Windows

Letzens habe ich ein Notebook in die Hand gedrueckt bekommen, bei welchem das "Internet nicht funktioniert" hat. Bei dem "Internet" handelte es sich um einen UMTS HSDPA (High Speed Downlink Packet Access) Zugang, welcher ueber ein Vodafone Mobile Connect USB Modem hergestellt wird. Der Benutzer hatte das Paket zuvor schon nach Anleitung mehrmals in- und deinstalliert gehabt und zu meiner Ueberraschung war dies wirklich der Fall. Die Hardware wurde erkannt und man konnte sich ohne weiteres einwaehlen, allerdings war es nicht moeglich per Browser Webseiten aufzurufen. Mein erster Gedanke war daraufhin, dass es ein Problem mit der DNS-Aufloesung gab, weshalb ich erstmal diverse Kommandos wie `ping', `nslookup' ausgefuehrt habe.

Da ich seit mehr als zwei Jahren fast ausschliesslich mit meinem Notebook arbeite, dessen Festplattenkapazitaet (60 GB Platte) aber relativ beschraenkt ist, und ich nicht zuletzt die Notebook-Platte etwas schonen moechte, da sie in den vergangenen zwei Jahre einiges mitgemacht hat, habe ich mich dazu entschlossen mir einen neuen externen Speicher zu besorgen.

Ich habe mich letztendlich fuer eine 400GB USB2-Platte von ChiliGREEN entschieden, da ich bereits gute Erfahrungen mit den ChiliGREEN Platten gemacht habe und ich mir dem Kosten-/Leistungsverhaeltnis sehr zufrieden bin. ChiliGREEN bietet auch Platten an, welche sowohl einen USB2- als auch einen LAN-Anschluss bieten (eine einfaches NAS also), was mich zuerst auch gereizt hat, allerdings habe ich mich dann doch zu einer reinen USB2-Loesung gegriffen, weil die NAS-Loesung bei gleicher Kapazitaet logischerweise teuer ist - mir die Kapazitaet aber wichtig war - und ich vor hatte die Platte mit Hilfe von Truecrypt zu verschluesseln.

Read this article and you know it. (o:

Peter Gutmann wrote a nice paper called "A Cost Analysis of Windows Vista Content Protection" in which he describes the Windows Vista's built-in content protection mechanisms and the considerable costs which are caused by these protections.

I'm going to quote several interesting sentences of his paper:

Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server)

I reported almost all of these DoS vulnerabilities more than a year ago to Microsoft but they are still not fixed..

Note that the offsets where the browser crashes has changed because of the installed security updates.

The topic of this blog post is already more than one and a half year old - have a look at the thread posted at BuHa forums (sry, German only). In fact it's pretty possible that this issue is much more longer known but regrettably I could not find any information regarding this topic.

If a user with unsufficient privileges (e.g. users in users or power users group) tries to terminate a privileged process using the Windows task manager `taskmgr.exe' (or another arbitrary task manager like Sysinternals's process explorer) the manager will display an access denied message and nothing will happen. Alright, but how the system reacts if we try to kill it's system process with a privileged user account? Please note that I'm talking about the real system process with PID 4 (at least if we use Windows XP). We would suppose that the task manager displays a message which informs the user that it's not possible to terminate this process like it does it for `winlogon.exe', `lsass.exe', `csrss.exe' and so on but it does not.

Yesterday I could not fall asleep immediately so I decided to test some applications which are by default included in Windows. I had a look at the Windows games (Freecell, Hearts, Minesweeper, Pinball and so on) and during fooling around a feature namely saving game scores of Spider Solitaire sparked my interest in having a deeper look at it.
You can not choose the file where to save the highscore in and you overwrite the stored highscore everytime you save another game so I started Filemon and found the file `spider.sav' which is located at "%USERPROFILE%\Own Files".

Lately I had an idea to simply detect loaded kernel drivers which hide their presence after their execution. I'm sure this method is already known/used but because I never read of it I decided to write it down.

You have to reboot your box and start the system with enabled boot logging - hit F8 before Windoze boot screen and select the entry "Enable Boot Logging". Another possibilty to boot with enabled logging is to hand the /BOOTLOG option to the Windoze kernel as a parameter by editing the `boot.ini' file.

The Windoze 03 Server SP1 DDK (Driver Development Kit) provides a driver development environment for Windoze 03 Server, Windoze XP, and Windoze 2k. The DDK contains additional header files, sample code, documentation, libraries and
development tools like debuggers.

The DDK is currently free - you only have to pay the shipping costs for the DDK suite - but it is not offered as a download on the M$ site. So, how to get a copy of the latest Windoze DDK? It's simple. The DKK is included in the Kernel-Mode Driver Framework (KMDF) and after the download of the ISO file (~ 270 MB) you are able to install or extract the DDK.

The KMDF provides multiple features required for kernel-mode drivers and their development:

• Plug and Play and power management
• I/O queues
• Direct memory access (DMA)
• Windows management instrumentation (WMI)
• Synchronization

np: Papa Roach - Done With You