I wanted to save the SHSH signatures from my iPhone before updating to iOS 5.01. I started Tiny Umbrella but it showed an error indicating that there’s already a process listening on port 80:

I verified this using netstat (netstat -aon | find /I “LISTENING” | find /I “:80″):

(more…)

Yesterday I needed to set a few registry keys remotely from a 32 bit windows machine to a 64 bit machine.

I used reg.exe to set the key but even though it returned success the key wasn’t altered.

As I suspected the key was written to the Wow6432Node. In the help I couldn’t find any switch to force reg.exe to use the 64-bit view.

On a 64 bit machine this is not a problem since both 32- and 64 bit versions of reg.exe exists. The 32 bit version of reg.exe defaults to the 32 bit view and the 64 bit version defaults to the 64 bit view.

But luckily reg.exe has a switch (that is not listed in the help) to force the View:

(more…)

In Windows 7 and 2008 R2 all IP Addresses are by default registered in DNS.

If you don’t want certain IP addresses to appear in DNS you can alter this behavior with Netsh using the skipassource flag.

Use the following syntax to add an additional IP Address with skipassource flag:

(more…)

Today I was reusing some old (pre vista) code the retrieves the Logon SID that I wrote a few years ago. The Logon SID is a special SID that identifies a logon session that has the form S-1-5-5-X-Y.

You can view your Logon SID with Process Explorer, right click a GUI process, select Properties and goto the Security Tab:

(more…)

The GetTokenInformation function can be used with the TokenLinkedToken Information Class on Windows Vista and higher to the linked (Elevated) token.

This is useful when User Account Control is enabled and you want to launch an elevated process e.g. from a service.

This example code fails however when User Account Control is disabled:

GetLastError() returns 1312 which is defined in winerror.h as ERROR_NO_SUCH_LOGON_SESSION with description “A specified logon session does not exist. It may already have been terminated.”

So you should check if User Account Control is enabled in such cases (or make this error non critical).

Snippet below can be used to programmatically determine if User Account Control is enabled:

Modern systems usually offer different SATA Operation Modes such as ATA, AHCI or IRRT.

The AHCI mode offers extra features such as hot swapping and native command queuing.

Many vendors set the SATA Operation Mode to ATA by default because it’s the most compatible mode but there are a few reasons why you might want to change it:

• AHCI has a higher performance than ATA.
• AHCI is a requirement for the TRIM command.
• AHCI is required for self encrypting hard drives

Please note that the IRRT (integrated raid) mode is supposed to support all functionality of AHCI but in my experience it doesn’t.

So the question is: how do we switch the SATA Operation Mode from ATA or IRRT to AHCI?

(more…)

If you want to check if you are running on a Server Core edition of Windows you can use the GetProductInfo API.

GetProductInfo takes 4 input parameters that can be obtained using GetVersionEx and the OSVERSIONINFOEX structure:

No we call GetProductInfo:

(more…)

I just recorded a SasLibEx Screencast, it shows some of the very powerfull features of SasLibEx.

The following features are shown:

• Simulate Ctrl Alt Del (Secure Attention Sequence)
• Cancel Ctrl Alt Del
• Lock Workstation
• Unlock Workstation (without credentials)
• Disable Ctrl Alt Del
• Enable Ctrl Alt Del again
• Cancel pending UAC request
• Is Desktop Locked

I often hear that people configure the Paging File (on Citrix or Terminal Servers) on a seperate volume but, the reasons is either performance or the chance that the Paging File might corrupt the volume.

However if at some point you would like to create a Memory Dump you must have a paging file on the boot volume.

For a Small memory dump you need at least 2MB Paging File on the Boot Volume but for a Full Memory Dump you need a Paging File that is sufficient to hold all the physical RAM plus 1 megabyte (MB).

Side Note: with the increasing ram of today’s servers, how long does it take for a full memory dump to be saved when you have lots of gigabytes?

See also: Overview of memory dump file options for Windows Vista, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000.