ChromeFan Posted September 12, 2008 Posted September 12, 2008 (edited) hi, i have just created a script to remove autorun.inf files from USB devices and i have also disabled autorun on USB drives using registry. now i want that user should be not able to open the usb drive until it is scanned and cleaned. for this i want to block the usb devices. block means my script will work on it and during this user will be not abe to open the usb. any ideas like hiding , making it invisible, or any type of idea to work for it? i really don't know what to do on this stage... can anyone help me? thanks in advance for the help! Edited September 12, 2008 by ChromeFan Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, What happened? Casey Stengel
Andreik Posted September 12, 2008 Posted September 12, 2008 hi, i have just created a script to remove autorun.inf files from USB devices and i have also disabled autorun on USB drives using registry. now i want that user should be not able to open the usb drive until it is scanned and cleaned. for this i want to block the usb devices. block means my script will work on it and during this user will be not abe to open the usb. any ideas like hiding , making it invisible, or any type of idea to work for it? i really don't know what to do on this stage... can anyone help me? thanks in advance for the help!I don't know if is possible to hide or make invisible but you can eject drive. I found this function in one script wrote by rasim. expandcollapse popupFunc _DriveEject($sDrive) Local Const $IOCTL_STORAGE_GET_DEVICE_NUMBER = 0x2D1080 Local Const $FILE_SHARE_READ = 0x1 Local Const $FILE_SHARE_WRITE = 0x2 Local Const $OPEN_EXISTING = 3 Local $szVolumeName = "\\.\" & $sDrive $hDrive = DllCall("kernel32.dll", "hwnd", "CreateFile", _ "str", $szVolumeName, _ "int", 0, _ "int", BitOR($FILE_SHARE_READ, $FILE_SHARE_WRITE), _ "ptr", 0, _ "int", $OPEN_EXISTING, _ "int", 0, _ "int", 0) If $hDrive[0] = -1 Then Return False Local $STORAGE_DEVICE_NUMBER = DllStructCreate("int;int;int") Local $ByteRet = DllStructCreate("int") DllCall("kernel32.dll", "int", "DeviceIoControl", _ "hwnd", $hDrive[0], _ "int", $IOCTL_STORAGE_GET_DEVICE_NUMBER, _ "ptr", 0, _ "int", 0, _ "ptr", DllStructGetPtr($STORAGE_DEVICE_NUMBER), _ "int", DllStructGetSize($STORAGE_DEVICE_NUMBER), _ "int*", $ByteRet, _ "ptr", 0) DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hDrive[0]) Local $iDrive = "\\.\PhysicalDrive" & DllStructGetData($STORAGE_DEVICE_NUMBER, 2) DllCall("ntmsapi.dll", "int", "EjectDiskFromSADriveA", "str", "", "str", "", "str", $iDrive, "hwnd", 0, _ "str", "Title", "str", "Eject drive", "int", $NTMS_EJECT_FORCE) EndFunc
ChromeFan Posted September 12, 2008 Author Posted September 12, 2008 I don't know if is possible to hide or make invisible but you can eject drive. I found this function in one script wrote by rasim. expandcollapse popupFunc _DriveEject($sDrive) Local Const $IOCTL_STORAGE_GET_DEVICE_NUMBER = 0x2D1080 Local Const $FILE_SHARE_READ = 0x1 Local Const $FILE_SHARE_WRITE = 0x2 Local Const $OPEN_EXISTING = 3 Local $szVolumeName = "\\.\" & $sDrive $hDrive = DllCall("kernel32.dll", "hwnd", "CreateFile", _ "str", $szVolumeName, _ "int", 0, _ "int", BitOR($FILE_SHARE_READ, $FILE_SHARE_WRITE), _ "ptr", 0, _ "int", $OPEN_EXISTING, _ "int", 0, _ "int", 0) If $hDrive[0] = -1 Then Return False Local $STORAGE_DEVICE_NUMBER = DllStructCreate("int;int;int") Local $ByteRet = DllStructCreate("int") DllCall("kernel32.dll", "int", "DeviceIoControl", _ "hwnd", $hDrive[0], _ "int", $IOCTL_STORAGE_GET_DEVICE_NUMBER, _ "ptr", 0, _ "int", 0, _ "ptr", DllStructGetPtr($STORAGE_DEVICE_NUMBER), _ "int", DllStructGetSize($STORAGE_DEVICE_NUMBER), _ "int*", $ByteRet, _ "ptr", 0) DllCall("kernel32.dll", "int", "CloseHandle", "hwnd", $hDrive[0]) Local $iDrive = "\\.\PhysicalDrive" & DllStructGetData($STORAGE_DEVICE_NUMBER, 2) DllCall("ntmsapi.dll", "int", "EjectDiskFromSADriveA", "str", "", "str", "", "str", $iDrive, "hwnd", 0, _ "str", "Title", "str", "Eject drive", "int", $NTMS_EJECT_FORCE) EndFunc Thanks a lot for your quick help but if i will eject the usb then how i will Scan the device? as i said... i want that user should be not able to open the usb drive until it is scanned and cleaned. block means my script will work on it and during this user will be not abe to open the usb. i know you have tried to help me and i really appreciate your good work, Thanks once again anyone can give me some idea or something which can do a favor for me? Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, What happened? Casey Stengel
ChromeFan Posted September 13, 2008 Author Posted September 13, 2008 *Dump* Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, What happened? Casey Stengel
dworld Posted September 13, 2008 Posted September 13, 2008 hi,Maybe on the net you can find some solution for hide drives (via Registry).Probably you could set the registry keys, and when you finished just enable it again.There is "Prevent Access to the Contents of Selected Drives " too.In both of the method i'm not sure that you can scan the contents of the drive...Link to the site dworldI'm new in autoit, but I like it. My mind is open to the new things.
ChromeFan Posted September 13, 2008 Author Posted September 13, 2008 (edited) ok, Thanks! but i am still in a big problem... i have the following information Drives can be hidden using the Registry. To open the Windows Registry press Windows R, type regedit and hit enter. Now navigate to the Registry key HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Policies \Explorer if you want to hide drives for the current user or HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentVersion \policies \Explorer if you want to hide them for all users and create a new Dword (right-click free space on the right pane, select New > Dword) and name it NoDrives. Setting the value of NoDrives is a little bit more complicated. Every drive has a specific value that has to be combined if you want to hide more than one drive. Here is a short table explaining the values for each drive: * Drive A: - Value 1 * Drive B: - Value 2 * Drive C: - Value 4 * Drive D: - Value 8 * Drive E: - Value 16 * Drive F: - Value 32 * Drive G: - Value 64 * Drive H: - Value 128 * Drive I: - Value 256 * Drive J: - Value 512 * and so on... you can use this tool to calculate easily http://www.wisdombay.com/hidedrive/ If you want to hide one drive just enter the value from that drive. If you want to hide more than one drive you have to add all values. If you wanted to hide Drive A, B and G you would enter the value 1+2+64 = 67. You can revert those changes by setting the value to 0 or by deleting that Registry key completely. It is possible to access those drives in Windows Explorer by using the address bar. Simply use the drive letter of the hidden drive in the address bar to access it. now i want to hide the connected USB device using the registry but it's complicated for me. can you help me to create the registry key to hide USB flash drive? Edited September 13, 2008 by ChromeFan Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, What happened? Casey Stengel
dworld Posted September 13, 2008 Posted September 13, 2008 (edited) So in the AutoIt help: AutoIt->Function Reference->Registry Management Hopefully there you can find all information what you need [edit] Of course somehow you should guess which drive letter will Windows assign to the newly connected USB drive... Edited September 13, 2008 by dworld dworldI'm new in autoit, but I like it. My mind is open to the new things.
ChromeFan Posted September 13, 2008 Author Posted September 13, 2008 So in the AutoIt help: AutoIt->Function Reference->Registry Management Hopefully there you can find all information what you need [edit] Of course somehow you should guess which drive letter will Windows assign to the newly connected USB drive... thanks, i know how to write in registry but i dont know how to get drive letter of usb. any example? Website: www.cerescode.comForum: www.forum.cerescode.comIRC: irc.freenode.net , Channel: #Ceres--------------------Autoit Wrappers, Great additions to your script (Must See) (By: Valuater)Read It Befor Asking Question Click Here...--------------------Join Monoceres's Forums http://www.monoceres.se--------------------There are three kinds of people: Those who make things happen, those who watch things happen, and those who ask, What happened? Casey Stengel
dworld Posted September 13, 2008 Posted September 13, 2008 (edited) i found new info: Under this key: HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices And as the name of the key show you will find here the drive letters, and if you double click on one - which is not harddrive - you will see on the right side in the text that it is a CDROM or USB drive. edit: Query one of the drive values: reg query HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices /v "\DosDevices\H:" So if you have a a for cycle which is querying the mounted drives registry values, and can read that it is a Removable media, or cdrom, you'll be able to guess which is the correct letter for USB, and you can work with it. The problem is that the query will return in hex HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices \DosDevices\H: REG_BINARY 5C003F003F005C00530054004F00520041004700 45002300520065006D006F007600610062006C0065004D0065006400690061002300370026003700 39006100350030006100620026003000260052004D0023007B003500330066003500360033003000 64002D0062003600620066002D0031003100640030002D0039003400660032002D00300030006100 3000630039003100650066006200380062007D00 The other problem is that, once you connected an USB drive, the letter will stay in the registry, so it is possible that there will be more than 1 letters which will be not assigned to any drive Actually I think there should be an easier solution, and i don't want to take your script developing to wrong direction with this registry thing. Maybe we should wait somebody other, more experienced member's opinion.. Edited September 13, 2008 by dworld dworldI'm new in autoit, but I like it. My mind is open to the new things.
Confuzzled Posted September 14, 2008 Posted September 14, 2008 Isn't there policies that will do this for you?
dworld Posted September 14, 2008 Posted September 14, 2008 thanks, i know how to write in registry but i dont know how to get drive letter of usb. any example?I think this is what you need, i found it in the help file: $var = DriveGetDrive( "removable" ) If NOT @error Then MsgBox(4096,"", "Found " & $var[0] & " drives") For $i = 1 to $var[0] MsgBox(4096,"Drive " & $i, $var[$i]) Next EndIf the example will work if removable drive is connected dworldI'm new in autoit, but I like it. My mind is open to the new things.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now