[Solved] How can I detect manual execution of a script?

Soulstriker · June 27, 2017

Hello everyone! I'm having problems with a tool I developed.

Said script was created as a maintenance tool for a system. It's executed by a third party procedure, but it would be useful to run it manually if required, tough only by authorized personnel.

What I'd like to do is to detect if the tool was executed manually and in such case, ask for a password to run, but still be able to run when executed by the automatic procedure.

Is there any way to detect this difference? I thought about detecting the windows user who is trying to run it, but the remote operators have Administrator access, so it'd be hard to limit with that.

Thank you!

Edited June 27, 2017 by Soulstriker

Subz · June 27, 2017

You could use something like _AD_IsMemberOf from the AD UDF within your script and either add only authorized users/systems to this group within AD. If the user isn't a member of the group then prompt for a username and password otherwise force the script to exit.

Jos · June 27, 2017

One approach could be to test for the parents of the executed script. Example when a Script ran from SciTE shells Notepad:

#include <WinAPIProc.au3>
$pid = Run("notepad.exe")
$pPid = _WinAPI_GetParentProcess($PID)
$p2Pid = _WinAPI_GetParentProcess($pPID)
$p3Pid = _WinAPI_GetParentProcess($p2PID)
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : _WinAPI_GetProcessName ($PID) = ' & _WinAPI_GetProcessName($PID) & @CRLF) ;### Debug Console
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : _WinAPI_GetProcessName ($pPID) = ' & _WinAPI_GetProcessName($pPID) & @CRLF) ;### Debug Console
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : _WinAPI_GetProcessName ($p2PID) = ' & _WinAPI_GetProcessName($p2PID) & @CRLF) ;### Debug Console
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : _WinAPI_GetProcessName ($p3PID) = ' & _WinAPI_GetProcessName($p3PID) & @CRLF) ;### Debug Console
If _WinAPI_GetProcessName($p2PID) = "AutoIt3.exe" Then
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : "Level 2 => AutoIt3"' & @CRLF) ;### Debug Console
EndIf
If _WinAPI_GetProcessName($p3PID) = "SciTE.exe" Then
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : "Level 3 => SciTE"' & @CRLF) ;### Debug Console
EndIf

Jos

Soulstriker · June 27, 2017

21 minutes ago, Subz said:

You could use something like _AD_IsMemberOf from the AD UDF within your script and either add only authorized users/systems to this group within AD. If the user isn't a member of the group then prompt for a username and password otherwise force the script to exit.

I thought about that, but I don't know to implement that along with automatic execution without asking for password. I don't mind hardcoing the password into the script, it's just to prevent mindless, random clicking by some IT grunt.

6 minutes ago, Jos said:

One approach could be to test for the parents of the executed script. Example when a Script ran from SciTE shells Notepad:

#include <WinAPIProc.au3>
$pid = Run("notepad.exe")
$pPid = _WinAPI_GetParentProcess($PID)
$p2Pid = _WinAPI_GetParentProcess($pPID)
$p3Pid = _WinAPI_GetParentProcess($p2PID)
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : _WinAPI_GetProcessName ($PID) = ' & _WinAPI_GetProcessName($PID) & @CRLF) ;### Debug Console
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : _WinAPI_GetProcessName ($pPID) = ' & _WinAPI_GetProcessName($pPID) & @CRLF) ;### Debug Console
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : _WinAPI_GetProcessName ($p2PID) = ' & _WinAPI_GetProcessName($p2PID) & @CRLF) ;### Debug Console
ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : _WinAPI_GetProcessName ($p3PID) = ' & _WinAPI_GetProcessName($p3PID) & @CRLF) ;### Debug Console
If _WinAPI_GetProcessName($p2PID) = "AutoIt3.exe" Then
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : "Level 2 => AutoIt3"' & @CRLF) ;### Debug Console
EndIf
If _WinAPI_GetProcessName($p3PID) = "SciTE.exe" Then
    ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : "Level 3 => SciTE"' & @CRLF) ;### Debug Console
EndIf

Jos

Hm, that could work. I'll check and will let you know.

Thank you both for your replies!

Jos · June 27, 2017

Forgot to include the fact that @AutoItPID contains the PID of the current script and could/should be used as the first level pid.

Jos

Soulstriker · June 27, 2017

Jos, your solution worked like a charm!

I just check that the parent Process is the third party program that runs maintenance and if it isn't, it asks for a password.

Thank you very much!

RTFC · June 28, 2017

@Soulstriker: Hi. Not sure if your tool needs to be protected from unauthorised tampering, but if you wish to avoid storing your password in any form inside your script, check out my CodeCrypter (keytype 1 = password query at startup).

Soulstriker · June 28, 2017

@RTFC: Thank you. I was looking for something like that. I'm an absolute noob at encryption and security. I was thinking about obfuscation and some other tools that could help me with that. I'll definitely check your CodeCrypter.

Thank you!

Sign In

[Solved] How can I detect manual execution of a script?

Recommended Posts

Soulstriker

Link to comment

Share on other sites

Subz

Link to comment

Share on other sites

Jos

Link to comment

Share on other sites

Soulstriker

Link to comment

Share on other sites

Jos

Link to comment

Share on other sites

Soulstriker

Link to comment

Share on other sites

RTFC

Link to comment

Share on other sites

Soulstriker

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta