THanks for this, lets me rest easy. I scan all scripts I download now!
THanks for this, lets me rest easy. I scan all scripts I download now!
Hey Officer!
I got this script to pick up A LOT less false positives using some brave new tricks.
Also, FindEx() now detects overlapping strings correctly.
Attached "unofficial" version 1.31 - so, give it a try!
Of course there is still many ways how this script could be improved even more, but everything in time...
Sure hope you'll like how well this unofficial version works now!
BTW, that FindEx function is pretty badass now (well, compared to the last version!), here is a little example from String Handling Commands topic (I named it as "Find" there):
Must say, I am very happy with the outcome.Code:const TEXT = 'TestesTESTTestest test testest1 2testest test3 TEST Test Test.' + #13#10 + 'TEST!' + #13#10 + 'TeSt'; FIND_STR = 'test'; {==============================================================================] Explanation: Important types for Find() function! Contains the string matching methods. [==============================================================================} type TMatchMethod = (mmAll, mmIgnoreCase, mmOverlap, mmWholeWords, mmStrictWW); TMatchMethods = set of TMatchMethod; var methods: array of TMatchMethods; procedure SetupMethods; begin SetLength(methods, 6); methods[0] := []; methods[1] := [mmIgnoreCase]; methods[2] := [mmIgnoreCase, mmAll]; methods[3] := [mmIgnoreCase, mmAll, mmOverlap]; methods[4] := [mmIgnoreCase, mmAll, mmOverlap, mmWholeWords]; methods[5] := [mmIgnoreCase, mmAll, mmOverlap, mmWholeWords, mmStrictWW]; end; {==============================================================================] Explanation: Returns all the positions of found/matching strings (findStr) in text. Uses a set of TMatchMethod (methods) for string matching. Contains field for offset. [==============================================================================} function Find(text, findStr: string; methods: TMatchMethods; offset: Integer): TIntegerArray; var sb, sa: string; r, l, f, o, p, d, x, y, abL, abR, abX, abP, spA, spB, spH, spL, spI, spR, spD: Integer; re: TRegExp; ma, mb, a, s, ol: Boolean; c: TIntegerArray; t: T2DIntegerArray; begin l := Length(text); f := Length(findStr); if ((l > 0) and (f > 0) and (offset <= (l - f))) then begin if (offset < 1) then offset := 1; SetLength(Result, l); re := TRegExp.Create; re.InputString := text; re.Expression := findStr; if (mmIgnoreCase in methods) then re.ModifierI := True; a := (mmAll in methods); case a of False: re.ModifierG := True; True: re.ModifierG := False; end; re.ModifierM := True; ol := (mmOverlap in methods); if not ol then o := (Length(findStr) - 1); Inc(o); p := Offset; if re.ExecPos(p) then repeat if (re.Match[0] <> '') then begin Result[r] := re.MatchPos[0]; p := (Result[r] + o); Inc(r); end; until not re.ExecPos(p); re.Free; SetLength(Result, r); if ((r > 0) and (mmWholeWords in methods)) then begin s := (mmStrictWW in methods); if not s then c := [65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, // A-Z 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, // a-z 48, 49, 50, 51, 52, 53, 54, 55, 56, 57]; // 0-9 case ol of True: begin spH := High(Result); if (spH > -1) then begin SetLength(t, (spH + 1)); t[0] := [Integer(Result[0])]; if (spH > 0) then begin spR := 1; for spI := 1 to spH do begin for spA := 0 to (spR - 1) do begin spL := Length(t[spA]); for spB := 0 to (spL - 1) do begin spD := IAbs(Result[spI] - t[spA][spB]); if (spD <= f) then begin SetLength(t[spA], (spL + 1)); t[spA][spL] := Integer(Result[spI]); Break; end; end; if (spB < spL) then Break; end; if (spA >= spR) then begin t[spR] := [Integer(Result[spI])]; Inc(spR); end; end; end; SetLength(t, spR); spH := High(t); for spI := spH downto 0 do begin spB := Low(t[spI]); spA := High(t[spI]); abX := 1; abP := t[spI][spB]; abL := Length(text); case ((abL > 0) and (abP > 1)) of True: begin if ((abP - abX) < 1) then abX := ((abP - abX) + (abX - 1)); if (abP > (abL + 1)) then begin abR := ((abP - abL) - 1); abX := (abX - abR); end; sb := Copy(text, ((abP - abX) - abR), abX); end; False: sb := ''; end; abX := 1; abP := (t[spI][spA] + f); abL := Length(text); case ((abL > 0) and (abP <= abL)) of True: begin if (abP < 1) then begin abX := (abX - iAbs(abP - 1)); abP := 1; end; if ((abX > 0) and ((abP + abX) > abL)) then abX := (abX - (((abP + abX) - abL) - 1)); sa := Copy(text, abP, abX); end; False: sa := ''; end; case s of True: begin mb := ((sb = ' ') or (sb = '') or (sb = #13#10) or (sb = #13) or (sb = #10)); ma := ((sa = ' ') or (sa = '') or (sa = #13#10) or (sa = #13) or (sa = #10)); end; False: begin mb := ((sb = '') or not InIntArray(c, Ord(sb[1]))); ma := ((sa = '') or not InIntArray(c, Ord(sa[1]))); end; end; if not (mb and ma) then begin for spD := spI to (spH - 1) do t[spD] := t[(spD + 1)]; SetLength(t, spH); Dec(spH); end; end; spH := High(t); if (spH > -1) then begin for spI := 0 to spH do IncEx(spR, (High(t[spI]) + 1)); SetLength(Result, spR); spR := 0; for spI := 0 to spH do begin spL := High(t[spI]); for spA := 0 to spL do begin Result[spR] := Integer(t[spI][spA]); Inc(spR); end; end; SetLength(Result, spR); end else SetLength(Result, 0); end else r := 0; end; False: begin for x := (r - 1) downto 0 do begin abX := 1; abP := Result[x]; abL := Length(text); case ((abL > 0) and (abP > 1)) of True: begin if ((abP - abX) < 1) then abX := ((abP - abX) + (abX - 1)); if (abP > (abL + 1)) then begin abR := ((abP - abL) - 1); abX := (abX - abR); end; sb := Copy(text, ((abP - abX) - abR), abX); end; False: sb := ''; end; abX := 1; abP := (Result[x] + f); abL := Length(text); case ((abL > 0) and (abP <= abL)) of True: begin if (abP < 1) then begin abX := (abX - iAbs(abP - 1)); abP := 1; end; if ((abX > 0) and ((abP + abX) > abL)) then abX := (abX - (((abP + abX) - abL) - 1)); sa := Copy(text, abP, abX); end; False: sa := ''; end; case s of True: begin mb := ((sb = ' ') or (sb = '') or (sb = #13#10) or (sb = #13) or (sb = #10)); ma := ((sa = ' ') or (sa = '') or (sa = #13#10) or (sa = #13) or (sa = #10)); end; False: begin mb := ((sb = '') or not InIntArray(c, Ord(sb[1]))); ma := ((sa = '') or not InIntArray(c, Ord(sa[1]))); end; end; if not (mb and ma) then begin y := (r - 1); for d := x to (y - 1) do Result[d] := Result[(d + 1)]; SetLength(Result, y); Dec(r); end; end; end; end; end; if (not a and (r > 0)) then SetLength(Result, 1); end else SetLength(Result, 0); end; var h, i: Integer; begin ClearDebug; SetupMethods; h := High(methods); for i := 0 to h do WriteLn('Matching positions of FIND_STR found in TEXT using methods[' + IntToStr(i) + ']: ' + ToStr(Find(TEXT, FIND_STR, methods[i], 1))); end.
..although, it is still not even nearly as good as the SCAR Divi version, but it does work pretty damn well anyways!
-Jani
Last edited by Janilabo; 06-04-2013 at 12:36 PM.
Yeah don't worry buddy! Enjoy the holidays.
Sidenote: I scanned that @Flight's "Monkfishies" script using this unofficial version 1.31, the results are below..
V1.15_B:
V1.5:Code:=========Looking for HTTP threats========= Found attempt to OpenWebpage [Risk level: MEDIUM] =========Looking for Abnormal code ========= The variable "Pin" is used more then once [Risk level: MEDIUM] =========================================== =========Looking for bad code ========= ======================================= ==================Scan Results=================== HTTP threats: 0 Web threats: 1 Fishy code: 1 Bad code: 0 Overall threats: 2 Over Script Risk: High Thank you for using, always visit thread for updates Successfully executed.
Looks like it's not at least picking up any "adult content attempts" anymore..Code:=========Looking for HTTP threats========= Found attempt to OpenWebpage [Risk level: MEDIUM] =========Looking for Abnormal code ========= The variable "Pass" is used more then once [Risk level: MEDIUM] The variable "Pin" is used more then once [Risk level: MEDIUM] =========================================== =========Looking for bad code ========= ======================================= ==================Scan Results=================== HTTP threats: 0 Web threats: 1 Fishy code: 2 Bad code: 0 Overall threats: 3 Over Script Risk: High Thank you for using, always visit thread for updates Successfully executed.
scanned my fighter with Janilabo's unofficial 1.31 and got this
looking nice guysCode:=========Looking for HTTP threats========= =========Looking for Abnormal code ========= The variable "Name" is used more then once [Risk level: MEDIUM] The variable "Pass" is used more then once [Risk level: MEDIUM] =========================================== =========Looking for bad code ========= ======================================= ==================Scan Results=================== HTTP threats: 0 Web threats: 0 Fishy code: 2 Bad code: 0 Overall threats: 2 Over Script Risk: Low Thank you for using, always visit thread for updates Successfully executed.
When I get back ill merge Jan's with my unreleased one at home that has a cleaner form and a couple more options
Current projects:
[ AeroGuardians (GotR minigame), Motherlode Miner, Blast furnace ]
"I won't fall in your gravity. Open your eyes,
you're the Earth and I'm the sky..."
My Outdated ScriptsEdgeville Log Cutter | Edgeville AIO Jewelry | AIO Pickpocketer | Urn Activator | Slayer Tower | Slaying KuradalMy Working Scripts: Tutorials:Function Pointers and Why You Should Care! | Forms and Saving Settings | The Magic Behind Programming Tutorial | Recursive Recursion
EDIT: Damn tag system, UGH! Added attachment to script and its available @pastebin aswell.
@Officer Barbrady
I have been working for comment filtering, I got it working pretty smoothly.
With it we will be able to ignore false positives that are inside comments or strings (things that shouldn't be picked up)
Take a look at it guys.
Run it to see those effects, the results are printed to debug box (str before and after)..
NOTE: Those *13*10's (*=#) in str are new lines - just like scripts have em running "behind the scenes".
-Jani
Last edited by Janilabo; 06-06-2013 at 09:51 AM. Reason: Tweaking - ClipBoard support added (for custom scripts)!
typo: Over Script Risk:Meduim
I'm sure I have made sth like that few years ago with VB6
Check out this unofficial version, that OB will be merging soon together with hes official version, it has typos fixed aswell.
(Script is attached to that post, "v1.31")
As a sidenote, I added in a lot better example for that comment and/or string filtering script. It also supports now custom scripts, via ClipBoard data (this way you can see exactly what it filters out from the scripts)
Alright.
I have got a surprise for you - I planted in the new comment and string filtering options!
These options, by this filtering feature, decreases the amount of false positives greatly.
EDIT2: 1.34...
EDIT: Added in "1.33", removed functions that weren't needed anymore (the new comment filtering feature made em useless)
Attached unofficial script version "1.32" to this post!
I think you might want to merge the new form features (and other things) to this version instead, because 1.31 had buggy comment filtering AND string filtering didn't even exist.
If you are worried about string filtering, you don't need to worry, because it doesn't filter out any variables, constants or types, only the stuff inside the string markers.
..and small example:
Also, I used the original script text for OpenWebPage() scan part - that means, it still catches those sneaky naughty adult content pages!Code:WriteLn('*STUFF INSIDE HERE WILL GET FILTERED*'*STUFF OUTSIDE HERE WONT*);
Other parts are based on filtered script text.
You can obviously disable both of the filters when/if you want.
For example, scans for @EngageTheRage's smexy Fighter v1.4 script:
WITHOUT comment filtering:
..and then WITH comment filtering:Code:============Looking for HTTP threats============= ================================================= ============Looking for Abnormal code============ The variable "Name" is used more then once [Risk level: MEDIUM] The variable "Pass" is used more then once [Risk level: MEDIUM] ================================================= ==============Looking for bad code=============== ================================================= ==================Scan Results=================== HTTP threats: 0 Web threats: 0 Fishy code: 2 Bad code: 0 Overall threats: 2 Over Script Risk: Low Thank you for using, always visit thread for updates =================================================
Scan for Scanner itself below (comment and string filtering enabled)...Code:============Looking for HTTP threats============= ================================================= ============Looking for Abnormal code============ ================================================= ==============Looking for bad code=============== ================================================= ==================Scan Results=================== HTTP threats: 0 Web threats: 0 Fishy code: 0 Bad code: 0 Overall threats: 0 Over Script Risk: None Thank you for using, always visit thread for updates =================================================
Regards,Code:============Looking for HTTP threats============= Found attempt to OpenWebpage [Risk level: MEDIUM] ================================================= ============Looking for Abnormal code============ The variable "Name" is used more then once [Risk level: MEDIUM] ================================================= ==============Looking for bad code=============== Found no randomness in script [Risk level: MEDIUM], potential ban. ================================================= ==================Scan Results=================== HTTP threats: 0 Web threats: 1 Fishy code: 1 Bad code: 1 Overall threats: 3 Over Script Risk: High Thank you for using, always visit thread for updates =================================================
-Jani
Last edited by Janilabo; 06-06-2013 at 04:54 PM. Reason: Added "1.34" fixed typo.
If you want to view the source codes of em online, then here is links to pastebin:
Version 1.31
Version 1.32
Version 1.33
Version 1.34
-Jani
I'm gong to try to add a little debug box and text on the form, but m not sure how to do that just yet
Take a look at this awesome forms tutorial by @Daniel (it's .PDF, so you might be able to read it with your mobile phone/tablet - at least I can read it with my Samsung Galaxy S [Android]): Simba Forms Tutorial
You may want to look at page 29 in it, where it contains information about TMemo's (multi-line textbox)!
..although, I recommend you'll read it fully through, at least if you are interested of GUI development now and in the future.
It's very nice source of information for GUI stuff.
I know you can't do any scripting for a few days, but sometimes even reading these things can help a lot - at least you'll learn some new tricks AND you might get some great ideas for what to do when you get back home.
P.S. When you get back home, you could try out this great utility by @CynicRus: Form Designer for Simba (this will be built-in to Simba v1.0!)
You may find it helpful aswell.
You should be able to read PDF's with iPad.
Google search for "iPad + PDF" came up with...
Adobe Reader for mobile [iPhone/iPad & Android] (FREE): http://www.adobe.com/products/reader-mobile.html
Yea it worked
I was looking at the ttimer part, and people told me I couldn't do this, but it looks like I could use a ttimer to execute a procedure every 1000 ms if I wanted it too, couldn't this be used as bootleg muiltithreading( I know it could be done with scar) for stuff like progress reports?
Here you go, @Officer Barbrady!
EDIT: Attached unofficial version 1.36, removed Find() from the script, because it's just like FindEx() without "regex: Boolean" variable part. So, those Find() parts are now based on FindEx() instead. This change doesn't have any effect on the way script works, just cuts out some unneeded lines.
Unofficial version 1.35 is now attached to this post. Script source code online: @pastebin
Changelog:
Scan for the script itself now:Code:-Small logical fix for Find() -Added in FindEx() for smarter (regex-based) string counting -Once again, decreased the amount of false positives with several smart tweaks! Mostly with FindEx()
I'd say false positives are getting really close to minimal now.Code:=================Filtered Script================= *SNIP* ================================================= ============Looking for HTTP threats============= Found attempt to OpenWebpage [Risk level: MEDIUM] ================================================= ============Looking for Abnormal code============ ================================================= ==============Looking for bad code=============== Found no randomness in script [Risk level: MEDIUM], potential ban. ================================================= ==================Scan Results=================== HTTP threats: 0 Web threats: 1 Fishy code: 0 Bad code: 1 Overall threats: 2 Over Script Risk: High Thank you for using, always visit thread for updates =================================================
Last edited by Janilabo; 06-08-2013 at 03:33 PM.
Very nice, do you mind posting it here in Simba tags? When I view the attachment it overlaps :s
I might be able to merge it Sunday night
Wow, this has seriously progressed in a matter of a few days. Got to say, nice job guys. This should definitely be brought to the attention of the guys who look at no section other than scripts.
<3
Originally Posted by Eminem
Source code @pastebin: http://pastebin.com/raw.php?i=mcdPXv9A
EDIT: Attached unofficial version 1.36, removed Find() from the script, because it's just like FindEx() without "regex: Boolean" variable part. So, those Find() parts are now based on FindEx() instead. This change doesn't have any effect on the way script works, just cuts out some unneeded lines.
..and source for v1.36: http://pastebin.com/raw.php?i=81b5UDJN
By the way! With FindEx()-based counting I got this script to detect some sneaky password stealing attempts, good example below (something that none of the older versions could catch):
The stealing script example:
Scan results for that little example script:Code:// {sc} = SNEAKY COMMENT! // (*sc*) = SNEAKY COMMENT! type // This is here for only this example. TPlayer = record Name, Pass, Nick: string; end; var Players: array[0..0] of TPlayer; un, pw: string; procedure DeclarePlayers; begin Players[0].Name := 'StealMyGeepeesPlease!'; Players[0].Pass := 'MySimplePassword1234'; Players[0].Nick := 'eepees'; end; begin ClearDebug; DeclarePlayers; un := PLAYERS {sc} [ (*sc*) 0 {sc} ] (*sc*) .NAME {sc}; // It will catch this attempt. pw := PlAyErs (*sc*) [ {sc} 0 {sc} ] {sc} . (*sc*) PaSs (*sc*); // It will catch this attempt. WriteLn('USERNAME: "' + un + '"'); WriteLn('PASSWORD: "' + pw + '"'); end.
Also, notice that the scan doesn't look for only NAME/PASS/PIN anymore, it actually requires that there are those "Players[*]." (*=ID) things attached to em. That means, it wont pick up simple "Pass", "Name" or "Pin" words from script, ONLY if those words are attached to players variable[s] aswell.Code:=================Filtered Script================= @@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@ type @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ TPlayer = record Name, Pass, Nick: string; end; var Players: array[0..0] of TPlayer; un, pw: string; procedure DeclarePlayers; begin Players[0].Name := %%%%%%%%%%%%%%%%%%%%%%%; Players[0].Pass := %%%%%%%%%%%%%%%%%%%%%%; Players[0].Nick := %%%%%%%%; end; begin ClearDebug; DeclarePlayers; un := PLAYERS @@@@ [ @@@@@@ 0 @@@@ ] @@@@@@ .NAME @@@@; @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ pw := PlAyErs @@@@@@ [ @@@@ 0 @@@@ ] @@@@ . @@@@@@ PaSs @@@@@@; @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WriteLn(%%%%%%%%%%%%% + un + %%%); WriteLn(%%%%%%%%%%%%% + pw + %%%); end. ================================================= ============Looking for HTTP threats============= ================================================= ============Looking for Abnormal code============ The variable "Name" is used more then once [Risk level: MEDIUM] The variable "Pass" is used more then once [Risk level: MEDIUM] ================================================= ==============Looking for bad code=============== Found no randomness in script [Risk level: MEDIUM], potential ban. ================================================= ==================Scan Results=================== HTTP threats: 0 Web threats: 0 Fishy code: 2 Bad code: 1 Overall threats: 3 Over Script Risk: Medium Thank you for using, always visit thread for updates =================================================
It also ignores the comments and spaces, as you can see with the example I added there, so you really cant fool or cheat it with any sneaky attempts like that!
I tweaked those HTTP threat scans with similar ways, too.
Last edited by Janilabo; 06-08-2013 at 03:59 PM. Reason: Added in correct script report
There are currently 1 users browsing this thread. (0 members and 1 guests)