I know some or most of you will frown upon it but it just gets me thinking if there is actually a hidden workaround to autorun a program even if the USB's autorun is disabled? If I want to make a utility to give some sort of protection to the USB then I need to be able to run it all the time. I am aware of the rules and my purpose is not on the negative. :)

Ps. You could just pm me if you don't want to make it public. ;)

I know some or most of you will frown upon it but it just gets me thinking if there is actually a hidden workaround to autorun a program even if the USB's autorun is disabled? If I want to make a utility to give some sort of protection to the USB then I need to be able to run it all the time. I am aware of the rules and my purpose is not on the negative. :)

Ps. You could just pm me if you don't want to make it public. ;)

NOT by something that just lives on the USB. You could always install a custom service on authorized machines that do exactly what your want.

I would have wanted it to be portable, that is can just be stored in a target USB and provide some sort of security to the USB where it is stored. As there is an event that is fired when a USB is inserted so that made me think that there is actually a hidden workaround on such.

I would have wanted it to be portable, that is can just be stored in a target USB and provide some sort of security to the USB where it is stored. As there is an event that is fired when a USB is inserted so that made me think that there is actually a hidden workaround on such.


There is no event on the computer that automatically does anything on insertion or removal of a usb drive in terms of executing code other than auto-run (if enabled).

Therefore something at some point must be installed onto the computer.

Can't check but the first time we insert a new usb to a computer then its drivers are automatically installed, I am not sure if that is the same even if auto-run is disabled. Perhaps something along that line could be a 'loophole' that I could dig further?

Can't check but the first time we insert a new usb to a computer then its drivers are automatically installed, I am not sure if that is the same even if auto-run is disabled. Perhaps something along that line could be a 'loophole' that I could dig further?

STOP AND THINK!!!!

In order to change the behaviour of the computer, you must have software installed on the computer.

Lets even assume there was a "hook" that you could attach to on device installation [there is not one]....

WHERE is the code that implements your hook going to come from????

SOMETHING would have to be done on the computer (at some point in the past) to install the hook code (again assuming that the hook even existed).

Ok, just exploring all the possibilities.

We lock down AUTORUN almost everywhere. It's not feasible to want to browse a dvd, and have windows search thousands of files.

There is no event on the computer that automatically does anything on insertion or removal of a usb drive in terms of executing code other than auto-run (if enabled).

Therefore something at some point must be installed onto the computer.

Sorry, I disagree. :)
You can override WndProc and catch the DBT_DEVICEARRIVAL and DBT_DEVICEREMOVECOMPLETE messages. From there on you can use the RegisterDeviceNotification and the UnregisterDeviceNotification APIs accordingly.

dee - u, have a look at this article, perhaps it helps a little ( it isin VB 6 ) :
http://www.codeguru.com/vb/gen/vb_system/win32/article.php/c14935__1/

I hope my post was useful :)

Sorry, I disagree. :)
You can override WndProc and catch the DBT_DEVICEARRIVAL and DBT_DEVICEREMOVECOMPLETE messages. From there on you can use the RegisterDeviceNotification and the UnregisterDeviceNotification APIs accordingly.

And exactly HOW are you going to....

A) override ANYTHING on my compter, without ever having run any code on my computer?

B) leave a set of handlers on my computer, without ever having installed anything onto my disk or into memory?

If you can product a USB disk-stick, that will do anything special on my machine (a complete fresh install of the OS with autorun-disabled, and without executing anything from the diskstick or any other source, then you have found a MAJOR loophole in Windows Security.

Have you looked at the attachment, in the article's link

Have you looked at the attachment, in the article's link

Yes, I did. (In fact I have used it as a reference for some API calls in my own programs).

It does not change the fact that you would have to RUN that program in order to have that functionallity.

This seems to be the point that you are missing, and I am not sure how to explain it any more carefully.

1) I setup a computer. Fresh OS install, then disable autorun. NO ADDITIONAL SOFTWARE or Activities may be performed.

2) You bring over a disk stick and insert it into the USB slot.

3) You are not allowed to open or otherwise access the disk stick manually.

In this scenario, it is impossible for the program in your (excellent) article [nor any program like it] to be resident on my machine (I did not install it, and you are not allowed to).

If you honestly believe that you can put content on a USB drive, and send it to me. I will take a brand new machine out of the box, hard disable all auto-run functionallity, and insert your disk stick. If my computer then performs any action based on the content on the drive you shipped me, I will pay you $500.

Ah, I see now what you mean :)

I know I have perhaps hijacked dee - u's thread here ( and I apologise for that ), I'd be interested in knowing whether this would work in this situation. If it does, I think we all ( which have contributed to this thread ) has played an important role in finding out some weaknesses. :lol:

Sadly though, for me to send something over to the US will cost quite a lot, and this time of year, I don't have funds LOL!
What if I just sent you an exe and autorun.inf file ¿

Remember, AutoPlay is a bit diiferent than Autorun ( for CDs / DVDs etc. )

Another thing to consider is the use of HTA Applications ( HTML Applications ) - this doesn't need any thing special in order to run. You can Autorun an HTA, and from there on, do anything - remember it is HTML, most virusus are scripts, and this HTA can obviously interpret and execute scripts.... So what we are doing here, may end up malicious LOL! And I don't want to get banned at this stage... :p

I know some of the content in this link may be a bit borderline, but I think in the context of this thread and our current discussion it fits. If I have to remove the link, I will - here is the link :

http://www.schneier.com/blog/archives/2006/06/hacking_compute.html