to indicate it's done anything. According to the API help page there should be a report sent back with various information that I'll then use to keep track of files submitted.

if I get this "The requested resource is not among the finished, queued or pending scans"  

So I should wait. I'll try some minutes later.

The message you quoted above states "or pending scans" so shouldn't my "pending scan" be in the list?

I submitted the file last night and it still isn't in the list.  If it was submitted it should be there by now.

 

It appears as if the file isn't being submitted.

Have you tried your URL on a brand new EXE file that hasn't been submitted before?

BTW everything else works fine, if I use a file/hash that is already scanned.

So back to you...

John

Share this post


Link to post
Share on other sites

@storme have you tried with another file?

 

For me work correctly I just upload another file right now this is the response that you should to get

:{"scan_id": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a-1371648640", "sha1": "01fc1499d986a1593f51a40d8f4294b5b69e83d9", "resource": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "response_code": 1, "sha256": "c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a", "permalink": "https://www.virustotal.com/file/c38c7912767533053ef8f1c647b4fbf9f37f5ee305ead5b3049c4346b5c4419a/analysis/1371648640/", "md5": "e0efdfe49b64cf7c2fc191c969d2d29d", "verbose_msg": "Scan request successfully queued, come back later for the report"}:

which is the size of your file?

 

I keep thinking the problem is that you're not waiting enough(some minutes maybe  3 or 5)

 

Also

You can use a Http debugger to see what's wrong.

Edited by Danyfirex

Share this post


Link to post
Share on other sites

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

Share this post


Link to post
Share on other sites

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

Good.

 

Yes you're right. I'll update soon.

 

regards

Share this post


Link to post
Share on other sites

It's 2am here and I have to sleep but I did a bit of checking and got some strange results.

Test Code - VirusSubmit.exe (331KB) is the program I'm working on and Bitdefender (my antivirus) doesn't like it and is blocking it.

$sFileName = "P:\Autoit\_Projects\_MyProjects\VirusSubmit\VirusSubmit.exe"

; submit to Virustotal
    _Crypt_Startup()
    Local $bHash = _Crypt_HashFile($sFileName, $CALG_MD5)
    _Crypt_Shutdown()

    ;Check if hash exists
        ; Doesn't exist
            ; Submit file

    ;Get report
        ; Not ready yet (come back later)


    ConsoleWrite("FileExists = " & FileExists($sFileName) & @cr)
    ConsoleWrite("$bHash = " & $bHash & @cr)
    local $stest =  __WinHttpFileContent("", "file", $sFileName,"--------Boundary")

    ConsoleWrite("$stest-LEN = " & StringLen($stest) & " @error = " & @error & @cr)
    ConsoleWrite("$stest = " & $stest& @cr)

    Local $hVirusTotal = VT_Open()
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(":" & VT($hVirusTotal, $fScan, $sFileName,$sVirusTotalAPIkey) & ":" & @CRLF)
    ConsoleWrite("@error = " & @error & @cr)
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ;ConsoleWrite(VT($hVirusTotal, $fRescan, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ;1 = queued for rescanning. -1 = not present. 0 = unexpected error
    ;ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    ConsoleWrite(VT($hVirusTotal, $fReport, hex($bHash),$sVirusTotalAPIkey) & @CRLF)
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $bHash = ' & $bHash & @crlf & '>Error code: ' & @error & @crlf) ;### Debug Console
    ;
    ConsoleWrite("----------------------------------------------------------------------------------" & @cr)
    VT_Close($hVirusTotal) ;

The result

 

FileExists = 1
$bHash = -1
$stest-LEN = 117 @error = 0
$stest = Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe"
Content-Type: application/octet-stream



----------------------------------------------------------------------------------
@@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="VirusSubmit.exe"
Content-Type: application/octet-stream


:
>Error code: 0
@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan
>Error code: 0
:{"scan_id": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855-1371656634", "sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "resource": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "response_code": 1, "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "permalink": "https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1371656634/", "md5": "d41d8cd98f00b204e9800998ecf8427e", "verbose_msg": "Scan request successfully queued, come back later for the report"}:
@error = 0
----------------------------------------------------------------------------------
{"response_code": 0, "resource": "FFFFFFFF", "verbose_msg": "Invalid resource, check what you are submitting"}
@@ Debug(95) : $bHash = -1
>Error code: 0
----------------------------------------------------------------------------------

 

Now for the original program I couldn't get to submit and still can't when the antivirus is on.  Code is the same the only change is

$sFileName = "D:\MemoryStickDEV\AHC_technology\programs\AHC_UserInfo.exe"

result

 

FileExists = 1
$bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3
$stest-LEN = 664091 @error = 0
$stest = Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe"
Content-Type: application/octet-stream

MZ----------------------------------------------------------------------------------
@@ Debug(104) : $stest = :Content-Disposition: form-data; name="file"; filename="AHC_UserInfo.exe"
Content-Type: application/octet-stream

MZ@@ Debug(107) : $tURL[$Type] = /vtapi/v2/file/scan
>Error code: 0
::
@error = 0
----------------------------------------------------------------------------------
{"scans": {"TotalDefense": {"detected": false, "version": "37.0.10473", "result": null, "update": "20130619"}, "MicroWorld-eScan": {"detected": false, "version": "12.0.250.0", "result": null, "update": "20130619"}, "nProtect": {"detected": false, "version": "2013-06-19.04", "result": null, "update": "20130619"}, "CAT-QuickHeal": {"detected": false, "version": "12.00", "result": null, "update": "20130619"}, "McAfee": {"detected": false, "version": "5.400.0.1158", "result": null, "update": "20130619"}, "Malwarebytes": {"detected": false, "version": "1.75.0.1", "result": null, "update": "20130619"}, "K7AntiVirus": {"detected": false, "version": "9.170.8884", "result": null, "update": "20130618"}, "K7GW": {"detected": false, "version": "12.7.0.12", "result": null, "update": "20130618"}, "TheHacker": {"detected": false, "version": "None", "result": null, "update": "20130619"}, "NANO-Antivirus": {"detected": false, "version": "0.24.0.52848", "result": null, "update": "20130619"}, "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update": "20130618"}, "Symantec": {"detected": false, "version": "20131.1.0.101", "result": null, "update": "20130619"}, "Norman": {"detected": false, "version": "7.01.04", "result": null, "update": "20130619"}, "ByteHero": {"detected": false, "version": "1.0.0.1", "result": null, "update": "20130613"}, "TrendMicro-HouseCall": {"detected": false, "version": "9.700.0.1001", "result": null, "update": "20130619"}, "Avast": {"detected": false, "version": "6.0.1289.0", "result": null, "update": "20130619"}, "eSafe": {"detected": false, "version": "7.0.17.0", "result": null, "update": "20130616"}, "ClamAV": {"detected": false, "version": "0.97.3.0", "result": null, "update": "20130619"}, "Kaspersky": {"detected": false, "version": "9.0.0.837", "result": null, "update": "20130619"}, "BitDefender": {"detected": true, "version": "7.2", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Agnitum": {"detected": false, "version": "5.5.1.3", "result": null, "update": "20130618"}, "ViRobot": {"detected": false, "version": "2011.4.7.4223", "result": null, "update": "20130619"}, "Sophos": {"detected": false, "version": "4.90.0", "result": null, "update": "20130619"}, "Comodo": {"detected": false, "version": "16458", "result": null, "update": "20130619"}, "F-Secure": {"detected": true, "version": "11.0.19100.45", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "DrWeb": {"detected": false, "version": "", "result": null, "update": "20130619"}, "VIPRE": {"detected": false, "version": "18856", "result": null, "update": "20130619"}, "AntiVir": {"detected": false, "version": "7.11.85.142", "result": null, "update": "20130619"}, "TrendMicro": {"detected": false, "version": "9.740.0.1012", "result": null, "update": "20130619"}, "McAfee-GW-Edition": {"detected": false, "version": "2013", "result": null, "update": "20130619"}, "Emsisoft": {"detected": true, "version": "3.0.0.581", "result": "Gen:Trojan.Heur.AutoIT.1 (B)", "update": "20130619"}, "Jiangmin": {"detected": false, "version": "16.0.100", "result": null, "update": "20130619"}, "Antiy-AVL": {"detected": false, "version": "2.0.3.7", "result": null, "update": "20130619"}, "Kingsoft": {"detected": false, "version": "2013.4.9.267", "result": null, "update": "20130506"}, "Microsoft": {"detected": false, "version": "1.9607", "result": null, "update": "20130619"}, "SUPERAntiSpyware": {"detected": true, "version": "5.6.0.1008", "result": "Trojan.Agent/Gen-Autorun", "update": "20130619"}, "GData": {"detected": true, "version": "22", "result": "Gen:Trojan.Heur.AutoIT.1", "update": "20130619"}, "Commtouch": {"detected": false, "version": "5.4.1.7", "result": null, "update": "20130618"}, "AhnLab-V3": {"detected": false, "version": "2013.06.19.06", "result": null, "update": "20130619"}, "VBA32": {"detected": false, "version": "3.12.22.2", "result": null, "update": "20130619"}, "PCTools": {"detected": false, "version": "9.0.0.2", "result": null, "update": "20130521"}, "ESET-NOD32": {"detected": false, "version": "8467", "result": null, "update": "20130619"}, "Rising": {"detected": false, "version": "24.67.02.02", "result": null, "update": "20130619"}, "Ikarus": {"detected": false, "version": "T3.1.4.3.0", "result": null, "update": "20130619"}, "Fortinet": {"detected": false, "version": "5.1.146.0", "result": null, "update": "20130619"}, "AVG": {"detected": false, "version": "10.0.0.1190", "result": null, "update": "20130619"}, "Panda": {"detected": false, "version": "10.0.3.5", "result": null, "update": "20130619"}}, "scan_id": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5-1371651653", "sha1": "56f21e22ed9fc49b9de5d3961020a87b5efe3b68", "resource": "46B3CC00ECD3D3E042DECA0072B063B3", "response_code": 1, "scan_date": "2013-06-19 14:20:53", "permalink": "https://www.virustotal.com/file/2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5/analysis/1371651653/", "verbose_msg": "Scan finished, scan information embedded in this object", "total": 47, "positives": 5, "sha256": "2f65bd6f6ea409bb4b6ccd85226e46f24c8879b5d08811a2f24d8a2281816be5", "md5": "46b3cc00ecd3d3e042deca0072b063b3"}
@@ Debug(91) : $bHash = 0x46B3CC00ECD3D3E042DECA0072B063B3
>Error code: 0
----------------------------------------------------------------------------------

Now as you can see there is information in VT now as I disabled the antivirus so it would transmit earlier tonight....

However you can see there was no submit for this file

 

::
@error = 0

 

Not sure how much this is going to help.  If you can think of any tests you want me to try let me know and I'll try them when I get home.

Onward and upward!

John

Share this post


Link to post
Share on other sites

The file I was trying to upload/scan was an AutoIt program and my antivirus was intercepting and blocking it.

So the file was not passed to VT thus no report from the "$fScan".

I finally got it to go by disabling the antivirus.

It maybe worth adding some checks to your code to see if the files exists and can be opened.

An antivirus will probably allow you to check it exists but not open it.

Don't have any time to do any major checking now, wish I had found this last night when I did have time.

John

 

On a related note, does your script provide the ability to upload via HTTPS?  The reason I ask is that some UTM firewalls may block the transmission of a virus.  While some UTMs can interrogate SSL, most don't; so it would be good to have this capability if possible.

Great UDF.

-John

Edited by jftuga

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By ozymandius257
      This is probably a very simple question (I hope!)
      I'm looking to use a UDF to access a SQL database, and have found ADO.au3, but I can't seem to work out how to use it.
      I've copied the files ado.au3 and ado_constants.au3 into the folder C:\Program Files (x86)\AutoIt3\Include, then opened SciTe and started a new project.
      But when I type #include<AD - I don't get offered ADO.au3.
      (I know I should be using the folder C:\Program Files (x86)\AutoIt3\UserInclude, but when it didn't work from there, I tried the above).
      What am I doing wrong?
       
    • By BetaLeaf
      What is Rollbar?
      Rollbar provides real-time error alerting & debugging tools for developers. Learn more about it at https://rollbar.com/product/
      Demo: https://rollbar.com/demo/demo/
      Screenshot:
      Instructions: (RollbarTest.au3)
      ; Include RollbarSDK #include "RollbarSDK.au3" ;Turns on ConsoleWrite debugging override. ;Global $Rollbar_Debug=False ; Initialize RollbarSDK with the project's API key. ; Parameters ....: $__Rollbar_sToken - [Required] Go to https://rollbar.com/<User>/<ProjectName>/settings/access_tokens/ for your project. Use the token for post_server_item. _Rollbar_Init("eaa8464a4082eeabd9454465b8f0c0af") ; Write code that causes an error you want to catch, then call ; _Rollbar_Send ; Parameters ....: $__Rollbar_sErrorLevel - [Required] Must be one of the following values: Debug, Info, Warning, Error, Critical. ; $__Rollbar_sMessage - [Required] The message to be sent. This should contain any useful debugging info that will help you debug. ; $__Rollbar_sMessageSummary - [Optional] A string that will be used as the title of the Item occurrences will be grouped into. Max length 255 characters. If omitted, Rollbar will determine this on the backend. _Rollbar_Send("Debug", "This is an debug message. If you received this, you were successful!", "Debug Message") _Rollbar_Send("Info", "This is a test message. If you received this, you were successful!", "Info Message") _Rollbar_Send("Warning", "This is an warning message. If you received this, you were successful!", "Warning Message") _Rollbar_Send("Error", "This is an error message. If you received this, you were successful!", "Error Message") _Rollbar_Send("Critical", "This is an critical message. If you received this, you were successful!", "Critical Message") _Rollbar_Send("Info", "This is a test message. If you received this, you were successful!") ;No Message ; Rollbar_Send's helper functions ; Parameters ....: $__Rollbar_sMessage - [Required] The message to be sent. This should contain any useful debugging info that will help you debug. ; $__Rollbar_sMessageSummary - [Optional] A string that will be used as the title of the Item occurrences will be grouped into. Max length 255 characters. If omitted, Rollbar will determine this on the backend. _Rollbar_SendDebug("This is an debug message. If you received this, you were successful!", "Debug Message") _Rollbar_SendInfo("This is a test message. If you received this, you were successful!", "Info Message") _Rollbar_SendWarning("This is an warning message. If you received this, you were successful!", "Warning Message") _Rollbar_SendError("This is an error message. If you received this, you were successful!", "Error Message") _Rollbar_SendCritical("This is an critical message. If you received this, you were successful!", "Critical Message") ; Usable Example Local $sImportantFile = "C:\NOTAREALFILE_1234554321.txt" Switch FileExists($sImportantFile) Case True MsgBox(0, "Example Script", "An important file was found. Continuing...") Case Else _Rollbar_SendCritical('An important file was missing. Halting... File: "' & $sImportantFile & '"', 'Important file "' & $sImportantFile & '" is missing.') EndSwitch Notes: Please comment your feedback, advice, & suggestions below. While this is only a proof of concept, I will expand its feature set for everyone to use. 
      Right now, it is fully functional but not tested in production.
       
       
      Changelog:
      RollbarSDK.au3
      RollbarTest.au3
      v0.2
       
      v0.1.1
       
    • By rcmaehl
      Hi all, 

      Recently my work swapped from Cisco CTIOS to Finesse. This completely threw me off as I had been automating the Win32 application and I had never done IUIAutomation before. As such I've been messing around with the API and will be adding code as I figure it out. While I do have Supervisor access, I will likely not be adding functions for those features yet.
      Currently Available Functions:
      User API - Query and Set User Info
      Dialog API - Query and Set Call and other Dialog Info
      Queue API - Query Assigned Queues
      Team API - Query Users in a Team


      Changelog:
       
      Download:
       
    • By kurtykurtyboy
      GuiFlatButton is a UDF to easily create regular buttons with different colors for background, foreground, border, hover, focus, etc..
      This started as an effort to change the background color of a button and eventually grew into a full UDF.
      If you've looked around forums for changing button background colors, you have probably noticed that each proposed workaround has its own set of issues/side-effects. The answers usually circle back to 'use ownerdrawn buttons' and 'not worth it'. Well, now it is possible for anyone to easily create ownerdrawn buttons - totally worth it!
      Some issues with other workarounds such as drawing with GDI+ or using a colored label as a 'button':
      Not 'real' buttons so you lose built-in functionality that windows gives to buttons Messy / inefficient code in the main while loop to check for mouse position Slow to respond to click, paint, etc... Having to deal with GUIRegisterMsg messages Not straight-forward to implement GuiFlatButton is not a workaround; it is a technique to respond to Windows' built-in owner-drawn button events.
      With minimal effort, we can now create true simple colored buttons.
      The idea is to create an owner-drawn button using GUICtrlCreateButton then subclass the GUI and controls to handle the button-specific events to paint it however we want.
      This UDF magically does all of this for us! No need to worry about event handling or main while loop logic.
       
      How to use
      It couldn't be any easier! Simply create a new button using the familiar syntax. This creates an ownerdrawn button with default colors.
      $mybutton1 = GuiFlatButton_Create("Button 1", 78, 20, 120, 40) If you want to change the background and text colors:
      GuiFlatButton_SetBkColor(-1, 0x5555FF) GuiFlatButton_SetColor(-1, 0xFFFFFF) Advanced Usage
      Set background/text/border all at once
      GuiFlatButton_SetColors(-1, 0x0000FF, 0xFFFFFF, 0x9999FF) Set ALL colors for ALL button states! (normal, focus, hover, selected)
      Local $aColorsEx = [0x0000FF, 0xFFFFFF, -2, 0x4444FF, 0xFFFFFF, 0xAAAAFF, 0x6666FF, 0xFFFFFF, 0xCCCCFF, 0x0000EE, 0xFFFFFF, 0x7777EE] GuiFlatButton_SetColorsEx(-1, $aColorsEx) Set default colors to apply to any future buttons
      ;set colors GuiFlatButton_SetDefaultColors(0x0000FF, 0xFFFFFF, 0x9999FF) ;create buttons $mybutton1 = GuiFlatButton_Create("Button 1", 12, 20, 120, 40) $mybutton2 = GuiFlatButton_Create("Button 2", 143, 20, 120, 40) Set ALL color defaults
      ;set colors Local $aColorsEx = [0x0000FF, 0xFFFFFF, -2, 0x4444FF, 0xFFFFFF, 0xAAAAFF, 0x6666FF, 0xFFFFFF, 0xCCCCFF, 0x0000EE, 0xFFFFFF, 0x7777EE] GuiFlatButton_SetDefaultColorsEx($aColorsEx) ;create buttons $mybutton1 = GuiFlatButton_Create("Button 1", 12, 20, 120, 40) $mybutton2 = GuiFlatButton_Create("Button 2", 143, 20, 120, 40)  
      Available Functions
       
      Simple Example

      #include <GUIConstantsEx.au3> #include <MsgBoxConstants.au3> #include "GuiFlatButton.au3" Example() ;GUI with one button Func Example() Local $hGUI, $mybutton1 $hGUI = GUICreate("GuiFlatButton Ex0", 275, 120) GUISetBkColor(0x333333) $idLabel = GUICtrlCreateLabel("Click the button", 10, 100, 150, 30) GUICtrlSetColor(-1, 0xFFFFFF) ;create new button then set the background and foreground colors $mybutton1 = GuiFlatButton_Create("Button 1", 78, 20, 120, 40) GuiFlatButton_SetBkColor(-1, 0x5555FF) GuiFlatButton_SetColor(-1, 0xFFFFFF) GUISetState(@SW_SHOW, $hGUI) Local $i = 0 Local $iMsg While 1 $iMsg = GUIGetMsg() Switch $iMsg Case $GUI_EVENT_CLOSE ExitLoop Case $mybutton1 $i += 1 GUICtrlSetData($idLabel, $i) ConsoleWrite($i & @CRLF) EndSwitch Sleep(10) WEnd GUIDelete() EndFunc ;==>Example
      Menu/Toolbar Example

      #include <GUIConstantsEx.au3> #include <MsgBoxConstants.au3> #include "GuiFlatButton.au3" Example() ;Example GUI with toolbar Func Example() Local $hGUI, $idLabel, $aButtons, $iTbSize $hGUI = GUICreate("GuiFlatButton Ex2", 300, 200) GUISetBkColor(0x444444) $idLabel = GUICtrlCreateLabel("Click a button", 10, 180, 150, 30) GUICtrlSetColor(-1, 0xFFFFFF) $aButtons = createToolbar() $iTbSize = UBound($aButtons) GUISetState(@SW_SHOW, $hGUI) Local $i = 0 Local $iMsg While 1 $iMsg = GUIGetMsg() Switch $iMsg Case $GUI_EVENT_CLOSE ExitLoop Case $aButtons[0] To $aButtons[$iTbSize - 1] ConsoleWrite("1") GUICtrlSetData($idLabel, GuiFlatButton_Read($iMsg)) EndSwitch Sleep(10) WEnd GUIDelete() EndFunc ;==>Example Func createToolbar() Local $aButtons[6] Local $bkColor = 0x777777 Local $textColor = 0xFFFFFF Local $borderColor = 0x999999 Local $aBtnClrs[12] = [0x777777, 0xFFFFFF, $GUI_BKCOLOR_TRANSPARENT, 0x888888, 0xFFFFFF, $GUI_BKCOLOR_TRANSPARENT, 0x999999, 0xFFFFFF, $GUI_BKCOLOR_TRANSPARENT, 0x666666, 0xFFFFFF, $GUI_BKCOLOR_TRANSPARENT] For $i = 0 To UBound($aButtons) - 1 $aButtons[$i] = GuiFlatButton_Create("B" & $i, $i * 50, 0, 50, 17) GuiFlatButton_SetColorsEx($aButtons[$i], $aBtnClrs) Next Return $aButtons EndFunc ;==>createToolbar  
      Icon Example
      You can even easily add icons to your buttons -- just create a new button and send it an icon!

      #include <GDIPlus.au3> #include "GuiFlatButton.au3" Example() ;buttons with Icon images Func Example() ;get images for demonstration _GDIPlus_Startup() ;initialize GDI+ Local $hIcon = _WinAPI_ShellExtractIcon(@SystemDir & '\shell32.dll', 258, 24, 24) ;extract the 'Save' icon Local $hBitmap = _GDIPlus_BitmapCreateFromHICON($hIcon) ;Create Bitmap from Icon (for demonstration) Local $hHBitmap = _GDIPlus_BitmapCreateHBITMAPFromBitmap($hBitmap) ;Create HBitmap from Bitmap _GDIPlus_BitmapDispose($hBitmap) ;dispose the bitmap _GDIPlus_Shutdown() ;done with GDI+ Local $hGUI = GUICreate("GuiFlatButton Ex5", 255, 400) GUISetBkColor(0xEEEEEE) ;set default colors of future buttons Local $aColorsEx = _ [0xE2E5E8, 0X000000, 0x888888, _ ; normal : Background, Text, Border 0xE2E5E8, 0X000000, 0x333333, _ ; focus : Background, Text, Border 0xE8E8E8, 0X000000, 0x666666, _ ; hover : Background, Text, Border 0xDDDDDD, 0X000000, 0xAAAAAA] ; selected : Background, Text, Border GuiFlatButton_SetDefaultColorsEx($aColorsEx) ;normal button with icon $label1 = GUICtrlCreateLabel( "$BS_TOOLBUTTON -->", 5, 10) GUICtrlSetBkColor(-1, $GUI_BKCOLOR_TRANSPARENT) Local $mybutton1 = GuiFlatButton_Create("Save", 130, 5, 50, 48, $BS_TOOLBUTTON) _WinAPI_DeleteObject(_SendMessage(GUICtrlGetHandle($mybutton1), $BM_SETIMAGE, $IMAGE_ICON, $hIcon)) ;align top Local $mybuttonT = GuiFlatButton_Create("Top", 5, 65, 120, 55, $BS_TOP) _WinAPI_DeleteObject(_SendMessage(GUICtrlGetHandle($mybuttonT), $BM_SETIMAGE, $IMAGE_ICON, $hIcon)) ;align top-left Local $mybuttonTL = GuiFlatButton_Create("Top-Left", 5, 125, 120, 55, BITOR($BS_TOP, $BS_LEFT)) _WinAPI_DeleteObject(_SendMessage(GUICtrlGetHandle($mybuttonTL), $BM_SETIMAGE, $IMAGE_ICON, $hIcon)) ;align top-right Local $mybuttonTR = GuiFlatButton_Create("Top-Right", 5, 185, 120, 55, BITOR($BS_TOP, $BS_RIGHT)) _WinAPI_DeleteObject(_SendMessage(GUICtrlGetHandle($mybuttonTR), $BM_SETIMAGE, $IMAGE_ICON, $hIcon)) ;align left Local $mybuttonL = GuiFlatButton_Create("Left", 5, 245, 120, 55, $BS_LEFT) _WinAPI_DeleteObject(_SendMessage(GUICtrlGetHandle($mybuttonL), $BM_SETIMAGE, $IMAGE_ICON, $hIcon)) ;align bottom Local $mybuttonB = GuiFlatButton_Create("Bottom", 130, 65, 120, 55, $BS_BOTTOM) _WinAPI_DeleteObject(_SendMessage(GUICtrlGetHandle($mybuttonB), $BM_SETIMAGE, $IMAGE_ICON, $hIcon)) ;align bottom-left Local $mybuttonBL = GuiFlatButton_Create("Bottom-Left", 130, 125, 120, 55, BITOR($BS_BOTTOM, $BS_LEFT)) _WinAPI_DeleteObject(_SendMessage(GUICtrlGetHandle($mybuttonBL), $BM_SETIMAGE, $IMAGE_ICON, $hIcon)) ;align bottom-right Local $mybuttonBR = GuiFlatButton_Create("Bottom-Right", 130, 185, 120, 55, BITOR($BS_BOTTOM, $BS_RIGHT)) _WinAPI_DeleteObject(_SendMessage(GUICtrlGetHandle($mybuttonBR), $BM_SETIMAGE, $IMAGE_ICON, $hIcon)) ;align right Local $mybuttonR = GuiFlatButton_Create("Right", 130, 245, 120, 55, $BS_RIGHT) _WinAPI_DeleteObject(_SendMessage(GUICtrlGetHandle($mybuttonR), $BM_SETIMAGE, $IMAGE_ICON, $hIcon)) GuiFlatButton_SetState($mybuttonR, $GUI_DISABLE ) ;disabled Local $mybuttonDisable = GuiFlatButton_Create("Disabled", 130, 310, 120, 55, $BS_TOOLBUTTON) _WinAPI_DeleteObject(_SendMessage(GUICtrlGetHandle($mybuttonDisable), $BM_SETIMAGE, $IMAGE_BITMAP, $hHBitmap)) GuiFlatButton_SetState($mybuttonDisable, $GUI_DISABLE ) ;clean up! _WinAPI_DestroyIcon( $hIcon ) _WinAPI_DeleteObject( $hHBitmap ) GUISetState(@SW_SHOW, $hGUI) Local $iMsg While 1 $iMsg = GUIGetMsg() Switch $iMsg Case $GUI_EVENT_CLOSE ExitLoop EndSwitch Sleep(10) WEnd GUIDelete() EndFunc ;==>Example  
      I'm sure there are some use-cases I've forgotten, so feedback is welcome!
       
      Download the UDF and several more examples: GuiFlatButton_20190414.zip
      Update 2019-04-14
      Fixed bug, not showing pressed down state when clicking rapidly
      Added Icon/Bitmap support!
      Added function GuiFlatButton_SetPos to change the position and/or size of a button
      Update 2019-02-09
      Added 2 new functions to set the button colors globally for all future buttons.
      GuiFlatButton_SetDefaultColors 
      GuiFlatButton_SetDefaultColorsEx

      Credits to:
      Melba23 (UDF template)
      LarsJ (general subclassing code)
      4ggr35510n (TrackMouseEvent example)
      binhnx (disable dragging with $WS_EX_CONTROLPARENT)
      GUIRegisterMsg in AutoIt Help (owner-draw button example)
      funkey (_WinAPI_DrawState example)
    • By Melque_Lima
      A little help here please !?
      I'm trying to parse a file but the function is not working well! i think there is some thind doing wrong at FileRead()
      Obs: username,password and API link below is fictitious
      ConsoleWrite(">POST METHOD UPLOADING LOCAL IMAGE<" & @CRLF) _PostMethodTest() Func _PostMethodTest() Local Const $sAPIKey = '8f1e0a750088957' Local $sBoundary = "--------Boundary" Local $sHeaders = "Content-Type: multipart/form-data; boundary=" & $sBoundary & @CRLF Local $sData = '' Local $sFileName="image.jpg" Local $sFilePath="C:\Users\DELL\Desktop\" & $sFileName Local $hFile=FileOpen($sFilePath,16);16=$FO_BINARY Local $sFileData=FileRead($hFile) FileClose($hFile) $sData &= "--" & $sBoundary & @CRLF $sData &= 'Content-Disposition: form-data; name="myImage"; filename="' & $sFileName & '"' & @CRLF $sData &= 'Content-Type: application/upload' & @CRLF & @CRLF $sData &= BinaryToString($sFileData,0) & @CRLF $sData &= "--" & $sBoundary & @CRLF $sData &= 'Content-Disposition: form-data; name="username"' & @CRLF & @CRLF $sData &="myuserName" & @CRLF $sData &= "--" & $sBoundary & @CRLF $sData &= 'Content-Disposition: form-data; name="password"' & @CRLF & @CRLF $sData &="MyPassword" & @CRLF $sData &=$sBoundary & "--" ConsoleWrite($sData) Local $oHTTP = ObjCreate("winhttp.winhttprequest.5.1") $oHTTP.Open("POST", "http://myapi", False) $oHTTP.SetRequestHeader("Content-Type", "multipart/form-data; " & "boundary=" & $sBoundary) $oHTTP.SetRequestHeader("apikey", $sAPIKey) $oHTTP.Send(StringToBinary($sData,1)) Local $sReceived = $oHTTP.ResponseText ConsoleWrite($sReceived & @CRLF) EndFunc ;==>_PostMethodTest  

×
×
  • Create New...