Leaderboard

Hi, I thought i'd share a small script that scans your Windows Eventlog and generates a blacklist/firewall block rule of IPs that tries to hammer your RDP connection with wrong credentials. Yes, i know it's not best practice to have RDP open to the internet but sometimes it's just more practical. I havn't had time to create a loop in the script itself but you can run it in windows scheduler with a 10 minute recurrence. This is a quick and dirty solution and for those that like the idea, please feel free to improve/tidy the code. #RequireAdmin #include <Date.au3> #include <array.au3> #include <File.au3> Global $IpListFile = @scriptdir &"\RdpBlockIP.txt" Global $LogFile = @scriptdir &"\RdpBlockLog.txt" Global $EventlogOutput = @scriptdir &"\EventlogOutput.xml" Global $FailedAttepts = IniRead(@scriptdir &"\RdpBlock.ini", "Settings", "FailedAttempts", "3") Global $WithinMinutes = IniRead(@scriptdir &"\RdpBlock.ini", "Settings", "WithinMinutes", "720") Global $Whitelist = IniRead(@scriptdir &"\RdpBlock.ini", "Settings", "Whitelist", "192.168.0") Global $LogArray[0][2] Global $BlacklistArray[0] RunWait(@ComSpec & " /c " & 'wevtutil qe "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational" "/q:*[System [(EventID=140)]]" /c:2000 /rd:true /f:xml>'&$EventlogOutput , "", @SW_HIDE) $FileArray = FileReadToArray ( $EventlogOutput ) FileDelete($EventlogOutput) ;Fill $LogArray with last hours logs $FirstStamp = 0 For $i = 0 to UBound($FileArray) -1 $LineArray = StringSplit ( $FileArray[$i], ">" ) $IP = StringTrimRight($LineArray[29], 6) $StampArray = StringSplit($LineArray[16], "'") $StampArray = StringSplit($StampArray[2], "T") $Date = $StampArray[1] $TimeArray = StringSplit($StampArray[2], ".") $Time = $TimeArray[1] $sFill = $IP&"|"&$Date&" "&$Time If $FirstStamp = 0 then $FirstStamp = $Date&" "&$Time If _DateDiff('n', $Date&" "&$Time, $FirstStamp) = $WithinMinutes then ExitLoop _ArrayAdd($LogArray,$sFill) Next For $i = 0 to Ubound($LogArray)-1 $SarchIP = _ArrayFindAll ( $LogArray, $LogArray[$i][0]) If StringInStr($Whitelist, $LogArray[$i][0]) Then Else If Ubound($SarchIP) >= $FailedAttepts Then _ArrayAdd($BlacklistArray, $LogArray[$i][0]) EndIf Next ;Unless first run, include IPs from file If FileExists ($IpListFile) then ;Concatenate old with new array of IPs and delete duplicates $FileArray = FileReadToArray ( $IpListFile ) $FileIpCount = Ubound($FileArray) _ArrayConcatenate ( $FileArray, $BlacklistArray) $IpUniqueArray = _ArrayUnique ( $FileArray) If $IpUniqueArray[0] - $FileIpCount > 0 then _FileWriteLog($LogFile, 'Adding '& $IpUniqueArray[0] - $FileIpCount & ' addresses to current list ('&$FileIpCount&'), now '&$IpUniqueArray[0]&' in total.' ) ;Write IP list to file _ArraySort ($IpUniqueArray, 0, 1, $IpUniqueArray[0]) $IpList = _ArrayExtract ( $IpUniqueArray , 1 , $IpUniqueArray[0]) FileDelete($IpListFile) _FileWriteFromArray($IpListFile, $IpList) Else $IpUniqueArray = _ArrayUnique ($BlacklistArray) _ArraySort ($IpUniqueArray, 0, 1, $IpUniqueArray[0]) _FileWriteLog($LogFile, 'Adding '& $IpUniqueArray[0]& ' addresses to list of RDP blacklist.') $IpList = _ArrayExtract ( $IpUniqueArray , 1 , $IpUniqueArray[0]) _FileWriteFromArray($IpListFile, $IpList) EndIf ;Delete old FW rules RunWait(@ComSpec & " /c " & 'netsh advfirewall firewall show rule status=enabled name=all | find "RdpBlacklist" > '&@ScriptDir&'\output.txt' , "", @SW_HIDE) $Output = FileRead ( @ScriptDir&'\output.txt') FileDelete(@ScriptDir&'\output.txt') $Output = StringReplace($Output, "Rule Name:", "") $Output = StringReplace($Output, " ", "") $RulesArray = StringSplit($Output, @LF) For $d = 1 to $RulesArray[0]-1 RunWait(@ComSpec & " /c " & 'netsh advfirewall firewall delete rule name='&$RulesArray[$d] , "", @SW_HIDE) Next ;Create FW rules with max 100 IPs per rule (native limit) For $i = 1 to $IpUniqueArray[0] Step 100 If $i+99 > $IpUniqueArray[0] then $SplitIpArray = _ArrayExtract ( $IpUniqueArray , $i, $IpUniqueArray[0] ) $IpString = _ArrayToString($SplitIpArray, ",") If $IpString > "" then RunWait(@ComSpec & " /c " & 'netsh advfirewall firewall add rule name="RdpBlacklist'&StringFormat("%04d", $i)&'-'&StringFormat("%04d", $IpUniqueArray[0])&'" dir=in interface=any action=block remoteip='&$IpString, "", @SW_HIDE) Else $SplitIpArray = _ArrayExtract ( $IpUniqueArray , $i, $i+99) $IpString = _ArrayToString($SplitIpArray, ",") If $IpString > "" then RunWait(@ComSpec & " /c " & 'netsh advfirewall firewall add rule name="RdpBlacklist'&StringFormat("%04d", $i)&'-'&StringFormat("%04d", $i+99)&'" dir=in interface=any action=block remoteip='&$IpString, "", @SW_HIDE) EndIf Next The script operates with a simple ini file called RdpBlock.ini that you can create yourself or just download the attached one. [Settings] FailedAttempts=5 WithinMinutes=10 Whitelist= RdpBlock.ini

@Reaper HGN here all it works well. I used this udf downloaded from this post: ( https://www.autoitscript.com/forum/topic/118827-create-pdf-from-your-application/?do=findComment&comment=1158973 ) save this example script and the MPDF_UDF.au3 udf both in the same folder, (and of course make sure that the "images" folder is also present in the same folder as the script and contains the images) since that udf version still uses the _Iif () function which is no longer present in the new AutoIt versions, you have to create an alternative one either in the script or in the udf itself (I inserted it in the example script) hope this will help you ; get udf from the following post: ; https://www.autoitscript.com/forum/topic/118827-create-pdf-from-your-application/?do=findComment&comment=1158973 #include "MPDF_UDF.au3" ;set the properties for the pdf _SetUnit($PDF_UNIT_CM) _SetPaperSize("A4") _SetZoomMode($PDF_ZOOM_CUSTOM, 90) _SetOrientation($PDF_ORIENTATION_PORTRAIT) _SetLayoutMode($PDF_LAYOUT_CONTINOUS) _OpenAfter(True);open after generation ;initialize the pdf _InitPDF(@ScriptDir & "\pdf_graphic_test.pdf") ;=== load resources used in pdf === ;images: _LoadResImage("taietel2", @ScriptDir & "\Images\gif.gif") _LoadResImage("taietel3", @ScriptDir & "\Images\jpg.jpg") _LoadResImage("taietel4", @ScriptDir & "\Images\ico.ico") _LoadResImage("taietel5", @ScriptDir & "\Images\tif.tif") _BeginPage() _InsertImage("taietel2", 3, 3, 2, 2) _InsertImage("taietel5", 5, 5.5, 2, 2) _InsertImage("taietel3", 7, 8, 2, 2) _InsertImage("taietel4", 9, 10.5, 2, 2) _DrawLine(2, 2, 12, 6, $PDF_STYLE_STROKED, 10, 0.1, 0x996600, 0, 0) _EndPage() _ClosePDFFile() Func _Iif($fTest, $vTrueVal, $vFalseVal) If $fTest Then Return $vTrueVal Else Return $vFalseVal EndIf EndFunc ;==>_Iif

Zag8888, Please make sure you read the Forum rules - particularly the bit about not discussing game automation - before you post again. M23

You're probably clicking no where near the control. The X and Y parameters for ControlClick are the coordinates within the control, not the window. Plus you have "left" where the number of clicks parameter is supposed to be, which shifts the rest off by one.

You could also just use _GUICtrlListView_AddArray for example: #include <Array.au3> #include <File.au3> #include <GUIConstants.au3> #include <GuiListView.au3> Opt("ExpandVarStrings", 1) Global $g_aSiteFileData[0][3] _GetSiteData() Local $exStyles = BitOR($LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, $LVS_EX_SUBITEMIMAGES) $guiapp = GUICreate("test" , 390, 220,-1, -1, -1); WS_EX_ACCEPTFILES $listview = GUICtrlCreateListView("", 10, 10, 370, 200) _GUICtrlListView_SetExtendedListViewStyle($listview, $exStyles) _GUICtrlListView_AddColumn($listview, "Name", 120) _GUICtrlListView_AddColumn($listview, "Mail", 120) _GUICtrlListView_AddColumn($listview, "Popup", 120) _GUICtrlListView_AddArray($listview, $g_aSiteFileData) GUISetState() While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit EndSwitch WEnd Func _GetSiteData() Local $aSiteFileData Local $aSiteFilePath = _FileListToArrayRec("@ScriptDir@\Sites", "*.ini", 1, 0, 1, 2) If @error Then Exit MsgBox(4096, "Error", "An error occurred while getting site ini files.") Local $sDrive = "", $sDir = "", $sFileName = "", $sExtension = "" For $i = 1 To $aSiteFilePath[0] $aSiteFileData = IniReadSection($aSiteFilePath[$i], "Check") If @error Then ContinueLoop ;~ Error reading ini file $aFilePath = _PathSplit($aSiteFilePath[$i], $sDrive, $sDir, $sFileName, $sExtension) _ArrayAdd($g_aSiteFileData, "$sFileName$|" & _ArrayToString($aSiteFileData, "|", 1, -1, "|", 1, 1)) Next EndFunc

Is it the same behavior on the LSD_8_INCH lines? Or is this behvaior unique to the 6 inchers? Those are just some of the myriad questions that abound until the source file is produced. ***to end speculation you could just run a stringstripws for leading and trailing (and maybe just trailing..) as we would see all others in the notepad screenshot. Unless yall know cool ways to hide shit in the middle of a string in notepad, which you need to show me.

#include <Memory.au3> #include <GDIPlus.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> AutoItSetOption("GUIOnEventMode", 1) ;~ $BitCount = 4 $BitCount = 8 ;~ $BitCount = 16 $Width = 500 $Height = 500 Local $ptrbmp, $DibHandle, $DibPre_Obj $BitmapBB1 = _CreateNewDIB_Bitmap($Width, $Height, $BitCount, $ptrbmp, $DibHandle, $DibPre_Obj) Local $ptrbmp2, $DibHandle2, $DibPre_Obj2 $BitmapBB2 = _CreateNewDIB_Bitmap($Width, $Height, $BitCount, $ptrbmp2, $DibHandle2, $DibPre_Obj2) Local $ptrbmp3, $DibHandle3, $DibPre_Obj3 $BitmapBB3 = _CreateNewDIB_Bitmap($Width, $Height, $BitCount, $ptrbmp3, $DibHandle3, $DibPre_Obj3) $Form = GUICreate("GUI", $Width, $Height, -1, -1) $Pic = GUICtrlCreatePic("", 5, 5, $Width, $Height) GUICtrlSetResizing($Pic, $GUI_DOCKLEFT + $GUI_DOCKRIGHT + $GUI_DOCKTOP + $GUI_DOCKBOTTOM) GUISetState(@SW_SHOW) GUISetOnEvent($GUI_EVENT_CLOSE, "_Exit") Local $hWnd = _WinAPI_GetDesktopWindow() Local $hDDC = _WinAPI_GetDC($hWnd) $hCtrl = GUICtrlGetHandle($Pic) $hGUI_DC = _WinAPI_GetDC($hCtrl) _GDIPlus_Startup() While 1 _WinAPI_BitBlt($BitmapBB2, 0, 0, $Width, $Height, $BitmapBB1, 0, 0, $SRCCOPY) ;buffer of olf image to xor from _WinAPI_BitBlt($BitmapBB1, 0, 0, $Width, $Height, $hDDC, 0, 0, $SRCCOPY) ;get the mew image _WinAPI_BitBlt($BitmapBB2, 0, 0, $Width, $Height, $BitmapBB1, 0, 0, $SRCINVERT);Xor Old and New image ;save image to stream or file as png format $hBitmap = _GDIPlus_BitmapCreateFromHBITMAP($DibHandle2) If @error Then ConsoleWrite('_GDIPlus_BitmapCreateFromHBITMAP Failed') $BitmapStream = _GDIPlus_StreamImage2BinaryString($hBitmap, "PNG",100) If @error Then ConsoleWrite('_GDIPlus_StreamImage2BinaryString Failed') _GDIPlus_BitmapDispose($hBitmap) ;######################################################################################### ;Load image from stream or file Local $hHBITMAP $hHBITMAP = _GDIPlus_BitmapCreateFromMemory($BitmapStream, True) If @error Then ConsoleWrite('_GDIPlus_BitmapCreateFromMemory Failed') Local $hDC_backbuffer = _WinAPI_CreateCompatibleDC($hGUI_DC) Local $DC_obj = _WinAPI_SelectObject($hDC_backbuffer, $hHBITMAP) _WinAPI_BitBlt($BitmapBB3, 0, 0, $Width, $Height, $hDC_backbuffer, 0, 0, $SRCINVERT) ;xor image existing image _WinAPI_SelectObject($hDC_backbuffer, $DC_obj) _WinAPI_DeleteDC($hDC_backbuffer) _WinAPI_DeleteObject($hHBITMAP) sleep(100) ;~ _WinAPI_BitBlt($hGUI_DC, 0, 0, $Width, $Height, $BitmapBB2, 0, 0, $SRCCOPY) ;see Xored img before saved to file or stream ;~ _WinAPI_BitBlt($hGUI_DC, 0, 0, $Width, $Height, $BitmapBB1, 0, 0, $SRCCOPY) ;see New image before it is xored and saved _WinAPI_BitBlt($hGUI_DC, 0, 0, $Width, $Height, $BitmapBB3, 0, 0, $SRCCOPY) ;image xor chain? WEnd Func _Exit() _GDIPlus_Shutdown() Exit EndFunc ;==>_Exit Func _GDIPlus_StreamImage2BinaryString($hBitmap, $sFormat = "JPG", $iQuality = 80, $bSave = False, $sFilename = @ScriptDir & "\Converted.jpg") ;coded by UEZ 2013 build 2014-01-25; based on the code by Andreik $lastfunc = '_GDIPlus_StreamImage2BinaryString' Local $sImgCLSID, $tGUID, $tParams, $tData Switch $sFormat Case "JPG" $sImgCLSID = _GDIPlus_EncodersGetCLSID($sFormat) $tGUID = _WinAPI_GUIDFromString($sImgCLSID) $tData = DllStructCreate("int Quality") DllStructSetData($tData, "Quality", $iQuality) ;quality 0-100 Local $pData = DllStructGetPtr($tData) $tParams = _GDIPlus_ParamInit(1) _GDIPlus_ParamAdd($tParams, $GDIP_EPGQUALITY, 1, $GDIP_EPTLONG, $pData) Case "PNG", "BMP", "GIF", "TIF" $sImgCLSID = _GDIPlus_EncodersGetCLSID($sFormat) $tGUID = _WinAPI_GUIDFromString($sImgCLSID) Case Else Return SetError(1, 0, 0) EndSwitch Local $hStream = _WinAPI_CreateStreamOnHGlobal() ;http://msdn.microsoft.com/en-us/library/ms864401.aspx If @error Then Return SetError(2, 0, 0) _GDIPlus_ImageSaveToStream($hBitmap, $hStream, DllStructGetPtr($tGUID), DllStructGetPtr($tParams)) If @error Then Return SetError(3, 0, 0) Local $hMemory = _WinAPI_GetHGlobalFromStream($hStream) ;http://msdn.microsoft.com/en-us/library/aa911736.aspx If @error Then Return SetError(4, 0, 0) Local $iMemSize = _MemGlobalSize($hMemory) If Not $iMemSize Then Return SetError(5, 0, 0) Local $pMem = _MemGlobalLock($hMemory) $tData = DllStructCreate("byte[" & $iMemSize & "]", $pMem) Local $bData = DllStructGetData($tData, 1) _WinAPI_ReleaseStream($hStream) ;http://msdn.microsoft.com/en-us/library/windows/desktop/ms221473(v=vs.85).aspx _MemGlobalFree($hMemory) If $bSave Then Local $hFile = FileOpen($sFilename, 18) If @error Then Return SetError(6, 0, $bData) FileWrite($hFile, $bData) FileClose($hFile) EndIf Return $bData EndFunc ;==>_GDIPlus_StreamImage2BinaryString Func _CreateNewDIB_Bitmap($Width, $Height, $BitCount, ByRef $ptrbmp, ByRef $DibHandle, ByRef $DibPre_Obj) Local $tBITMAPINFO = DllStructCreate("dword Size; long Width; long Height; word Planes; word BitCount; dword Compression; dword SizeImage; long XPelsPerMeter; long YPelsPerMeter; dword ClrUsed; dword ClrImportant; dword RGBQuad[256];") DllStructSetData($tBITMAPINFO, 'Size', 40) DllStructSetData($tBITMAPINFO, 'Width', $Width) DllStructSetData($tBITMAPINFO, 'Height', -$Height) DllStructSetData($tBITMAPINFO, 'Planes', 1) DllStructSetData($tBITMAPINFO, 'BitCount', $BitCount) Local $iColorCnt = BitShift(1, -$BitCount) DllStructSetData($tBITMAPINFO, 'ClrUsed', $iColorCnt) DllStructSetData($tBITMAPINFO, 'ClrImportant', $iColorCnt) ;https://www.autoitscript.com/forum/topic/139174-gdi-cc-code-to-autoit-conversion/ Switch $BitCount Case 1 DllStructSetData($tBITMAPINFO, 'RGBQuad', BitOR(BitShift(0xFF, -16), BitShift(0xFF, -8), 0xFF), 1) ;~ Case 4 ;~ Local $aCol[16] = [8, 24, 38, 56, 72, 88, 104, 120, 136, 152, 168, 184, 210, 216, 232, 248] ;~ For $i = 0 To 15 ;~ DllStructSetData($tBITMAPINFO, 'RGBQuad', BitOR(BitShift($aCol[$i], -16), BitShift($aCol[$i], -8), $aCol[$i]), $i + 1) ;~ Next Case 4 Local $aCol[16] = [16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 216, 232, 248] For $i = 0 To 15 DllStructSetData($tBITMAPINFO, 'RGBQuad', BitOR(BitShift($aCol[$i], -16), BitShift($aCol[$i], -8), $aCol[$i]), $i + 1) Next ;~ Case 8 ;~ ; Windows reserves first color for white, ;~ DllStructSetData($tBITMAPINFO, 'RGBQuad', 255, 1) ;~ ; and last color as black! ;~ DllStructSetData($tBITMAPINFO, 'RGBQuad', 0, 255) ;~ Local $iColor = 10 ;~ For $i = 20 To $iColorCnt - 22 ;first 20 and last 20 are reserved! ;~ DllStructSetData($tBITMAPINFO, 'RGBQuad', BitOR(BitShift($i, -16), BitShift($i, -8), $i * $iColor), $i + 1) ;~ Next Case 8 ;~ ; Windows reserves first color for white, ;~ $tBITMAPINFO.RGBQuad((0)) = 0xFFFFFF ;~ ; and last color as black! ;~ $tBITMAPINFO.RGBQuad((0xFF)) = 0x000000 Local $iColor = 20, $iRed, $iGreen, $iBlue For $iRed = 0 To 255 Step 51 For $iGreen = 0 To 255 Step 51 For $iBlue = 0 To 255 Step 51 $tBITMAPINFO.RGBQuad(($iColor)) = BitShift($iRed, -16) + BitShift($iGreen, -8) + $iBlue $iColor += 1 Next Next Next EndSwitch Local $hDC = _WinAPI_CreateCompatibleDC(0) $DibHandle = _WinAPI_CreateDIBSection(0, $tBITMAPINFO, $DIB_RGB_COLORS, $ptrbmp) $DibPre_Obj = _WinAPI_SelectObject($hDC, $DibHandle) Return $hDC EndFunc ;==>_CreateNewDIB_Bitmap oh great, I edited my post and messed it up. lost all i wrote before. basically my problem is when i Xor and image with $SRCINVERT and _WinAPI_BitBlt, and save the image in stream or file, after i load or rebuild the image, i get color problems, this only happens with 8 bits, other bits work just fine. i'm not sure if the color structure i'm using is the problem, or if i need to save or rebuild the 8 bits image differently. im stuck

Maybe some hidden characters (space at the end for example)...Check for that in your recipe.txt file.

_GUICtrlListView_AddItem($listview, "Google", 0) For $i = 1 To $var[0][0] _GUICtrlListView_AddSubItem($listview, 0, $var[$i][1], $i) Next Try this. I hardcoded Google to get you an idea how to do it....

Solved the mystery: As careca said, THE FILE WAS LOCKED. Although I opened the file in READ-ONLY in my code and the file was also opened READ-ONLY by MediaPlayerClassic - apparently it was enough for Windows to deny file access to my AutoIt script... Damn! I also found out why: The _WinAPI_CreateFile() doc states: _WinAPI_CreateFile ( $sFileName, $iCreation [, $iAccess = 4 [, $iShare = 0 [, $iAttributes = 0 [, $tSecurity = 0]]]] ) Local $fHandle = _WinAPI_CreateFile($sFilePath, 2, 2) ; read-only Do you see it? Although I opened the file as read-only, the DEFAULT $iShare access in Au3 is set to NOT SHARE (==0). So if you open the file in really read-only, to get it's metadata, you want to allow ANY kind of access. Be it another read-only, write or delete: Local $fHandle = _WinAPI_CreateFile($sFilePath, 2, 2, 7) ; read-only and share any Now the file can be opened by my media player and I can retrieve its metadata in background! I didn't know a read-only access had to be allowed in the API call, I just assumed it by default.

One line. #include "czardas.au3" _czardas() czardas.au3 Func _czardas() Local $a2[3] = ["lost", "won", 5 & Random(1, 49, 1)] While Not StringInStr($a2[2], "|", 0, 6) $a2[2] = StringRegExpReplace($a2[2] & StringRegExpReplace($a2[2] & "|" & 5 & Random(1, 49, 1), "(" & $a2[2] & ")", ""), "\|+", "|") WEnd Return MsgBox(0, "Lottery", "You " & $a2[StringStripWS(StringRegExpReplace(StringRegExpReplace(InputBox("Enter 7 Numbers", ""), "(\A| )", "5"), "(" & $a2[2] & ")", ""), 8) = ""]) EndFunc ;==>_czardas