Sign in to follow this  
Followers 0
ChromeFan

Blocking a USB Device

11 posts in this topic

#1 ·  Posted (edited)

hi, i have just created a script to remove autorun.inf files from USB devices and i have also disabled autorun on USB drives using registry. now i want that user should be not able to open the usb drive until it is scanned and cleaned. for this i want to block the usb devices. block means my script will work on it and during this user will be not abe to open the usb.

any ideas like hiding , making it invisible, or any type of idea to work for it?

i really don't know what to do on this stage...

can anyone help me? thanks in advance for the help!

Edited by ChromeFan

Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, ‘What happened?’” –Casey Stengel

Share this post


Link to post
Share on other sites



hi, i have just created a script to remove autorun.inf files from USB devices and i have also disabled autorun on USB drives using registry. now i want that user should be not able to open the usb drive until it is scanned and cleaned. for this i want to block the usb devices. block means my script will work on it and during this user will be not abe to open the usb.

any ideas like hiding , making it invisible, or any type of idea to work for it?

i really don't know what to do on this stage...

can anyone help me? thanks in advance for the help!

I don't know if is possible to hide or make invisible but you can eject drive.

I found this function in one script wrote by rasim.

Func _DriveEject($sDrive)
    Local Const $IOCTL_STORAGE_GET_DEVICE_NUMBER = 0x2D1080
    Local Const $FILE_SHARE_READ  = 0x1
    Local Const $FILE_SHARE_WRITE = 0x2
    Local Const $OPEN_EXISTING  = 3
    
    Local $szVolumeName = "\\.\" & $sDrive
    
    $hDrive = DllCall("kernel32.dll", "hwnd", "CreateFile", _
                      "str", $szVolumeName, _
                      "int", 0, _
                      "int", BitOR($FILE_SHARE_READ, $FILE_SHARE_WRITE), _
                      "ptr", 0, _
                      "int", $OPEN_EXISTING, _
                      "int", 0, _
                      "int", 0)
                  
    If $hDrive[0] = -1 Then Return False
    
    Local $STORAGE_DEVICE_NUMBER = DllStructCreate("int;int;int")
    Local $ByteRet = DllStructCreate("int")
    
    DllCall("kernel32.dll", "int", "DeviceIoControl", _
            "hwnd", $hDrive[0], _
            "int", $IOCTL_STORAGE_GET_DEVICE_NUMBER, _
            "ptr", 0, _
            "int", 0, _
            "ptr", DllStructGetPtr($STORAGE_DEVICE_NUMBER), _
            "int", DllStructGetSize($STORAGE_DEVICE_NUMBER), _
            "int*", $ByteRet, _
            "ptr", 0)

    DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hDrive[0])
    
    Local $iDrive = "\\.\PhysicalDrive" & DllStructGetData($STORAGE_DEVICE_NUMBER, 2)
    
    DllCall("ntmsapi.dll", "int", "EjectDiskFromSADriveA", "str", "", "str", "", "str", $iDrive, "hwnd", 0, _
            "str", "Title", "str", "Eject drive", "int", $NTMS_EJECT_FORCE)
EndFunc

When the words fail... music speaks

Share this post


Link to post
Share on other sites

I don't know if is possible to hide or make invisible but you can eject drive.

I found this function in one script wrote by rasim.

Func _DriveEject($sDrive)
    Local Const $IOCTL_STORAGE_GET_DEVICE_NUMBER = 0x2D1080
    Local Const $FILE_SHARE_READ  = 0x1
    Local Const $FILE_SHARE_WRITE = 0x2
    Local Const $OPEN_EXISTING  = 3
    
    Local $szVolumeName = "\\.\" & $sDrive
    
    $hDrive = DllCall("kernel32.dll", "hwnd", "CreateFile", _
                      "str", $szVolumeName, _
                      "int", 0, _
                      "int", BitOR($FILE_SHARE_READ, $FILE_SHARE_WRITE), _
                      "ptr", 0, _
                      "int", $OPEN_EXISTING, _
                      "int", 0, _
                      "int", 0)
                  
    If $hDrive[0] = -1 Then Return False
    
    Local $STORAGE_DEVICE_NUMBER = DllStructCreate("int;int;int")
    Local $ByteRet = DllStructCreate("int")
    
    DllCall("kernel32.dll", "int", "DeviceIoControl", _
            "hwnd", $hDrive[0], _
            "int", $IOCTL_STORAGE_GET_DEVICE_NUMBER, _
            "ptr", 0, _
            "int", 0, _
            "ptr", DllStructGetPtr($STORAGE_DEVICE_NUMBER), _
            "int", DllStructGetSize($STORAGE_DEVICE_NUMBER), _
            "int*", $ByteRet, _
            "ptr", 0)

    DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hDrive[0])
    
    Local $iDrive = "\\.\PhysicalDrive" & DllStructGetData($STORAGE_DEVICE_NUMBER, 2)
    
    DllCall("ntmsapi.dll", "int", "EjectDiskFromSADriveA", "str", "", "str", "", "str", $iDrive, "hwnd", 0, _
            "str", "Title", "str", "Eject drive", "int", $NTMS_EJECT_FORCE)
EndFunc
Thanks a lot for your quick help but if i will eject the usb then how i will Scan the device?

as i said...

i want that user should be not able to open the usb drive until it is scanned and cleaned.

block means my script will work on it and during this user will be not abe to open the usb.

i know you have tried to help me and i really appreciate your good work, Thanks once again

anyone can give me some idea or something which can do a favor for me?


Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, ‘What happened?’” –Casey Stengel

Share this post


Link to post
Share on other sites

*Dump*


Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, ‘What happened?’” –Casey Stengel

Share this post


Link to post
Share on other sites

hi,

Maybe on the net you can find some solution for hide drives (via Registry).

Probably you could set the registry keys, and when you finished just enable it again.

There is "Prevent Access to the Contents of Selected Drives " too.

In both of the method i'm not sure that you can scan the contents of the drive...

Link to the site


dworldI'm new in autoit, but I like it. My mind is open to the new things.

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

ok, Thanks! but i am still in a big problem... i have the following information

Drives can be hidden using the Registry. To open the Windows Registry press Windows R, type regedit and hit enter. Now navigate to the Registry key HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Policies \Explorer if you want to hide drives for the current user or HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentVersion \policies \Explorer if you want to hide them for all users and create a new Dword (right-click free space on the right pane, select New > Dword) and name it NoDrives.

Setting the value of NoDrives is a little bit more complicated. Every drive has a specific value that has to be combined if you want to hide more than one drive. Here is a short table explaining the values for each drive:

* Drive A: - Value 1

* Drive B: - Value 2

* Drive C: - Value 4

* Drive D: - Value 8

* Drive E: - Value 16

* Drive F: - Value 32

* Drive G: - Value 64

* Drive H: - Value 128

* Drive I: - Value 256

* Drive J: - Value 512

* and so on... you can use this tool to calculate easily http://www.wisdombay.com/hidedrive/

If you want to hide one drive just enter the value from that drive. If you want to hide more than one drive you have to add all values. If you wanted to hide Drive A, B and G you would enter the value 1+2+64 = 67.

You can revert those changes by setting the value to 0 or by deleting that Registry key completely. It is possible to access those drives in Windows Explorer by using the address bar. Simply use the drive letter of the hidden drive in the address bar to access it.

now i want to hide the connected USB device using the registry but it's complicated for me.

can you help me to create the registry key to hide USB flash drive?

Edited by ChromeFan

Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, ‘What happened?’” –Casey Stengel

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

So in the AutoIt help:

AutoIt->Function Reference->Registry Management

Hopefully there you can find all information what you need

[edit]

Of course somehow you should guess which drive letter will Windows assign to the newly connected USB drive...

Edited by dworld

dworldI'm new in autoit, but I like it. My mind is open to the new things.

Share this post


Link to post
Share on other sites

So in the AutoIt help:

AutoIt->Function Reference->Registry Management

Hopefully there you can find all information what you need

[edit]

Of course somehow you should guess which drive letter will Windows assign to the newly connected USB drive...

thanks, i know how to write in registry but i dont know how to get drive letter of usb. any example?

Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, ‘What happened?’” –Casey Stengel

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

i found new info:

Under this key:

HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices

And as the name of the key show you will find here the drive letters, and if you double click on one - which is not harddrive - you will see on the right side in the text that it is a CDROM or USB drive.

edit:

Query one of the drive values:

reg query HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices /v "\DosDevices\H:"

So if you have a a for cycle which is querying the mounted drives registry values, and can read that it is a Removable media, or cdrom, you'll be able to guess which is the correct letter for USB, and you can work with it.

The problem is that the query will return in hex

HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices

\DosDevices\H: REG_BINARY 5C003F003F005C00530054004F00520041004700

45002300520065006D006F007600610062006C0065004D0065006400690061002300370026003700

39006100350030006100620026003000260052004D0023007B003500330066003500360033003000

64002D0062003600620066002D0031003100640030002D0039003400660032002D00300030006100

3000630039003100650066006200380062007D00

The other problem is that, once you connected an USB drive, the letter will stay in the registry, so it is possible that there will be more than 1 letters which will be not assigned to any drive

Actually I think there should be an easier solution, and i don't want to take your script developing to wrong direction with this registry thing. Maybe we should wait somebody other, more experienced member's opinion..

Edited by dworld

dworldI'm new in autoit, but I like it. My mind is open to the new things.

Share this post


Link to post
Share on other sites

Isn't there policies that will do this for you?

Share this post


Link to post
Share on other sites

thanks, i know how to write in registry but i dont know how to get drive letter of usb. any example?

I think this is what you need, i found it in the help file:

$var = DriveGetDrive( "removable" )
If NOT @error Then
    MsgBox(4096,"", "Found " & $var[0] & " drives")
    For $i = 1 to $var[0]
        MsgBox(4096,"Drive " & $i, $var[$i])
    Next
EndIf

the example will work if removable drive is connected


dworldI'm new in autoit, but I like it. My mind is open to the new things.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0