timmy2 Posted November 9, 2018 Posted November 9, 2018 I'm trying (and failing) to type or paste a password into Deep Freeze Standard's logon window. It's a simple window with a single text entry field, ready to receive text after the program is open. My first script used Send("password") to type it in, but when that failed I figured maybe DFS has its own keyboard scanning routine. (I even tried ControlSend() but it did nothing either.) I manually copied the password to the Windows clipboard and found that I can manually paste it in using Control+V, so my next script (below) uses Send ("^v"). As you'll see below I switch to Notepad midstream to verify that pasting works, then switch back to the DFS window to try one more time. Send("^+!{F6}") ; run Deep Freeze Standard If Not WinWaitActive("Deep Freeze Standard","",2) Then MsgBox($MB_SYSTEMMODAL + $MB_ICONERROR, "Error", "Window not found") EndIf ClipPut("password") ; put password on clipboard WinActivate("Deep Freeze Standard","") ; ensure DFS is active Sleep(1000) ; allow plenty of time Send ("^v") ; paste clipboard contents (since I can do it manually; what's the difference??) Sleep (1000) ; wait Run("notepad") ; switch to Notepad and verify pasting works WinWaitActive("Untitled - Notepad") Send("^v") Sleep (1000) ; wait WinActivate("Deep Freeze Standard","") ; I can see the title bar darken so I know it's active Sleep(500) Send ("^v") ; try one more time before I bang my head on the table Neither attempt to paste the password into DFS works. Are there any other AutoIt commands or approaches I should try for typing or pasting the password, or have they figured out a way to be impervious to scripted control?
iamtheky Posted November 9, 2018 Posted November 9, 2018 can you send TAB and see your cursor move to that control? ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
AdamUL Posted November 9, 2018 Posted November 9, 2018 (edited) Try using ControlSetText, and see if it works. Do you have access to DFC.exe? Adam Edited November 9, 2018 by AdamUL
Nine Posted November 9, 2018 Posted November 9, 2018 (edited) after ^v shouldn't you send a {enter} key ? or do before pasting a MouseClick ("left",$x,$y,1) in the middle of the pw field to see if that helps Edited November 9, 2018 by Nine “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Debug Messages Monitor UDF Screen Scraping Round Corner GUI UDF Multi-Threading Made Easy Interface Object based on Tag
orbs Posted November 9, 2018 Posted November 9, 2018 @timmy2, yes, a program can block simulated keyboard input. Deep Freeze - like all enterprise security products - has a central management console, through which you can configure the endpoint clients. no other method is going to be simpler, or feasible at all. do NOT attempt simulating mouse clicks and key presses - this will fail, and will generate a lot more work for you to explain to users WTF is going on. "hello, IT? someone is controlling my workstation! they have started the Deep Freeze program and trying to hack it!". then you need to connect to their workstations and perform the process manually. Signature - my forum contributions: Spoiler UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff
timmy2 Posted November 9, 2018 Author Posted November 9, 2018 (edited) 7 hours ago, iamtheky said: can you send TAB and see your cursor move to that control? @iamtheky, thank you for replying. The cursor starts out in that control. But I tried your suggestion to see if the anything would change in the window, but nothing changed. Edited November 9, 2018 by timmy2
timmy2 Posted November 9, 2018 Author Posted November 9, 2018 (edited) 6 hours ago, Nine said: after ^v shouldn't you send a {enter} key ? or do before pasting a MouseClick ("left",$x,$y,1) in the middle of the pw field to see if that helps Thank you for replying, @Nine The cursor is already in the password field and if I press Control+v on the keyboard the password immediately pastes into the field (indicated by asterisks). I want to get that far before sending an Enter. Edited November 9, 2018 by timmy2
timmy2 Posted November 9, 2018 Author Posted November 9, 2018 (edited) 5 hours ago, orbs said: @timmy2, yes, a program can block simulated keyboard input. Deep Freeze - like all enterprise security products - has a central management console, through which you can configure the endpoint clients. no other method is going to be simpler, or feasible at all. do NOT attempt simulating mouse clicks and key presses - this will fail, and will generate a lot more work for you to explain to users WTF is going on. "hello, IT? someone is controlling my workstation! they have started the Deep Freeze program and trying to hack it!". then you need to connect to their workstations and perform the process manually. Thank you for responding, @orbs, but Deep Freeze Standard (DFS) is a crippled version of their Enterprise version, without a management console and limited command line capabilities. Mainly, there's no way to automatically or by scripting thaw the system in order to install Windows updates or Defender definitions. DFS is comparable to competitors' free offering. As to the impact of scripted control on users, anything like this would be done after hours. Edited November 9, 2018 by timmy2
timmy2 Posted November 9, 2018 Author Posted November 9, 2018 (edited) 7 hours ago, AdamUL said: Try using ControlSetText, and see if it works. Do you have access to DFC.exe? Adam I'll try ControlSetText, thanks, @AdamUL. As to DFC, I think that's usable only with the Enterprise product. Edited November 9, 2018 by timmy2
timmy2 Posted November 9, 2018 Author Posted November 9, 2018 6 hours ago, AdamUL said: Try using ControlSetText, and see if it works. @AdamUL, thank you for pointing me to ControlSetText. It might work if I can figure out a valid controlID. The docs page about Controls shows three ways to send text to a control, and I've tried all three using values revealed by clicking on the password field with AutoIt v3 Window Info. I've tried the following three commands in test scripts, along with code showing SendControlText's return value. In all cases it returned a zero. I figure that if it can't find the control my test of ControlSetText is invalid. ControlSetText("Deep Freeze Standard","","[CLASS:TEdit; INSTANCE:1]","password") ControlSetText("Deep Freeze Standard","","[CLASSNN:TEdit1]","password") ControlSetText("Deep Freeze Standard","","TEdit1","password") Any suggestions how I might be mis-identifying the password entry field?
orbs Posted November 10, 2018 Posted November 10, 2018 11 hours ago, timmy2 said: Deep Freeze Standard (DFS) is a crippled version of their Enterprise version, without a management console and limited command line capabilities sorry, i missed that. i sure hope the difference in costs covers the additional manual labor you need to put in. i used to work with Deep Freeze Enterprise in the past, and i remember being very impressed and satisfied with the central administration abilities (far more than with the technical solution, to be honest). if i were you, then before reaching the inevitable conclusion that i have chosen the wrong solution for my environment, i'd contact their support to ask what remote administration options are available for the "Standard" edition. once they reply with "none", i'd start considering either upgrade or alternatives. but, if what bugs you is only Windows updates, i'd consider another approach: create an image deployment process that is completely automatic (including setting the hostname, and installing Deep Freeze when all is done). then, every month or so, build a clean workstation, apply all Windows updates, image it and deploy all endpoint computers. this, however, is sort of a last resort (last before doing each computer manually, that is), for many obvious reasons. either way, scripting the GUI is not going to work reliably, if at all. Signature - my forum contributions: Spoiler UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff
junkew Posted November 10, 2018 Posted November 10, 2018 If its identifyable by simplespy or au3inf i have never had issues getting text scripted into a password textbox. FAQ 31 How to click some elements, FAQ 40 Test automation with AutoIt, Multithreading CLR .NET Powershell CMDLets
timmy2 Posted November 10, 2018 Author Posted November 10, 2018 6 hours ago, junkew said: If its identifyable by simplespy or au3inf i have never had issues getting text scripted into a password textbox. Good to know there's hope, @junkew. Would you mind looking at my three failed uses of ControlSetText and the accompanying Au3inf screenshot and suggest where I my mistake is?
timmy2 Posted November 10, 2018 Author Posted November 10, 2018 8 hours ago, orbs said: if i were you, then before reaching the inevitable conclusion that i have chosen the wrong solution for my environment, i'd contact their support to ask what remote administration options are available for the "Standard" edition. once they reply with "none", i'd start considering either upgrade or alternatives. but, if what bugs you is only Windows updates, i'd consider another approach: create an image deployment process that is completely automatic (including setting the hostname, and installing Deep Freeze when all is done). then, every month or so, build a clean workstation, apply all Windows updates, image it and deploy all endpoint computers. this, however, is sort of a last resort (last before doing each computer manually, that is), for many obvious reasons. either way, scripting the GUI is not going to work reliably, if at all. Thank you for replying, @orbs. Yours is an interesting take on the subject, certainly apropos for enterprise. I'm dealing with a group of four public access PCs in a tiny non-profit nursing home. These PCs have been fine just remaining frozen month after month, and aren't thawed and updated until I'm called in to fix something else. But it has bugged me that Windows and Defender updates are not possible solely because Faronics makes it impossible (command line freeze/thaw does not work - despite being in DFS's docs, and their central control software option can't do it either). That's a throwdown challenge, right? And it should be a very minor one. 30 minutes. Freezing or thawing in DFS's simple GUI involves entering a password, clicking a radio button and then an Okay button. How complicated is that!? So I figured why not try it? But as so often seems to happen, the Devil's in the details. Have you looked at my ControlSetText attempts or the original script I posted? Can you see where I'm in error (besides thinking this seemingly simple GUI can be controlled by AutoIt)?
junkew Posted November 11, 2018 Posted November 11, 2018 How much effort is it worth to find out? Protection mechanisms are there for good reasons. You can in general bypass them all depending on the software you are allowed to install on the machines in question. Google around on LLKHF_INJECTED And you will find ways of bypassing which in worst case is a keyboarddriver running in kernelmode. FAQ 31 How to click some elements, FAQ 40 Test automation with AutoIt, Multithreading CLR .NET Powershell CMDLets
timmy2 Posted November 11, 2018 Author Posted November 11, 2018 4 hours ago, junkew said: How much effort is it worth to find out? Protection mechanisms are there for good reasons. You can in general bypass them all depending on the software you are allowed to install on the machines in question. Google around on LLKHF_INJECTED And you will find ways of bypassing which in worst case is a keyboarddriver running in kernelmode. Ah, a new twist! I started with the threshold question, "Can a program block control by AutoIt scripts?", because I wanted to tap into the wisdom of this crowd to know if my failed attempts with Send and ControlSetText were due to simple coding errors or something more daunting -- like the "protection mechanisms" to which you allude. While you have "never had issues getting text scripted into a password textbox", from your latest reply it sounds like much more than simple AutoIt commands are required in this case. I'll pass, and consider switching to a different "boot and restore" solution. Thank you for your input, @junkew.
orbs Posted November 11, 2018 Posted November 11, 2018 6 hours ago, timmy2 said: I'll pass, and consider switching to a different "boot and restore" solution. good on you! a better solution for sure. Signature - my forum contributions: Spoiler UDF: LFN - support for long file names (over 260 characters) InputImpose - impose valid characters in an input control TimeConvert - convert UTC to/from local time and/or reformat the string representation AMF - accept multiple files from Windows Explorer context menu DateDuration - literal description of the difference between given dates Apps: Touch - set the "modified" timestamp of a file to current time Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes SPDiff - Single-Pane Text Diff
junkew Posted November 12, 2018 Posted November 12, 2018 I do not have your application but you could try uiautomation interfaces to settext or iaccessible. See examples of uiautomation see faq 31 if you cannot find it. Your controls seems to be delphi althoug i am not fully sure on it. FAQ 31 How to click some elements, FAQ 40 Test automation with AutoIt, Multithreading CLR .NET Powershell CMDLets
timmy2 Posted November 30, 2018 Author Posted November 30, 2018 On 11/12/2018 at 12:38 AM, junkew said: I do not have your application but you could try uiautomation interfaces to settext or iaccessible. See examples of uiautomation see faq 31 if you cannot find it. Your controls seems to be delphi althoug i am not fully sure on it. Thank you for the suggestion, @junkew.
Nine Posted December 1, 2018 Posted December 1, 2018 I was wondering if sendinput would work...try this : expandcollapse popupOpt ("MustDeclareVars", 1) Global Const $tagKEYBDINPUT = _ 'word wVk;' & _ ; 2 bytes 'word wScan;' & _ ; 2 bytes 'dword dwFlags;' & _ ; 4 bytes 'dword time;' & _ ; 4 bytes 'ulong_ptr ExtraInfo;' ; sizeof(ptr) 4 for x86 - 8 for x64 Global Const $tagINPUT = _ "dword type;" & _ (@AutoItX64 ? "dword pad;" : "") & _ "byte DummyUnion[" & (@AutoItX64 ? 32 : 24) & "];" Global Const $INPUT_KEYBOARD = 1 Global Const $iInputSize = (@AutoItX64 ? 40 : 28) ; ==== Keyboard constants ==== Global Const $KEYEVENTF_KEYUP = 2 Global Const $KEYEVENTF_UNICODE = 4 Global $My_Password = "password" Global $My_Program = "Deep Freeze Standard" WinActivate ($My_Program) WinWaitActive ($My_Program) _SendEx ($My_Password) Func _SendInput ($iInputs, $pInputs, $iSize) Local $aRet $aRet = DllCall('user32.dll', 'uint', 'SendInput', 'uint', $iInputs, 'ptr', $pInputs, 'int', $iSize) If @error Or Not $aRet[0] Then MsgBox (0,"Error","Dll call failure") Exit endif EndFunc Func _SendEx($sString) Local $tINPUTs, $pINPUTs, $tm $tINPUTs = DllStructCreate($tagINPUT) $pINPUTs = DllStructGetPtr($tINPUTs) $tm = DllStructCreate($tagKEYBDINPUT, DllStructGetPtr($tINPUTs, "DummyUnion")) DllStructSetData($tINPUTs, "type", $INPUT_KEYBOARD) For $i = 1 To StringLen($sString) DllStructSetData($tm, "wScan", AscW(StringMid($sString, $i, 1))) DllStructSetData($tm, "dwFlags", $KEYEVENTF_UNICODE) _SendInput(1,$pINPUTs,$iInputSize) DllStructSetData($tm, "dwFlags", $KEYEVENTF_UNICODE + $KEYEVENTF_KEYUP) _SendInput(1,$pINPUTs,$iInputSize) Next $tINPUTs = 0 EndFunc “They did not know it was impossible, so they did it” ― Mark Twain Spoiler Block all input without UAC Save/Retrieve Images to/from Text Monitor Management (VCP commands) Tool to search in text (au3) files Date Range Picker Virtual Desktop Manager Sudoku Game 2020 Overlapped Named Pipe IPC HotString 2.0 - Hot keys with string x64 Bitwise Operations Multi-keyboards HotKeySet Recursive Array Display Fast and simple WCD IPC Multiple Folders Selector Printer Manager GIF Animation (cached) Debug Messages Monitor UDF Screen Scraping Round Corner GUI UDF Multi-Threading Made Easy Interface Object based on Tag
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now