Tag Archives: Windows

Windows Search Hang

I recently found my Windows Search functionality just stopped dead in its tracks. I’m still investigating the exact cause of this (haven’t ruled out malware just yet) but it would appear this is a problem with the Windows Search registry entries.

Symptoms:
Opening Windows Search, clicking “Search now” and the explorer process hangs / freezes.

Fix: (queue eyebrow-raising solution)
If you download ProcMon and filter for explorer.exe, you’ll see it is trying to open the same file again and again. For me, this was a zip file containing icons for a web project I’m working on.

To make the search feature work again, rename the file it is getting stuck on and restart explorer. You should find everything is operational.

If anything is unclear and you think this problem might be affecting you, leave a comment and I’ll have a look.

Beware XAMPP meddling with your Environment Variables!

I decided to grab a copy of the official release of PHP 5.3.0 for XAMPP and try it out (replacing my hacked version in an effort to resolve some database compatibility issues).

Unfortunately, this proved to be a BIG MISTAKE!

Moments after installing the software, all my new shell windows reported that mkdir, doskey, ipconfig and even HELP are ‘unrecognized’ – so began my hour-long search for a resolution to the amnesia that had suddenly afflicted the command-line.

The problem turned out to be two-fold:

  1. It would seem the installation script (setup_xampp.bat) or shell script (xampp_shell.bat) had a misunderstanding with some of my custom command-line settings. In fact, it decided my PATH environment variable wasn’t up to scratch… so it erased it! This meant that the command-line had no idea where to look for system apps. and as result shut-down a large portion of my system utilities.
  2. In addition to the above, the script added to my default shell script (HKEY_USERS…SoftwareMicrosoftCommand ProcessorAutoRun) a small ‘set PATH=’ command that each time it was run added the XAMPP directory to PATH and then deformed it with an increasingly long string of semi-colons.

Needless to say, I’m somewhat annoyed that there is no visible warning during installation that it could potentially FUBAR your environment variables. I hope this provides some insight for people who might be experiencing a similar problem.

Installing PHP 5.3.0rc2 for XAMPP (Windows)

Having been unable to find a definitive guide to upgrading the XAMPP PHP version to PHP 5.3.0rc2, I decided to improvise on a guide for installing the PHP 5.3 alpha.

My guide will describe how to upgrade the current XAMPP PHP version to the second release candidate of version 5.3. It is expected that this method will also work for the third release candidate when it is released later this month.
Continue reading Installing PHP 5.3.0rc2 for XAMPP (Windows)

Dissertation time! (fun with LaTeX)

UPDATE: Improved the batch file significantly. Enjoy!

I’m moving into exam / dissertation territory now. My updates probably won’t be too frequent until they’re finished in May. Recently I’ve started using LaTeX (or to be more exact, MiKTeX, since I’m a Windows user) and have found it to be most useful as a complete replacement for writing scientific reports using Word.

To simplify the process of compiling a pdf using the MiKTeX package, I’ve written a small batch file that links together all the preparatory processes with ps2pdf. Just download it and then drag and drop the .tex file onto it to get started!

Download make.bat here.

(NOTE – I haven’t tested it extensively, so it may not work as expected – make backups!)

//-plasm!d-//

Partial RAR extraction using WinRAR

WinRAR allows users to split file archives into smaller pieces (a feature present in most major archiving software these days). It is sometimes the case that one or more of these pieces are missing, and as such the archive cannot be completely reassembled. This tutorial shows how to partially recover files from a RAR that does not have all pieces present.
Continue reading Partial RAR extraction using WinRAR

‘Hiding’ information using ADS

Introduction

This tutorial will explore the potential for using ‘Alternate Data Streams’ (ADS) to store information on an NTFS partition. All of the steps detailed below can be accomplished directly from within Windows.

Theory

Files act as pointers to physical data on a storage medium; they are a convenience, a way of managing information on a computer as discrete units. It should be this fantastically simple – one pointer for one file – but it seems Microsoft had other ideas…
Macintosh computers use a different file system to Windows computers. It was decided that NTFS should be able to emulate some aspects of the Mac file system to improve file compatibility. As a result, it is possible to ‘attach’ data to a file in a way that is not visible to users (oh dear!).

Getting your hands dirty

  1. Load up a command-prompt Window (Start->Run->’cmd’).
  2. Create a file to run this demonstration on. In the console type: echo Hello, World! > test.txt.
    (The file ‘test.txt’ now contains 16 bytes of information. This is the default data stream)
  3. In the console, enter type test.txt to show the information in ‘test.txt’.
  4. Let’s hide some data! In the console type echo I am hidden! > test.txt:hidden.txt. Notice the colon (:) – this is very important!
  5. If you repeat step 3, you should only see ‘Hello, World!’ printed to the console. Check the properties of the file using Windows Explorer and you’ll arrive at the same conclusion, the file still contains only 16 bytes. You could even enter in type test.txt:hidden.txt to try and see the text in ‘hidden.txt’, but it will return an error. Where is the hell has the information you just entered gone?
  6. To reveal the contents of ‘hidden.txt’, type more < test.txt:hidden.txt in the console, et voila – the magically disappearing information has made a miraculous reappearance!
  7. The file ‘hidden.txt’ is now linked with ‘test.txt’. You could say that ‘test.txt’ is acting as a pointer to two data streams. Furthermore, if you copy ‘test.txt’ to another folder – ‘hidden.txt’ is copied with it!

Conclusion

The above is a basic demonstration of how ADS can be used to store hidden information. The article at governmentsecurity.org goes on to explore how an executable could be hidden within a file too. I’ve written a small batch file that attaches a user-defined message to itself (using ADS) and presents it using notepad. To remove the hidden file, you can either try the method suggested at gov.sec. or just delete the batch file itself!

Download files

ads_demo.rar – extract and run.

Write console text to a file (Windows cmd.exe)

Writing directly from the Windows command line to a file might not be something you need to do very often. The famous black and white console is better suited to serving system commands and file operations than being a stand-in for notepad. However, it is sometimes useful to have the option of writing multiple lines of text to a file directly from the trusty prompt.

Method One

This is suitable for creating/overwriting a file with multiple lines of text.

copy con SOME_FILE.txt
Type your text here
You can even have multiple lines!

When finished, press CTRL+Z to confirm your action (or CTRL+C to cancel) and ENTER.

If you want to append some text instead of overwriting it completely, follow as above but using:

copy SOME_FILE.txt + con

Method Two

Open up the command prompt and type:

echo SOME TEXT > SOME_FILE.txt

This method creates/overwrites SOME_FILE.txt with the text you entered before the >. It is only suitable for entering a single line of text into a file.

As with method one, it possible to append text using >> instead of > in the command.

Spoof your network adapter MAC address under Windows

Overriding (or spoofing) your NIC / network adapter MAC address can be immensely useful for a number of reasons when using your PC on a large network. In essence you’re creating a new identity for your box and any limitations associated with your previous MAC will no longer affect you! This tutorial will introduce some of the currently existing programs that can automate MAC address spoofing for you, as well as the necessary registry modifications to perform the task manually.

I came across MadMACs some time ago and it has become an invaluable part of my portable network security. Recently I’ve been looking to see what else is out there and found Mac MakeUp which provides a number of advanced features (integration with Wireshark, IP networking options, etc.) and has a straightforward graphical interface.

Both programs have been tested thoroughly and work a treat, but if you feel the only way to do a job properly is to do it yourself, then here is the step by step to DIY MAC spoofage:

  1. Click Start->Run and enter ‘regedt32’ (no ‘ marks) to start up the registry editor.
  2. Find the key:
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl
    Class{4D36E972-E325-11CE-BFC1-08002bE10318}

    and you should have a list of 4 digit subkeys (0000, 0001, 0002 etc.)
  3. Leaving the registry editor window open, go to Start->Run and enter ‘cmd /k net config rdr’ (no ‘ marks).
  4. The console should list your PC and network details. Right click the start of the text next to NetBT_tcpip (the bit that looks like: {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}) and right click->select ‘Mark’. Drag over the whole text (as shown in the brackets previously) and then press CTRL+C to copy to the clipboard.
  5. Go back to the registry editor and click on the first subkey (i.e. 0000).
  6. Click menu Edit->Find (or press CTRL+F). Paste in the text from the console and click ‘Find next’.
  7. It should return a result very quickly (if not – you’ve done something wrong!).
  8. Right click anywhere on the right hand side pane apart from on one of the listed items and choose ‘New->String’. Give the value the name ‘NetworkAddress’ (case sensitive, no ‘ marks) then simply double click it and enter a new MAC address!
  9. Reboot your machine and enjoy!

For more information, check this Wikipedia article on MAC addresses.

Fixing printer lockups under Windows

If you’re like me and depend upon being able to print documents on the go, Windows can sometimes be very unaccommodating! One of my main problems is printer service lockup if I lose my connection to the printer (accidentally unplugging the USB cable for
example). When this happens, no matter how many times I try to cancel the frozen print job it just won’t go away – preventing any more documents from being printed out! Fortunately… I have a rapid solution at hand.
Three easy steps:

  1. Ctrl + Alt + Del, bring up task manager.
    printer_fix_1.jpg
  2. Select ‘spoolsv.exe’ from the processes list and click End Process.
    printer_fix_2.jpg
  3. Use either File->Run in task manager (or Start->Run from the taskbar) and enter ‘spoolsv.exe’.
    printer_fix_3.jpg

This is a dirty (but effective) way of forcing the print spool server to reboot. You should see the document queue clear within a minute or so and then you will be able to send new documents to your printer.