Archive for the “Windows” Category

Get ready for the fanfare. Today is the launch date for Windows 7. after all of the hype and all of the disappointment of Windows Vista I ma sure the great marketing machine of Microsoft is eagerly awaiting this morning and a chance to tour a great new Operating System.

Even though Vista is not the most installed Operating System in the world, that would still be Windows XP, today everyone will still be comparing Windows Vista with Windows 7.

As many people know I am still running Windows XP and although I really want to test out Windows 7 the problem that I have is that none of my four computers are good enough for the minimum specs for Windows 7.

Windows 7 wants at least 2 gigs of ram and more realistically six or eight gigs to run well while I seem to be limping along on 500 megs and 1 gig on all of my home machines and my work laptop. And I have to admit that they seem to run great on Windows XP anyway. Read the rest of this entry »

Do you ever find that you are in a Word Document, Outlook email or other app and the text is just too small or even occasionally too big? I never really though of a fix for this but just found one. One of the guys in the office showed me a keyboard shortcut that allows you to resize text anywhere.

I don’t know how I did not know this before but there is an easy way in Windows XP to resize the text – hold down the Ctrl key and use the scroller on the mouse.

Cool? I can’t beleive how useful this is and makes using Windows a lot better

1. Click on “Start” in the bottom left hand corner of screen
2. Click on “Run”
3. Type in “command” and hit ok

You should now be at an MSDOS prompt screen.

4. Type “ipconfig /release” just like that, and hit “enter”
5. Type “exit” and leave the prompt
6. Right-click on “Network Places” or “My Network Places” on your desktop.
7. Click on “properties”

You should now be on a screen with something titled “Local Area Connection”, or something close to that, and, if you have a network hooked up, all of your other networks.

8. Right click on “Local Area Connection” and click “properties”
9. Double-click on the “Internet Protocol (TCP/IP)” from the list under the “General” tab
10. Click on “Use the following IP address” under the “General” tab
11. Create an IP address (It doesn’t matter what it is. I just type 1 and 2 until i fill the area up).
12. Press “Tab” and it should automatically fill in the “Subnet Mask” section with default numbers.
13. Hit the “Ok” button here
14. Hit the “Ok” button again

You should now be back to the “Local Area Connection” screen.

15. Right-click back on “Local Area Connection” and go to properties again.
16. Go back to the “TCP/IP” settings
17. This time, select “Obtain an IP address automatically”
tongue.gif 18. Hit “Ok”
19. Hit “Ok” again
20. You now have a new IP address

With a little practice, you can easily get this process down to 15 seconds.

P.S:
This only changes your dynamic IP address, not your ISP/IP address. If you plan on hacking a website with this trick be extremely careful, because if they try a little, they can trace it back

As the size of hardrives increase, more people are using partitions to seperate and store groups of files.

XP uses the C:Program Files directory as the default base directory into which new programs are installed. However, you can change the default installation drive and/ or directory by using a Registry hack.

Run the Registry Editor (regedit)and go to

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion

Look for the value named ProgramFilesDir. by default,this value will be C:Program Files. Edit the value to any valid drive or folder and XP will use that new location as the default installation directory for new programs.

In order to make the changes, the file explorer.exe located at C:Windows needs to be edited. Since explorer.exe is a binary file it requires a special editor. For purposes of this article I have used Resource Hacker. Resource HackerTM is a freeware utility to view, modify, rename, add, delete and extract resources in 32bit Windows executables and resource files (*.res). It incorporates an internal resource script compiler and decompiler and works on Microsoft Windows 95/98/ME, Windows NT, Windows 2000 and Windows XP operating systems.

get this from h**p://delphi.icm.edu.pl/ftp/tools/ResHack.zip

The first step is to make a backup copy of the file explorer.exe located at C:Windowsexplorer. Place it in a folder somewhere on your hard drive where it will be safe. Start Resource Hacker and open explorer.exe located at C:Windowsexplorer.exe.

The category we are going to be using is “String Table”. Expand it by clicking the plus sign then navigate down to and expand string 37 followed by highlighting 1033. If you are using the Classic Layout rather than the XP Layout, use number 38. The right hand pane will display the stringtable. We’re going to modify item 578, currently showing the word “start” just as it displays on the current Start button.

There is no magic here. Just double click on the word “start” so that it’s highlighted, making sure the quotation marks are not part of the highlight. They need to remain in place, surrounding the new text that you’ll type. Go ahead and type your new entry. In my case I used Click Me!

You’ll notice that after the new text string has been entered the Compile Script button that was grayed out is now active. I won’t get into what’s involved in compiling a script, but suffice it to say it’s going to make this exercise worthwhile. Click Compile Script and then save the altered file using the Save As command on the File Menu. Do not use the Save command – Make sure to use the Save As command and choose a name for the file. Save the newly named file to C:Windows.

Step 2 – Modify the Registry

!!!make a backup of your registry before making changes!!!

Now that the modified explorer.exe has been created it’s necessary to modify the registry so the file will be recognized when the user logs on to the system. If you don’t know how to access the registry I’m not sure this article is for you, but just in case it’s a temporary memory lapse, go to Start (soon to be something else) Run and type regedit in the Open field. Navigate to:

HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon

In the right pane, double click the “Shell” entry to open the Edit String dialog box. In Value data: line, enter the name that was used to save the modified explorer.exe file. Click OK.

Close Registry Editor and either log off the system and log back in, or reboot the entire system if that’s your preference. If all went as planned you should see your new Start button with the revised text.[/b]

If you’ve let your guard down–or even if you haven’t–it can be hard to tell if your PC is infected. Here’s what to do if you suspect the worst.

Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you’ll lose all your data, and you’ll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness.

You know they’re right. Yet for one reason or another, you’re not running antivirus software, or you are but it’s not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Antivirus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you’ve put off renewing.

It happens. It’s nothing to be ashamed of. But chances are, either you’re infected right now, as we speak, or you will be very soon.

For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, “an unprotected [Windows] computer will become owned by a bot within 14 minutes.”

Today’s viruses, worms, and so-called bots–which turn your PC into a zombie that does the hacker’s bidding (such as mass-mailing spam)–aren’t going to announce their presence. Real viruses aren’t like the ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in the background, quietly altering data, stealing private operations, or using your PC for their own illegal ends. This makes them hard to spot if you’re not well protected.

Is Your PC “Owned?”

I should start by saying that not every system oddity is due to a virus, worm, or bot. Is your system slowing down? Is your hard drive filling up rapidly? Are programs crashing without warning? These symptoms are more likely caused by Windows, or badly written legitimate programs, rather than malware. After all, people who write malware want to hide their program’s presence. People who write commercial software put icons all over your desktop. Who’s going to work harder to go unnoticed?

Other indicators that may, in fact, indicate that there’s nothing that you need to worry about, include:

* An automated e-mail telling you that you’re sending out infected mail. E-mail viruses and worms typically come from faked addresses.
* A frantic note from a friend saying they’ve been infected, and therefore so have you. This is likely a hoax. It’s especially suspicious if the note tells you the virus can’t be detected but you can get rid of it by deleting one simple file. Don’t be fooled–and don’t delete that file.

I’m not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax.

Sniffing Out an Infection

There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you’re not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. By the way, the firewall that comes with Windows, even the improved version in XP Service Pack 2, lacks this capability.

To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check “Show icon in notification area when connected,” and click OK.

If you’re interested in being a PC detective, you can sniff around further for malware. By hitting Ctrl-Alt-Delete in Windows, you’ll bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is.

Want another place to look? In Windows XP, click Start, Run, type “services.msc” in the box, and press Enter. You’ll see detailed descriptions of the services Windows is running. Something look weird? Check with your search engine.

Finally, you can do more detective work by selecting Start, Run, and typing “msconfig” in the box. With this tool you not only see the services running, but also the programs that your system is launching at startup. Again, check for anything weird.

If any of these tools won’t run–or if your security software won’t run–that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.

What to Do Next

Once you’re fairly sure your system is infected, don’t panic. There are steps you can take to assess the damage, depending on your current level of protection.

* If you don’t have any antivirus software on your system (shame on you), or if the software has stopped working, stay online and go for a free scan at one of several Web sites. There’s McAfee FreeScan, Symantec Security Check, and Trend Micro’s HouseCall. If one doesn’t find anything, try two. In fact, running a free online virus scan is a good way to double-check the work of your own local antivirus program. When you’re done, buy or download a real antivirus program.
* If you have antivirus software, but it isn’t active, get offline, unplug wires– whatever it takes to stop your computer from communicating via the Internet. Then, promptly perform a scan with the installed software.
* If nothing seems to be working, do more research on the Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses–if manual removal is possible–or a free removal tool if it isn’t. Check out GriSOFT’s Virus Encyclopedia, Eset’s Virus Descriptions, McAffee’s Virus Glossary, Symantec’s Virus Encyclopedia, or Trend Micro’s Virus Encyclopedia.

A Microgram of Prevention

Assuming your system is now clean, you need to make sure it stays that way. Preventing a breach of your computer’s security is far more effective than cleaning up the mess afterwards. Start with a good security program, such Trend Micro’s PC-Cillin, which you can buy for $50.

Don’t want to shell out any money? You can cobble together security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool).

Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn’t worth your money or your time.

Speaking of updating, the same goes for Windows. Use Windows Update (it’s right there on your Start Menu) to make sure you’re getting all of the high priority updates. If you run Windows XP, make sure to get the Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under the General tab, under System, it should say “Service Pack 2.”

Here are a few more pointers for a virus-free life:

* Be careful with e-mail. Set your e-mail software security settings to high. Don’t open messages with generic-sounding subjects that don’t apply specifically to you from people you don’t know. Don’t open an attachment unless you’re expecting it.
* If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet.
* Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research’s Web site and run the free ShieldsUP test to see your ports’ status. If some ports show up as closed–or worse yet, open–check your router’s documentation to find out how to hide them.

This tutorial is more of a tip than a tutorial. It just explains how to calculate offsets for jumps and calls within the program you are patching.

Types of Jumps/Calls

Here I will just describe the different types of jumps and calls which you will come across:

Short Jumps
Short jumps be they conditional or unconditional jumps are 2 bytes long (or 1 nibble if your Californian . These are relative jumps taken from the first byte after the two bytes of the jump. Using short jumps you can jump a maximum of 127 bytes forward and 128 bytes backwards.

Long Jumps
Long jumps if they are relative are 6 bytes long for conditional jumps and are 5 bytes long for unconditional jumps. For conditional jumps 2 bytes are used to identify that it is a long jump and what type of jump (je, jg, jns etc) it is. The other 4 bytes are used to show how far away the target location is relative to the first byte after the jump. In an unconditional jump only 1 byte is used to identify it as a long unconditional jump and the other 4 are used to show it’s target’s relative position, as with the conditional jumps.

Calls
There are two different types of calls which we will use. The normal type of call works the same as the long jumps in that it is relative to it’s current position. The other type gives a reference to a memory location, register or stack position which holds the memory location it will call. The position held by the later is direct e.g. the memory location referenced may contain 401036h which would be the exact position that you would call, not relative to the position of the call. The size of these types of calls depends on any calculations involved in the call i.e. you could do: ‘call dword ptr [eax * edx + 2]‘. Long jumps can also be made using this method, but I didn’t say that earlier as to avoid repetition.

Tables
Here is a brief list of all the different types of jumps/calls and their appropriate op-codes. Where different jumps have the same Op-Codes I have grouped them:

Jump Description Short Op-Code Long Op-Code
call procedure call E8xxxxxxxx N/A
jmp u nconditional jump EBxx E9xxxxxxxx
ja/jnbe jump if above 77xx 0F87xxxxxxxx
jae/jnb/jnc jump if above or equal 73xx 0F83xxxxxxxx
jb/jc/jnae jump if below 72xx 0F82xxxxxxxx
jbe/jna jump if below or equal 76xx 0F86xxxxxxxx
jcxz/jecxz jump if cx/ecx equals zero E3xx N/A
je/jz jump if equal/zero 74xx 0F84xxxxxxxx
jne/jnz jump if not equal/zero 75xx 0F85xxxxxxxx
jg/jnle jump if greater 7Fxx 0F8Fxxxxxxxx
jge/jnl jump if greater or equal 7Dxx 0F8Dxxxxxxxx
jl/jnge jump if less 7Cxx 0F8Cxxxxxxxx
jle/jng jump if less or equal 7Exx 0F8Exxxxxxxx
jno jump if not overflow 71xx 0F81xxxxxxxx
jnp/jpo jump if no parity/parity odd 7Bxx 0F8Bxxxxxxxx
jns jump if not signed 79xx 0F89xxxxxxxx
jo jump if overflow 70xx 0F80xxxxxxxx
jp/jpe jump if parity/parity even 7Axx 0F8Axxxxxxxx
js jump if sign 78xx 0F88xxxxxxxx

Calculating Offsets (finding in the xx’s in table)

You will need to be able to calculate offsets when you add jumps and make calls within and to the code you have added. If you choose to do this by hand instead of using a tool then here are the basics:

For jumps and calls further on in memory from your current position you take the address where you want to jump/call and subtract from it the memory location of the next instruction after your call/jump i.e.:

(target mem address) – (mem location of next instruction after call/jump)

Example
If we wanted to jump to 4020d0 and the next instruction *after* the jump is at location 401093 then we would use the following calculation:

4020d0 – 401093 = 103d

We then write the jump instruction in hex as e93d100000 where e9 is the hex op-code for a long relative jump and 3d100000 is the result of our calculation expanded to dword size and reversed.

For jumps and calls to locations *before* the current location in memory you take the address you want to call/jump to and subtract it from the memory location of the next instruction after your call/jump, then subtract 1 and finally perform a logical NOT on the result i.e.

NOT(mem address of next instruction – target mem address – 1)

Example
If we wanted to call location 401184 and the address of the next instruction after the call is 402190 then we do the following calculation:

NOT(402190 – 401184 – 1 ) = ffffeff4

We can then write our call instruction in hex as e8f4efffff where e8 is the hex op-code for relative call and f4efffff is the result of the calculation in reverse order.

If you want to practice with different examples then the best way to do this is to use a disassembler like WDASM which shows you the op-codes and try and work out the results yourself. Also as an end note you don’t have to perform these calculations if you have enough room to make your jump or call instruction into an absolute jump call by doing the following as represented in assembler:

mov eax, 4020d0
call eax (or jmp eax)

Final Notes

Make life easier and use a program to do this

Because of the security features built into Windows XP, it is virtually impossible to get back into the system without the password.
You have several options to try and get around this problem.

If you have access to another user account with administrator rights, you can use that account to change the password
of the account that is locked out. You can also use the default Administrator account that is built into Windows XP.

First you need to boot the system into Safe Mode.
1.Restart your system.
2.When you see the blue Dell globe or screen, press the ( F8 ) key about 3 times a second.
3.You should get the Windows startup menu. Use the (Up or Down) arrow keys to highlight (SafeMode)
4.Press (Enter) on (Safe Mode), then press (Enter) on (Windows XP).
5.The system should boot to Safe Mode.

Once you are at the Account Log on Screen, click on the icon
for the user account with administrator rights, or click on the icon
for the administrators account.
Note: For Home the Administrator account isn’t normally shown & in Safe Mode you have to press Ctrl+Alt+Delete keys twice to show.
For PRO you can do this in normal mode

When the system has booted to the desktop, use the following steps to change the accounts password.
1.Click Start, Control Panel, Administrative Tools.
2.Click Computer Management.
3.Double click Local Users and Groups, double click the folder Users.
4.Right click on the account name that is locked out, and click on Set Password.
5.You may get a warning message about changing the password, simply click proceed.
6.Leave the New Password box blank, also leave the Confirm Password box blank.
7.Click OK, and OK again.
8.Then close all Windows, reboot the system and try to log in.

There are also applications that can recover the password for you.
The following companies provide these applications at a cost.
iOpus® Password Recovery XP here.
LostPassword.com, here.
Asterisk Password Recovery XP v1.89 here.
Windows XP / 2000 / NT Key here.

If the above information does not help in recovering the password, the only option left is to
format the hard drive then reinstall Windows and the system software.

You’ve downloaded a *.BIN file, but there was no *.CUE file associated and you still want to burn the *.BIN file using Nero

Your options are:

1) Create yourself a *.CUE

2) Convert the *.BIN to an *.ISO

3) OR use Nero to burn without the *.CUE file!!!

Yes, that’s possible… just follow these steps and you will be sorted. No need for *.CUE files anymore

Ok, here we go…

1) Start Nero

2) File -> Burn Image

3) Browse to the *.BIN file that you want to burn and open it

4) A window saying “Foreign Image Settings” will open

5) Check the settings. They should be as followed:

* Type of image: leave it to Data Mode 1
* Select the Raw Data check box
Note ->> The block size will change automatically from 2048 to 2352
* Leave Image Header and Image Trailer unchanged and set to 0
* Leave “Scrambled” and “Swapped” check boxes unchecked

6) Click on burn!

7) Enjoy

This tut was for Nero 5.x.x.x, I was told that “Burn Image” is under “recorder” in Nero 6. The rest of the steps should be the same…
xkalibur

Portable Windows CE is a ‘launcher’ for the Windows CE device emulator that can run an emulator-based image from a USB keychain.

Download the Windows CE 5.0 Device Emulator.
Code:
http://www.Mcft.com/downloads/details.aspx?FamilyID=A120E012-CA31-4BE9-A3BF-B9BF4F64CE72&displaylang=en

Change “Mcft” in link to what it is supposed to be icon_wink.gif

Extract the emulator to a folder on your hard drive by running “setup /a”. The installer will prompt you to specify a directory to extract to . For example: D:PortableCE

Download this launcher script:
Code:
http://www.furrygoat.com/Software/launchce.cmd.txt

Copy the following launcher script to the directory you extracted the setup to. You’ll need to rename the file from launchce.cmd.txt to launchce.cmd
Once you have that set up, just copy the entire D:PortableCE folder over to your USB keychain.

To launch the emulator, just plug in your USB keychain, navigate to the PortableCE folder, and run launchce.cmd. You should (hopefully) have the emulator fire up.