RemkoWeijnen.nl

Dear Visitor

Remko — Thu, 01 Nov 2007 14:19:05 +0000

Do you like my work? Did my work help you?

Leave a comment and tell me how it was usefull to you.
If you want you can make a donation with the Paypal Donate Button in the right Sidebar.

Thank you!

Detecting a Citrix Published Application

Remko — Mon, 05 Jul 2010 19:48:28 +0000

While browsing through my old projects folder I found a little commandline tool that I wrote about a year ago. I needed to detect a certain published application on a Citrix environment in the loginscript.

The tool detect the current Citrix published applicationname or if you are running Terminal Server aka Remote Desktop Services the Initial Program name and stores this in an environment variable (APPNAME).

There are no parameters and there are no special dependancies (such as MFCom).

CtxPubApp (16) convert this post to pdf.

Rating and contact options

Remko — Tue, 29 Jun 2010 11:49:09 +0000

I have installed a new rating plugin that gives you, my readers, a convenient and fast method to give feedback. So please do so, let me know what posts you find interesting!

I have also added a Contact form in case you have any questions, article suggestions or maybe even consultation requests. The contact page is an attempt to streamline the e-mails I get from this blog so I hope this will work

convert this post to pdf.

Fun with asm

Remko — Fri, 18 Jun 2010 10:02:00 +0000

Today just some fun stuff with ASM, probably not the most recommended way to do things but for sure the most geeky way

Get the Current Session Id:

function GetCurrentSessionId: DWORD;
asm
mov eax,fs:[$00000018]; // Get TEB
mov eax,[eax+$30]; // PPEB
mov eax,[eax+$1d4]; // PEB.SessionId
end;

Get the Current Console Session Id:

function GetConsoleSessionId: DWORD;
asm
mov eax, [$7ffe02d8];
end;

And… if we can read it we can also write it?

procedure SetCurrentSessionId(const SessionId: DWORD);
asm
mov edx,fs:[$00000018];
mov edx,[edx+$30];
mov [edx+$1d4], SessionId;
end;

and

procedure SetConsoleSessionId(const SessionId: DWORD);
var
p: PDWORD;
OldProtect: DWORD;
begin
p := PDWORD($7ffe02d8);
Win32Check(VirtualProtect(p, SizeOf(p), PAGE_READWRITE, @OldProtect));
p^ := SessionId;
Win32Check(VirtualProtect(p, SizeOf(p), OldProtect, @OldProtect));
end;

You can safely try it since it of course affects the current process only, so don’t worry.

And perhaps more usefull

procedure SetIsDebuggerPresent(const Value: Boolean);
asm
mov edx,fs:[$00000018]; // TEB
mov edx, [edx+$30]; // PPEB
mov byte ptr[edx+2], Value; // +0×002 BeingDebugged : UChar
end;

convert this post to pdf.

Obtain Fully Qualified Domain Name from Netbios Domain Name

Remko — Thu, 17 Jun 2010 12:34:42 +0000

I needed to obtain the Fully Qualified Domain Name (FQDN) for a given NetBios domain name. Eg from MYDOMAIN to dc=mydomain,dc=local.

I did some tests with the TranslateName API and if you append a \ to the domain name it returns the FQDN.

Here is a short example:

var
Buffer: array[0..MAX_PATH] of Char;
nSize: DWORD;
begin
nSize := Length(Buffer);
ZeroMemory(@Buffer, SizeOf(Buffer));
Win32Check(TranslateName(‘MYDOMAIN\’), NameSamCompatible, NameFullyQualifiedDN, Buffer, nSize))
end;

convert this post to pdf.

Having fun with Windows Licensing

Remko — Tue, 15 Jun 2010 13:09:14 +0000

If you look into the registry in the key HKLM\System\CurrentControlSet\ProductOptions you will find several licensing related Values.

The ProductType and ProductSuite keys contain the OS Suite and Edition, but the ProductPolicy key is much more interesting. So let’s have a closer look at it, open RegEdit and DoubleClick the key, you will something like the screenshot below, a Binary Value:

As you can see the license names are there as a Unicode string and later on I will show you how we can read the values. But because I didn’t want to extract all the names manually I decided to see if I could reverse the used structure because it didn’t look very complicated. Using a Hex Editor I could determine the important part of the structure.

It starts with a header:

TProductPolicyHeader = packed record
cbSize: DWORD;
cbDataSize: DWORD;
cbEndMarker: DWORD;
Unknown1: DWORD;
Unknown2: DWORD;
end;

then an array of values follows:

TProductPolicyValue = packed record
cbSize: Word;
cbName: Word;
SlDatatype: Word;
cbData: Word;
Unknown1: DWORD;
Unknown2: DWORD;
end;

The SlDataType is a word value that corresponds to the values of the SLDATATYPE enum:

_tagSLDATATYPE =
(
SL_DATA_NONE = REG_NONE,
SL_DATA_SZ = REG_SZ,
SL_DATA_DWORD = REG_DWORD,
SL_DATA_BINARY = REG_BINARY,
SL_DATA_MULTI_SZ = REG_MULTI_SZ,
SL_DATA_SUM = 100
);
SLDATATYPE = _tagSLDATATYPE;
TSlDataType = SLDATATYPE;
PSlDataType = ^SLDATATYPE;

And we end with an End Marker (of size cbEndMarker).

Then I wrote some code to parse the structure:

procedure TForm1.ParseProductPolicy;
const
KeyName = ‘SYSTEM\CurrentControlSet\Control\ProductOptions’;
ValueName = ‘ProductPolicy’;
var
HourGlass: IHourGlass;
ms: TMemoryStream;
Reg: TRegistry;
CurPos: Int64;
Header: TProductPolicyHeader;
Value: TProductPolicyValue;
Name: UnicodeString;
begin
HourGlass := TIHourGlass.Create;
ms := TMemoryStream.Create;
try
ListView1.Items.BeginUpdate;
Reg := TRegistry.Create;
try
Reg.RootKey := HKEY_LOCAL_MACHINE;
{ Open ProductOptions Key }
if Reg.OpenKeyReadOnly(KeyName) then
begin
{ Get ProductPolicy Size }
ms.Size := Reg.GetDataSize(ValueName);
if ms.Size > 0 then
begin
{ Read ProductPolicy Data into MemoryStream }
Reg.ReadBinaryData(ValueName, ms.Memory^, ms.Size);
end;
end;
finally
Reg.Free;
end;

{ Read Header }
ms.ReadBuffer(Header, SizeOf(Header));

{ Loop through the Values }
while ms.Size – Header.cbEndMarker > ms.Position do
begin
{ Store current position }
CurPos := ms.Position;

{ Read Value }
ms.ReadBuffer(Value, SizeOf(Value));
{ Set Name length }
SetLength(Name, Value.cbName div SizeOf(WChar));
{ Read Name }
ms.ReadBuffer(Name[1], Value.cbName);

{ Read License Value }
CheckValue(Name);

{ Jump to next Value }
ms.Seek(CurPos + Value.cbSize, soFromBeginning);
end;

finally
ListView1.Items.EndUpdate;
ms.Free;
end;

end;

The procedure that reads the actual value is CheckValue, it uses the SLGetWindowsInformation function:

function SLGetWindowsInformation(pwszValueName: PWideChar;
var peDataType: SLDATATYPE; var pcbValue: UINT; var ppbValue: PByte): HRESULT;
stdcall; external ‘slc.dll’;

The results are very interesting, I didn’t know there were so many licensable features in Windows!

You can check your results with the demo project (source included).
License Demo (41)

Here are the results from my Windows 7 Laptop:

convert this post to pdf.

Memory Leaks when using the Virtual TreeView Component

Remko — Wed, 09 Jun 2010 07:50:49 +0000

Again a about post about using the Virtual TreeView component (did I mention it’s brilliant?), this time I will talk about memory leaks.

I often use Records to hold the treedata, and usually the record holds some string data (eg a caption) and an (a reference to) an Interface or Object(List) that holds more data.

If you are familiar with Virtual Tree then you know that you must can the NodeData in the OnFreeNode event.

Let’s look at an example:

type
TTreeData = record
Caption: String;
SessionList: ISessionList;
Link: INode;
end;
PTreeData = ^TTreeData;

procedure TMainForm.TreeViewFreeNode(Sender: TBaseVirtualTree;
Node: PVirtualNode);
var
TreeData: PTreeData;
begin
TreeData := Sender.GetNodeData(Node);
Finalize(TreeData^);
end;

Looks allright doesn’t it? And still if you test for memoryleaks with Eurekalog or FastMM you will sometimes notice some leaks.

This happens because Virtual Treeview only calls the OnNodeFree event for Validated Nodes and a node that was never “touched” (eg the node was never visible and thus the GetText event was never called) was never validated.

In these cases you can manually validate the node when adding it

TreeView.ValidateNode(Child, False);

convert this post to pdf.

Setting ChildCount in a Virtual Tree

Remko — Tue, 08 Jun 2010 15:39:57 +0000

When working with the Virtual TreeView component the most optimized way of adding (or removing child nodes is by changing the ChildCount.

I often make the mistake of change the ChildCount of a Node using:

Node^.ChildCount := Count;

If you look into the source you will see why this will not work, the proper way is:

VirtualTree.ChildCount[Node] := Count;

This is mainly a note to self since I tend to forget it all the time

convert this post to pdf.

Random Active Directory Notes #4

Remko — Tue, 30 Mar 2010 13:04:51 +0000

Previously I discussed IDirectoryObject, today I will show how to change a user’s password with IDirectoryObject.

I didn’t find any documentation except a kb article describing how to use pure ldap to do it. Of course I could have used IADsUser::SetPassword but I decided not to because of the following reasons:

IADs interfaces are terribly slow (although for one use you probably wouldn’t really notice).
IADsUser::SetPassword tries 3 different methods to set the password (ldap over ssl, kerberos and finally NetUserSetInfo) which makes it even slower (most domain controllers do not have an ssl certificate) and unpredictable.

All example code I found was .NET based using the .NET wrappers for Active Directory and seemed to be meant for use in Adam rather than full Active Directory (it set port number to 389 and password mode to cleartext).

In the end it’s not very difficult but nonetheless it took me a while before I got it right.

We can write to the unicodePwd attribute which wants the password as a double quoted unicode string. If you look at this attribute with AdsiEdit you’ll see that the type is Octet String and that it can be written only.

I was tricked with Delphi’s QuotedStr function for a while because it doesn’t return a double but single quoted string

Below a small snippet from the upcoming JwsclActiveDirectory that shows how to use it:

procedure TJwAdUser.SetPassword(const Value: TJwString);
var
AdValue: ADSVALUE;
AdAttrInfo: ADS_ATTR_INFO;
TempPwd: TJwString;
DirObjIntf: IDirectoryObject;
Count: DWORD;
hr: HRESULT;
begin
{ To set the password we need a secure bind to the Domain Controller, this
is possible from win2000 sp5 and higher }
hr := ADsOpenObject(PWideChar(FPathName), nil, nil, ADS_USE_SIGNING
or ADS_USE_SEALING or ADS_SECURE_AUTHENTICATION, IID_IDirectoryObject,
Pointer(DirObjIntf));

if failed(hr) then
raise EJwsclAdNoInterfaceException.CreateFmtEx(
‘Interface %s not obtained’, ‘SetPassword’, ClassName,
‘JwsclActiveDirectory’, 0, hr, [‘IID_IDirectoryObject’]);

{ we can set the password through the unicodePwd attribute. }
AdAttrInfo.pszAttrName := ‘unicodePwd’;
AdAttrInfo.dwControlCode := ADS_ATTR_UPDATE;
AdAttrInfo.pADsValues := @AdValue;
AdAttrInfo.dwNumValues := 1;

{ the password needs to be within a double quoted string }
TempPwd := AnsiQuotedStr(Value, ‘"’);

{ unicodePwd is of type Octet String }
AdValue.dwType := ADSTYPE_OCTET_STRING;
AdValue.OctetString.dwLength := Length(TempPwd) * sizeof(TempPwd[1]);
AdValue.OctetString.lpValue := @TempPwd[1];

{ set the password }
hr := DirObjIntf.SetObjectAttributes(@AdAttrInfo, 1, Count);

{ don’t keep the password in memory… }
SecureZeroMemory(@TempPwd[1], Length(TempPwd) * sizeof(TempPwd[1]));

DirObjIntf := nil;

if failed(hr) then
raise EJwsclAdSetPropertyException.CreateFmtEx(
‘SetObjectAttributes failed to set %s’, ‘SetPassword’, ClassName,
‘JwsclActiveDirectory’, 0, hr, [AdAttrInfo.pszAttrName]);
end;

convert this post to pdf.

Using Windows Resource Strings

Remko — Sun, 28 Mar 2010 08:45:05 +0000

A few days ago I wrote about Using Windows Dialogs in your own programs, wouldn’t it be nice to be able to use Windows Resource Strings for the same reasons?

Loading a resource string is not difficult, let’s look at some examples:

function LoadResourceString(const DllName: String; ResourceId: Integer): String;
var
hDLL: THandle;
Buffer: array[0..MAX_PATH] of Char;
begin
hDLL := LoadLibrary(PChar(DllName));
if hDLL = 0 then
Exit;

if LoadString(hDll, ResourceId, Buffer, Length(Buffer)) > 0 then
Result := Buffer;
end;

This uses the LoadString api to load a Resource String from an Executable or Dll by it’s resource Id. An Example might call might be:

LoadResourceString(‘dsadmin.dll’, 226)

This loads the string with ResourceId 226 from dsadmin.dll(.mui):

STRINGTABLE
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
{
224, "Windows cannot complete the password change for %2 because:\n%1"
225, "Windows cannot access object %2 because:\n%1The object may have been deleted by another administrator in this enterprise."
226, "The New and Confirm passwords must match. Please re-type them."
228, "Object %2 has been disabled."
229, "Windows cannot disable object %2 because:\n%1"
231, "Object %2 has been enabled."
232, "Windows cannot enable object %2 because:\n%1"
233, "Create a new object…"
237, "Mo&ve…\nMoves the selected object"
238, "The password for %2 cannot be set due to insufficient privileges. Windows will attempt to disable this account. If this attempt fails, the account will become a security risk. Contact an administrator as soon as possible to repair this. Before this user can log on, the password should be set, and the account must be enabled."
}

As you can see in this example, some resource strings have identifiers such as %1 and %2 which are used in the FormatMessage Api. How can we use that from Delphi?

I wrote a very simple wrapper for it:

function FormatMsg(const Source: String; const Args: array of const): String;
var
i: Integer;
ArgArray: array of Pointer;
Buffer: PChar;
begin
for i := Low(Args) to High(Args) do
begin
SetLength(ArgArray, i+1);
case Args[i].VType of
vtExtended:; // not supported, should raise Exception
else
ArgArray[i] := Args[i].VPointer;
end;
end;

if FormatMessage(FORMAT_MESSAGE_FROM_STRING or
FORMAT_MESSAGE_ALLOCATE_BUFFER or FORMAT_MESSAGE_ARGUMENT_ARRAY,
PChar(Source), 0, 0, @Buffer, 0, @ArgArray[0]) > 0 then
begin
Result := Buffer;
// replace \n (linefeed) with #13#10
Result := StringReplace(Result, ‘\n’, #13#10, [rfReplaceAll]);
LocalFree(DWORD(Buffer));
end
else begin
SetLength(Result, 0);
end;
end;

And here is a usage example:

Memo1.Lines.Add (FormatMsg(
‘Windows cannot complete the password change for %2 because:\n%1′,
[‘the password doesn’‘t meet complexity requirements’, ‘John Doe’]));

The Result of this is:

Windows cannot complete the password change for John Doe because:
the password doesn’t meet complexity requirements

convert this post to pdf.