$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
18 Dec // php the_time('Y') ?>
Just a very quick note: I was just installing RAD Studio 10.2.2 when I noticed the installer has an Options button:
So I clicked it to see what options are available and noticed that the "Embarcadero Customer Experience Program" is opted-in by default:
13 Mar // php the_time('Y') ?>
I write most of my code in unmanaged languages such as Delphi and C/C++. Sometimes customers ask me to interface my code to their .net code in which case I create a dll for them.
A recurring thing is that I need to return string to .net.
There are many ways to do this of course but in all cases we need to manage memory: who will allocate the memory for the string and who is responsible for freeing it?
28 Nov // php the_time('Y') ?>
Sometimes you need to know the Process Id (PID) of a running service. Since Windows 2003 you can use the tasklist.exe tool with the /SVC switch. But how to do this programmatically?
The QueryServiceStatusEx API returns a SERVICE_STATUS_PROCESS structure that contains the PID.
The code is not very complicated:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | uses JwaWinSvc; function GetServicePid(const Servicename: String): DWORD; var hScm: THandle; hSvc: THandle; ssp: SERVICE_STATUS_PROCESS; dwSize: DWORD; begin hScm := OpenSCManager(nil, nil, SC_MANAGER_CONNECT); if hScm = 0 then Exit(0); try hSvc := OpenService(hScm, PChar(Servicename), SERVICE_QUERY_STATUS); if hSvc = 0 then Exit(0); try if not QueryServiceStatusEx(hSvc, SC_STATUS_PROCESS_INFO, @ssp, SizeOf(ssp), dwSize) then Exit(0); Result := ssp.dwProcessId; finally CloseServiceHandle(hSvc); end; finally CloseServiceHandle(hScm); end; end; |
29 May // php the_time('Y') ?>
This morning Arjan Beijer sent me an interesting link to a youtube video about obtaining the Citrix IMA Datastore password using Windbg.
The video shows a method, discovered by Denis Gundarev to obtain the IMA Datastore password. Basically he uses DSMaint.exe and set’s a breakpoint on the call to CryptUnprotectData and then reads the password from memory.
I tried to call the CryptUnprotectData API with the data read from the registry directly but this failed with error NTE_BAD_KEY_STATE, this is defined in winerror.h and it means “Key not valid for use in specified state”.
17 May // php the_time('Y') ?>
After figuring out how to encode and decode the Citrix passwords my next step for the upcoming Citrix Launcher is experiment with config.xml and authenticating to the Citrix Web Interface.
I imported the NFuse.dtd from the Citrix Web Interface into Delphi with the XML Data Binding Wizard. The results in an NFuse Unit so I can easily create the XML data.
To create an authentication packet I use the following code:
24 Feb // php the_time('Y') ?>
Just read a tweet from @andyjmorgan about Interactive Service Detection. This made me remember that it’s possible to switch to the Session 0 with an undocumented api in winsta.dll.
For this API to work you must have the Interactive Services Detection (UI0Detect) service running.
16 Aug // php the_time('Y') ?>
Today I was reusing some old (pre vista) code the retrieves the Logon SID that I wrote a few years ago. The Logon SID is a special SID that identifies a logon session that has the form S-1-5-5-X-Y.
You can view your Logon SID with Process Explorer, right click a GUI process, select Properties and goto the Security Tab:
11 Aug // php the_time('Y') ?>
Snippet below can be used to programmatically determine if User Account Control is enabled:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | uses JwaWinbase, JwaWinNt; function IsUACEnabled: Boolean; var hToken: THandle; tet: TOKEN_ELEVATION_TYPE; dwSize: DWORD; begin Win32Check(OpenProcessToken(GetCurrentProcess, TOKEN_QUERY, hToken)); // TokenElevationType class only available on Vista+ Win32Check(GetTokenInformation(hToken, TokenElevationType, @tet, SizeOf(tet), dwSize)); Result := tet <> TokenElevationTypeDefault; end; |
21 Jun // php the_time('Y') ?>
In my SATA Controller Identification tool I was using the TSaveDialog (Delphi 2010) but I got a report that under Windows PE the dialog is never shown.
There’s no exception and I didn’t really bother to check why it fails. Instead I decided to replace it with the GetSaveFileName API which does work under Windows PE.
Example:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | var sl: TStringList; ofn: OPENFILENAME; Buf: array[0..MAX_PATH] of Char; ZeroMemory(@ofn, SizeOf(ofn)); ofn.lStructSize := SizeOf(ofn); ofn.hWndOwner := Form1.Handle; ofn.lpstrFile := @Buf[0]; ofn.nMaxFile := Length(Buf); ofn.lpstrInitialDir := PChar(GetCurrentDir); ofn.lpstrFilter := 'Any File'#0'*.*'#0'Registry file'#0'*.reg'#0#0; ofn.nFilterIndex := 0; ZeroMemory(@Buf, SizeOf(Buf)); if GetSaveFileName(ofn) then begin // Buf now contains the filename end; |
27 May // php the_time('Y') ?>
I just read an answer on StackOverflow with this code:
1 2 3 4 5 6 7 8 9 10 11 12 | var eu:DWORD; begin asm mov eax,[fs:$4] mov ebx,[fs:$8] sub eax,ebx mov eu,eax end; ShowMessage(IntToStr(eu)); end; |
Unfortunately it lacked explanation, so what does this code do?
It reads offset $4 from the Thread Information Block (the top of stack) into eax and then offset $8 (stack base) into ebx.
Then it substracts the two and moves that into variable eu, that’s all!