SysInternals tools suite requires you to accept an EULA for every tool used for the first time.  This can be very annoying, especially when running a command on a remote comuter with psexec - the program hangs, waiting for a non-existent user to click Accept.

Fortunately, there is a solution.   Fire up your trusted python, install the pefile library and execute the following script from SysInternals directory:

	"""
	Removes EULA dialog from SysInternals suite tools
	"""
	from glob import glob
	from array import array
	import re, os
	import pefile
	def find_import(pe, name):
	regex = re.compile(name + "(A|W)?")
	for entry in pe.DIRECTORY_ENTRY_IMPORT:
	for imp in entry.imports:
	if imp.name and regex.match(imp.name):
	return imp
	OK = 0
	DONT_KNOW = 1
	NO_EULA = 2
	def method_bypass_dialog(pe):
	img = pe.get_memory_mapped_image()
	#Find the call to DialogBoxIndirectParam
	imp = find_import(pe, "DialogBoxIndirectParam")
	if not imp:
	return NO_EULA
	asm = '\xff\x15' # CALL
	asm += array('i', [imp.address]).tostring()
	pos = img.find(asm)
	if pos == -1:
	return NO_EULA
	if img.count(asm) > 1:
	return DONT_KNOW # More than one dialog -- not encountered so far (Dec '09)
	# Replace CALL DialogBoxIndirectParam() with the following code:
	# 83C4 14 ADD ESP,14 ' fix stack
	# B0 01 MOV AL,1 ' Make EAX != 0 (0 is Decline)
	# 90 NOP
	replacement = '\x83\xc4\x14' + '\xb0\x01' + '\x90'
	assert len(replacement) == len(asm)
	pe.set_bytes_at_rva(pos, replacement)
	return OK
	def main():
	if "psexec.exe" not in os.listdir('.'):
	print "You must run this script from SysInternals directory."
	return
	exes = glob("*.exe")
	for exe in exes:
	pe = pefile.PE(exe)
	print exe + ": ",
	res = method_bypass_dialog(pe)
	print ["OK", "Don't Know", "No Eula !"][res]
	if res == OK:
	pe.write(filename="noeula_" + exe)
	main()

view raw BypassEula.py hosted with ❤ by GitHub

Access Denied - nothing to see here, move along...

While writing my first .net service, I encountered the following problem:

The service would not start. In the Application event log there was an error:

Service can not be started.  FileLoadException: Could not load file 'dll name'. Access is denied.
....
Pre-bind state information
====================
...
<log message cut off>

Well, in the web there was nothing helpful, and the fact the event log was cut off made the error even more mysterious in my eyes, as I kept thinking the last part holds the key.

But, alas, I was the one creating the problem.  I had a post-build script that updates the service's files and I didn't notice it copies files in encrypted (EFS) form.
Of course, the Local Service (or Local System) accounts can't access EFS files, thus the error.

netsh support in MicroXP 0.82

If you’re using eXPerience’s MicroXP 0.82 (especially good for small virtual machines), you might like to use netsh.exe (Net Shell), which was removed.
So here’s what you have to do in order to get nesh working in MicroXP (all of the mentioned files should be copied from/to %SYSTEMROOT%\system32):

• From a full Windows XP installation, copy netsh.exe and netshell.dll to MicroXP.
• Again, from a full Win XP, run netsh show helper to see the necessary DLLs for the various commands.
• Copy what you need from this list to MicroXP.
• run netsh add helper <DLL> (without <>)   for each DLL you copied.

That’s it.

Quiet Alternative to jucheck.exe (Java Update Check)

I want to make sure my Java is updated, but I don't want jusched.exe running in the background for no reason, and jucheck can't be configured to pop a message box only when there's a new version available.

So I wrote this small batch script to check the latest version.
To run it you'll need curl in your PATH.

I schedule this script to run when the computer is idle for an hour, using nircmd exec hide <path to javacheck.cmd> to make the update check invisible.

	@echo off
	echo Checking if there's a Java update...
	curl http://javadl-esd.sun.com/update/1.6.0/map-m-1.6.0.xml | findstr au-descriptor-1.6.0_20 >nul
	REM if grep failed it probably means there's a new version - launch update interface
	if errorlevel 1 (
	"%CommonFiles%\java\java update\jucheck.exe"
	) else (
	echo Java is up to date!
	)

view raw javacheck.cmd hosted with ❤ by GitHub

P.S Whenever Java does update, make sure to edit the script according to the latest version number (look in http://javadl-esd.sun.com/update/1.6.0/map-m-1.6.0.xml ).

WMP crashes when switching to full screen

Suddenly Windows Media Player 11 started crashing when I switched to full screen mode. At first I thought it was a driver problem, but then I remembered I've changed video acceleration to None in order to take screen shots.
Indeed, setting video acceleration (Tools menu -> Options -> Performance) back to full solved the problem.



BTW, my primary video player is VLC.

Legend for OpenSSL’s dhparam output

I was curious to find out the meaning of all the dots, pluses and stars that openssl dhparam outputs while computing Diffie-Hellman parameters.

To make a long story short, here’s the legend:

• . : A potential prime number was generated.
• + : Number is being tested for primality.
• * : A prime number was found.

 

Reference:

http://openssl.org/docs/crypto/BN_generate_prime.html#DESCRIPTION

http://www.google.com/codesearch/p?hl=en#RPhFhNy2eoY/openssl-0.9.8b/apps/dhparam.c&q=DH_generate_parameters%20package:%22http://www.openssl.org/source/openssl-0.9.8b.tar.gz%22&l=541

MIBS Missing Error on Wireshark Startup

I've installed Wireshark 1.0.5 without SNMP MIBs on Windows. Upon startup I received an error dialog about missing MIBs, containing text like:

The following errors were found while loading the MIBS:
-:0 1 module-not-found failed to locate MIB module `IP-MIB'
-:0 1 module-not-found failed to locate MIB module `IF-MIB'
-:0 1 module-not-found failed to locate MIB module `TCP-MIB'

(snippet from http://www.wireshark.org/lists/wireshark-dev/200711/msg00249.html)

The solution: rename or delete the file smi_modules under the Wireshark directory.

Technorati Tags: Wireshark,troubleshooting

FILETIME to time_t

Microsoft kindly provides the code to convert from time_t (Unix time) to Win32's FILETIME.
Here's the code to do the reverse:

time_t FileTimeToUnixTime(const FILETIME& ft)
{
	// the reverse of http://support.microsoft.com/kb/167296/en-us
	ULONGLONG ull = reinterpret_cast<const ULONGLONG&>(ft);
	ull -= 116444736000000000;
	ull /= 10000000;
	assert(ull < ULONG_MAX);
	return static_cast<time_t>(ull);
}