Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘Uncategorized’ Category

Get registry key name from a handle

RegeditSometimes it can be useful to determine what registry key belongs to a registry key handle. And exampling is when hooking RegQueryValue so you can determine the registry key that a value belongs to instead of having to track the registry key when it’s opened.

To obtain the registry key we can pass a handle to the NtQueryKey API with which has the following signature:

To get the keyname we need to pass the KeyNameInformation enum and we can set the ReturnLength parameter to 0 to obtain the required buffer size:

(more…)

  • 0 Comments
  • Filed under: C#, Uncategorized
  • Sometimes I want to download a video from a website for offline usage, for example when I want to watch it whilst travelling.

    Most video websites don’t want you do download videos as they of course want to show their ads and receive the clicks. I am not discussing the legal side here, up to you to check if it’s legally allowed to download the video you’re interested.

    A very common way to make direct downloading of a video more difficult is to cut a video in many small video files (.ts files). Here’s an example screenshot of the Chrome developer view whilst playing a video from a popular Dutch website called Dumpert, filtering on .ts:

    Screenshot of the Chrome Developer View showing a list of files downloaded, filtered on .ts files

    You can of course manually download al the .ts files and re-encode them to a single video file but it would be a lot of work.

    The most common way to do this automatically is to use a browser extension or a separate application but in many cases they are either ridden with ads or malware.

    So let’s see if we can do this ourselves.

    We will need the following tools:

    Just the 2 binaries will work, in my case (Windows) youtube-dl.exe and ffmpeg.exe which can you place in the same folder.

    I am using the following video in this example: https://www.dumpert.nl/?selectedId=100043775_5cc0ba15

    (more…)

    In my lab I have deployed Office 2019 to an Windows 2019 VM to do some testing with Citrix Virtual Apps and Desktops.

    The proper way to do this is to customize the Office installation using the Office Deployment Tool (ODT). The page even lists an example containing a value to accept the EULA.

    I didn’t do that, I just installed it manually (I know.) and upon first launch of any of the Office components I would always get this EULA nag screen:

    Microsoft Office EULA nag screen

    So how do you get rid of this nag screen if you didn’t use ODT?

    To figure that out I started Outlook whilst I ran SysInternals Process Monitor with the following Filters configured:

    • Process Name is outlook.exe
    • Path contains license, eula or registration:

    Screenshot of the Process Monitor Filter dialog showing Process Name is outlook.exe and Path contains license, eula or registration

    What I was looking for was (ideally) a registry key or value that was global to all users (so in HKLM) and for all Office components. And from the Procmon trace this Value seemed a good candidate:

    Showing that outlook.exe attempts to read the following value: HKLM\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Office\16.0\Registration\AcceptAllEulas

    (more…)

    Protected: test

    This content is password protected. To view it please enter your password below:

  • Enter your password to view comments.
  • Filed under: Uncategorized
  • I had a strange issue today: I couldn’t open any webpage in the Edge browser on my Windows 10 machine:

    Edge browser with error message "Can't reach this page"
    Edge browser: “Can’t reach this page”

    Network icon showing Internet access

    The network icon was showing that there was Internet access and a quick check on the command prompt showed that the connection (including name resolution appeared to work fine):

    Command prompt showing that ping to www.google.com works fine.ping www.google.comPinging www.google.com [172.217.168.196] with 32 bytes of data:
Reply from 172.217.168.196: bytes=32 time=15ms TTL=55
Reply from 172.217.168.196: bytes=32 time=14ms TTL=55Ping statistics for 172.217.168.196:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 15ms, Average = 14ms
    ping to www.google.com

    Other browsers such as Firefox (my default browser) and Chrome also worked fine but some other Microsoft applications also didn’t work such as the Microsoft Store:

    (more…)
  • 1 Comment
  • Filed under: Uncategorized
  • I had a strange error today using the Desktop App Converter with the parameters given from the Store for Business.

    The conversion would fail with the following error:

    DesktopAppConverter : error 'E_MANIFEST_USE_DEFAULT_VALUE_FAILED': Property 'Package.Applications.Application.Id' in AppxManifest.xml could not be set to the default value

    I’m not sure why this fails as the PackageName is provided by the store and should be valid. An answer on stackoverflow suggested to use a different value for the PackageName parameter and then edit the manifest.

    I don’t like this method as manual modifications of the manifest often leads to errors when submitting the application to the store.

    So let’s have a look and see why we’re getting this error.

    I searched for E_MANIFEST_USE_DEFAULT_VALUE_FAILED in the DesktopAppConverter folder and found 1 occurence in ManifestOps.ps1.

    From a look at the code it wasn’t immediately clear where the validation failed so I decided to debug it.

    (more…)

  • 1 Comment
  • Filed under: Uncategorized
  • RAD Studio Tokyo 10.2(.2) Data Collection

    Just a very quick note: I was just installing RAD Studio 10.2.2 when I noticed the installer has an Options button:

    image

    So I clicked it to see what options are available and noticed that the "Embarcadero Customer Experience Program" is opted-in by default:

    (more…)

    imageI recently (well today really) started playing with the Citrix Linux VDA. I took Ubuntu to test because I happen to like Ubuntu.

    I didn’t get it to work correctly right away though and during troubleshooting I wanted to know where the VDA is storing it’s settings.

    I found the following file /etc/xdl/ctx-vda.confwith the following contents:

    (more…)

    On forbes.com, Cookies and Ads

    Even though I try not to visit the forbes.com site anymore due to their heavy usages of ads, anti adblocker and overwhelming number of cookies they’re trying to push, sometimes however I accidentally follow a tweet that leads to forbes.com and just notice it to late.

    Besides wasting your bandwidth, mobile data and especially time there have been a few occasions were the forbes.com page was actually serving malware from their adfeeds.

    It annoys me bigtime so let’s “fix” this:

    First thing that happens upon visiting the forbes site is that you get a blurred background with a random ad or quote of the day and you need to press Continue to article:

    image

    If you open the Developer console in Chrome (Application tab) you can see that Forbes uses a cookie that expires in 24 hours. This cookie make sure that you don’t see the “welcome” ad for 24 hours:

    (more…)

    Convert Executable to PowerShell

    Recently I stumbled upon an executable that appeared to be a PowerShell script converted into an executable.

    I was curious to the actual script so I decided to have a look and see how I could convert the executable back into PowerShell.

    Having seen similar techniques to turn vb scripts and java jar’s into executables I first looked if this particular executable was simply carrying the payload in the resource section.

    I opened the executable with Resource Hacker and saw 2 resources (note that I am using a simple HelloWorld executable here in the screenshots). The first resource, named 1, is clearly a Unicode string with the title:

    Resource Hacker Screenshot showing the resources

    Resource Hacker – HelloWorld.exe

    (more…)

    Blogroll


    Categories


    Archives