Semlr

New Member
@Semlr,
Could you please test if this issue is also present for some other applications:
Thank you.

What version of a virtual machine do you use?
Thanks for your response.
Here are my results:

Hard_Configurator:
  • Same error
ConfigureDefender-repo (hardening tools?):
  • Configuire Defender started just fine,
  • DocumentsAntiExploits same error,
  • Network hardening startet just fine.
VM:
Hyper V, Gen2-setup:
client:
1596630683667.png

& Kaspersky Antivirus (just as a sidenote, it did not interfere)
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
Thanks for your response.
Here are my results:

Hard_Configurator:
  • Same error
ConfigureDefender-repo (hardening tools?):
  • Configuire Defender started just fine,
  • DocumentsAntiExploits same error,
  • Network hardening startet just fine.
VM:
Hyper V, Gen2-setup:
client:
View attachment 244997
& Kaspersky Antivirus (just as a sidenote, it did not interfere)
Thanks. I am trying to reproduce this issue on the official Hyper-V Windows 10 Enterprise Evaluation ver. 2004 build 19041.329, but everything works well. Anyway, this is Hyper-V Gen 1.
Do you have a link to the official Gen 2 Hyper-V Windows 10 virtual machine?
 

Semlr

New Member
Thanks. I am trying to reproduce this issue on the official Hyper-V Windows 10 Enterprise Evaluation ver. 2004 build 19041.329, but everything works well. Anyway, this is Hyper-V Gen 1.
Do you have a link to the official Gen 2 Hyper-V Windows 10 virtual machine?
I created a new vm and installed windows 10 pro 2004 using the official iso (created by media creation tool).
Is it possible to collect a trace log or stack trace for autoit-scripts?
Currently we only know the line number (32692), if this is accurate.
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
I created a new vm and installed windows 10 pro 2004 using the official iso (created by media creation tool).
Is it possible to collect a trace log or stack trace for autoit-scripts?
Currently we only know the line number (32692), if this is accurate.
The final Autoit executable contains the code made by developer + many Autoit built-in functions added in the process of compilation. It is possible to decompile 32-bit executables via Exe2Aut tool. But, you have 64-bit version.
It is probably possible to install Autoit in the VM and run the script (without compilation). Then the error will show the line in the concrete Autoit function.
 
Last edited:

Andy Ful

Level 60
Verified
Trusted
Content Creator
I created a new vm and installed windows 10 pro 2004 using the official iso (created by media creation tool).
...
I have just finished testing on the VM like the above one - no problems. So, it seems that the only way to identify the issue is to run the source scripts (not compiled) on your virtual machine.
If you would like to do this, then you can use the source from:
The archive has to be unpacked to the Windows folder so the scripts will be placed in the folder: c:\Windows\Hard_Configurator .
Installation of Autoit is necessary:
For testing H_C and DocumentsAntiExploit the below scripts can be run from the Explorer:
c:\Windows\Hard_Configurator\Hard_Configurator.au3
c:\Windows\Hard_Configurator\DocumentsAntiExploit.au3
These scripts use other files so all source scripts are required in the Hard_Configurator folder.
 

Semlr

New Member
Thank you for the guideline.
I executed the DocumentsAntiExploit.au3 and
I found a clue:
1596729637352.png


The logged on user does not have administrator rights (standard user).
Admin rights are granted by another user account which is local administrator.
Maybe this "mismatch" (logged on user vs user which granted admin rights) cause this error?
 

Andy Ful

Level 60
Verified
Trusted
Content Creator
Thank you for the guideline.
I executed the DocumentsAntiExploit.au3 and
I found a clue:
View attachment 245015

The logged on user does not have administrator rights (standard user).
Admin rights are granted by another user account which is local administrator.
Maybe this "mismatch" (logged on user vs user which granted admin rights) cause this error?
I forgot that the archive is password protected 🙃:
hard_configurator5111

This function works well (both on Admin Account or SUA) and normally the variable $User[0] contains the SID of the Current User. I think that probably some security prevents reading the SID.

Please replace the function _GetCurrentUserSID() with this code:
Code:
Func _GetCurrentUserSID()
    Local $User = _Security__LookupAccountName(_GetCurrentUser(),@ComputerName)
    If @error Then Return SetError(1,0,"")
    Return 1
;    Return $User[0]
EndFunc
But do not apply restrictions.
 
Last edited:

Andy Ful

Level 60
Verified
Trusted
Content Creator
@Semlr,
Thanks for the support. I will add an alert about such an event and the program will gently exit, instead of showing the error.(y):)
The CurrentUser SID is essential only for DocumentsAntiExploit tool, and the code related to _GetCurrentUserSID can be removed in actual versions of H_C, SwitchDefaultDeny, and SWH.
 
Last edited:
Top