有个Online Course的网上测评只能用LockDown Browser这个浏览器,灰常牛逼,禁用了所有的快捷键,禁用了任务管理器,禁用了alt-tab,禁止在虚拟机里(包括VM Ware,Virtual PC……)运行,反正我能想到的办法都被它禁掉了╮(╯▽╰)╭
由于Ohio State University使用了这个网上测评的系统,有OSU的学生就在吐槽说这浏览器特么的不就是个病毒么。
看到帖子说可以用Notepad打开LockDown.exe,我一想我电脑里不是有更强大的UltraEdit嘛,就打开来看了一下。
让我感到疑惑的是,网上所有的帖子都说这个软件的机制是禁用了它的blacklist上所有的程序,但根据我观察到的情况,我倒觉得它用的是whitelist,即只允许出现在它列表中的那些进程 (系统进程等),否则一律要求用户kill。可能那些帖子太老了吧,最近这个浏览器update过了。
最奇怪的是,在该可执行文件中,出现了AutoHotKey字符串,就说明程序的作者意识到了AHK的存在,但缘于何种原因他没有要求用户禁止AutoHotKey.exe,就不得而知了。因为为了破除该软件的限制,我们用到的工具正是AutoHotKey。
运行程序的命令需要用到AHK自带的Window Spy小工具,因为需要用这个工具查看需要运行的程序的名字(在AHK里的名字)。
主要参考了这个脚本,在它的基础上做了不少修改。
另外,截屏这个功能参考了这个帖子(我直接copy & paste了CaptureScreen这个函数)。
原来国外竟有这么多人在研究AHK,我觉得还蛮惊讶的;也很好奇为何这个简单轻便的小工具有这么大的魅力,能吸引到这么多人在论坛上讨论。
Talk is cheap. Show me the code.
下面是我的脚本:
Run, C:\Program Files (x86)\Respondus LockDown Browser\LockDown.exe
WinWait, Respondus LockDown Browser
WinSet, AlwaysOnTop, Off, Respondus LockDown Browser
WinSet, Enable, , Respondus LockDown Browser
Gui -MinimizeBox
Gui, Add, Button, default, &Run Chrome
Gui, Add, Button, default, &Show Chrome
Gui, Add, Button, default, &Run Explorer
Gui, Add, Button, default, &Show Foxit Reader
Gui, Add, Button, default, &Screen Shot
Gui, Show,, Subversion Menu
WinSet, AlwaysOnTop, On, Subversion Menu
return
ButtonRunIE:
Run, IEXPLORE.EXE
return
ButtonRunChrome:
Run, chrome.EXE
return
ButtonShowChrome:
WinActivate, ahk_class Chrome_WidgetWin_1
return
ButtonVisitAllWindows:
WinGet, id, list,,, Program Manager
Loop, %id%
{
this_id := id%A_Index%
WinActivate, ahk_id %this_id%
WinGetClass, this_class, ahk_id %this_id%
WinGetTitle, this_title, ahk_id %this_id%
MsgBox, 4, , Visiting All Windows`n%a_index% of %id%`nahk_id %this_id%`nahk_class %this_class%`n%this_title%`n`nContinue?
IfMsgBox, NO, break
}
return
ButtonRunExplorer:
Run, explore
return
ButtonShowExplorer:
WinActivate, ahk_class CabinetWClass
return
ButtonShowFoxitReader:
WinActivate, ahk_class classFoxitReader
return
ButtonScreenShot:
counter++
count = 000%counter%
stringright, count, count, 4
imagesavename=C:\test%count%.bmp
; call the screencapture function
CaptureScreen(0,false,imagesavename)
Return
return
; Drag to move the Gui
uiMove:
PostMessage, 0xA1, 2,,, A
Return
;############# RegionCapture Code is below ########################################################
/* CaptureScreen(aRect, bCursor, sFileTo)
1) If the optional parameter bCursor is True, captures the cursor too.
2) If the optional parameter sFileTo is 0, set the image to Clipboard.
If it is omitted or "", saves to screen.bmp in the script folder,
otherwise to sFileTo which can be BMP/JPG/PNG/GIF/TIF.
3) If aRect is 0/1/2, captures the screen/active window/client area of active window.
4) aRect can be comma delimited sequence of coordinates, e.g., "Left, Top, Right, Bottom" or "Left, Top, Right, Bottom, Width_Zoomed, Height_Zoomed".
In this case, only that portion of the rectangle will be captured. Additionally, in the latter case, zoomed to the new width/height, Width_Zoomed/Height_Zoomed.
Build date is 20-12-2007
Example:
CaptureScreen(0)
CaptureScreen(1)
CaptureScreen(2)
CaptureScreen("100, 100, 200, 200")
CaptureScreen("100, 100, 200, 200, 400, 400") ; Zoomed
*/
/* Convert(sFileFr, sFileTo)
Convert("C:\image.bmp", "C:\image.jpg")
Convert(0, "C:\clip.png") ; Save the bitmap in the clipboard to sFileTo if sFileFr is "" or 0.
*/
CaptureScreen(aRect = 0, bCursor = False, sFile = "")
{
If !aRect
{
SysGet, Mon, Monitor, 1
nL := MonLeft
nT := MonTop
nW := MonRight - MonLeft
nH := MonBottom - MonTop
}
Else If aRect = 1
WinGetPos, nL, nT, nW, nH, A
Else If aRect = 2
{
WinGet, hWnd, ID, A
VarSetCapacity(rt, 16, 0)
DllCall("GetClientRect" , "Uint", hWnd, "Uint", &rt)
DllCall("ClientToScreen", "Uint", hWnd, "Uint", &rt)
nL := NumGet(rt, 0, "int")
nT := NumGet(rt, 4, "int")
nW := NumGet(rt, 8)
nH := NumGet(rt,12)
}
Else
{
StringSplit, rt, aRect, `,, %A_Space%%A_Tab%
nL := rt1
nT := rt2
nW := rt3 - rt1
nH := rt4 - rt2
znW := rt5
znH := rt6
}
hDC := DllCall("GetDC", "Uint", 0)
mDC := DllCall("CreateCompatibleDC", "Uint", hDC)
hBM := DllCall("CreateCompatibleBitmap", "Uint", hDC, "int", nW, "int", nH)
oBM := DllCall("SelectObject", "Uint", mDC, "Uint", hBM)
DllCall("BitBlt", "Uint", mDC, "int", 0, "int", 0, "int", nW, "int", nH, "Uint", hDC, "int", nL, "int", nT, "Uint", 0x40000000 | 0x00CC0020)
If bCursor
CaptureCursor(mDC, nL, nT)
DllCall("SelectObject", "Uint", mDC, "Uint", oBM)
DllCall("DeleteDC", "Uint", mDC)
If znW && znH
hBM := Zoomer(hDC, hBM, nW, nH, znW, znH)
If sFile = 0
SetClipboardData(hBM)
Else Convert(hBM, sFile)
DllCall("DeleteObject", "Uint", hBM)
DllCall("ReleaseDC", "Uint", 0, "Uint", hDC)
}
CaptureCursor(hDC, nL, nT)
{
VarSetCapacity(mi, 20, 0)
mi := Chr(20)
DllCall("GetCursorInfo", "Uint", &mi)
bShow := NumGet(mi, 4)
hCursor := NumGet(mi, 8)
xCursor := NumGet(mi,12)
yCursor := NumGet(mi,16)
VarSetCapacity(ni, 20, 0)
DllCall("GetIconInfo", "Uint", hCursor, "Uint", &ni)
xHotspot := NumGet(ni, 4)
yHotspot := NumGet(ni, 8)
hBMMask := NumGet(ni,12)
hBMColor := NumGet(ni,16)
If bShow
DllCall("DrawIcon", "Uint", hDC, "int", xCursor - xHotspot - nL, "int", yCursor - yHotspot - nT, "Uint", hCursor)
If hBMMask
DllCall("DeleteObject", "Uint", hBMMask)
If hBMColor
DllCall("DeleteObject", "Uint", hBMColor)
}
Zoomer(hDC, hBM, nW, nH, znW, znH)
{
mDC1 := DllCall("CreateCompatibleDC", "Uint", hDC)
mDC2 := DllCall("CreateCompatibleDC", "Uint", hDC)
zhBM := DllCall("CreateCompatibleBitmap", "Uint", hDC, "int", znW, "int", znH)
oBM1 := DllCall("SelectObject", "Uint", mDC1, "Uint", hBM)
oBM2 := DllCall("SelectObject", "Uint", mDC2, "Uint", zhBM)
DllCall("SetStretchBltMode", "Uint", mDC2, "int", 4)
DllCall("StretchBlt", "Uint", mDC2, "int", 0, "int", 0, "int", znW, "int", znH, "Uint", mDC1, "int", 0, "int", 0, "int", nW, "int", nH, "Uint", 0x00CC0020)
DllCall("SelectObject", "Uint", mDC1, "Uint", oBM1)
DllCall("SelectObject", "Uint", mDC2, "Uint", oBM2)
DllCall("DeleteDC", "Uint", mDC1)
DllCall("DeleteDC", "Uint", mDC2)
DllCall("DeleteObject", "Uint", hBM)
Return zhBM
}
Convert(sFileFr = "", sFileTo = "")
{
If !sFileTo
sFileTo := %imagesavename%
SplitPath, sFileTo, , , sExtTo
hGdiPlus := DllCall("LoadLibrary", "str", "gdiplus.dll")
VarSetCapacity(si, 16, 0), si := Chr(1)
DllCall("gdiplus\GdiplusStartup", "UintP", pToken, "Uint", &si, "Uint", 0)
DllCall("gdiplus\GdipGetImageEncodersSize", "UintP", nCount, "UintP", nSize)
VarSetCapacity(ci, nSize)
DllCall("gdiplus\GdipGetImageEncoders", "Uint", nCount, "Uint", nSize, "Uint", &ci)
Loop, %nCount%
{
If !InStr(Ansi4Unicode(NumGet(ci, 76 * (A_Index - 1) + 44)), "." . sExtTo)
Continue
pCodec := &ci + 76 * (A_Index - 1)
Break
}
If !sFileFr
{
DllCall("OpenClipboard", "Uint", 0)
If DllCall("IsClipboardFormatAvailable", "Uint", 2) && (hBM:=DllCall("GetClipboardData", "Uint", 2))
DllCall("gdiplus\GdipCreateBitmapFromHBITMAP", "Uint", hBM, "Uint", 0, "UintP", pImage)
DllCall("CloseClipboard")
}
Else If sFileFr Is Integer
DllCall("gdiplus\GdipCreateBitmapFromHBITMAP", "Uint", sFileFr, "Uint", 0, "UintP", pImage)
Else DllCall("gdiplus\GdipLoadImageFromFile", "Uint", Unicode4Ansi(wFileFr,sFileFr), "UintP", pImage)
If pImage
DllCall("gdiplus\GdipSaveImageToFile", "Uint", pImage, "Uint", Unicode4Ansi(wFileTo,sFileTo), "Uint", pCodec, "Uint", 0), DllCall("gdiplus\GdipDisposeImage", "Uint", pImage)
DllCall("gdiplus\GdiplusShutdown" , "Uint", pToken)
DllCall("FreeLibrary", "Uint", hGdiPlus)
}
SetClipboardData(hMem, nFormat = 2)
{
DetectHiddenWindows, On
Process, Exist
WinGet, hAHK, ID, ahk_pid %ErrorLevel%
DllCall("OpenClipboard", "Uint", hAHK)
DllCall("EmptyClipboard")
DllCall("SetClipboardData", "Uint", nFormat, "Uint", hMem)
DllCall("CloseClipboard")
}
Unicode4Ansi(ByRef wString, sString)
{
nSize := DllCall("MultiByteToWideChar", "Uint", 0, "Uint", 0, "Uint", &sString, "int", -1, "Uint", 0, "int", 0)
VarSetCapacity(wString, nSize * 2)
DllCall("MultiByteToWideChar", "Uint", 0, "Uint", 0, "Uint", &sString, "int", -1, "Uint", &wString, "int", nSize)
Return &wString
}
Ansi4Unicode(pString)
{
nSize := DllCall("WideCharToMultiByte", "Uint", 0, "Uint", 0, "Uint", pString, "int", -1, "Uint", 0, "int", 0, "Uint", 0, "Uint", 0)
VarSetCapacity(sString, nSize)
DllCall("WideCharToMultiByte", "Uint", 0, "Uint", 0, "Uint", pString, "int", -1, "str", sString, "int", nSize, "Uint", 0, "Uint", 0)
Return sString
}
#space::
imagesavename=C:\test.bmp
; call the screencapture function
CaptureScreen(0,false,imagesavename)
Return
GuiClose:
转载自原文链接, 如需删除请联系管理员。
原文链接:Hacking Respondus LockDown Browser,转载请注明来源!