Programming, reverse engineering and anything else as well …
Have a look at RunEl and don’t miss out when Chris presents the implementation of his newest idea. An UAC implementation which works on XP and Vista but is more user-friendly.
// Oliver
PS: I understand it’s still April, but as far as I can tell this is not a joke 
… so this weekend I took the time to reinstall my Vista (wanted to do that anyway after I hadn’t maintained my series of backups to revert to for that machine and I am switching from 32bit to 64bit ;)). Okay, so I am sitting here … waiting for it to finish. Meanwhile I thought to myself: alright, since you know it can’t be slipstreamed, let’s search for a tool that would be able to slim down Vista. So I used a search with varying terms and - no matter what I entered - always ended up with vLite. No worries, I like the tool. I find it somewhat ingenious, although those guys, as well as the guys from nLite seemingly didn’t ever try the same with an NT4 or Windows 2000 (such as I did years ago in order to automate it in part - and txtsetup was partially broken in Windows 2000). But sorry, what’s the point? Has anyone ever considered slimming down a Vista after it was installed? Since SP1 only allows what was labelled as “reverse integration” by those who documented the method, and there is no way to actually install SP1 on a Vista whose install DVD has been slimmed down by vLite previously, we’re in a catch 22 situation. Right? So this won’t work with SP1 at least unless you want to go through the tedious process of “reverse integration”.
Meanwhile it’s installed, but apart from a few tips like deactivating certain services (which I would have done anyway), nothing substantial has transpired so far. 
// Oliver
… didn’t feel much of a seamless upgrade this time with the blog software. Well, it needs some fixing here and there, I guess. Especially the CSS is freaking me out.
// Oliver
I never had any problem with Visual Assist X (VA) until recently. Oh, you don’t know what VA is? Check it out! This is probably the biggest improvement for any programmer using Visual Studio. I use it in Visual Studio 2003 through 2008 and I have also told some friends and colleagues about it. Most of them have been convinced and have this feeling of “this is like stoneage” or “this system feels naked” whenever they encounter a system without VA. And if you’re unsure, fetch the trial from their page and install it …
Oh yeah, back at the topic. Never had a problem until this week. My company had purchased yet another license for VA and suddenly it hung when I tried to install (doesn’t matter whether it had been registered before). The affected system is a Windows 2003 Server R2 (Standard) with all latest patches and service packs. Apart from that it has AQTime 5.4 and Visual Studio 2003 and 2005 installed. Now, I looked a bit what could be the reason for the hanging installation, but couldn’t come up with a solution. However, when contacting the VA support, I was pointed to this FAQ entry.
Continue reading ‘Problems to install Visual Assist X?’
On 2008-01-11 AutomatedQA sent out the notification about AQTime 5.4 being available. Today I had the chance to test my private license on my own machine and it appears that it integrates just as nicely into Visual Studio 2008 as it did into 2003 and 2005. Sidenote: I am using it only with Visual Studio and BDS, so please check their website in order to find out more.
// Oliver
I had just bought the WD MyBook World Edition a while ago, since I needed some kind of storage solution that wouldn’t occupy yet another USB/firewire port and could be accessed from different machines at the same time. As such, the MyBook World Edition appeared to be an inexpensive NAS solution for my case and since I already owned a MyBook, the decision wasn’t too hard either.
Of course I wouldn’t want to use those strange MioNet components, be it on the NAS itself or on the client side and since I knew it was based on Linux, I used Google to get informed. Now, I made a mistake there. I followed the (slightly incomplete) recipe on this page just to find out that it was inconvenient to start SSH “manually” over and over again after a reboot of the MyBook. Now, there is another page which offers about the same as the first one, but in a variation. Slight problem, the first script (which I ran) contains the somewhat inconvenient line:
/usr/bin/passwd -d root
which sets the root password to be empty.
Continue reading ‘WD MyBook World Edition’
I’ve upgraded to IDA Pro Advanced 5.2 recently and I really really like it. Good job as always, Ilfak!
// Oliver
… and no more excuses from those pirating IDA. Datarescue made a freeware version 4.9 of IDA available for download. In the scope of IDA Palace, I have mirrored the files on two more servers. One of the servers is likely going to disappear in the long run, but I’ll make sure the links will work regardless.
Feel free to link.
// Oliver
If one gets the message that the number of connections to a W2K3 server has been exceeded when trying to connect via RDP, there are several options. The most elegant is IMO this one:
%windir%\\system32\\mstsc.exe /v:machinename /f /console… which will connect to the console
// Oliver
Please check out the link named MSKLC in the navigation in the header, if you’re interested in some customized keyboard layouts to use out of the box.
// Oliver
I just built and released DFHL 1.2a. This version has some minor improvements over the 1.2 version. One is, that the version number shown by the program got finally fixed. Another one is, that it links to the version 6 of msvcrt.dll which has become a well-known DLL in recent systems (i.e. Windows 2000 and later).
Three other functional changes are: 1.) if the program encounters a problem hardlinking two files it won’t stop at all, instead it will show the error and which files were affected. 2.) if you specify /m for small files, zero-size files won’t get hardlinked!!! and 3.) MoveFileEx is now being used instead of CreateHardLink.
Furthermore the project is now of Visual Studio 2005 format, wrapping a DDKBUILD project.
Please also note, that Jens has released version 2.0 of DFHL some time ago. I haven’t had the time to test it thoroughly.
Download with source: here.
// Oliver
Scientists have shown that the attack method devised against MD5 in 2004 is usable and can even trick code-signing tools into “believing” that the binary is the same.
We announce two different Win32 executable files with different functionality but identical MD5 hash values. This shows that trust in MD5 as a tool for verifying software integrity, and as a hash function used in code signing, has become questionable.
(Quote from the linked page)
What are the implications? Well, the worst and foremost is, that an attacker can put malicious code under the disguise of a valid and trusted signature. As an example: an elaborate attack could use a driver signed by Microsoft, and his own rootkit to create a content that is indistinguishable by MD5 hash. Thus allowing the attacker to trick the victim into believing that the code was signed by Microsoft - which is ultimately trusted on most Windows systems by default.
// Oliver
I am pleased to announce that version 1.2.0 of DDKWizard has just been released. You can download it as usual from here:
- Direct download
- Project website
So, what’s new in this version? Not much and more than ever, would be an appropriate answer. This version technically doesn’t have many new features, in fact the most prominent is the only one worth mentioning: support for Visual Studio 2008.
However, there is one huge change. As you may recall, the previous versions of DDKWizard, except for the project templates, have been released under the GPL version 2. From now on, the new version is being released under the zlib/libpng license, which is a lot more liberal. The GPL states, that I have to keep the sources available for five years after publishing. If someone really needs the old stuff, I can still offer it - however, it is perfectly okay for any GPL-project to incorporate a zlib/libpng-licensed product, this just doesn’t work the other way around. So I suggest that anyone, including those who want to use it under GPL, use the newer version.
// Oliver
PS: This should also put an end to worries that the GPL’d version of DDKWizard could pose a legal threat to companies using the wizard! Spread the word …!
… und die F-PROT 4 Engine holt auf und auf. Ein Glück auch, daß wir es noch geschafft haben ein Produkt zu veröffentlichen, welches statt 4.3er-Serie, die 4.4er-Serie unserer Engine benutzt. Enthalten u.a. eine neue Heuristikengine mit dem (durchaus ernstzunehmenden) Namen “Eldorado”, welche zum größten Teil das “Brainchild” von Friðrik, dem Gründer der Firma und meinem direkten Vorgesetzten, ist - aber auch der Anteil der anderen Engine-Entwickler, insbesondere der von Mario, soll hier nicht verschwiegen werden. Gute Arbeit!
Inzwischen haben wir Zuwachs in Virenlabor - Schrägstrich - Engine-Abteilung bekommen - eine vielversprechende junge Dame aus Dänemark, welche großes Potential zeigt, von dem wir uns natürlich auch einiges erhoffen. Ich sage nur: “Stichwort Kryptographie”! 
Auch in Sachen Windowsprodukte tut sich wieder was; wir haben gestern (am Freitag) eine öffentliche Beta für die 64bit-Version unseres Windowsprodukts gestartet.
// Oliver
… I should definitely create a category “tools of my trade”
Oh, and a hint for everyone who is still greping through the bash history to find the command he used … well, way back. Try Ctrl+R
Yeah, hit Ctrl+R when on the console and enter the first few characters of the command line you search in the history. Now let’s say you had multiple entries to cp a file somewhere, then simply use Ctrl+R again to “go back” within the search matches.
BTW: If you ever mistakenly entered a sensitive password on the command line, use export HISTSIZE=0, log out and log back in, the history will be gone. Of course this erases the whole bash history, so better don’t enter the password on the command line in the first place 
Oh, and another one. Are you still logging off just to apply the settings of a changed .bashrc or .bash_aliases? Forget about it, use . ~/.bashrc or (which is the same) source ~/.bashrc, to apply the variables to your currently running shell session. I expect my readers to be intelligent enough to vary the scheme and apply it to .bash_aliases and, well, other files
// Oliver
Yes, indeed bash has become my favorite shell. Not only is it so versatile, but some of those advanced features make it best-suited for almost any task you’ll ever face on a console. And if it is not enough for a particular task, a simple perl -e or a few of those typical POSIX utilities such as find, awk, tr, cut, cat, grep, tar, bzip2, gzip and so on in a row piping output from one to the other will do wonders.
Besides, with the subshells that you can create on demand using backticks or, for example $(commands) are wonderful when used in conjunction with SSH to pipe input from/to a remote SSH session. Yes, scrap SCP and SFTP, SSH can do without them. In fact I built a little (bash) script at FRISK, which can be used to deploy certain files to all target systems and then even execute commands there. SSH-authentication via private/public key can be so useful if you have a distributed build-system
Anyway, recently I already showed what nice things you can do with Bash, by “hooking” a script that you wouldn’t otherwise want to modify. Now it’s time to reveal how my .bashrc looks. Note, that I use the same .bashrc for my own account and for the super user, so some code is simply never called when running as a normal user. I hope this will help others to create their own customized version of .bashrc …
Download my .bashrc here
// Oliver