rcmaehl

NVM, this is literally in the Helpfile remarks. This is what I get for not using AutoItWrapper parameters on a new project.

Compiled the code and ran it through Process Monitor. Looks like the code is Querying SysWOW64 despite being told to query System32?

This originally started by trying to call C:\Windows\System32\pnputil.exe which would fail even FileExists(). Investigating further, #RequireAdmin #include <File.au3> _ArrayDisplay(_FileListToArray("C:\Windows\System32")) Exit Returns 3196 items, but both Explorer and CMD return 5019 and 5021 respectfully (CMD includes . and .. in the count, so +2 is expected). I have Defender and other AVs off right now while I'm troubleshooting but why is the disparity so large?

TL;DR: Create_Process calls cmd.exe if passed a .bat or .cmd file, however the non-standard character escaping of cmd.exe allows arbitrary code execution. NVD - CVE-2024-24576 (nist.gov) https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows

You're probably right. I'm not in front of my code currently to check but I remember that being an issue elsewhere.

Hi all, I'm attempting to use _WinAPI_GetProcessCommandLine() on msedge.exe and it seems to no longer work. The code is as follows #RequireAdmin #include <Array.au3> #include <WinAPIProc.au3> Local $aArray Local $aAdjust Local $iSIHost = ProcessExists("msedge.exe") Local $sCommandline ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY)) _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust) While True $aArray = _WinAPI_EnumChildProcess($iSIHost) If @error Then ContinueLoop For $iLoop = 0 To $aArray[0][0] $sCommandline = _WinAPI_GetProcessCommandLine($aArray[$iLoop][0]) MsgBox(0, $aArray[$iLoop][0], $sCommandline) Next _ArrayDisplay($aArray) ;MsgBox(0, "CMD", $sCommandline) _WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust) _WinAPI_CloseHandle($hToken) Exit 0 WEnd How to reproduce: Have Microsoft Edge Open Run the code Expected Results: Obtains Process Commandline Actual Results: Empty Variables Additional Information: I know for a fact that these processes do have a command line as tracked by Process Explorer. It just seems as if _WinAPI_GetProcessCommandLine is unable to obtain them. Oddly enough, the code works fine for other processes (e.g. Discord.exe).

Ah. So I can ignore pointers entirely if I specifically tell it so. Good to know.

Hi all, Can someone give me a rundown on what all is needed to create a WinAPI function. I'm not a real programmer yet so DLLStructures and DLLCalls still escape me. I'd like to call URLUnescape as existing autoit UDF solutions for Unicode/UTF-8 have issues on non-English Windows builds. I'm assuming I need something similar to Func _WinHTTPURLUnescape($sURL, $bFlag) Local $aCall = DllCall("shlwapi.dll", "UrlUnescape", _ "pstr", $sURL, _ "dwFlags", $bFlag) If @error Or Not $aCall[0] Then Return SetError(1, 0, 0) Return 1 EndFunc but I know this isn't fully right. As I know $sURL is a string and not a pointer to a string and I honestly have no clue how to create, manage, or remove pointers in autoit. Thanks all

Yes that works but I still have concerns as I won't have full input over the input after the application name. From MSDN, I could specify the Application in the first parameter and the additional command line parameters in the second parameter. Which does work for some other command line parameters, for example: This works: #include <WinAPIProc.au3> $tProcess = DllStructCreate($tagPROCESS_INFORMATION) $tStartup = DllStructCreate($tagSTARTUPINFO) $bSuccessful = False $bSuccess = _WinAPI_CreateProcess( _ 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe', _ '--profile-directory=Default --inprivate', _ 0, 0, 0, _ $CREATE_NEW_PROCESS_GROUP, _ 0, 0, _ $tStartup, _ $tProcess _ ) If Not $bSuccessful Then ConsoleWrite(_WinAPI_ShowLastError() & @CRLF) But, this seems to ignore the file: #include <WinAPIProc.au3> $tProcess = DllStructCreate($tagPROCESS_INFORMATION) $tStartup = DllStructCreate($tagSTARTUPINFO) $bSuccessful = False $bSuccess = _WinAPI_CreateProcess( _ 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe', _ 'C:\Users\example\Documents\index.pdf', _ 0, 0, 0, _ $CREATE_NEW_PROCESS_GROUP, _ 0, 0, _ $tStartup, _ $tProcess _ ) If Not $bSuccessful Then ConsoleWrite(_WinAPI_ShowLastError() & @CRLF) Perhaps this is an idiosyncrasy in Edge and not _WinAPI_CreateProcess... EDIT: Maybe not? Interestingly, this works: #include <WinAPIProc.au3> $tProcess = DllStructCreate($tagPROCESS_INFORMATION) $tStartup = DllStructCreate($tagSTARTUPINFO) $bSuccessful = False $bSuccess = _WinAPI_CreateProcess( _ 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe', _ '--inprivate --inprivate', _ 0, 0, 0, _ $CREATE_NEW_PROCESS_GROUP, _ 0, 0, _ $tStartup, _ $tProcess _ ) If Not $bSuccessful Then ConsoleWrite(_WinAPI_ShowLastError() & @CRLF) but this does not: #include <WinAPIProc.au3> $tProcess = DllStructCreate($tagPROCESS_INFORMATION) $tStartup = DllStructCreate($tagSTARTUPINFO) $bSuccessful = False $bSuccess = _WinAPI_CreateProcess( _ 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe', _ '--inprivate', _ 0, 0, 0, _ $CREATE_NEW_PROCESS_GROUP, _ 0, 0, _ $tStartup, _ $tProcess _ ) If Not $bSuccessful Then ConsoleWrite(_WinAPI_ShowLastError() & @CRLF) but this opens the file? but not in INPRIVATE mode? #include <WinAPIProc.au3> $tProcess = DllStructCreate($tagPROCESS_INFORMATION) $tStartup = DllStructCreate($tagSTARTUPINFO) $bSuccessful = False $bSuccess = _WinAPI_CreateProcess( _ 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe', _ '--inprivate C:\Users\example\Documents\index.pdf', _ 0, 0, 0, _ $CREATE_NEW_PROCESS_GROUP, _ 0, 0, _ $tStartup, _ $tProcess _ ) If Not $bSuccessful Then ConsoleWrite(_WinAPI_ShowLastError() & @CRLF) It's looking like maybe _WinAPI_CreateProcess is not parsing the first parameter?

Hi all, I'm trying to use _WinAPI_CreateProcess with Command Line Arguments as I have user input that can't be trusted, but can't use ShellExecute. I'm having issues with it handling some command line parameters. For example: #include <WinAPIProc.au3> Local $tProcess = DllStructCreate($tagPROCESS_INFORMATION) Local $tStartup = DllStructCreate($tagSTARTUPINFO) ; Works Run("C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Users\example\Documents\index.pdf") ; Doesn't work _WinAPI_CreateProcess("C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe", "C:\Users\example\Documents\index.pdf", 0, 0, 0, $CREATE_NEW_PROCESS_GROUP, 0, 0, $tStartup, $tProcess) Per old forum topics, I know Run uses CreateProcess so obviously this is user error and I've screwed up my input but I've tried escaping slashes (\\ vs \), adding null at the end of the string, and a few other odds and ends without success. Any advice is appreciated! index.pdf

Unfortunately, the input is partially user controlled so I don't have a lot of control over it. I've found _WinAPI_CreateProcess works, but I'm having issues getting command line arguments to be handled by it. EDIT: Actually I think I got _WinAPI_CreateProcess to work with arguments

Hi all, I have an issue in which I have to use Run() over ShellExecute() due to differences in how each handles symlinks. Specifically, Run() does not trigger set Image File Execution Options, however ShellExecute() does. This requires me to do Run($sPath & $sArgs) This gives me some concern about allowing unintended code to be executed instead of being directly passed as an argument to $sPath. Is there anyway I can have the safety of ShellExecute, while specifically using Run() or another command?

Hey all, Recently I've been working on minimizing false positives in my latest project. The biggest change so far that helped was removing INetGet which helps the compiled script consistently stay around 3 false positives instead of occasionally jumping up to 6-7. Are there any recommend alternatives for INetGet or is just downloading an executable update from the internet that sketchy for AVs? Here was the code excerpt in question that I've since commented out: Case "/u", "/update" Select Case UBound($CmdLine) = 2 InetGet("https://fcofix.org/MSEdgeRedirect/releases/latest/download/MSEdgeRedirect.exe", @ScriptDir & "\MSEdgeRedirect_Latest.exe") _ArrayDelete($CmdLine, 1) Case UBound($CmdLine) > 2 And $CmdLine[2] = "dev" InetGet("https://nightly.link/rcmaehl/MSEdgeRedirect/workflows/mser/main/mser.zip", @ScriptDir & "\MSEdgeRedirect_dev.zip") _ArrayDelete($CmdLine, "1-2") Case UBound($CmdLine) > 2 And $CmdLine[2] = "release" InetGet("https://fcofix.org/MSEdgeRedirect/releases/latest/download/MSEdgeRedirect.exe", @ScriptDir & "\MSEdgeRedirect_Latest.exe") _ArrayDelete($CmdLine, "1-2") Case StringLeft($CmdLine[2], 1) = "/" InetGet("https://fcofix.org/MSEdgeRedirect/releases/latest/download/MSEdgeRedirect.exe", @ScriptDir & "\MSEdgeRedirect_Latest.exe") _ArrayDelete($CmdLine, 1) Case Else MsgBox(0, _ "Invalid", _ 'Invalid release type - "' & $CmdLine[2] & "." & @CRLF) Exit 87 ; ERROR_INVALID_PARAMETER EndSelect Thanks in advance!

Nah, it's mostly people not knowing how to use github IMO and just trying to download the application. I should post the latest version of GitHub CI for AutoIt though. There's been some minor changes.

NOOOOOO. Now everyone can see my publicly available badly coded AutoIt