MrChris Posted July 31, 2006 Posted July 31, 2006 Could AutoIt be used to redirect Registry Writes to a single registry hive that is housed offline? If that makes sense? In other words, when an app tries to write or read to the windows registry could I use autoit to redirect it read/write to a single file? MrChris
B3TA_SCR1PT3R Posted July 31, 2006 Posted July 31, 2006 (edited) I'm not sure about that, but you could always change the default action of a .reg file to open in notepad. But that would only protect against .reg files not if the program explicitly wrote to the registry. Edited July 31, 2006 by B3TA_SCR1PT3R [right][font="Courier New"]...Run these streets all day, I can sleep when I die.[/font] [/right]
Simucal Posted July 31, 2006 Posted July 31, 2006 Could AutoIt be used to redirect Registry Writes to a single registry hive that is housed offline? If that makes sense?In other words, when an app tries to write or read to the windows registry could I use autoit to redirect it read/write to a single file?MrChrisHmm... maybe use Sys internals "RegMon" to monitor registry activity and have AutoIt reverse registry changes and store them in a file? Just throwin an idea out there. AutoIt Scripts:Aimbot: Proof of Concept - PixelSearching Aimbot with several search/autoshoot/lock-on techniques.Sliding Toolbar - Add a nice Sliding Toolbar to your next script. Click the link to see an animation of it in action!FontInfo UDF - Get list of system fonts, or search to see if a particular font is installed.Get Extended Property UDF - Retrieve a files extended properties (e.g., video/image dimensions, file version, bitrate of song/video, etc)
MrChris Posted July 31, 2006 Author Posted July 31, 2006 Hmmmm. Well Im trying to make a few applications portable and if I walk upto a machine that does not allow writing to the reg then I might run into a problem. I found a program called sanboxie which does just what I need but it requires installing a service which on a box with no permissions creates an issue.
/dev/null Posted July 31, 2006 Posted July 31, 2006 Hmmmm. Well Im trying to make a few applications portable and if I walk upto a machine that does not allow writing to the reg then I might run into a problem. I found a program called sanboxie which does just what I need but it requires installing a service which on a box with no permissions creates an issue.you can't do it with AutoIT and you can't do it without special user rights.CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *
MHz Posted July 31, 2006 Posted July 31, 2006 If SandBoxie can do it, then I am sure that AutoIt maybe able to do it. It would take some Windows API skills to make a script to handle it. The problem would be if an AutoIt script could monitor and process the data needed in the required time frame as it is running.
/dev/null Posted July 31, 2006 Posted July 31, 2006 If SandBoxie can do it, then I am sure that AutoIt maybe able to do it. It would take some Windows API skills to make a script to handle it. The problem would be if an AutoIt script could monitor and process the data needed in the required time frame as it is running.No way, you need a windows API hook to intercept registry reads and writes. You can't do that with AutoIT!CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *
MrChris Posted July 31, 2006 Author Posted July 31, 2006 Well. ParaGlider over at the BartPE/PEBuilder Forum has written some type if exe/dll (RunScanner) that kinda sorta does this. I dont think it so much Hooks the reg as much as it just mounts a remote hive or something. all though it works great under the PE env. I have not yet really been able to have much success under the normal xp/2000 env. with it.SandBoxIE is great for what I am looking for BUT sandboxie itself requires to be written to the reg and requires drivers to be installed. And on a machine where one does not have proper permissions to write to the reg or install a kernal level driver that does no good.MrChris
/dev/null Posted July 31, 2006 Posted July 31, 2006 SandBoxIE is great for what I am looking for BUT sandboxie itself requires to be written to the reg and requires drivers to be installed.Hm... why might SandBoxie need a "driver"?? Because it's installing a API hook...And on a machine where one does not have proper permissions to write to the reg or install a kernal level driver that does no good.how do you want to perform privileged operations in Windows when you have no privileges at all?? There is simply no way to do what you want without proper rights. And there is no way at all to do it with AutoIT.Take a look at the source code of API Guard. It will help you to understand how it works.RunScanner sound interesting, however there is not enough information available about the internals. Anyway it also won't work without proper system privileges.CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now