Sign in to follow this  
Followers 0
Celeri

Policy Lister

25 posts in this topic

#1 ·  Posted (edited)

NEW - Version 1.07 (July 27th 2007)

+ Now reads all pertinent .INI files (including the pervasive WININIT.INI)

+ Added more switches to the command line. Every section and the GUI can be deactivated.

+ Officially English/French ready. Automatically detects which to choose.

(PLEASE SEND IN TRANSLATIONS FOR OTHER LANGUAGES! :lmao:)

+ No more temp file, all work done in memory (CD-ROM safe now!)

+ Added "Send to clipboard" and "Credits" to GUI.

- "Send by Email" on hold until I find a satisfying way of doing it.

+ Now reads BHOs and spits out their proper name.

Version 1.06 (July 15th 2007)

+ Adds basic GUI

+ Adds comprehensive command line (wth help)

Here's an interesting AutoIT program to help out people with serious spyware problems.

POLICY LISTER checks your 2000/XP/2003/Vista rig and lists all the system policies and run items it contains in a file called "Policies.txt". It now also pops up a simple gui with the results.

I found 129 places where policies can be set so I honestly think this covers most of the spots ;)

There is also 51 :whistle: "Run" sections. Not all sections directly affect your computer but most of them can do harm indirectly.

The rationale behind most of the sections can be found here (in french, not my work): http://joke0.free.fr/demarrage.html

(find any more of either policies or run sections, please let me know!!!)

NEWBIE ALERT:

Your computer already has a handful of policies and running programs setup by DEFAULT.

If you don't know what a policy or a starting program means, ASK A SEASONED VETERAN. Don't go messing around!

In any case, this program is completely neutral; the only thing it does is dump the values into a file and shows a GUI.

Feel free to pick up the code and make it better - but please, give me some credit if you do so.

IMPORTANT: This program has not been FULLY TESTED so ... well apart from creating a logfile the worse case scenario is the program not working at all :P

Has been run and tested on AutoIT3 v. 3.2.4.9.

Policy_Lister_107_OK.au3

Edited by Celeri

I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites



AutoIt

Share this post


Link to post
Share on other sites

So, any comments? Where should I go from here?

A gui?

A command line?

A way to remove individual policies (not my first choice but hey) ?

Thanks for your input!


I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

That's a very handy script, I changed it a bit to display the output in a MsgBox as well as write a log file, just because sometimes you just want to quickly check something.

Share this post


Link to post
Share on other sites

That's a very handy script, I changed it a bit to display the output in a MsgBox as well as write a log file, just because sometimes you just want to quickly check something.

Allright!

I just might make a nice gooey when I come back from Ottawa on friday :whistle:

THis will imply a structural change; for now all info is passed on step by step. Making a gui means filling up an array which works better if you integrate it into a loop.


I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

I'm back from Ottawa and I figured might as well make this program search for all the run sections I could find. SUre is easier than making a GUI!

So here's the count:

130 possible policy locations (found one more!)

51 possible run locations (some might seem iffy but I assure you, they are real.) ... imagine 51 places to get infected by ... bloody swiss cheeze!

I'm still not finished testing but this is going to be in my toolbox that's for sure.

I'LL POST THE PROGRAM LATER ON. So don't search for it just yet.

In the meantime, I was thinking of making the list of registry branches back into an .ini file. It would be simpler to add values BUT it would mean slower operation and more clutter. Having both internal and external would be too much work for now. I might make a poll or something if anyone comments.

Obi Wan Celeri


I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

Nice! A GUI would still be appreciated, even if it just reads the log file.

Share this post


Link to post
Share on other sites

Nice! A GUI would still be appreciated, even if it just reads the log file.

Hmmm that's not a bad idea ....

BTW a GUI (just hate those beasts) will take me the major part of the week-end BUT (if you will believe me) I had a revelation of sorts during my sleep (my brain is anemic during the day but works during REM so it seems):

Instead of grouping keys by branch (i.e.: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) , why not group them ... by "appartenance"? An example

wakeup.exe, 100,102 bytes, date, extra stuff

==== Found in : ====

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The idea being that a lot of stupid malware out there just replicates itself to no end taking advantage of the fact that most users will only erase one registry instance ...

This would be optionnal but I can see a lot of use for this.

In any case the GUI will popup (when I'm finished) if no command line parameters are passed on. Else it will shoot out a logfile (I assume /log or /anything util the program has matured). Err, unless you really want to induce pain by passing on "/gui" :whistle:


I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

Celeri, I check out the code from the first post and found that the Error Message display is not in english. I kinda understand it and had not errors. When you have time could you update the that function. :whistle: The output from your script is really handy.

Cheer! :lmao:

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

Celeri, I check out the code from the first post and found that the Error Message display is not in english. I kinda understand it and had not errors. When you have time could you update the that function. :whistle: The output from your script is really handy.

Cheer! :lmao:

Hey long time!

Yep that's on the menu ;)

For now i'm battling the gui !

What's done so far:

- Comprehensive command line with help

- Window with output and save capability

- Basic translation to english of comments and prompts

- A lot of tiny details.

Should be finished by tomorrow!

What's in the future (who knows when!):

- List BHOs (with full names), ghastly BHOs - a bad idea right from the start ...

- List services (with full names)

- Sort by object rather than by registry

- List multiple users (will require a little logic) - still not quite sure how to decode properly the username.

- Adapt to multiple languages

Before anyone asks, I have no intention (for now anyways) of making this a "click and delete" interface. For now it's only going to be a non-destructive information gathering program (partly because I'm goddamn lazy!).

BTW I've done multi-language programs before and they're a lot of work!

They also make the program MUCH HARDER to read (by a human that is).

Anyone has an idea how to make it simple? Or at least easier?

Edited by Celeri

I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

Hey long time!

Yep that's on the menu :whistle:

For now i'm battling the gui !

What's done so far:

- Comprehensive command line with help

- Window with output and save capability

- Basic translation to english of comments and prompts

- A lot of tiny details.

Should be finished by tomorrow!

What's in the future (who knows when!):

- List BHOs (with full names), ghastly BHOs - a bad idea right from the start ...

- List services (with full names)

- Sort by object rather than by registry

- List multiple users (will require a little logic) - still not quite sure how to decode properly the username.

- Adapt to multiple languages

Before anyone asks, I have no intention (for now anyways) of making this a "click and delete" interface. For now it's only going to be a non-destructive information gathering program (partly because I'm goddamn lazy!).

BTW I've done multi-language programs before and they're a lot of work!

They also make the program MUCH HARDER to read (by a human that is).

Anyone has an idea how to make it simple? Or at least easier?

Good work

For the multi-language you can just use an ini file and stringsplit based on the @OSLANG macro

;;Ini entries

[Controls]

Exit=Exit|Sortie|whatever|nextlang

$Lang_Val = ""
$Lang_Code = StringRight(@OSLANG, 2)
$Exit_Txt = StringSplit(IniRead("IniFile.Ini","Controls","Exit","Exit"), "|")
Switch $Lang_Code
   Case 09;; It's english
      $Exit_Txt = $Exit_Txt[1]
   Case 0c;; it's french
      $Exit_Txt = $Exit_Txt[2]
EndSwitch
GUICtrlSetData($Btn_Exit, $Exit_Txt)

Warning: I'm just winging it here. I have a much better version at home but I won't be back there until early August. This should give you the idea anyway. I know that with my normal version I'm using IniReadSection in there as well, I just don't remember how I did it.


George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Share this post


Link to post
Share on other sites

Good work

For the multi-language you can just use an ini file and stringsplit based on the @OSLANG macro

Allright, I'll look into that next week :whistle:

BTW if anyone uses this to BEAT THE CRAP out of a spyware, please let me know!


I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

Allright, I'll look into that next week :whistle:

BTW if anyone uses this to BEAT THE CRAP out of a spyware, please let me know!

Again from memory (not that great) you don't need $Lang_Code

Just change Switch $Lang_Code to Switch StringRight(@OSLANG, 2)

Only the Right 2 characters of the language code are required. The left 2 only denote the dialect.


George

Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.

Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.***

The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number.

Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else.

"Old age and treachery will always overcome youth and skill!"

Share this post


Link to post
Share on other sites

Again from memory (not that great) you don't need $Lang_Code

Just change Switch $Lang_Code to Switch StringRight(@OSLANG, 2)

Only the Right 2 characters of the language code are required. The left 2 only denote the dialect.

Thanks, I didn't know about that 2 right characters!

Mind you I think I'll use the example given in the help file and then assign a arbitrary number, depending on the language:

Func _Langue()
    Select
        Case StringInStr("0413,0813", @OSLang)
            Return 5; Danois
        Case StringInStr("0409,0809,0c09,1009,1409,1809,1c09,2009, _
                        2409,2809,2c09,3009,3409", @OSLang)
            Return 2; Anglais
        Case StringInStr("040c,080c,0c0c,100c,140c,180c", @OSLang)
            Return 1; Français
        Case StringInStr("0407,0807,0c07,1007,1407", @OSLang)
            Return 3; Allemand
        Case StringInStr("0410,0810", @OSLang)
            Return 6; Italien
        Case StringInStr("0414,0814", @OSLang)
            Return 7; Norvégien
        Case StringInStr("0415", @OSLang)
            Return 8; Polonais
        Case StringInStr("0416,0816", @OSLang)
            Return 9; Portuguais
        Case StringInStr("040a,080a,0c0a,100a,140a,180a,1c0a,200a, _
                        240a,280a,2c0a,300a,340a,380a,3c0a,400a, _
                        440a,480a,4c0a,500a", @OSLang)
            Return 4; Espagnol
        Case StringInStr("041d,081d", @OSLang)
            Return 10; Suédois
        Case Else
            Return 0; Inconnu
    EndSelect
EndFunc

The returned number would then feed an array ...

MsgBox(0,$message[0][$Msg][$lang], $Message[1][$Msg][$lang])

[0] = Either title (0) or message (1)

[$Msg] = Message #, from 1 to 9999 I guess

[$lang] = Language

And util a helful soul translates text into another language it'll stay english and french.

And for the sake of simplicity (only one .exe and no .ini lying around) all the strings would be set right from the start. This should be long and tedious but I'd rather have that than an .INI.

I think I'll integrate it into version 1.07 and think about making it for the future.


I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

Mind you I think I'll use the example given in the help file and then assign a arbitrary number, depending on the language:

Func _Langue()
Case StringInStr("040a,080a,0c0a,100a,140a,180a,1c0a,200a, _
240a,280a,2c0a,300a,340a,380a,3c0a,400a, _
440a,480a,4c0a,500a", @OSLang)
Return 4; Espagnol
EndFunc

Yeah I digress, using StringRight is much much better!


I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

1.07 beta is coming along nicely.

Every message is fully translatable. For now both english and french are supported.

I will ask for translators when the program is going to be near it's completion. For now I'm just goofing around :whistle:

Well anyways, now the problem is you need tons of comments all over the place - it is much harder to read. I guess you can't have everything ...

1.07 should be out in one or two days ... I just want to add something useful (like BHOs and services) before I send this out.


I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

Hey long time!

Yep that's on the menu :lmao:

For now i'm battling the gui !

What's done so far:

- Comprehensive command line with help

- Window with output and save capability

- Basic translation to english of comments and prompts

- A lot of tiny details.

Should be finished by tomorrow!

What's in the future (who knows when!):

- List BHOs (with full names), ghastly BHOs - a bad idea right from the start ...

- List services (with full names)

- Sort by object rather than by registry

- List multiple users (will require a little logic) - still not quite sure how to decode properly the username.

- Adapt to multiple languages

Before anyone asks, I have no intention (for now anyways) of making this a "click and delete" interface. For now it's only going to be a non-destructive information gathering program (partly because I'm goddamn lazy!).

BTW I've done multi-language programs before and they're a lot of work!

They also make the program MUCH HARDER to read (by a human that is).

Anyone has an idea how to make it simple? Or at least easier?

@Celeri, yeah it has been a while and just now returning back to the forums. All you new additions sound great. I like the idea that it is non-destructive. With one click you can make a mess. Look forward to the latest version.

Cheer.. :whistle:

Share this post


Link to post
Share on other sites

Thanks very much for the infos link :whistle:

Share this post


Link to post
Share on other sites

Thanks very much for the infos link :whistle:

Hey sorry guys for the delay - it's been crazy lately.

I'll pick up the pieces tonight and try to get something out... might not get any sleep but I don't mind :lmao:


I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

... almost finished 1.07. Just squashing some bugs here and there ...

For now "email to" has been pushed aside since I can't find a satisfying solution.

Ha! I didn't even tell you I was going to put that in there :)

Edited by Celeri

I am endeavoring, ma'am, to construct a mnemonic circuit using stone knives and bearskins.SpockMy UDFs:Deleted - they were old and I'm lazy ... :)My utilities:Comment stripperPolicy lister 1.07AutoIT Speed Tester (new!)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0