19 posts in this topic
I need to be able to issue a command line which has a folder in parentheses as
attrib +s +h "absolute folder to hide" I've read through many posts here but nothing quite hacks how to use a variable as the folder in parentheses.
Local $dosattrib = "attrib +s +h " & ""$hidFolder"" ; $hidFolder built up from decrypted encrypted C:\Hidden Folder which I do not want visible when compiled version is reverse engineered which errors with excess parentheses but in single "" it doesn't work.
There seems to be a relatively complicated method to make it work but surely there's a simple way?
Hi, I'm new.
Anyways, I'm using the RunBinary.au3 script by trancexx and I want to re-direct the STDOUT of the "child process" back to the autoit script that launches it. I'm attempting to do so using named pipes. If its possible to use StdoutRead instead of namedpipes please let me know. I'm just unsure of how to provide a handle of the childs STDOUT stream to that function. Though DllCall("kernel32.dll", "ptr", "GetStdHandle", "dword", "STD_OUTPUT_HANDLE") seems to get the handle?
Please excuse any foolish mistakes because I'm new to STDOUT, runbinary and namedpipes. Here's the parts of the code I'm trying to use that are relevent:
;~~~Firstly I think I need to make a pipe that's inheritable.. which I may have done wrong Local $_SECURITY_ATTRIBUTES = DllStructCreate("dword Length;" & _ "int lpSecurityDescriptor;" & _ "bool InheritHandle;") ;***Not positive if bool works correctly here? DLLStructSetData($_SECURITY_ATTRIBUTES, "Length", DllStructGetSize($_SECURITY_ATTRIBUTES)) DLLStructSetData($_SECURITY_ATTRIBUTES, "lpSecurityDescriptor", 0) ;***This sets default state; "If the value of this member is NULL, the object is assigned the default security descriptor associated with the access token of the calling process." but I'm unsure if this is what I should use DLLStructSetData($_SECURITY_ATTRIBUTES, "InheritHandle", true);***True = Inheritable(but again I'm not positive the bool works correctly?) Global $hNamedPipe = _NamedPipes_CreateNamedPipe("\\.\pipe\poopp", _;Name 2, _;Direction: 2=both ;I only need 1 direction but I'm just using this for testing 1, _;Flags: 1=no extra instances of pipe are allowed to run 0, _;Security: No ACL Security 0, _;Type: 0=byte 0, _;ReadType: 0=byte 1, _;Wait: 0=Block(wait) 1=No block(no wait) 1, _;Max Instances of pipe allowed 4096, _;out size 4096, _;in size 9000, _;timeout DllStructGetPtr($_SECURITY_ATTRIBUTES));Default=0 which wouldn't make the handle inheritable ;~~~Next I would need to set the STARTUPINFO of the process ;code used by trancexx for the _STARTUPINFO Global $tSTARTUPINFO = DllStructCreate("dword cbSize;" & _ "ptr Reserved;" & _ "ptr Desktop;" & _ "ptr Title;" & _ "dword X;" & _ "dword Y;" & _ "dword XSize;" & _ "dword YSize;" & _ "dword XCountChars;" & _ "dword YCountChars;" & _ "dword FillAttribute;" & _ "dword Flags;" & _ "word ShowWindow;" & _ "word Reserved2;" & _ "ptr Reserved2;" & _ "ptr hStdInput;" & _ "ptr hStdOutput;" & _ "ptr hStdError") ;Attempting to set the values for namedpipe redirection DllStructSetData($tSTARTUPINFO, "Flags", 0x00000100) ;***Flag = STARTF_USESTDHANDLES (I think I set it correctly?) DllStructSetData($tSTARTUPINFO, "hStdOutput", $hNamedPipe) ;***Currently setting the output handle to the SERVER end of the NamePipe I'm creating (which I'm pretty sure is wrong but idk how to use the Client End) ;~~~code used by trancexx for CreateProcess Global $aCall = DllCall("kernel32.dll", "bool", "CreateProcessW", _ "wstr", $sExeModule, _ "wstr", $sCommandLine, _ "ptr", 0, _ "ptr", 0, _ "bool", true, _ ;***changed to inherit handles (not positive I did so correctly) was int 0 before "dword", 4, _ ; CREATE_SUSPENDED ; <- this is essential "ptr", 0, _ "ptr", 0, _ "ptr", DllStructGetPtr($tSTARTUPINFO), _ "ptr", DllStructGetPtr($tPROCESS_INFORMATION)) ;~~~~~Code used in a loop to try to see if anything is being written into the pipe If _IsPressed(35, $hDLL) Then Local $pipeData = _NamedPipes_PeekNamedPipe($hNamedPipe) If @Error Then MsgBox(1,"PipeData Error",@Error & " | " & $pipeData) Else Local $r = _ArrayDisplay($pipeData) If @Error Then MsgBox(1,"Array Error",@Error & " | " & $pipeData) EndIf EndIf
I'm not using this exact code cause I changed it around some for the post. I'm mainly wondering how to correctly use the client end of the name pipe? I also had some values I wasn't sure if I set correctly because I don't have experience with com objects. And It seems the process launched needs to be the child?.. Can the process started through the autoitscript can be considered the child process and the script the parent process?
Guides I'm using for this:
I need to start a script that include:
- admin privileges
- multiple cmd commands
- no bat, no exe, no tmp files created anywhere (especially in the user temp folder)
In a bat file it would be simple, but users shouldn't see what commands I'm sending.
Example of the script:
echo off cls echo. echo I AM A TOOL echo. echo NOTE: echo - note 1 echo - note 2 echo - etc set USER1=0 set COMPUTER1=0 if /i %username% equ user.user ( set USER1=1 set COMPUTER1=1 ) if /i %username% equ another.user set USER1=1 if /i %computername% equ notebook set COMPUTER1=1 if %USER1% EQU 1 ( if %COMPUTER1% EQU 1 ( reg delete "HKLM\SOFTWARE\blablabla" /f ) else ( echo Computer not authorized. Contact assistance.) ) else ( echo User not authorized. Contact assistance.) echo. pause exit With the send("") is a disaster.
I'm a noob here, so what can I do?
EDIT: OR ELSE I explain the situation and what I need, so if there is a simple solution I can use that.
SITUATION: our domain users have Users rights on the machine. Some of them need administrator rights.
We create a local user with administrator rights, so that the users must insert username and password when asked to run something with administrator rights.
We have an internal domain group policy that blocks EXE, BAT, COM, TMP files from the user local temp directory, for a security reason (malware). That also blocks most software installation.
But some users are often out of office, away from workplace and in another country, they need a complete control on their computers.
WHAT I NEED: I need to check the username and the computer name. If the username is the one with local administrator rights and the computer name is a computer that is qualified to temporary remove the policy, then I need to execute a REG DELETE command with administrator rights.
I hope I explained myself.
Thank you very much.
I'm triying to get the session id to close automatically a RDP session.
I tried doing this:
#RequireAdmin #include <Constants.au3> $DOS = Run('C:\Windows\System32\query.exe user', "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) ;Run(@ComSpec & " /c " & 'Query User', "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) ;Run(@ComSpec & " /c " & 'quser', "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) ProcessWaitClose($DOS) $Message = StdoutRead($DOS) MsgBox(0,'',$Message) But the $Message is always empty, if I execute any of these commands in a cmd window, it works
Any idea on why is this falling? there is another way to get this info?
PS: Sorry for my english, i'm not native.
I have problems running both Bat files and Command line instructions.
This function hopefully shows what I have tried so far
Global $fFileToCreate = "", $DOS ScanFilm($fFileToCreate) Func ScanFilm($fFileToCreate) MsgBox($MB_SYSTEMMODAL, "Scanning Status", $fFileToCreate) ; $DOS = Run(@ComSpec & " /c " & "scan.bat" & @CRLF, "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) $DOS = Run(@ComSpec & " /k " & "ncat 192.168.1.6 80 <scant.txt >scanrep", "", @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) ; $DOS = _RunDOS("ncat 192.168.1.6 80 <scant.txt >scanrep") ProcessWaitClose($DOS) $Message = StdoutRead($DOS) MsgBox($MB_SYSTEMMODAL, "Stdout Read:", $Message) Endfunc My first attempt running scan.bat reveals a bug in cmd.exe where the result of
echo !SR | ncat 192.168.1.6 80 > scanrep is
C:\S3_GUI\ncat>scan.bat C:\S3_GUI\ncat>echo scant.txt | ncat 192.168.1.6 80 1>scanrep Ncat: . C:\S3_GUI\ncat> note the added '1' which then throws the error, (when client is connected), "File or directory not found" so the command fails. This has been run on four different computers running Windows 7 with same result.
Next using Run() seems to truncate the command so $DOS reads:
Using _RunDOS() doesn't throw any error but MsgBox() is empty.