FranckGr

Why not FileDelete(@ScriptFullPath) at the end of your script ...

For those still using INI files. my _IniRead function (Creating default value if it does not exists) Func _IniRead($IniFile, $Section, $Key, $DefaultValue) Local $v = IniRead($IniFile, $Section, $Key, "=====") If $v = "=====" Then If IniWrite($IniFile, $Section, $Key, $DefaultValue) Then $v = IniRead($IniFile, $Section, $Key, "=====") If $v = "=====" Then Return SetError(2,0,$DefaultValue) ; @Error = 2, @Extended = 0 => Should no append (Could create the key, could not read created key) Else Return SetError(0,1,$v) ; @Error = 0, @Extended = 1 => Key was created successfuly in INI file Endif Else Return SetError(1,0,$DefaultValue) ; @Error = 1, @Extended = 0 => Could not create the key, return Default value EndIf Else Return SetError(0,0,$v) ; @Error = 0, @Extended = 0 => Key was existing in INI file EndIf EndFunc

Thank you all, you were right, the file was UTF8. I solved it by initializing the file with a @CRLF before the first section. Array is now Row|Col 0 [0]|10 [1]|Site Information [2]|Computer [3]|Physical Disk Details [4]|Logical Disk Details [5]|NIC Details [6]|Graphic Card Details [7]|Memory Card Details [8]|Missing Components [9]|Non-standard Components [10]|Installed Hotfixes

Hi Seams IniReadSectionNames does not show all Sections names (First one is missing ... [Site Information]) My code Local $aSections=IniReadSectionNames($ThisIni) $ThisIni : [Site Information] Equipment ID:=539456593 Customer Name:=CH Address: =- City State:=Town Country:=France Phone:= Zip Code:=24000 Product Type:=Master [Computer] Computer Name=CHPRODFR Hardware Manufacturer=HP Hardware Model=ProLiant ML350 Gen9 Processor=Intel(R) Xeon(R) CPU E5-2643 v3 @ 3.40GHz Number of memory modules=4 Total Memory size=32 GB BIOS version=P92 [Physical Disk Details] 1=2.00 TB [Logical Disk Details] C:\=63.6 GB D:\=2062.1 GB F:\=872.8 GB [NIC Details] Embedded LOM 1 Port 1=00:10:6F:C5:FD:8E Hospital-LAN=70:10:6F:C5:FD:8E [Graphic Card Details] DriverDate=20150826 DriverVersion=4.1.2.2 Name=Matrox G200eh (HP) WDDM 1.2 Status=OK VideoProcessor=Matrox G200eH [Memory Card Details] 8192=752368-081 8192=752368-081 8192=752368-081 8192=752368-081 [Missing Components] [Non-standard Components] [Installed Hotfixes] $aSections Row|Col 0 [0]|9 [1]|Computer [2]|Physical Disk Details [3]|Logical Disk Details [4]|NIC Details [5]|Graphic Card Details [6]|Memory Card Details [7]|Missing Components [8]|Non-standard Components [9]|Installed Hotfixes

Nice script llewxam. Note : NBTSTAT is a localised command, try every NIC connected, and is also slow when finding a linux host (here a French XP OS querying my router) ... C:\Documents and Settings\Franck Grieder>nbtstat -A 192.168.146.254 OnBoard: Adresse IP du noeud : [192.168.146.50] ID d'étendue : [] Hôte introuvable. VirtualBox Host-Only Network: Adresse IP du noeud : [192.168.56.1] ID d'étendue : [] Hôte introuvable.

http://tftpd32.jounin.net/tftpd32_download.html http://typsoft-ftp-server.softonic.fr/ http://filezilla-project.org/download.php?type=server

These are functions I am using for that Global $Title, Global $key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\" NoAutoLogon() ; ; ; $Title = "Step 3: Build Active Directory" ; Do what you want ; SetAutoLogon() RestartThisScriptAfterReeboot() Reboot() Exit Func SetAutoLogon() ;Setting up Autologon @LogonDomain RegWrite( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" ,"DefaultDomainName" ,"REG_SZ", @LogonDomain) RegWrite( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" ,"DefaultUserName" ,"REG_SZ", "administrator") RegWrite( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" ,"DefaultPassword" ,"REG_SZ", "password") RegWrite( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" ,"AutoAdminLogon" ,"REG_SZ", "1") EndFunc Func NoAutoLogon() ;Remove Autologon RegDelete( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" ,"DefaultDomainName") RegDelete( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" ,"DefaultUserName") RegDelete( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" ,"DefaultPassword") RegDelete( "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" ,"AutoAdminLogon" ) EndFunc Func RestartThisScriptAfterReeboot() RegWrite($KEY,"Title","REG_SZ",$Title) RegWrite($KEY&"15","","REG_SZ",@ScriptName) RegWrite($KEY&"15","1","REG_SZ",@ScriptFullPath) EndFunc Func Reboot() $Res=1 $res=MsgBox(17,$Title,"Reboot in 10 sec ...",10) If $Res=2 then Exit Else Shutdown ( 6 ) Sleep(20000) EndIf EndFunc

>> Tested your pattern and as you said - 01, 010 ... are returned as valid; unfortunately that doesn't look like a correct IP. I agree - it might work but for me at least it "doesn't look" like a "normal" IP. Try http://087.106.244.038/forum//index.php ...

For those who want to know a bit more on IPV4 First bits....Addresses..............................Class ================================================================================================================= 0.............0.0.0.0-126.255.255.255................CLASS A (MASK 255.0.0.0) ................0.0.0.0..................................Any Local NIC ................0.0.0.0-0.255.255.255....................Local host addresses (0/8) ................0.0.0.0-10.255.255.255...................Local network only (10/8) ..............127.0.0.0-127.255.255.255..............Local host addresses (127/8) 0111 1111.......127.0.0.1................................Localhost (MASK 255.0.0.1) 10............128.0.0.0-191.255.255.255..............CLASS B (MASK 255.255.0.0) ................169.254.0.0-169.254.255.255..............Automatic NIC configuration (Local network)(169.254/16) ................172.16.0.0-172.31.255.255................Local network only (172.16/12) 110...........192.0.0.0-223.255.255.255..............CLASS C (MASK 255.255.255.0) ................192.168.0.0-192.168.255.255..............Local network only (192.168/16) 1110..........224.0.0.0-247.255.255.255..............CLASS D (Multicast Addresses - Destination Addresses only) 1111..........240.0.0.0-247.255.255.255..............CLASS E (Research - Should be Ignored) ..............255.255.255.255........................Broadcast address So it should be something like that for a (Source) host 1-223 . 1-254 . 1-254 . 1-254 But not 127.x.x.x 169.254.X.X

If you need Admin rights, why don't use SubinACL ?

Still ...

I think I miss the language files ...

Xenophobic : "one unduly fearful of what is foreign and especially of people of foreign origin" Sorry, just dont like the taste of this kind of jokes.

I did'nt know this kind of post could be left on this Forum ! 85 years old ? Didn't you forgot Xenophobic , in your profile ? This post is just here to see if any moderator is there ... Fighting again a 16 y.o. big mouth called "I'mDead" ... with this kind of arguments !!! I hope to be wiser in your age And for you "I'mDead", Trancexx didn't cross any line except in your head... You did it many times as I just did 3 lines upper and JRowe in his post.

Changes the GUI with the following Buttons [Trust] [Allow] [block] [Deny] [More] Trust => Goes to the White list and Execute Allow => Execute Block => Dont Execute Deny => Go to the Black List + Dont execute Trust is greyed if not Admin / Can be activated if the Password if good Before showing the GUI Check against White List (Yes = Execute) Check if Production Mode (Yes = Exit) Check against Black List (Yes = Exit) Show the GUI

Great ! May be you could you add a "Trust" (always) this program (Like in my post) filling up the White list (if you are Administrator) and an "Always refuse" mode (Kind of "Production" mode) where any new program execution will allways be rejected Other things to take in account for the white list : 1 - Only the complete Path+Program should be allowed (If you move the program in another directory, Executable Blocker should Popup) 2 - A kind of MD5 check should be performed on the Program file before executing it (In case a virus modify it) Does your new command line parser need this $ShellOpenCommand = '"' & $RES_HANDLER & '" "%1" "%*"' Instead of $ShellOpenCommand = '"' & $RES_HANDLER & '" "%1" %*' I really don't think REG files need to be included (As they need Regedit.exe) Except if you want to put RegEdit in the White list. But I'm sure .cmd and .scr files should be added : Func F_RegisterShell() RegWrite("HKEY_CLASSES_ROOT\.cmd", "", "REG_SZ", "exehost") RegWrite("HKEY_CLASSES_ROOT\.scr", "", "REG_SZ", "exehost") Func F_UnRegisterShell() RegWrite("HKEY_CLASSES_ROOT\.cmd", "", "REG_SZ", "cmdfile") RegWrite("HKEY_CLASSES_ROOT\.scr", "", "REG_SZ", "scrfile") Hope you don't mind the suggestions. Well done ! Franck

If tou dont use "%1" %*, your arguments are passed as one single argument. Try this, create EchoArg.BAT @Echo Off ECHO %1 ECHO %2 ECHO %3 PAUSE Try these ones Create a shortcut of it and modify it to execute EchoArg.bat Arg1 Arg2 Arg3 The output will be Arg1 Arg2 Arg3 Instead of Arg1 Arg2 Arg3 I dont think you need a new Command line parser ... Try these ones Executable Blocker Client 1.0.3.0.au3 Executable Blocker 1.0.3.0.au3

You also have to "patch" the *.cmd files as some windows registry keys are defining WHAT is a program (Like this one) : HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\Programs / REG_SZ / com exe bat pif cmd I would also do it for the *.scr files (In fact, all executable files wheere the HKEY_CLASSES_ROOT\XXXfile\shell\open\command default parameter in the registry is "%1" %* The list on my XP SP3 is : bat, cmd, com, exe, pif, scr This is I think enough as all other Executable types (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ExecutableTypes) need another (exe) file to be launched

Executable Blocker Client.au3 $ShellOpenCommand = '\Executable Blocker.exe" "%1" "%1" "%2" "%3" "%4" "%5" "%6" "%7" "%8" "%*"' This line should be modified as this (to solve link + .bat with arguments problem $ShellOpenCommand = '\Executable Blocker.exe" "%1" %*' You could add these kind of lines on top of the script to help you with icons / Versions number #AutoIt3Wrapper_Icon=.\Protected.ico #AutoIt3Wrapper_OutFile=Executable Blocker Client.exe #AutoIt3Wrapper_OutFile_Type=exe #AutoIt3Wrapper_Compression=2 ;** Target program Resource info #AutoIt3Wrapper_res_comment=Executable Blocker Block all exes from running #AutoIt3Wrapper_res_description=Executable Blocker #AutoIt3Wrapper_Res_Fileversion=1.0.3.1 #AutoIt3Wrapper_res_fileversion_autoincrement=Y #AutoIt3Wrapper_res_legalcopyright=Copyright © 2010 Shafayat #AutoIt3Wrapper_res_field=Made By|Shafayat #AutoIt3Wrapper_res_field=Email|Shafayat at mailServer dot com with this Global $SCRIPT_VERSION = "Please Compile !" If @Compiled Then $SCRIPT_VERSION = FileGetVersion(@ScriptName) Executable Blocker.au3 Global $TestPath = _PathSplit($cmd, $szDrive, $szDir, $szFName, $szExt) To Global $CmdPath = _PathSplit($cmd, $szDrive, $szDir, $szFName, $szExt) and $filenametext = GUICtrlCreateInput($Cmd, 20, 190, 360, 20) To $filenametext = GUICtrlCreateInput($CmdPath[3]&"."&$CmdPath[4], 20, 190, 360, 20)

As I keeep history versions of my scripts, and I want to be sure MyProg.exe is allway run as MyProg.exe, I put this scritp at the beginning of all my scripts #AutoIt3Wrapper_Icon=.\Icon.ico #AutoIt3Wrapper_OutFile=MyProg.exe #AutoIt3Wrapper_OutFile_Type=exe ; Be sure the Program name is what you want ... Global $EXE_NAME = ("MyProg.exe"); program name If @Compiled Then Global $SCRIPT_VERSION = FileGetVersion(@ScriptName) If @ScriptName<>$EXE_NAME Then If FileExists($EXE_NAME) Then FileDelete($EXE_NAME) FileCopy(@ScriptName,$EXE_NAME,1) Run($EXE_NAME) Exit EndIf EndIf

I wrote this kind of script (Creating an autorun.inf directory on every connected drive to block the autorun.inf file creation). I use it on sites where Confliker is coming back and coming back again ... I think something is missing in your scipt ... You should modify the security of the created autorun.inf directory to "refuse" "total control" to "Everyone" and "Administrator". Another thing, I found blocking Autorun.inf in this way was very usefull to fight against Confliker virus but I missed who was infecting the Workstation. So I added a log file storing the Date-Time-Drive Serial number, and a file directory (first level) of the inserted keys / Hard drives. This help me to find the removable devices infecting the workstations... Follow up ... May be write it as a service ?

Thank you Stefan, I just found something by zorphnog in this Post

I really don't know how to set / modify registry permissions. Does somebody write an UDF ?

Great script ... I Like the way it works But I dont think it will block these keys (It is not a problem for a server anyway ...) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit Am I wrong ? But what about the Services and espescially SvcHost service (starting other services - Typical Confliker attack) ? HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs I solved it on my servers by Saving (on first run) / Survey / Restore this registry key The next step should be to delete or even better "deny execution" of the created Service key in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services to "System" as conflicker will try to re-create the key if it is deleted but I really don't know how to apply security permission on a registry key with AutoIt

You can use this to help you on cleanning viruses. - Run it in learning mode (It is building a "White list" of processes) - stop it by renaming KUPON as KUPOFF - edit WProcesses entry of KUP.INI - restart it (It will be in Production mode, killing any process not in the "WProcesses" list) - have a look in _KillUnknownProcesses.log Another trick One of the most usefull command to find if a virus is on your disk is : C:\>DIR /S /ASRH FranckG