ripdad Posted March 24, 2010 Posted March 24, 2010 (edited) Guess I should tell the readers that if you test these codes -- or as a matter of fact any code ...you are doing so at your own risk. Many things can go wrong in the development of code.The last thing you need is a crashed computer!One of the best ways to protect your computer is to put it into a virtual state.This is what I use: . http://www.returnilvirtualsystem.com/rvs-home-freeWhats the advantage?If something goes wrong .. all you have to do is reboot and all will be as it was before you started!Whats the disadvantage?Nothing .. and I mean nothing is saved. Which thats exactly what you want when testing code.If you modify code and want to keep your changes .. then you'll have to copy your au3or other modified files to a flash drive or second hard drive. Everything on your system drive will be ignored.Happy coding!. Edited March 24, 2010 by ripdad "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward
Shafayat Posted March 24, 2010 Author Posted March 24, 2010 Thanks for driving away my beta testers, ripdad. :) Just joking. Thanks for the information. I use Microsoft Virtual Machine personally and I have a standard version of deepfreeze. Never use it though. [Not using this account any more. Using "iShafayet" instead]
ripdad Posted March 25, 2010 Posted March 25, 2010 (edited) Sorry, had to be said .. you never know who is reading and what their skill level is.Anyways - I'd like to submit another code snippet -- use, modify if you want.; [- User Protection - System List - Disable Trust - Must Prompt Everytime -] Global $DisableTrust = 0 $SystemFileName = StringTrimLeft($cmd, StringInStr($cmd, '\', 0, -1)) Switch $SystemFileName Case 'reg.exe', 'regedit.exe', 'rundll32.exe', 'instsrv.exe', 'srvany.exe', 'sc.exe', 'netsh.exe' $DisableTrust = 1 Case Else EndSwitch $SystemExtention = StringTrimLeft($SystemFileName, StringInStr($SystemFileName, '.', 0, -1)) Switch $SystemExtention Case 'bat', 'cmd', 'scr', 'pif', 'reg' $DisableTrust = 1 Case Else EndSwitchAnd in the GUI ...$Trust = GUICtrlCreateButton("Trust", 210, 245, 80, 30) If $DisableTrust = 1 Then GUICtrlSetState($Trust, $GUI_DISABLE) GUICtrlCreateLabel('RESTRICTED: Cannot Give Trust Permission For This System File', 20, 225, 360, 15) EndIf-edit-forgot to mention that you'll probably have to re-align the button and label-edit2-added another section to the first snippet. Edited March 25, 2010 by ripdad "The mediocre teacher tells. The Good teacher explains. The superior teacher demonstrates. The great teacher inspires." -William Arthur Ward
Shafayat Posted March 25, 2010 Author Posted March 25, 2010 Thanks. I'll make use of it. [Not using this account any more. Using "iShafayet" instead]
Shafayat Posted March 30, 2010 Author Posted March 30, 2010 Glad you liked it. I've added a faster md5 hashing solution that does the job almost instantly. The original code of the procedure comes from trancexx. I'm working on the installer (and uninstaller) currently. Other than that, it is quite stable. [Not using this account any more. Using "iShafayet" instead]
pintas Posted October 28, 2010 Posted October 28, 2010 Could you re-upload please? I'm curious about this. Thanks.
n5ale Posted December 8, 2010 Posted December 8, 2010 (edited) Hello everyone this is my first post so I hope I'm doing it properly. I have taken the liberty to modify this really good program so that I can use it on my granddaughters computer. I have added password protection [hard coded keepout ] and added some logging functions but have not changed the basic program very much. I would like to ask if some one can tell me how to run the file types that are listed in the source code but commented out. I have tried both of the run commands listed in the forum and still have issues with some of the different types. Any suggestions would be appreciated. Thanks and Shafayat thank you for a fine program. N5ale ps as soon as I figure out how to post the source code I will Edited December 8, 2010 by n5ale
n5ale Posted December 8, 2010 Posted December 8, 2010 Hello everyone this is my first post so I hope I'm doing it properly. I have taken the liberty to modify this really good program so that I can use it on my granddaughters computer. I have added password protection [hard coded keepout ] and added some logging functions but have not changed the basic program very much. I would like to ask if some one can tell me how to run the file types that are listed in the source code but commented out. I have tried both of the run commands listed in the forum and still have issues with some of the different types. Any suggestions would be appreciated. Thanks and Shafayat thank you for a fine program. N5ale ps as soon as I figure out how to post the source code I will Well let me see if I can include the code in this reply executable blocker expandcollapse popup;added blocked to the .ini file and check for blocked in program is ; the program is blocked just exit N5ale ; fixed quarintened function by changing the drive from D: to C: #region Script Options ====================================================================================================== #AutoIt3Wrapper_icon= ;** AUT2EXE settings #AutoIt3Wrapper_Icon=.\Protected.ico ;Filename of the Ico file to use #AutoIt3Wrapper_OutFile=Executable Blocker.exe ;Target exe/a3x filename. #AutoIt3Wrapper_OutFile_Type=exe ;a3x=small AutoIt3 file; exe=Standalone executable (Default) #AutoIt3Wrapper_Compression=2 ;Compression parameter 0-4 0=Low 2=normal 4=High. Default=2 #AutoIt3Wrapper_UseUpx=Y ;(Y/N) Compress output program. Default=Y ;~ #AutoIt3Wrapper_Change2CUI=Y ;(Y/N) Change output program to CUI in stead of GUI. Default=N ;** Target program Resource info #AutoIt3Wrapper_res_comment=Executable Blocker Block all exes from running #AutoIt3Wrapper_res_description=Executable Blocker #AutoIt3Wrapper_Res_Fileversion=1.0.3.6 #AutoIt3Wrapper_res_fileversion_autoincrement=Y #AutoIt3Wrapper_res_legalcopyright=Copyright © 2010 Shafayat #AutoIt3Wrapper_res_field=Made By|Shafayat #AutoIt3Wrapper_res_field=Email|Shafayat at yahoo dot com #AutoIt3Wrapper_res_field=AutoIt Version|%AutoItVer% #AutoIt3Wrapper_res_field=Compile Date|%date% %time% #AutoIt3Wrapper_Run_Debug_Mode=N #AutoIt3Wrapper_run_cvswrapper=v #AutoIt3Wrapper_run_obfuscator=y ; Obfuscator #Obfuscator_parameters=/cs=0 /cn=0 /cf=0 /cv=0 /sf=1 #AutoIt3Wrapper_Add_Constants=n #AutoIt3Wrapper_Change2CUI=n ; Script: Executable Blocker.au3 ; Version: 1.02 ; Author: Shafayat ; File: 2 of 2 ; ; No Includes Needed #NoTrayIcon ; #Include <String.au3> #include <Process.au3> ; added n5ale ; Logic to determine if the blocker is running without the client ; if this is the case as in a shutdown without properly shuting down the client first ; we want to disable the registry enterys so the computer can startup normaly ; If($CmdLine[0] = 0) Then RegWrite("HKEY_CLASSES_ROOT\.exe", "", "REG_SZ", "exefile") RegWrite("HKEY_CLASSES_ROOT\.com", "", "REG_SZ", "comfile") RegWrite("HKEY_CLASSES_ROOT\.bat", "", "REG_SZ", "batfile") RegWrite("HKEY_CLASSES_ROOT\.pif", "", "REG_SZ", "piffile") RegWrite("HKEY_CLASSES_ROOT\.cmd", "", "REG_SZ", "cmdfile") RegWrite("HKEY_CLASSES_ROOT\.scr", "", "REG_SZ", "scrfile") ;RegWrite("HKEY_CLASSES_ROOT\.msc", "", "REG_SZ", "MSCfile") ;RegWrite("HKEY_CLASSES_ROOT\.inf", "", "REG_SZ", "inffile") ;RegWrite("HKEY_CLASSES_ROOT\.chm", "", "REG_SZ", "chm.file") ;RegWrite("HKEY_CLASSES_ROOT\.cpl", "", "REG_SZ", "cplfile") ;RegWrite("HKEY_CLASSES_ROOT\.msi", "", "REG_SZ", "MSI.Package") ;RegWrite("HKEY_CLASSES_ROOT\.msc", "", "REG_SZ", "MSCFile") ;RegWrite("HKEY_CLASSES_ROOT\.ocx", "", "REG_SZ", "ocxfile") RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "0"); enable taskmanager Exit Else Global $cmd = $CmdLine[1] EndIf ; Global Const $password = "keepout" ; I know its lame but works for most non geeks ;MsgBox(0,"",$Cmd) ;lets see what we are passing Global Const $GUI_EVENT_CLOSE = -3 Global Const $WS_DLGFRAME = 0x00400000 Global Const $WS_POPUPWINDOW = 0x80880000 Global Const $GUI_DISABLE = 128 ; Global $szDrive, $szDir, $szFName, $szExt, $Child, $Delete = 1234, $Recycle = 1243, $Quarantine = 1423, $Cancel = 1429 Global $CmdPath = _PathSplit($cmd, $szDrive, $szDir, $szFName, $szExt) Global $clicked = 0 ; Global $SCRIPT_VERSION = "Please Compile !" If @Compiled Then $SCRIPT_VERSION = FileGetVersion(@ScriptName) Global $EXE_NAME = ("Executable Blocker"); program name Global $INI_NAME = @ScriptDir & "\" & $EXE_NAME & ".INI" Global $LOG_NAME = $EXE_NAME & ".LOG" ; MsgBox(0,"script dir",$INI_NAME) ; lets see where we are looking ; check to see if the INI file has it saved as allowed ;Global $whatinisees ;$whatinisees= IniRead($INI_NAME,"Allowed",$Cmd,"") = _StringEncrypt (1 , $Cmd, @ScriptFullPath) ;MsgBox(0,"what the INI read sees",$whatinisees) ; If IniRead($INI_NAME, "Allowed", $cmd, "") = _StringEncrypt(1, $cmd, @ScriptFullPath) Then Run($CmdLineRaw) ;Run(@ComSpec & ' /c ' & '"' & $CmdLineRaw & '"', '', @SW_HIDE) Exit Else ; this whole section exists for testing purposes n5ale ;Global $whatinisees ;Global $ini_read ;Global $stingenc ; ;$whatinisees= IniRead($INI_NAME,"Allowed",$Cmd,"") = _StringEncrypt (1 , $Cmd, @ScriptFullPath) ;$ini_read= IniRead($INI_NAME,"Allowed",$Cmd,"") ;$stingenc= _StringEncrypt (1 , $Cmd, @ScriptFullPath) ;MsgBox(0,"cmd file",$cmd) ;MsgBox(0,"script dir",$INI_NAME) ; lets see where we are looking ;MsgBox(0,"Is it allowd",$whatinisees) ;MsgBox(0,"what the INI read sees",$ini_read) ;MsgBox(0,"what the script encrypt see",$stingenc) ;MsgBox(0,"cmd line raw",$CmdLineRaw) EndIf ; check to see if the INI file has it blocked If IniRead($INI_NAME, "Blocked", $cmd, "") = _StringEncrypt(1, $cmd, @ScriptFullPath) Then LogThis("execution blocked By INI file " & $CmdLineRaw) ;Run($CmdLineRaw) ;Run(@ComSpec & ' /c ' & '"' & $CmdLineRaw & '"', '', @SW_HIDE) Exit EndIf ; ;--------------------------------------------------------You must enter the password to allow or trust--- ;Asks the user to enter a password. Don't forget to validate it! $passwd = InputBox("Security Check", "Enter your password.", "", "*",-1,-1,0,0) if $passwd = $password then Else LogThis("Attempted execution but blocked no Password " & $CmdLineRaw) Exit EndIf $GUI = GUICreate("Execution Blocked ! - " & $SCRIPT_VERSION, 400, 285, -1, -1) GUISetIcon(@ScriptDir & "\Protected.ico") GUICtrlCreateGroup($szFName, 20, 15, 360, 100) GUICtrlCreateIcon($cmd, 0, 30, 40) GUICtrlCreateLabel("File Name: " & $szFName & $szExt, 75, 40, 300) GUICtrlCreateLabel(FileGetVersion($cmd, "ProductName"), 75, 60, 300) GUICtrlCreateLabel(FileGetVersion($cmd, "FileDescription"), 75, 80, 300) $Allow = GUICtrlCreateButton("Allow", 20, 125, 80, 30) $Block = GUICtrlCreateButton("Block", 110, 125, 80, 30) $Trust = GUICtrlCreateButton("Trust", 210, 125, 80, 30) If IsAdmin() = 0 Then GUICtrlSetState(-1, $GUI_DISABLE) $More = GUICtrlCreateButton("More", 300, 125, 80, 30) GUICtrlCreateLabel("Executable Blocker" & " has detected and blocked effort to execute a File: ", 20, 170, 360, 15) $filenametext = GUICtrlCreateInput($CmdPath[3] & "." & $CmdPath[4], 20, 190, 360, 20) GUICtrlSetColor($filenametext, 0x0000FF) GUICtrlCreateLabel("Full Command Line: ", 20, 220, 360, 15) $commmandlinefulltext = GUICtrlCreateInput($CmdLineRaw, 20, 240, 360, 20) GUICtrlSetColor($commmandlinefulltext, 0x0000FF) GUISetState(@SW_SHOW, $GUI) ; While 1 $msg = GUIGetMsg(1) Select Case $msg[0] = $GUI_EVENT_CLOSE If($msg[1] = $GUI) Then If $clicked = 1 Then GUIDelete($Child) GUIDelete($GUI) Exit EndIf If($msg[1] = $Child) Then GUIDelete($Child) $clicked = 0 EndIf Case $msg[0] = $Allow LogThis("Allowed " & $CmdLineRaw) Run($CmdLineRaw) ;Run(@ComSpec & ' /c ' & '"' & $CmdLineRaw & '"', '', @SW_HIDE); will not execute the .cmd If $clicked = 1 Then GUIDelete($Child) GUIDelete($GUI) Exit Case $msg[0] = $Block LogThis("Blocked " & $CmdLineRaw) IniWrite($INI_NAME, "Blocked", $cmd, _StringEncrypt(1, $cmd, @ScriptFullPath)) If $clicked = 1 Then GUIDelete($Child) GUIDelete($GUI) Exit Case $msg[0] = $Trust LogThis("Trusted " & $CmdLineRaw) IniWrite($INI_NAME, "Allowed", $cmd, _StringEncrypt(1, $cmd, @ScriptFullPath)) LogThis("New Program Trusted " & $CmdLineRaw) Run($CmdLineRaw) ;Run(@ComSpec & ' /c ' & '"' & $CmdLineRaw & '"', '', @SW_HIDE) If $clicked = 1 Then GUIDelete($Child) GUIDelete($GUI) Exit Case $msg[0] = $More If($clicked = 0) Then $clicked = 1 $Child = GUICreate("More....", 400, 290, -1, -1, $WS_DLGFRAME + $WS_POPUPWINDOW, -1, $GUI) GUISetIcon(@ScriptDir & '\Protected.ico') GUICtrlCreateGroup(_GetFileDets($cmd), 10, 40, 380, 195) $ver = @CRLF & _GetFileProps($cmd) & @CRLF & @CRLF & "File Attributes: " & _GetFileAttr($cmd) GUICtrlCreateInput($cmd, 20, 10, 360, 20) GUICtrlCreateLabel($ver, 20, 60, 360, 165) $Quarantine = GUICtrlCreateButton("Quarantine", 10, 245, 75, 30) $Recycle = GUICtrlCreateButton("Send to Recycle Bin", 97, 245, 115, 30) $Delete = GUICtrlCreateButton("Delete", 225, 245, 75, 30) $Cancel = GUICtrlCreateButton("Cancel", 315, 245, 75, 30) GUISetState(@SW_SHOW, $Child) EndIf Case $msg[0] = $Cancel GUIDelete($Child) $clicked = 0 Case $msg[0] = $Delete $answer = MsgBox(4, "Confirm Delete", "DELETE this file?") If $answer = 7 Then Else $Del = FileDelete($cmd) If($Del = True) Then LogThis("Deleted " & $CmdLineRaw) MsgBox(0, "Operation Successful", "File Deleted") GUIDelete($Child) GUIDelete($GUI) Exit Else MsgBox(0, "Operation Failed", "Could NOT Delete") EndIf EndIf Case $msg[0] = $Recycle $answer = MsgBox(4, "Confirm Recycle", "RECYCLE this file?") If $answer = 7 Then Else $Del = FileRecycle($cmd) If($Del = True) Then LogThis("Recycled " & $CmdLineRaw) MsgBox(0, "Operation Successful", "File Recycled") GUIDelete($Child) GUIDelete($GUI) Exit Else MsgBox(0, "Operation Failed", "Could NOT send to Recycle-Bin ") EndIf EndIf Case $msg[0] = $Quarantine $answer = MsgBox(4, "Confirm Quarantine", "QUARANTINE this file?") If $answer = 7 Then Else $Del = FileMove($cmd, "C:\Quarantined\" & $szFName & $szExt & ".QUARANTINED", 9) If($Del = True) Then LogThis("Quarantined " & $CmdLineRaw) MsgBox(0, "Operation Successful", "Quarantined File to C:\Quarantined\ ") GUIDelete($Child) GUIDelete($GUI) Exit Else MsgBox(0, "Operation Failed", "Could NOT Quarantine") EndIf EndIf EndSelect WEnd ;------------------------------------------------------------------------------------------------------------ Func _GetFileProps($Parameter) Local $testvar $testvar = "Internal Name: " & FileGetVersion($Parameter, "InternalName") $testvar = $testvar & @CRLF & "Original File Name: " & FileGetVersion($Parameter, "OriginalFilename") $testvar = $testvar & @CRLF & "Special Build: " & FileGetVersion($Parameter, "SpecialBuild") $testvar = $testvar & @CRLF & "Product Name: " & FileGetVersion($Parameter, "ProductName") $testvar = $testvar & @CRLF & "Company Name: " & FileGetVersion($Parameter, "CompanyName") $testvar = $testvar & @CRLF & "File Description: " & FileGetVersion($Parameter, "FileDescription") $testvar = $testvar & @CRLF & "File Version: " & FileGetVersion($Parameter, "FileVersion") $testvar = $testvar & @CRLF & "Product Version: " & FileGetVersion($Parameter, "ProductVersion") $testvar = $testvar & @CRLF & "Comments: " & FileGetVersion($Parameter, "Comments") Return $testvar EndFunc ;==>_GetFileProps ; Func _GetFileAttr($Parameter) Local $att, $testvar, $testvar1, $testvar2, $testvar3, $testvar4 $testvar = '' $att = FileGetAttrib($Parameter) $testvar1 = StringInStr($att, 'R', 0, 1) $testvar2 = StringInStr($att, 'A', 0, 1) $testvar3 = StringInStr($att, 'S', 0, 1) $testvar4 = StringInStr($att, 'H', 0, 1) If Not($testvar1 = 0) Then $testvar = ' [ READ-ONLY ] ' If Not($testvar2 = 0) Then $testvar = $testvar & ' [ ARCHIVE ] ' If Not($testvar3 = 0) Then $testvar = $testvar & ' [ SYSTEM ] ' If Not($testvar4 = 0) Then $testvar = $testvar & ' [ HIDDEN ] ' Return $testvar EndFunc ;==>_GetFileAttr ; Func _GetFileDets($Parameter) Local $testvar = 0 $testvar = ("File Size: " & FileGetSize($Parameter) / 1024 & " Kbs ") Return $testvar EndFunc ;==>_GetFileDets ; Func LogThis($Text) DirCreate(@AppDataCommonDir & "\" & $EXE_NAME) Local $fh = FileOpen(@AppDataCommonDir & "\" & $EXE_NAME & "\" & $LOG_NAME, 9) FileWriteLine($fh, @YEAR &" "& @MON &" "& @MDAY & "-" & @HOUR &" "& @MIN &" "& @SEC & " " & @UserName & " " & $Text) FileClose($fh) EndFunc ;==>LogThis ; ; #FUNCTION# ==================================================================================================================== ; Name...........: _PathSplit ; Description ...: Splits a path into the drive, directory, file name and file extension parts. An empty string is set if a part is missing. ; Syntax.........: _PathSplit($szPath, ByRef $szDrive, ByRef $szDir, ByRef $szFName, ByRef $szExt) ; Parameters ....: $szPath - The path to be split (Can contain a UNC server or drive letter) ; $szDrive - String to hold the drive ; $szDir - String to hold the directory ; $szFName - String to hold the file name ; $szExt - String to hold the file extension ; Return values .: Success - Returns an array with 5 elements where 0 = original path, 1 = drive, 2 = directory, 3 = filename, 4 = extension ; Author ........: Valik ; Modified.......: ; Remarks .......: This function does not take a command line string. It works on paths, not paths with arguments. ; Related .......: _PathFull, _PathMake ; Link ..........: ; Example .......: Yes ; =============================================================================================================================== Func _PathSplit($szPath, ByRef $szDrive, ByRef $szDir, ByRef $szFName, ByRef $szExt) ; Set local strings to null (We use local strings in case one of the arguments is the same variable) Local $drive = "" Local $dir = "" Local $fname = "" Local $ext = "" Local $pos ; Create an array which will be filled and returned later Local $array[5] $array[0] = $szPath; $szPath can get destroyed, so it needs set now ; Get drive letter if present (Can be a UNC server) If StringMid($szPath, 2, 1) = ":" Then $drive = StringLeft($szPath, 2) $szPath = StringTrimLeft($szPath, 2) ElseIf StringLeft($szPath, 2) = "\\" Then $szPath = StringTrimLeft($szPath, 2) ; Trim the \\ $pos = StringInStr($szPath, "\") If $pos = 0 Then $pos = StringInStr($szPath, "/") If $pos = 0 Then $drive = "\\" & $szPath; Prepend the \\ we stripped earlier $szPath = ""; Set to null because the whole path was just the UNC server name Else $drive = "\\" & StringLeft($szPath, $pos - 1) ; Prepend the \\ we stripped earlier $szPath = StringTrimLeft($szPath, $pos - 1) EndIf EndIf ; Set the directory and file name if present Local $nPosForward = StringInStr($szPath, "/", 0, -1) Local $nPosBackward = StringInStr($szPath, "\", 0, -1) If $nPosForward >= $nPosBackward Then $pos = $nPosForward Else $pos = $nPosBackward EndIf $dir = StringLeft($szPath, $pos) $fname = StringRight($szPath, StringLen($szPath) - $pos) ; If $szDir wasn't set, then the whole path must just be a file, so set the filename If StringLen($dir) = 0 Then $fname = $szPath $pos = StringInStr($fname, ".", 0, -1) If $pos Then $ext = StringRight($fname, StringLen($fname) - ($pos - 1)) $fname = StringLeft($fname, $pos - 1) EndIf ; Set the strings and array to what we found $szDrive = $drive $szDir = $dir $szFName = $fname $szExt = $ext $array[1] = $drive $array[2] = $dir $array[3] = $fname $array[4] = $ext Return $array EndFunc ;==>_PathSplit ; Executable Blocker Client expandcollapse popup; Comments added by N5ale ; "#{ESC}", "F_Terminate" hotkey to terminate the appp is #[escape key] ; password is keepout lower case one word n5ale ; modified ; modified by Rich Hudgins N5ale 29 Nov 2010 ; password added taskmanager disabled and other changes ; fixed verious check mark issues ; this really is a great script [all hail Shafayat] ; #region Script Options ====================================================================================================== #AutoIt3Wrapper_icon= ;** AUT2EXE settings #AutoIt3Wrapper_Icon=.\Protected.ico ;Filename of the Ico file to use #AutoIt3Wrapper_OutFile=Executable Blocker Client.exe ;Target exe/a3x filename. #AutoIt3Wrapper_OutFile_Type=exe ;a3x=small AutoIt3 file; exe=Standalone executable (Default) #AutoIt3Wrapper_Compression=2 ;Compression parameter 0-4 0=Low 2=normal 4=High. Default=2 #AutoIt3Wrapper_UseUpx=Y ;(Y/N) Compress output program. Default=Y ;~ #AutoIt3Wrapper_Change2CUI=Y ;(Y/N) Change output program to CUI in stead of GUI. Default=N ;** Target program Resource info #AutoIt3Wrapper_res_comment=Executable Blocker Block all exes from running #AutoIt3Wrapper_res_description=Executable Blocker #AutoIt3Wrapper_Res_Fileversion=1.0.3.7 #AutoIt3Wrapper_res_fileversion_autoincrement=Y #AutoIt3Wrapper_res_legalcopyright=Copyright © 2010 Shafayat #AutoIt3Wrapper_res_field=Made By|Shafayat #AutoIt3Wrapper_res_field=Email|Shafayat at yahoo dot com #AutoIt3Wrapper_res_field=AutoIt Version|%AutoItVer% #AutoIt3Wrapper_res_field=Compile Date|%date% %time% #AutoIt3Wrapper_Run_Debug_Mode=N #AutoIt3Wrapper_run_cvswrapper=v #AutoIt3Wrapper_run_obfuscator=y ; Obfuscator #Obfuscator_parameters=/cs=0 /cn=0 /cf=0 /cv=0 /sf=1 #AutoIt3Wrapper_Add_Constants=n #AutoIt3Wrapper_Change2CUI=n ; Script: Executable Blocker Client.au3 ; Version: 1.02 ; Author: Shafayat ; File: 1 of 2 ; ; No Includes Needed ; #Include <String.au3> #NoTrayIcon ; Global Const $TRAY_CHECKED = 1 Global Const $TRAY_UNCHECKED = 4 Global $TRAY_ITEM_ENA, $TRAY_ITEM_DIS; tray check feature ; Global Const $PROCESS_VM_READ = 0x10 Global Const $PROCESS_QUERY_INFORMATION = 0x400 ; Pass word added by n5ale Global Const $password = "keepout" ; I know its lame but works for most non geeks n5ale ; Global $PRODUCT_NAME = ("Executable Blocker"); program name Global $SETUP_DIR = @ScriptDir ;(@ProgramFilesDir & "\Executable Blocker"); program path Global $HOME_KEY = ("HKEY_CURRENT_USER\Software\" & $PRODUCT_NAME); program software key ; Global $INI_NAME = @ScriptDir & "\" & $PRODUCT_NAME & ".INI" ; ; Be sure the Program name is what you want ... Global $EXE_NAME = ("Executable Blocker Client.exe"); program name Global $passwd = " "; added by n5ale If @Compiled Then Global $SCRIPT_VERSION = FileGetVersion(@ScriptName) If @ScriptName <> $EXE_NAME Then If FileExists($EXE_NAME) Then FileDelete($EXE_NAME) FileCopy(@ScriptName, $EXE_NAME, 1) Run($EXE_NAME) Exit Else FileInstall(".\Executable Blocker.exe", @ScriptDir & "\Executable Blocker.exe") EndIf EndIf ; TraySetIcon($SETUP_DIR & '\Protected.ico') ; ;RegWrite($HOME_KEY,"Do Not Ask For Setup","REG_SZ", "0") ;------------------------------------------------------ ; ;If (@ScriptDir = $SETUP_DIR) Then ; ;Else ; If RegRead($HOME_KEY, "Do Not Ask For Setup") = 0 Then ; ;F_SetUp() ; ;MsgBox(0,"F","FAKE SETUP") ; EndIf ;EndIf ; ;----------------------------------------------- ; If Int(IniRead($INI_NAME, "Config", "FirstRun", "1")) = 1 Then _Setup() ; F_CreateRegistryEntry() ; F_RegisterShell() ; Opt("TrayMenuMode", 1) Opt("TrayOnEventMode", 1) ; #Region TRAY MENU $TRAY_MENU_INFO = TrayCreateMenu("Information") $TRAY_ITEM_LOGFILE = TrayCreateItem("Logfile", $TRAY_MENU_INFO) $TRAY_ITEM_TRUSTED = TrayCreateItem("Trusted", $TRAY_MENU_INFO) TrayCreateItem("", $TRAY_MENU_INFO) $TRAY_ITEM_ABOUT = TrayCreateItem("About", $TRAY_MENU_INFO) $TRAY_ITEM_VISIT = TrayCreateItem("Visit Website", $TRAY_MENU_INFO) TrayCreateItem("") $TRAY_ITEM_ENA = TrayCreateItem("Block Executables") $TRAY_ITEM_DIS = TrayCreateItem("Unblock Executables") TrayCreateItem("") $TRAY_ITEM_TERMINATE = TrayCreateItem("Exit") TraySetToolTip($PRODUCT_NAME) ; TraySetState() ; TrayItemSetOnEvent($TRAY_ITEM_ABOUT, "F_About") TrayItemSetOnEvent($TRAY_ITEM_TERMINATE, "F_Terminate") TrayItemSetOnEvent($TRAY_ITEM_VISIT, "F_Visit") TrayItemSetOnEvent($TRAY_ITEM_ENA, "F_RegisterShell") TrayItemSetOnEvent($TRAY_ITEM_DIS, "F_UnRegisterShell") TrayItemSetOnEvent($TRAY_ITEM_LOGFILE, "F_Logfile") TrayItemSetOnEvent($TRAY_ITEM_TRUSTED, "F_Trusted") TrayItemSetState($TRAY_ITEM_ENA, $TRAY_CHECKED) HotKeySet("#{ESC}", "F_Terminate") #EndRegion TRAY MENU ; ;----------------------------------------------- While 1 Sleep(250); Loop WEnd ;-----------------------------------------------visit web page that doesnt have anything to do with it Func F_Visit() ShellExecute('http://sss13x.co.nr') TrayItemSetState($TRAY_ITEM_VISIT, $TRAY_UNCHECKED) EndFunc ;==>F_Visit ;---------------------------------------------Terminate and exit -- Func F_Terminate() ;Asks the user to enter a password. Don't forget to validate it! $passwd = InputBox("Security Check", "Enter your password.", "", "*") if $passwd = $password then RegWrite("HKEY_CLASSES_ROOT\.exe", "", "REG_SZ", "exefile") RegWrite("HKEY_CLASSES_ROOT\.com", "", "REG_SZ", "comfile") RegWrite("HKEY_CLASSES_ROOT\.bat", "", "REG_SZ", "batfile") RegWrite("HKEY_CLASSES_ROOT\.pif", "", "REG_SZ", "piffile") RegWrite("HKEY_CLASSES_ROOT\.cmd", "", "REG_SZ", "cmdfile") RegWrite("HKEY_CLASSES_ROOT\.scr", "", "REG_SZ", "scrfile") ;RegWrite("HKEY_CLASSES_ROOT\.msc", "", "REG_SZ", "MSCfile") ;RegWrite("HKEY_CLASSES_ROOT\.inf", "", "REG_SZ", "inffile") ;RegWrite("HKEY_CLASSES_ROOT\.chm", "", "REG_SZ", "chm.file") ;RegWrite("HKEY_CLASSES_ROOT\.cpl", "", "REG_SZ", "cplfile") ;RegWrite("HKEY_CLASSES_ROOT\.msi", "", "REG_SZ", "MSI.Package") ;RegWrite("HKEY_CLASSES_ROOT\.msc", "", "REG_SZ", "MSCFile") ;RegWrite("HKEY_CLASSES_ROOT\.ocx", "", "REG_SZ", "ocxfile") RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "0"); enable taskmanager TrayTip("Executable Blocker", "Executable Blocker has been disabled. Good Bye", 5) TrayItemSetState($TRAY_ITEM_TERMINATE, $TRAY_UNCHECKED) Sleep(2000) TrayItemSetState($TRAY_ITEM_TERMINATE, $TRAY_UNCHECKED) TrayTip("", "", 5) ;F_UnRegisterShell() Exit Else TrayItemSetState($TRAY_ITEM_TERMINATE, $TRAY_UNCHECKED) EndIf EndFunc ;==>F_Terminate ;-------------------------------------------------about-- Func F_About() MsgBox(0, "About " & $PRODUCT_NAME, "Executable Blocker ver1.030" & @CRLF & @CRLF & "A shield against all kinds of mobile disk virus." & @CRLF & @CRLF & "- Shafayat" & @CRLF & "sss13x.co.nr") TrayItemSetState($TRAY_ITEM_ABOUT, $TRAY_UNCHECKED) EndFunc ;==>F_About ;--------------------------------------------------logfile-- Func F_Logfile() ;Asks the user to enter a password. Don't forget to validate it! $passwd = InputBox("Security Check", "Enter your password.", "", "*") if $passwd = $password then ShellExecute(@AppDataCommonDir & "\" & $PRODUCT_NAME & "\" & $PRODUCT_NAME & ".LOG") TrayItemSetState($TRAY_ITEM_LOGFILE, $TRAY_UNCHECKED); added by n5ale Else ; place holder just in Case n5ale TrayItemSetState($TRAY_ITEM_LOGFILE, $TRAY_UNCHECKED) Sleep(2000) TrayTip("", "", 5) EndIf EndFunc ;==>F_Logfile ;------------------------------------------------Trusted-- Func F_Trusted() ;Asks the user to enter a password. Don't forget to validate it! $passwd = InputBox("Security Check", "Enter your password.", "", "*") if $passwd = $password then ShellExecute('"' & $INI_NAME & '"') TrayItemSetState($TRAY_ITEM_TRUSTED, $TRAY_UNCHECKED); added by n5ale Else ; place holder just in Case n5ale TrayItemSetState($TRAY_ITEM_TRUSTED, $TRAY_UNCHECKED) Sleep(2000) TrayTip("", "", 5) EndIf ; EndFunc ;==>F_Trusted ;------------------------------------------------- exehost Enabled Func F_RegisterShell() RegWrite("HKEY_CLASSES_ROOT\.exe", "", "REG_SZ", "exehost") RegWrite("HKEY_CLASSES_ROOT\.com", "", "REG_SZ", "exehost") RegWrite("HKEY_CLASSES_ROOT\.bat", "", "REG_SZ", "exehost") RegWrite("HKEY_CLASSES_ROOT\.pif", "", "REG_SZ", "exehost") RegWrite("HKEY_CLASSES_ROOT\.cmd", "", "REG_SZ", "exehost") RegWrite("HKEY_CLASSES_ROOT\.scr", "", "REG_SZ", "exehost") ;RegWrite("HKEY_CLASSES_ROOT\.msc", "", "REG_SZ", "exehost") ;RegWrite("HKEY_CLASSES_ROOT\.inf", "", "REG_SZ", "exehost") ;RegWrite("HKEY_CLASSES_ROOT\.chm", "", "REG_SZ", "exehost") ;RegWrite("HKEY_CLASSES_ROOT\.cpl", "", "REG_SZ", "exehost") ;RegWrite("HKEY_CLASSES_ROOT\.msi", "", "REG_SZ", "exehost") ;RegWrite("HKEY_CLASSES_ROOT\.msc", "", "REG_SZ", "exehost") ;RegWrite("HKEY_CLASSES_ROOT\.ocx", "", "REG_SZ", "exehost") RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "1"); disable taskmanager TrayTip("Executable Blocker", "Executable Blocker has been enabled. ", 5) TrayItemSetState($TRAY_ITEM_DIS, $TRAY_UNCHECKED) Sleep(2000) TrayItemSetState($TRAY_ITEM_ENA, $TRAY_CHECKED) TrayTip("", "", 5) EndFunc ;==>F_RegisterShell ;------------------------------------------------- exehost Disabled Func F_UnRegisterShell() ;Asks the user to enter a password. Don't forget to validate it! $passwd = InputBox("Security Check", "Enter your password.", "", "*") if $passwd = $password then RegWrite("HKEY_CLASSES_ROOT\.exe", "", "REG_SZ", "exefile") RegWrite("HKEY_CLASSES_ROOT\.com", "", "REG_SZ", "comfile") RegWrite("HKEY_CLASSES_ROOT\.bat", "", "REG_SZ", "batfile") RegWrite("HKEY_CLASSES_ROOT\.pif", "", "REG_SZ", "piffile") RegWrite("HKEY_CLASSES_ROOT\.cmd", "", "REG_SZ", "cmdfile") RegWrite("HKEY_CLASSES_ROOT\.scr", "", "REG_SZ", "scrfile") ;RegWrite("HKEY_CLASSES_ROOT\.msc", "", "REG_SZ", "MSCfile") ;RegWrite("HKEY_CLASSES_ROOT\.inf", "", "REG_SZ", "inffile") ;RegWrite("HKEY_CLASSES_ROOT\.chm", "", "REG_SZ", "chm.file") ;RegWrite("HKEY_CLASSES_ROOT\.cpl", "", "REG_SZ", "cplfile") ;RegWrite("HKEY_CLASSES_ROOT\.msi", "", "REG_SZ", "MSI.Package") ;RegWrite("HKEY_CLASSES_ROOT\.msc", "", "REG_SZ", "MSCFile") ;RegWrite("HKEY_CLASSES_ROOT\.ocx", "", "REG_SZ", "ocxfile") RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "0"); enable taskmanager TrayTip("Executable Blocker", "Executable Blocker has been disabled.", 5) TrayItemSetState($TRAY_ITEM_ENA, $TRAY_UNCHECKED) Sleep(2000) TrayItemSetState($TRAY_ITEM_DIS, $TRAY_CHECKED) TrayTip("", "", 5) Else ; place holder just in Case n5ale TrayItemSetState($TRAY_ITEM_DIS, $TRAY_UNCHECKED) Sleep(2000) TrayTip("", "", 5) EndIf EndFunc ;==>F_UnRegisterShell ;------------------------------------------------- exehost pass to 'Executable Blocker.exe' with Path and File String Func F_CreateRegistryEntry() $ShellOpenCommand = '\Executable Blocker.exe" "%1" %*' ;"%1" "%2" "%3" "%4" "%5" "%6" "%7" "%8" RegWrite("HKEY_CLASSES_ROOT\exehost", "", "REG_SZ", "Filtered Executable File") RegWrite("HKEY_CLASSES_ROOT\exehost\DefaultIcon", "", "REG_SZ", "%1") RegWrite("HKEY_CLASSES_ROOT\exehost\Shell", "", "REG_SZ", "Open") RegWrite("HKEY_CLASSES_ROOT\exehost\Shell\Open", "", "REG_SZ", "Open") RegWrite("HKEY_CLASSES_ROOT\exehost\Shell\Open\Command", "", "REG_SZ", '"' & $SETUP_DIR & $ShellOpenCommand) EndFunc ;==>F_CreateRegistryEntry ;------------------------------------------------- ;Func F_SetUp() ; MsgBox(0,"SET UP","ASDSDASD") ; Exit ; FileCopy(@ScriptDir & "\Disk Guard.dll", $SETUP_DIR & "\Disk Guard.exe",9) ; FileCopy(@AutoItExe, $SETUP_DIR & "\Start Disk Guard.exe",9) ; FileCopy(@ScriptDir & "\Enabled.dll", $SETUP_DIR & "\Enabled.dll",9) ; FileCopy(@ScriptDir & "\Protected.dll", $SETUP_DIR & "\Protected.ico",9) ; FileCopy(@ScriptDir & "\Disabled.dll", $SETUP_DIR & "\Disabled.dll",9) ; FileCreateShortcut($SETUP_DIR & "\Start Disk Guard.exe", @DesktopCommonDir & "\Start Disk Guardian","","","",$SETUP_DIR & "\Protected.ico") ;EndFunc ; Func _Setup() TraySetToolTip($PRODUCT_NAME & @CRLF & "Building White list ...") Local $CmdLine, $list = ProcessList() IniWrite($INI_NAME, "Config", "FirstRun", "0") For $i = 1 to $list[0][0] $CmdLine = _WinAPI_GetCommandLineFromPID($list[$i][1]) IniWrite($INI_NAME, "Allowed", $CmdLine, _StringEncrypt(1, $CmdLine, $PRODUCT_NAME)) Next EndFunc ;==>_Setup ; Func _WinAPI_GetCommandLineFromPID($PID) $ret1 = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $PROCESS_VM_READ + $PROCESS_QUERY_INFORMATION, 'int', False, 'int', $PID) $tag_PROCESS_BASIC_INFORMATION = "int ExitStatus;" & _ "ptr PebBaseAddress;" & _ "ptr AffinityMask;" & _ "ptr BasePriority;" & _ "ulong UniqueProcessId;" & _ "ulong InheritedFromUniqueProcessId;" $PBI = DllStructCreate($tag_PROCESS_BASIC_INFORMATION) DllCall("ntdll.dll", "int", "ZwQueryInformationProcess", "hwnd", $ret1[0], "int", 0, "ptr", DllStructGetPtr($PBI), "int", _ DllStructGetSize($PBI), "int", 0) $dw = DllStructCreate("ptr") DllCall("kernel32.dll", "int", "ReadProcessMemory", "hwnd", $ret1[0], _ "ptr", DllStructGetData($PBI, 2) + 0x10, _ ; PebBaseAddress+16 bytes <-- ptr _PROCESS_PARAMETERS "ptr", DllStructGetPtr($dw), "int", 4, "ptr", 0) $unicode_string = DllStructCreate("ushort Length;ushort MaxLength;ptr String") DllCall("kernel32.dll", "int", "ReadProcessMemory", "hwnd", $ret1[0], _ "ptr", DllStructGetData($dw, 1) + 0x40, _ ; _PROCESS_PARAMETERS+64 bytes <-- ptr CommandLine Offset (UNICODE_STRING struct) - Win XP / Vista. "ptr", DllStructGetPtr($unicode_string), "int", DllStructGetSize($unicode_string), "ptr", 0) $ret = DllCall("kernel32.dll", "int", "ReadProcessMemory", "hwnd", $ret1[0], _ "ptr", DllStructGetData($unicode_string, "String"), _ ; <-- ptr Commandline Unicode String "wstr", 0, "int", DllStructGetData($unicode_string, "Length") + 2, "int*", 0) ; read Length + terminating NULL (2 bytes in unicode) DllCall("kernel32.dll", 'int', 'CloseHandle', "hwnd", $ret1[0]) If $ret[5] Then Return $ret[3] ; If bytes returned, return commandline... Return "" ; Getting empty string is correct behaviour when there is no commandline to be had... EndFunc ;==>_WinAPI_GetCommandLineFromPID
sleepydvdr Posted December 17, 2010 Posted December 17, 2010 I played with the version from the previous page and I must say I am intrigued. With a couple features added on, this could end up being one of the best programs I have ever seen. May I make a couple suggestions? 1. Have a feature to be able to scan and whitelist all current executables on your system (for clean systems so that you can still run your regular programs normally). 2. Have a right click menu to be used for installing and whitelisting trusted programs. A program like this could be very useful. I have had people use my computer when I wasn't home and they got it infected or install a bunch of junk software. #include <ByteMe.au3>
am632 Posted July 22, 2011 Posted July 22, 2011 Hi, I know this topic is quite old now but does anyone have the latest release of executable blocker as the download link seems to be inactive? thanks
Meesterlijk Posted September 8, 2012 Posted September 8, 2012 Bit of a shame that development stopped, whas curious if someone managed the whitelist? Nice program, i have adjusted some things, but it's a usefull tool for my computers here. Hoop someone picks up the lead again in future......
monis Posted May 30, 2013 Posted May 30, 2013 UPDATE!!! Updated a lot of things: 1. AES 256 bit Password protection + Hashing (additional security) 2. Better looking GUI 3. Log viewer 4. White and Black List. 5. Stop Autorun. 6. Quick Registry Fix 7. Perfect (no command loss) command line parsing. Extracted it entirely from $CmdLineRaw NOTE: MANY THINGS DO NOT WORK YET. Mostly because It is a Beta I'll post the stable version as soon as I can. - Shafayat BTW, Can anyone help me with making a help file (a professional looking *.chm file) ? many thanks could you please help I want to delete autorun.inf calling contents after detecting most virus do call there .exe files
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now