Jump to content
timmy2

Can a program block control by AutoIt scripts?

Recommended Posts

timmy2

I'm trying (and failing) to type or paste a password into Deep Freeze Standard's logon window. It's a simple window with a single text entry field, ready to receive text after the program is open.

My first script used Send("password") to type it in, but when that failed I figured maybe DFS has its own keyboard scanning routine. (I even tried ControlSend() but it did nothing either.)

I manually copied the password to the Windows clipboard and found that I can manually paste it in using Control+V, so my next script (below) uses Send ("^v").

As you'll see below I switch to Notepad midstream to verify that pasting works, then switch back to the DFS window to try one more time.

Send("^+!{F6}") ; run Deep Freeze Standard

If Not WinWaitActive("Deep Freeze Standard","",2) Then
       MsgBox($MB_SYSTEMMODAL + $MB_ICONERROR, "Error", "Window not found")
EndIf

ClipPut("password") ; put password on clipboard

WinActivate("Deep Freeze Standard","") ; ensure DFS is active
Sleep(1000) ; allow plenty of time
Send ("^v")  ; paste clipboard contents (since I can do it manually; what's the difference??)

Sleep (1000)  ; wait
Run("notepad") ; switch to Notepad and verify pasting works
WinWaitActive("Untitled - Notepad")
Send("^v")

Sleep (1000) ; wait
WinActivate("Deep Freeze Standard","")  ; I can see the title bar darken so I know it's active
Sleep(500)
Send ("^v")  ; try one more time before I bang my head on the table

Neither attempt to paste the password into DFS works.

Are there any other AutoIt commands or approaches I should try for typing or pasting the password, or have they figured out a way to be impervious to scripted control?

Share this post


Link to post
Share on other sites
iamtheky

can you send TAB and see your cursor move to that control?


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
AdamUL

Try using ControlSetText, and see if it works. 

Do you have access to DFC.exe?  

 

Adam

 

Edited by AdamUL

Share this post


Link to post
Share on other sites
Nine

after ^v shouldn't you send a {enter} key ?

 

or do before pasting a MouseClick ("left",$x,$y,1) in the middle of the pw field to see if that helps 

Edited by Nine

Share this post


Link to post
Share on other sites
orbs

@timmy2, yes, a program can block simulated keyboard input.

Deep Freeze - like all enterprise security products - has a central management console, through which you can configure the endpoint clients. no other method is going to be simpler, or feasible at all.

do NOT attempt simulating mouse clicks and key presses - this will fail, and will generate a lot more work for you to explain to users WTF is going on. "hello, IT? someone is controlling my workstation! they have started the Deep Freeze program and trying to hack it!". then you need to connect to their workstations and perform the process manually.

 

Share this post


Link to post
Share on other sites
timmy2
7 hours ago, iamtheky said:

can you send TAB and see your cursor move to that control?

@iamtheky, thank you for replying.  The cursor starts out in that control. But I tried your suggestion to see if the anything would change in the window, but nothing changed. 

Edited by timmy2

Share this post


Link to post
Share on other sites
timmy2
6 hours ago, Nine said:

after ^v shouldn't you send a {enter} key ? or do before pasting a MouseClick ("left",$x,$y,1) in the middle of the pw field to see if that helps 

Thank you for replying, @Nine

The cursor is already in the password field and if I press Control+v on the keyboard the password immediately pastes into the field (indicated by asterisks). I want to get that far before sending an Enter.

Edited by timmy2

Share this post


Link to post
Share on other sites
timmy2
5 hours ago, orbs said:

@timmy2, yes, a program can block simulated keyboard input.

Deep Freeze - like all enterprise security products - has a central management console, through which you can configure the endpoint clients. no other method is going to be simpler, or feasible at all.

do NOT attempt simulating mouse clicks and key presses - this will fail, and will generate a lot more work for you to explain to users WTF is going on. "hello, IT? someone is controlling my workstation! they have started the Deep Freeze program and trying to hack it!". then you need to connect to their workstations and perform the process manually.

 

Thank you for responding, @orbs, but Deep Freeze Standard (DFS) is a crippled version of their Enterprise version, without a management console and limited command line capabilities. Mainly, there's no way to automatically or by scripting thaw the system in order to install Windows updates or Defender definitions. DFS is comparable to competitors' free offering.  As to the impact of scripted control on users, anything like this would be done after hours. 

Edited by timmy2

Share this post


Link to post
Share on other sites
timmy2
7 hours ago, AdamUL said:

Try using ControlSetText, and see if it works. 

Do you have access to DFC.exe?  

Adam

 

I'll try ControlSetText, thanks, @AdamUL. As to DFC, I think that's usable only with the Enterprise product.

Edited by timmy2

Share this post


Link to post
Share on other sites
timmy2
6 hours ago, AdamUL said:

Try using ControlSetText, and see if it works. 

@AdamUL, thank you for pointing me to ControlSetText. It might work if I can figure out a valid controlID.  The docs page about Controls shows three ways to send text to a control, and I've tried all three using values revealed by clicking on the password field with AutoIt v3 Window Info.

7hvDcw6.png

 

I've tried the following three commands in test scripts, along with code showing SendControlText's return value. In all cases it returned a zero. I figure that if it can't find the control my test of ControlSetText is invalid.

ControlSetText("Deep Freeze Standard","","[CLASS:TEdit; INSTANCE:1]","password")

ControlSetText("Deep Freeze Standard","","[CLASSNN:TEdit1]","password")

ControlSetText("Deep Freeze Standard","","TEdit1","password")

Any suggestions how I might be mis-identifying the password entry field?

Share this post


Link to post
Share on other sites
orbs
11 hours ago, timmy2 said:

Deep Freeze Standard (DFS) is a crippled version of their Enterprise version, without a management console and limited command line capabilities

sorry, i missed that. i sure hope the difference in costs covers the additional manual labor you need to put in. i used to work with Deep Freeze Enterprise in the past, and i remember being very impressed and satisfied with the central administration abilities (far more than with the technical solution, to be honest).

if i were you, then before reaching the inevitable conclusion that i have chosen the wrong solution for my environment, i'd contact their support to ask what remote administration options are available for the "Standard" edition. once they reply with "none", i'd start considering either upgrade or alternatives.

but, if what bugs you is only Windows updates, i'd consider another approach: create an image deployment process that is completely automatic (including setting the hostname, and installing Deep Freeze when all is done). then, every month or so, build a clean workstation, apply all Windows updates, image it and deploy all endpoint computers. this, however, is sort of a last resort (last before doing each computer manually, that is), for many obvious reasons.

either way, scripting the GUI is not going to work reliably, if at all.

Share this post


Link to post
Share on other sites
timmy2
6 hours ago, junkew said:

If its identifyable by simplespy or au3inf i have never had issues getting text scripted into a password textbox. 

Good to know there's hope, @junkew. Would you mind looking at my three failed uses of ControlSetText and the accompanying Au3inf screenshot and suggest where I my mistake is?

Share this post


Link to post
Share on other sites
timmy2
8 hours ago, orbs said:

if i were you, then before reaching the inevitable conclusion that i have chosen the wrong solution for my environment, i'd contact their support to ask what remote administration options are available for the "Standard" edition. once they reply with "none", i'd start considering either upgrade or alternatives.

but, if what bugs you is only Windows updates, i'd consider another approach: create an image deployment process that is completely automatic (including setting the hostname, and installing Deep Freeze when all is done). then, every month or so, build a clean workstation, apply all Windows updates, image it and deploy all endpoint computers. this, however, is sort of a last resort (last before doing each computer manually, that is), for many obvious reasons.

either way, scripting the GUI is not going to work reliably, if at all.

Thank you for replying, @orbs.  Yours is an interesting take on the subject, certainly apropos for enterprise. I'm dealing with a group of four public access PCs in a tiny non-profit nursing home.  These PCs have been fine just remaining frozen month after month, and aren't thawed and updated until I'm called in to fix something else. But it has bugged me that Windows and Defender updates are not possible solely because Faronics makes it impossible (command line freeze/thaw does not work - despite being in DFS's docs, and their central control software option can't do it either). That's a throwdown challenge, right?

And it should be a very minor one. 30 minutes. Freezing or thawing in DFS's simple GUI involves entering a password, clicking a radio button and then an Okay button. How complicated is that!? So I figured why not try it?

But as so often seems to happen, the Devil's in the details. Have you looked at my ControlSetText attempts or the original script I posted? Can you see where I'm in error (besides thinking this seemingly simple GUI can be controlled by AutoIt)?

 

Share this post


Link to post
Share on other sites
junkew

How much effort is it worth to find out? Protection mechanisms are there for good reasons. You can in general bypass them all depending on the software you are allowed to install on the machines in question.

Google around on 

LLKHF_INJECTED

And you will find ways of bypassing which in worst case is a keyboarddriver running in kernelmode.

 

 

 

 

Share this post


Link to post
Share on other sites
timmy2
4 hours ago, junkew said:

How much effort is it worth to find out? Protection mechanisms are there for good reasons. You can in general bypass them all depending on the software you are allowed to install on the machines in question.

Google around on 


LLKHF_INJECTED

And you will find ways of bypassing which in worst case is a keyboarddriver running in kernelmode.

Ah, a new twist!

I started with the threshold question, "Can a program block control by AutoIt scripts?", because I wanted to tap into the wisdom of this crowd to know if my failed attempts with Send and ControlSetText were due to simple coding errors or something more daunting -- like the "protection mechanisms" to which you allude. While you have "never had issues getting text scripted into a password textbox", from your latest reply it sounds like much more than simple AutoIt commands are required in this case.  I'll pass, and consider switching to a different "boot and restore" solution. 

Thank you for your input, @junkew.

Share this post


Link to post
Share on other sites
orbs
6 hours ago, timmy2 said:

I'll pass, and consider switching to a different "boot and restore" solution. 

good on you! a better solution for sure.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×