Déc 282018
 

Since windows XP, windows has a built-in host-based firewall.
A decent firewall where one can allow or block traffic based on executable and/or source/destination/protocol.

Thus, you may not always have access to the MMC (wf.msc) and the console GUI is not always straightforward but rather wizard oriented.

Windows Firewall GUI is a « one window does it all » standalone executable running on windows 7 up to latest windows 10 version.

Probably more important, as the GUI is quite simple and possibly redundant with existing windows functionalities, source code is available (on my github) as well so others may build onto it.

One can :
-view all rules at once
-sort and export to HTML
-delete a rule
-add a rule
-enable/disable a rule
-enable/disable the firewall
-turn on/off logging (dropped packets)
-open and monitor the windows firewall log
-get current profile (domain/private/public)
-get default inbound/outbound action for current profile
-restore local windows firewall defaults

Download here.

Déc 162018
 

In a previous article, I showed how to setup a « proxy » for ImDisk thru devio to mount an EWF file.

This time, lets do it with a VHDI file (using external libyal library).

The command lines for the proxy and ImDisk are below :

To launch the proxy : devio –dll=proxy.dll;dllopen shm:test_proxy c:\test.vhd.

To use the proxy from ImDisk : imdisk -a -t proxy -o shm -o ro -f test_proxy -m Z: .

proxy_VHDI

Nov 022018
 

See previous article to understand why and what.

Previously we have created our differencing / child disks.

Lets first set our iscsi target with Starwind San Free by creating two targets and attaching one disk in each target.





Then lets boot our diskless computers over the network with TinyPXE Server.

We will use the below ipxe scripts (one for each network booting computer).
Replace ‘X’ below with the target number (1 or 2) on line 3 and 5.

#!ipxe
clear net0.dhcp/gateway:ipv4
set initiator-iqn iqn.2006-11.X
set keep-san 1
sanboot --keep iscsi:${next-server}:tcp:3260:0:iqn.2008-08.com.starwindsoftware:erwan-pc2-childX

And here we go, we have X diskless computers booted over the network using differencing disks on the iscsi target.

 Posted by at 19 h 23 min
Nov 022018
 

Windows server iscsi target is a nice product allowing one to boot diskless computers over the network (using iscsi).

Furthermore, windows iscsi target supports differencing virtual hard disks (vhd) allowing one to build a « master » (parent) disk and then create differencing disks thus leaving the master disk untouched.

But you dont always have a windows server at hand and you may wish to go for a cheaper alternative, or just do it another way for fun 🙂

The next 3 articles will take you on a journey to achieve the above i.e boot diskless computers over the network (using StarWind San Free and TinyPXE Server) with differencing virtual hard disks:

create the master / parent disk
create the differencing / child disks
boot diskless computers over the network using these child disks

 Posted by at 13 h 45 min
Sep 012018
 

Some weeks ago, I did buy this nice new drone Aurora mini fight BNF at Gearbest for a very competiting price.
During the order, you had to specify the radio protocol (flysky, frsky, dsmx, etc …).
Since I own a flysky i6 remote controler, I obviously went for flysky.
So far so good.

Unfortunately Gearbest shipped a DSMX version which I obviously cannot fly.
Very disapointing but as I have ordered lots of items on similar chinese sites, I did not panic and was pretty sure I could find a good way out with Gearbest : refund a new receiver, ship a new receiver, etc …

To my big surprise, after many attempts to explain / prove / demonstrate the issue thru pictures, Gearbest has proven to be extremely incompetent or mishonest and ended with the below (ticket opened on August 8th – item ordered on July 5th).

So my best advice if you are a drone guy : dont buy your stuff there.
These guys dont know what they are selling and wont be able to support you in any matter.

FYI : I thought I was a smart ass find this pun « gearworse », well it looks like i am not the first one : gearworse

« 

Juin 172018
 

Been playing with the excellent strarc from Olof.

The basics first:
-to backup a drive/folder to an archive: strarc.exe -cd:C:\ Z:\winxpsp3.sa
-to restore a drive/folder from an archive : strarc.exe -xd:C:\ Z:\winxpsp3.sa

Then, one can backup all files from one logical drive to another (on XP) in one go with this command : strarc.exe -crjd:c:\ | strarc.exe -xd:d:\.
Note the r parameter which will take care of loaded registry hives.
Ideally, rather than backuping a « hot » logical disk (i.e in used), you would use a Volume shadow copy as source (see a discussion here).

Dont forget that when you decide to backup files (i.e not a full physical disk), you need to take care of the MBR on the target disk (hint : grub4dos) and ensure that registry hives are included.

You can also perform such a backup over the network:
-On the « server / host A » side : nc -v -l -p 9000 -e « strarc -cd:x:\my_folder\ »
-On the « client / host B » side : nc 192.168.1.1 9000 > dump.sa (update the IP obviously with your « server » IP).

Host B will connect to host A (listening on port 9000) and dump all received data (from Host A) to dump.sa

 Posted by at 13 h 22 min  Tagged with:
Fév 032018
 

A native app is an app that will be launched as soon as the kernel initialization is completed.

It will be launched (in user mode) by the session manager (smss.exe) thru the registry key HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\BootExecute(run at every boot) or HKLM\SYSTEM\CurrentControlSet\Control\SessionManager\setupexecute(run once only).

A native app can only use NT API functions (ntdll.dll) and not the Windows API functions.

Possible usages :
nativereg createkey \Registry\Machine\SYSTEM\Setup key1
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test0 8 REG_RND_SZ
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test1 toto REG_SZ
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test2 112233AABBCC REG_BINARY
nativereg createvalue \Registry\Machine\SYSTEM\Setup\key1 test3 666 REG_DWORD
nativereg deletevalue \Registry\Machine\SYSTEM\Setup\key1 test1
nativereg deletekey \Registry\Machine\SYSTEM\Setup\key1

The tool is 32 bits (a 64 bits may come later).
It works on XP and up.

Discussion here.

Regards,
Erwan