Leaderboard

This UDF is now part of AutoIt since 3.3.12.0. New versions of Microsoft Office have been released since the last changes were made to the Excel UDF. The new extensions (e.g. xlsx) are not (fully) supported, new functions are missing etc. The rewrite of the Excel UDF delivers changes in the following areas: Works with as many instances of Excel as you like - not just one Works with any Workbook - not just the active one Works with any Worksheet - not just the active one Only does what you tell it to do - no implicit "actions" Only one function to read from a cell or a range Only one function to write a string, an 1D or 2D array to a cell or a range Support for every file format Excel supports Speed enhancements when transferring data from/to an Excel sheet (20 - 100 times faster) 2014-03-22 - Beta 5 Known bugs None The example scripts have been tested with Excel 2010 and AutoIt 3.3.10.2 on Windows 7. You need to run the scripts with the latest AutoIt production version (3.3.10.x)! Please test with Excel 2003 and Excel 2007 and post changes you need/want to see in the next beta version! Excel Rewrite Beta 5.zip has been removed as it is now part of AutoIt since 3.3.12.0. (627 downloads) History.txt

I'm sure there are many ways to break this (especially considering I only did add/subtract/division/multiplication), I'll leave it to you all to break it. Edit: Found another breaking point lol, I'm done looking #include <Array.au3> Global $gsz_equation = "(8 + (7 * 4) - (3 *(2 / 7)))" Global $ga_ret = _ProcessSimpleEquation($gsz_equation) _ArrayDisplay($ga_ret) ; to console For $i = 1 To UBound($ga_ret) - 1 ConsoleWrite($ga_ret[$i] & @CRLF) Next Func _ProcessSimpleEquation($s_eq) $s_eq = StringReplace($s_eq, " ", "") Local $s_tmp = $s_eq, $a_tmp Local $s_ret = StringRegExpReplace($s_eq, "(\+|\-|\*|/)", " $1 ") & @LF ; get mult/div with digits on both sides $a_tmp = StringRegExp($s_tmp, "((?:\d*\.?\d*)(?<=\d)[\*/](?:\d*\.?\d*))", 3) If Not @error Then For $i = 0 To UBound($a_tmp) - 1 $s_tmp = StringRegExpReplace($s_tmp, "\b\Q" & $a_tmp[$i] & "\E\b", Execute($a_tmp[$i])) Next ; format string $s_ret &= StringRegExpReplace($s_tmp, "(\+|\-|\*|/)", " $1 ") & @LF EndIf ; get mult/div from possible parenth left over $a_tmp = StringRegExp($s_tmp, "(\(?(?:\d*\.?\d*)(?<=\d)[\*/]\(?(?:\d*\.?\d*))", 3) If Not @error Then ; add parenthesis For $i = 0 To UBound($a_tmp) -1 StringReplace($a_tmp[$i], "(", "") For $j = 2 To @extended $a_tmp[$i] &= ")" Next $a_tmp[$i] = StringTrimLeft($a_tmp[$i], 1) $s_tmp = StringRegExpReplace($s_tmp, "\Q" & $a_tmp[$i] & "\E", Execute($a_tmp[$i])) Next ; format string $s_ret &= StringRegExpReplace($s_tmp, "(\+|\-|\*|/)", " $1 ") & @LF EndIf ; on to addition/subtraction While 1 $a_tmp = StringRegExp($s_tmp, "((?:\d*\.?\d*)(?<=\d)[\-\+]\(?(?:\d*\.?\d*)(?<=\d)\)?)", 3) If @error Then ExitLoop For $i = 0 To UBound($a_tmp) - 1 $s_tmp = StringRegExpReplace($s_tmp, "\Q" & $a_tmp[$i] & "\E", Execute($a_tmp[$i])) Next ; format string $s_ret &= StringRegExpReplace($s_tmp, "(\+|\-|\*|/)", " $1 ") & @LF WEnd ; we are going to return an array $a_tmp = StringSplit(StringTrimRight($s_ret, 1), @LF) $a_tmp[$a_tmp[0]] = Execute($a_tmp[$a_tmp[0]]) Return $a_tmp EndFunc ..

BFGuard is Brute force Guard for windows server remote desktop connection developed in autoit language. BFGuard is simple app but yet very handy for people using publicly accessible windows services like Remote desktop, Microsoft SQL or SAMBA and trying to protect these services from brute force atacks. This app does not modifies any windows services and do minimal load on your system it was worked out in this way all along. It does minimal load on system even on thou sen attacks in minute or second. It acts as a part of windows, connecting windows event log and windows firewall so this app reads windows logs analyzes them and blocks attacker IP addresses over windows firewall. This app supports all software services witch adds info to windows event log so natively it supports Remote desktop connection known as RDP protocol, windows sharing known as SAMBA protocol, Microsoft SQL server and more… BFGuard is windows firewall add-on witch helps automate defense mechanism essential existing in windows. MANY THANKS FOR HELP AND SUPPORT llewxam jchd Screen shoots: Update's 2014-10-29 Full version uploaded. Enjoy. 2014-03-15 Fixed major error with auto-ban. 2014-03-12 Can type SQL query to combo box in statistic and click load Like select * from ip_list where date > date('now','-1 hour') order by date 2014-03-11 When date is read from event log it is in not SQL format. Now before importing data to SQL data is formated to correct SQL format. And now it is possible to do simple compare by date. New fast data import mode (jchd code. THANKS!) Now statistic is working and button load is active. (post yours SQL lines will add them) White list is working, but need testing Still not clear is auto-block working correct. Some bug fixes. 2014-03-10 v2 Added IP geolocation button. (llewxam code. Thanks!) 2014-03-10 Reworked GUI from scratch. Any new ideas would be good. Script exploded from single function script to more separate functions to make it easer to read and update for community Added new table where you can see blocked IP and date's some buttons is only for feature like white list, auto ban 2014-03-09 Added buttons block, unblock ( It does what is said, blocks selected IP from accessing your server RDP, FTP,SQL, SAMBA, ECT) Automatically reads log and adds to list every 60 sec. Initial run of programs reads 10k events from log. Second time when you run program reads 24hours log to make it more quicker. Some bugs.... and more ect... PLANS: Automatic firewall rule management ( adding, removing after time pass) BAD ASS IP sharing over web (making global black list) Know bugs: When inserting data to SQLite it hangs up a bit, so wait for it. If not happy you can make queries to go every time it pharases a event, but it takes longer. Now it inserts everything in one batch. To do list: AdlibUnregister and AblibRegister shuld be disabled on initial databse read. (thanks to llewxam) Remove old data import code from script if no bugs detected in some time Code update coming soon. (FREE FOR NON COMMERCIAL USE) (ANY OTHER USE IS PROHIBITED OR TRY CONTACT ME) #RequireAdmin #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Icon=ico\Icojam-Blue-Bits-Shield.ico #AutoIt3Wrapper_Res_Fileversion=0.0.0.3 #AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #include <GUIConstantsEx.au3> #include <Constants.au3> #include <Array.au3> #include <File.au3> #include <Array.au3> #include <MsgBoxConstants.au3> #include <SQLite.au3> #include <SQLite.dll.au3> #include <GuiListView.au3> #include <GuiImageList.au3> #include <WindowsConstants.au3> #include <ButtonConstants.au3> #include <ComboConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <ListViewConstants.au3> #include <ProgressConstants.au3> #include <StaticConstants.au3> #include <TabConstants.au3> #include <WindowsConstants.au3> #include <Date.au3> #include <Crypt.au3> Global $iMemo, $mac_list, $license_key Global $Input1, $Checkbox1, $atempts, $minutes, $Combo1 _Main() Func _Main() Local $hEventLog, $aEvent Global $SQLite_db,$hListView,$hListView2,$GUI,$wevtutil_query, $initial_event_count, $Label1, $Progress1, $sql_qry, $minutes_in_ban_list, $display_results Global $Input1, $Checkbox1, $atempts, $minutes, $Combo1, $whiteipinput, $Checkbox2 $GUI = GUICreate("BFGurad - version 1.37", 621, 450, -1, -1, BitOR($GUI_SS_DEFAULT_GUI,$WS_MAXIMIZEBOX,$WS_SIZEBOX,$WS_THICKFRAME,$WS_TABSTOP)) $Tab1 = GUICtrlCreateTab(8, 8, 601, 417) GUICtrlSetResizing(-1, $GUI_DOCKLEFT+$GUI_DOCKRIGHT+$GUI_DOCKTOP+$GUI_DOCKBOTTOM+$GUI_DOCKWIDTH+$GUI_DOCKHEIGHT) $TabSheet1 = GUICtrlCreateTabItem("Log entrys") $iMemo = GUICtrlCreateEdit("", 16, 88, 585, 329) $Progress1 = GUICtrlCreateProgress(16, 36, 582, 17) $Label1 = GUICtrlCreateLabel("Reading event log", 16, 61, 584, 17) $TabSheet2 = GUICtrlCreateTabItem("Blocked IP") $hListView2 = GUICtrlCreateListView("", 12, 41, 586, 350) _GUICtrlListView_SetExtendedListViewStyle($hListView2, BitOR($LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, $LVS_EX_SUBITEMIMAGES)) _GUICtrlListView_InsertColumn($hListView2, 0, "IP Address", 150) _GUICtrlListView_InsertColumn($hListView2, 1, "From", 130) _GUICtrlListView_InsertColumn($hListView2, 2, "To", 130) _GUICtrlListView_InsertColumn($hListView2, 3, "Status", 100) $Button1 = GUICtrlCreateButton("Unblock", 12, 393, 50, 25) $Button1_geolocate = GUICtrlCreateButton("Who?", 64, 393, 50, 25) $Checkbox1 = GUICtrlCreateCheckbox("Auto block", 200, 392, 73, 15) $Checkbox2 = GUICtrlCreateCheckbox("Auto unblock", 200, 406, 73, 15) $atempts = GUICtrlCreateInput("5", 284, 393, 25, 21) $minutes = GUICtrlCreateInput("1", 380, 393, 41, 21) GUICtrlCreateLabel("attempts in", 316, 393, 55, 17, $SS_CENTERIMAGE) GUICtrlCreateLabel("min. For", 428, 393, 41, 17, $SS_CENTERIMAGE) $Button2 = GUICtrlCreateButton("White list IP", 116, 393, 75, 25) $Input1 = GUICtrlCreateInput("60", 476, 393, 41, 21) $Label3 = GUICtrlCreateLabel("minutes.", 524, 393, 31, 17, $SS_CENTERIMAGE) $TabSheet3 = GUICtrlCreateTabItem("WhiteList") $hListView3 = GUICtrlCreateListView("", 12, 41, 586, 350) _GUICtrlListView_SetExtendedListViewStyle($hListView3, BitOR($LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, $LVS_EX_SUBITEMIMAGES)) _GUICtrlListView_InsertColumn($hListView3, 0, "IP Address", 150) $whiteipinput = GUICtrlCreateInput("", 12, 393, 120, 21) $Button7 = GUICtrlCreateButton("Add", 135, 393, 50, 21) $Button8 = GUICtrlCreateButton("Remove", 188, 393, 50, 21) $TabSheet4 = GUICtrlCreateTabItem("Statistics") $Combo1 = GUICtrlCreateCombo("Total failed login count", 12, 41, 505, 25, BitOR($CBS_DROPDOWN,$CBS_AUTOHSCROLL)) $Button3 = GUICtrlCreateButton("Block", 12, 393, 75, 25) $Button4 = GUICtrlCreateButton("UnBlock", 92, 393, 75, 25) $Button6 = GUICtrlCreateButton("Who?", 92+80, 393, 75, 25) $hListView = GUICtrlCreateListView("", 12, 65, 586, 326) _GUICtrlListView_SetExtendedListViewStyle($hListView, BitOR($LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, $LVS_EX_SUBITEMIMAGES)) _GUICtrlListView_InsertColumn($hListView, 0, "IP Address", 150) _GUICtrlListView_InsertColumn($hListView, 1, "Count", 100) _GUICtrlListView_InsertColumn($hListView, 2, "Blocked", 100) _GUICtrlListView_InsertColumn($hListView, 3, "Date", 150) $Button5 = GUICtrlCreateButton("Load", 520, 41, 79, 21) GUICtrlCreateTabItem("") GUISetState(@SW_SHOW) $MenuItem1 = GUICtrlCreateMenu("Settings") ;~ $MenuItem5 = GUICtrlCreateMenuItem("Restet database", $MenuItem1) $MenuItem3 = GUICtrlCreateMenuItem("Enter license key", $MenuItem1) ;~ $MenuItem4 = GUICtrlCreateMenuItem("Exit", $MenuItem1) $MenuItem2 = GUICtrlCreateMenu("Abuot") ;~ $MenuItem7 = GUICtrlCreateMenuItem("IPCloudSynch", $MenuItem2) $MenuItem6 = GUICtrlCreateMenuItem("Version", $MenuItem2) #EndRegion ### END Koda GUI section ### GUICtrlSetFont($iMemo, 9, 400, 0, "Courier New") GUISetState() $initial_event_count = 20000 $update_event_count = 10000 $minutes_in_ban_list = GUICtrlRead($Input1) $display_results = "SELECT ip, count(*) as 'count', status, date FROM ip_list GROUP BY ip ORDER by count DESC;" Global $SQL_statistic_queries[17][2] = [ _ ["Show whitelist", "SELECT * FROM white_ip_list"], _ ["Last minute activity", "SELECT ip, date, status FROM ip_list WHERE date >= datetime('now','-1 minute') ORDER by date DESC"], _ ["Last hour activity", "SELECT ip, date, status FROM ip_list WHERE date >= datetime('now','-1 hour') ORDER by date DESC"], _ ["Last 100 records", "SELECT ip,* FROM ip_list ORDER by date DESC LIMIT 100"], _ ["Failed logins in 1 min", "SELECT ip, count(*) as 'count', status FROM ip_list WHERE date >= datetime('now','-1 minutes') GROUP BY ip ORDER by count DESC"], _ ["Failed logins in 1 hour", "SELECT ip, count(*) as 'count', status FROM ip_list WHERE date >= datetime('now','-1 hour') GROUP BY ip ORDER by count DESC"], _ ["Failed logins in 1 day", "SELECT ip, count(*) as 'count', status FROM ip_list WHERE date >= datetime('now','-1 day') GROUP BY ip ORDER by count DESC"], _ ["Failed logins in 1 month", "SELECT ip, count(*) as 'count', status FROM ip_list WHERE date >= datetime('now','-1 month') GROUP BY ip ORDER by count DESC"], _ ["Failed logins all time", "SELECT ip, count(*) as 'count', status FROM ip_list GROUP BY ip ORDER by count DESC"], _ ["Failed user in 1 day", "SELECT user, count(*) as 'count' FROM ip_list WHERE date >= datetime('now','-1 day') GROUP BY user ORDER by count DESC"], _ ["Failed user in 1 month", "SELECT user, count(*) as 'count' FROM ip_list WHERE date >= datetime('now','-1 month') GROUP BY user ORDER by count DESC"], _ ["Failed user all time", "SELECT user, count(*) as 'count' FROM ip_list GROUP BY user ORDER by count DESC"], _ ["Show Table ip_list", "SELECT * FROM ip_list LIMIT 1000"], _ ["Show Table blocked_ip_list", "SELECT * FROM blocked_ip_list"], _ ["Show Table white_ip_list", "SELECT * FROM white_ip_list"], _ ["", ""]] $string = '' FOR $cx=0 to UBound($SQL_statistic_queries)-1 $string = $string & "|" & $SQL_statistic_queries[$cx][0] Next $string = $string GUICtrlSetData($Combo1, $string) _SQLite_Startup() MemoWrite("_SQLite_LibVersion=" & _SQLite_LibVersion() & @CRLF) GUICtrlSetData($Progress1, 1) $db_name = @ScriptDir & "\SQLite_v5.db" If FileExists($db_name) Then $wevtutil_query = "*[System[band(Keywords,4503599627370496)]]" ;after initail run dont read all log only 24 h MemoWrite("Opening existing database. "& $db_name) $SQLite_db = _SQLite_Open($db_name) $initial_event_count = $update_event_count Else $wevtutil_query = "*[System[band(Keywords,8010000000000000)]]" MemoWrite("Creating new database at: "& $db_name) $SQLite_db = _SQLite_Open($db_name) MemoWrite("Creating database structure.") _SQLite_Exec($SQLite_db, "CREATE TABLE ip_list (ID INTEGER PRIMARY KEY AUTOINCREMENT,log_id CHAR(150) UNIQUE, date CHAR(150), ip CHAR(150), user CHAR(150), status CHAR(150))") _SQLite_Exec($SQLite_db, "CREATE TABLE blocked_ip_list (ID INTEGER PRIMARY KEY AUTOINCREMENT,ip CHAR(150), date_from DATETIME, date_to DATETIME, status CHAR(150))") _SQLite_Exec($SQLite_db, "CREATE TABLE white_ip_list (ID INTEGER PRIMARY KEY AUTOINCREMENT,ip CHAR(150) UNIQUE)") EndIf _Seciurity_check() Update_database() AdlibRegister(sheduled_tasks, 1000*30) display_resutls($display_results, $hListView ) display_resutls("SELECT * FROM white_ip_list", $hListView3) display_blocked_resutls("SELECT ip, date_from, date_to, status FROM blocked_ip_list ORDER by status") ; Loop until user exits While 1 Switch GUIGetMsg() Case $GUI_EVENT_CLOSE Exit Case $Button2 $iSelect = ControlListView($GUI, "", $hListView2, "GetSelected") $sSelect = ControlListView($GUI, "", $hListView2, "GetText", $iSelect) MemoWrite("Address: "&$sSelect& " is added to white list") SQLite_QUERY("INSERT INTO white_ip_list VALUES (null, '"& $sSelect &"');") Case $Button1 $iSelect = ControlListView($GUI, "", $hListView2, "GetSelected") $sSelect = ControlListView($GUI, "", $hListView2, "GetText", $iSelect) MemoWrite("Address: "&$sSelect& " is removed from firewal") block_ip_remove($sSelect) Case $Button3 $iSelect = ControlListView($GUI, "", $hListView, "GetSelected") $sSelect = ControlListView($GUI, "", $hListView, "GetText", $iSelect) MemoWrite("Address: "&$sSelect& " is added to firewal for blocking") block_ip_add($sSelect,'525600') ; block select ip for a year 365*24*60 Case $Button4 $iSelect = ControlListView($GUI, "", $hListView, "GetSelected") $sSelect = ControlListView($GUI, "", $hListView, "GetText", $iSelect) MemoWrite("Address: "&$sSelect& " is removed from firewal") block_ip_remove($sSelect) Case $Button5 $sComboRead = GUICtrlRead($Combo1) Local $iIndex = _ArraySearch($SQL_statistic_queries, $sComboRead, 0, 0, 0, 1, 1, 0) If @error Then $display_results = $sComboRead display_resutls($sComboRead, $hListView) Else Global $display_results = $SQL_statistic_queries[$iIndex][1] MemoWrite($SQL_statistic_queries[$iIndex][1]) display_resutls($SQL_statistic_queries[$iIndex][1], $hListView) EndIf Case $Button6 $iSelect = ControlListView($GUI, "", $hListView, "GetSelected") $sSelect = ControlListView($GUI, "", $hListView, "GetText", $iSelect) _GeoLocate($sSelect) MemoWrite("Geolocated " & $sSelect) Case $Button1_geolocate $iSelect = ControlListView($GUI, "", $hListView2, "GetSelected") $sSelect = ControlListView($GUI, "", $hListView2, "GetText", $iSelect) _GeoLocate($sSelect) MemoWrite("Geolocated " & $sSelect) Case $Button7 $sSelect = GUICtrlRead($whiteipinput) SQLite_QUERY("INSERT INTO white_ip_list VALUES (null, '"& $sSelect &"');") display_resutls("SELECT * FROM white_ip_list", $hListView3) Case $Button8 $iSelect = ControlListView($GUI, "", $hListView3, "GetSelected") $sSelect = ControlListView($GUI, "", $hListView3, "GetText", $iSelect) SQLite_QUERY("DELETE FROM white_ip_list WHERE id='"& $sSelect &"';") display_resutls("SELECT * FROM white_ip_list", $hListView3) Case $MenuItem3 $license_input = InputBox("BFGuard","Enter license key") If @error OR $license_input="" Then MsgBox($MB_OK,"BFGuard","License was not changed") Else RegDelete("HKEY_LOCAL_MACHINE\Software\BFGuard", "License") RegWrite("HKEY_LOCAL_MACHINE\Software\BFGuard", "License", "REG_SZ", $license_input) _Seciurity_check() EndIf Case $MenuItem6 MsgBox($MB_OK,"BFGuard","BFGuard 1.0") _Seciurity_check() EndSwitch WEnd EndFunc ;==>_Main Func sheduled_tasks() Global $Checkbox1,$display_results, $hListView, $hListView3 Update_database() if _IsChecked($Checkbox1) Then $attempts_time=GUICtrlRead($minutes) $attempts_count=GUICtrlRead($atempts) if _Seciurity_check() == True Then auto_ban("SELECT ip, count(ip) as total FROM ip_list WHERE date >= datetime('now','-"&$attempts_time&" minutes') GROUP BY IP HAVING total >= "&$attempts_count&" AND status IS NOT 'Blocked' ") EndIf if _IsChecked($Checkbox2) Then auto_ban_remove("SELECT ip FROM blocked_ip_list WHERE date_to <= datetime('now') AND status='Blocked'") EndIf display_resutls($display_results, $hListView) display_resutls("SELECT * FROM white_ip_list", $hListView3) display_blocked_resutls("SELECT ip, date_from, date_to, status FROM blocked_ip_list ORDER by status") EndFunc Func block_ip_add($WhatIP, $minutes_in_ban_list = 60) Global $SQLite_db Local $whiteip _ADD_BlackListIp($WhatIP) ;_SQLite_Query($SQLite_db, "SELECT ip FROM white_ip_list LIMIT 1;", $hQuery) ; the query _SQLite_QuerySingleRow($SQLite_db, "SELECT ip FROM white_ip_list WHERE ip = '"&$WhatIP&"' LIMIT 1;", $whiteip) if $whiteip[0] = $WhatIP Then MemoWrite("Cant block IP it is in white list") Else RunWait(@ComSpec & ' /c '& "netsh advfirewall firewall add rule name=[logBlock" & $WhatIP & "] dir=in interface=any action=block remoteip=" & $WhatIP, "", @SW_HIDE) ;blocked_ip_list (ID ,ip, date_from, date_to, active) $minutes_in_ban_list = GUICtrlRead($Input1) SQLite_QUERY("INSERT INTO blocked_ip_list VALUES (null, '"& $WhatIP &"', datetime('now','localtime'), datetime('now','localtime', '+"& $minutes_in_ban_list &" minutes'), 'Blocked');") SQLite_QUERY("UPDATE ip_list SET status='Blocked' WHERE ip='"& $WhatIP &"';") EndIf EndFunc Func block_ip_remove($WhatIP) RunWait(@ComSpec & ' /c '& "netsh advfirewall firewall delete rule name=[logBlock" & $WhatIP & "] dir=in", "", @SW_HIDE) SQLite_QUERY("UPDATE blocked_ip_list SET status='Unblocked' WHERE ip='"& $WhatIP &"' AND status='Blocked';") SQLite_QUERY("UPDATE ip_list SET status='Unblocked' WHERE ip='"& $WhatIP &"' AND status='Blocked';") EndFunc Func Update_database() Global $wevtutil_query, $initial_event_count, $Label1 GUICtrlSetData($Label1, "Reading event log from windows") ;MemoWrite("Generating event log from windows") ;$cmd = 'wevtutil qe Security "/q:'& $wevtutil_query &'" /c:'& $initial_event_count &' /rd:true /f:xml>C:\wevtutil.xml' $cmd = 'wevtutil qe Security /q:' & Chr(34) & $wevtutil_query & Chr(34) & ' /c:' & $initial_event_count & ' /rd:true /f:xml>C:\wevtutil.xml' ;MemoWrite($cmd) FileDelete ( "c:\wevtutil.xml" ) Local $foo = RunWait(@ComSpec & ' /c '& $cmd, @SystemDir, @SW_HIDE, $STDERR_CHILD + $STDOUT_CHILD) GUICtrlSetData($Label1, "Reading event log done.") ;MemoWrite("Generating event log done.") Global $Label1, $Progress1, $sql_qry ; MemoWrite("NEW MODE DATA UPDATE") ; MemoWrite("Reading event log.") Local $rawdata = FileRead("c:\wevtutil.xml") ; ##### reading supplied file directly ! ; MemoWrite("Reading event log done.") ;MemoWrite("Phrasing event log.") GUICtrlSetData($Progress1, 30) Local $captures = StringRegExp($rawdata, "(?i)<TimeCreated SystemTime='(.*?)'/><EventRecordID>(.*?)</EventRecordID>.*?<Data Name='TargetUserName'>(.*?)</Data>.*?<Data Name='IpAddress'>(.*?)</Data>", 3) ;MemoWrite("Phrasing event log done.") ;MemoWrite("Inserting data to SQLite.") ;_ArrayDisplay($captures) If IsArray($captures) Then Local $sql If Not _SQLite_Exec($SQLite_db, "begin;") = $SQLITE_OK Then ;MsgBox($MB_SYSTEMMODAL, "SQLite Error", _SQLite_ErrMsg(),5) MemoWrite("SQLite Error: "& _SQLite_ErrMsg()) MemoWrite("SQLite QUERY: "& "begin;") EndIf For $i = 0 To (UBound($captures) / 4) - 1 $reformated_time = StringSplit($captures[4 * $i], "T") $reformated_time = $reformated_time[1] & " " & StringLeft($reformated_time[2],8) $sql &= "('" & $reformated_time & "', '" & $captures[4 * $i + 1] & "', '" & $captures[4 * $i + 2] & "', '" & $captures[4 * $i + 3] & "')," If Mod($i + 1, 500) = 0 Or $i = (UBound($captures) / 4) - 1 Then $sql = "INSERT OR IGNORE INTO ip_list (date, log_id, user, ip) VALUES " & StringTrimRight($sql, 1) If Not _SQLite_Exec($SQLite_db, $sql) = $SQLITE_OK Then MsgBox($MB_SYSTEMMODAL, "SQLite Error", _SQLite_ErrMsg(), 5) MemoWrite("SQLite Error: "& _SQLite_ErrMsg()) MemoWrite("SQLite QUERY: "& $sql) EndIf $sql = "" EndIf Next GUICtrlSetData($Progress1, 70) If Not _SQLite_Exec($SQLite_db, "commit;") = $SQLITE_OK Then MsgBox($MB_SYSTEMMODAL, "SQLite Error", _SQLite_ErrMsg(),5) MemoWrite("SQLite Error: "& _SQLite_ErrMsg()) MemoWrite("SQLite QUERY: "& "commit;") EndIf Else ;MemoWrite("No new event to read.") EndIf ; MemoWrite("Inserting data to SQLite done.") GUICtrlSetData($Progress1, 100) EndFunc Func display_resutls($sql, $hListView) ;MemoWrite("Reading date from SQLite db.") Local $aResult, $iRows, $iColumns, $iRval Global $SQLite_db $iRval = _SQLite_GetTable2d($SQLite_db, $sql, $aResult, $iRows, $iColumns) If $iRval = $SQLITE_OK Then Do ; delte list colums _GUICtrlListView_DeleteColumn($hListView, 0) Until _GUICtrlListView_GetColumnCount($hListView) = 0 ;Create list colums dpending on query Local $hQuery, $aNames _SQLite_Query($SQLite_db, $sql&"", $hQuery) _SQLite_FetchNames($hQuery, $aNames) $count = UBound($aNames)-1 For $rx=0 to $count $lenght = 100 if $aNames[$rx] = "ip" Then $lenght = 150 if $aNames[$rx] = "date" Then $lenght = 130 _GUICtrlListView_InsertColumn($hListView, $rx, $aNames[$rx], $lenght) Next _ArrayDelete($aResult, 0) _GUICtrlListView_DeleteAllItems($hListView) _GUICtrlListView_AddArray($hListView, $aResult) ;_ArrayDisplay($aResult, "Query Result") ;~ $iRows = UBound($aResult)-1 ;~ $iCols = UBound($aResult, 2)-1 ;~ For $i = 1 To $iRows ;~ $string = "" ;~ For $x = 0 To $iCols ;~ $string = $string & $aResult[$i][$x] & " " ;~ Next ;~ MemoWrite($string) ;~ Next Else MsgBox($MB_SYSTEMMODAL, "SQLite Error: " & $iRval, _SQLite_ErrMsg(),5) MemoWrite("SQLite Error: "& _SQLite_ErrMsg()) MemoWrite("SQLite QUERY: "& $sql) EndIf ;MemoWrite("Reading date from SQLite db done.") EndFunc Func display_blocked_resutls($sql) ;MemoWrite("Reading date from SQLite db.") Local $aResult, $iRows, $iColumns, $iRval Global $SQLite_db, $hListView2 $iRval = _SQLite_GetTable2d($SQLite_db, $sql, $aResult, $iRows, $iColumns) If $iRval = $SQLITE_OK Then _ArrayDelete($aResult, 0) _GUICtrlListView_DeleteAllItems($hListView2) _GUICtrlListView_AddArray($hListView2, $aResult) ;_ArrayDisplay($aResult, "Query Result") ;~ $iRows = UBound($aResult)-1 ;~ $iCols = UBound($aResult, 2)-1 ;~ For $i = 1 To $iRows ;~ $string = "" ;~ For $x = 0 To $iCols ;~ $string = $string & $aResult[$i][$x] & " " ;~ Next ;~ MemoWrite($string) ;~ Next Else MsgBox($MB_SYSTEMMODAL, "SQLite Error: " & $iRval, _SQLite_ErrMsg(),5) MemoWrite("SQLite Error: "& _SQLite_ErrMsg()) MemoWrite("SQLite QUERY: "& $sql) EndIf ;MemoWrite("Reading date from SQLite db done.") EndFunc Func auto_ban($sql) if _Seciurity_check() = True Then ;~ MemoWrite("true.") Local $aResult, $iRows, $iColumns, $iRval, $minutes_in_ban_list Global $SQLite_db, $hListView $iRval = _SQLite_GetTable2d($SQLite_db, $sql, $aResult, $iRows, $iColumns) ;~ MemoWrite($sql) If $iRval = $SQLITE_OK Then ;_ArrayDelete($aResult, 0) ;_GUICtrlListView_DeleteAllItems($hListView) ;_GUICtrlListView_AddArray($hListView, $aResult) ;_ArrayDisplay($aResult, "Query Result") $iRows = UBound($aResult)-1 For $i = 1 To $iRows if _IsChecked($Checkbox2) Then $minutes_in_ban_list = GUICtrlRead($Input1) Else $minutes_in_ban_list = 548640000 ; ban for 10 years EndIf block_ip_add($aResult[$i][0], $minutes_in_ban_list) MemoWrite("Auto blocking IP: " &$aResult[$i][0]& " for: "& $minutes_in_ban_list & " minutes.") Next Else MsgBox($MB_SYSTEMMODAL, "SQLite Error: " & $iRval, _SQLite_ErrMsg() & @CRLF & $sql,5) MemoWrite("SQLite Error: "& _SQLite_ErrMsg()) MemoWrite("SQLite QUERY: "& $sql) EndIf Else ;~ MemoWrite("false.") EndIf ;MemoWrite("Reading date from SQLite db done.") EndFunc Func auto_ban_remove($sql) MemoWrite("Autoban remove: "&$sql) Local $aResult, $iRows, $iColumns, $iRval, $minutes_in_ban_list Global $SQLite_db, $hListView $iRval = _SQLite_GetTable2d($SQLite_db, $sql, $aResult, $iRows, $iColumns) If $iRval = $SQLITE_OK Then ;_ArrayDelete($aResult, 0) ;_GUICtrlListView_DeleteAllItems($hListView) ;_GUICtrlListView_AddArray($hListView, $aResult) ;_ArrayDisplay($aResult, "Query Result") $iRows = UBound($aResult)-1 For $i = 1 To $iRows block_ip_remove($aResult[$i][0]) ;blocked_ip_list (ID ,ip, date_from, date_to, active) MemoWrite("Auto blocking IP: " &$aResult[$i][0]& " REMOVED") Next Else MsgBox($MB_SYSTEMMODAL, "SQLite Error: " & $iRval, _SQLite_ErrMsg()& @CRLF & $sql,5) MemoWrite("SQLite Error: "& _SQLite_ErrMsg()) MemoWrite("SQLite QUERY: "& $sql) EndIf ;MemoWrite("Reading date from SQLite db done.") EndFunc Func SQLite_QUERY($sql_qry) Global $SQLite_db If Not _SQLite_Exec($SQLite_db, $sql_qry) = $SQLITE_OK Then MemoWrite("SQLite Error: "&_SQLite_ErrMsg() & " QUERY: "& $sql_qry) MsgBox($MB_SYSTEMMODAL, "SQLite Error", _SQLite_ErrMsg() & @CRLF & $sql_qry, 5) EndIf EndFunc Func _IsChecked($iControlID) Return BitAND(GUICtrlRead($iControlID), $GUI_CHECKED) = $GUI_CHECKED EndFunc ;==>_IsChecked ; Write a line to the memo control Func MemoWrite($sMessage) $time = @YEAR & "-"& @MON & "-"& @MDAY & " "& @HOUR & ":"& @MIN & ":"& @SEC GUICtrlSetData($iMemo, $time &" -> "& $sMessage & @CRLF, 1) FileWriteLine("log.txt", $sMessage & @CRLF) EndFunc ;==>MemoWrite Func _GeoLocate($ip) ;by llewxam $url = "http://freegeoip.net/csv/"&$ip $WEBdata = BinaryToString(InetRead($url,1)) $geo_data = StringSplit($WEBdata, ',') ;~ "184.22.136.136","US","United States","PA","Pennsylvania","Scranton","18501","41.4090","-75.6624","577","570" ;~ ShellExecute("http://www.infosniper.net/index.php?ip_address=" & $ip & "&map_source=1&overview_map=1&lang=1&map_type=1&zoom_level=7") if IsArray($geo_data) And UBound($geo_data) > 3 Then ;_ArrayDisplay($geo_data, "GEO Loaction") MsgBox($MB_OK, "BFGuard", "IP: "&clean_duble_quotes($geo_data[1])&@CRLF &"Country: "&clean_duble_quotes($geo_data[3])&@CRLF&"State: "&clean_duble_quotes($geo_data[5])&@CRLF&"City: "&clean_duble_quotes($geo_data[6])&@CRLF) Else MsgBox($MB_OK, "BFGuard", "Cant get any data for this ip", 5) EndIf EndFunc ;==>_GeoLocate Func clean_duble_quotes($str) $str = StringTrimRight(StringTrimLeft($str,1),1) Return($str) EndFunc Func _ADD_BlackListIp($ip) EndFunc Func _Seciurity_check() Return True EndFunc Func encryptted($data) $key = "756874587855478554482011"; // 32 byte key --> AES-256 $IV = '8979879879875464654654' _Crypt_Startup() $key = _CryptImportKey($CALG_AES_256, $key, 32) Const $KP_IV = 1 _CryptSetKeyParam($key, $KP_IV, $IV, 0, "str") ; So könnte man den Modus auf ECB stellen, dann wird der IV nicht verwendet, ; die Verschlüsselung ist schlechter. Const $KP_MODE = 4 Const $CRYPT_MODE_ECB = 2 ;~ _CryptSetKeyParam($key, $KP_MODE, $CRYPT_MODE_ECB, 0, "dword*") $crypt = _Crypt_EncryptData($data, $key, $CALG_USERKEY) $crypt = Hex($crypt) ;~ ConsoleWrite("Encrypted: " & $crypt & @LF) ;~ $decrypt = _Crypt_DecryptData(Binary('0x' & $crypt), $key, $CALG_USERKEY) ;~ ConsoleWrite("Decrypted: " & BinaryToString($decrypt) & @LF) _Crypt_DestroyKey($key) _Crypt_Shutdown() Return $crypt EndFunc Func decryptted($data) $key = "756874587855478554482011"; // 32 byte key --> AES-256 $IV = '8979879879875464654654' _Crypt_Startup() $key = _CryptImportKey($CALG_AES_256, $key, 32) Const $KP_IV = 1 _CryptSetKeyParam($key, $KP_IV, $IV, 0, "str") ; So könnte man den Modus auf ECB stellen, dann wird der IV nicht verwendet, ; die Verschlüsselung ist schlechter. Const $KP_MODE = 4 Const $CRYPT_MODE_ECB = 2 ;~ _CryptSetKeyParam($key, $KP_MODE, $CRYPT_MODE_ECB, 0, "dword*") ;~ $crypt = _Crypt_EncryptData($data, $key, $CALG_USERKEY) ;~ $crypt = Hex($crypt) ;~ ConsoleWrite("Encrypted: " & $crypt & @LF) $decrypt = _Crypt_DecryptData(Binary('0x' & $data), $key, $CALG_USERKEY) ;~ ConsoleWrite("Decrypted: " & BinaryToString($decrypt) & @LF) _Crypt_DestroyKey($key) _Crypt_Shutdown() Return BinaryToString($decrypt) EndFunc Func _CryptImportKey($CALG, $bKey, $iKeyLength = -1) ; Author: ProgAndy If $iKeyLength < 1 Then $iKeyLength = BinaryLen($bKey) Local $blob = DllStructCreate("align 1;BYTE bType;BYTE bVersion;WORD reserved;dword aiKeyAlg;dword keysize;byte key[" & $iKeyLength & "]") DllStructSetData($blob, 1, 0x8) DllStructSetData($blob, 2, 2) DllStructSetData($blob, 4, $CALG) DllStructSetData($blob, 5, $iKeyLength) DllStructSetData($blob, 6, Binary($bKey)) Local $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptImportKey", "handle", __Crypt_Context(), "ptr", DllStructGetPtr($blob), "dword", DllStructGetSize($blob), "ptr", 0, "dword", 0, "ptr*", 0) If @error Then Return SetError(2, @error, 0) Return SetError(Not $aRet[0], 0, $aRet[6]) EndFunc Func _CryptSetKeyParam($hKey, $iParam, $vValue, $iFlags=0, $sValType=Default) ; Author: ProgAndy If Not $sValType Or $sValType = Default Then $sValType = "ptr" Local $aRet = DllCall(__Crypt_DllHandle(), "bool", "CryptSetKeyParam", "handle", $hKey, "uint", $iParam, $sValType, $vValue, "dword", $iFlags) If @error Then Return SetError(2, @error, 0) Return SetError(Not $aRet[0], 0, $aRet[0]) EndFunc

Wow! I've been so stupid! Totally forgot the GUICtrlSetPos Command! >.< Replacing my "GUICtrlSetGraphic" with this: GUICtrlSetPos($drawinggui,100 + $side, 100 + $up) Did the job! Still need to resize it tho!

Chimp, Why not? The LIKE comparison operator is agnostic about what the source of the strings are: literals, result of function or operation, column content or any expression. porya, Try this: $sqlString = "SELECT * FROM Table_1 WHERE '1FN3003-4PP00-0AA0' LIKE ProNo || '%'; " Here I assume that the SQL engine you use recognizes || as the string concatenation operator.

MarcusFernstrom, see my '?do=embed' frameborder='0' data-embedContent>>

Here is a simple solution for CMD piping. ; Example of piping in AutoIt ; define commands to pipe $sCmd1 = "dir " & @SystemDir & "\*.*" ; display all files of system directory $sCmd2 = "find /I "".exe""" ; select all EXE files $sCmd3 = "find /I ""di""" ; select all files with 'di' as substring ; run commands concurrent $iPID1 = Run(@ComSpec & " /C " & $sCmd1, "", @SW_HIDE, 9) ; $STDIN_CHILD(1) + $STDERR_MERGED(8) $iPID2 = Run(@ComSpec & " /C " & $sCmd2, "", @SW_HIDE, 9) ; $STDIN_CHILD(1) + $STDERR_MERGED(8) $iPID3 = Run(@ComSpec & " /C " & $sCmd3, "", @SW_HIDE, 9) ; $STDIN_CHILD(1) + $STDERR_MERGED(8) ; pipe output of first command as input to second command While Sleep(10) $sTmp = StdoutRead($iPID1, False, True) If @error Then ExitLoop StdinWrite($iPID2) StdinWrite($iPID2, $sTmp) WEnd ; pipe output of second command as input to third command While Sleep(10) $sTmp = StdoutRead($iPID2, False, True) If @error Then ExitLoop StdinWrite($iPID3) StdinWrite($iPID3, $sTmp) WEnd ; display output of third command MsgBox(Default, Default, StdoutRead($iPID3), 0)