Recently I stumbled upon an executable that appeared to be a PowerShell script converted into an executable.

I was curious to the actual script so I decided to have a look and see how I could convert the executable back into PowerShell.

Having seen similar techniques to turn vb scripts and java jar’s into executables I first looked if this particular executable was simply carrying the payload in the resource section.

I opened the executable with Resource Hacker and saw 2 resources (note that I am using a simple HelloWorld executable here in the screenshots). The first resource, named 1, is clearly a Unicode string with the title:

Resource Hacker – HelloWorld.exe

Read the rest of this entry »

Just a very quick post (more like a note to self) but I wanted to split a string with the $ sign in PowerShell:

Took me a little while to realize that this doesn’t work as the split operator in Windows PowerShell uses a regular expression in the delimiter, rather than a simple character.

The easy fix is to Escape the $ sign with a backslash:

Or alternatively use the SimpleMatch option:

The 0 represents the “return all” value of the Max-substrings parameter. You can use options, such as SimpleMatch, only when the Max-substrings value is specified.

Both Google Earth and Google Earth Enterprise do not work correctly for multiple users on shared Hosted Shared Desktops (I still prefer to call it Server Based Computing but that’s likely because I’m an oldtimer).

Problem summary
So let’s look at the actual issue: the first user on a server is able to launch Google Earth but for any subsequent users on the same server Google Earth fails silently.

Problem details
Google Earth uses various synchronization objects such as Events and Mutexes but registers those in the \Global namespace instead of the \Local namespace.

Read the rest of this entry »

Recently I switched over my blog from a hoster to a self hosted VM. In my setup I am using Citrix NetScaler as a reverse proxy.

Simular to when you’re using a 3rd party reverse proxy such as CloudFlare you will see the IP address from the reverse proxy instead of the actual Client IP Address on your webserver.

This means that your logging will all show the same, internal, IP address and that IP Based Access Rules will not work.

Fortunately this is easy to solve by having NetScaler add the Client IP Address in the headers and rewriting the address on your webserver.

Read the rest of this entry »

When I started this blog in 2007 (wow that’s almost 10 years ago) I went for a cheap web hoster with a reasonable performance to host it.

In the beginning performance was acceptable but over the years it has degraded and of course user experience standards have changed.

I decided it was time to do something about it so I’ve moved the blog from a shared platform to my own server.

This server is running on optimized flash storage  where most writes are DeDuplicated and never actually hits the flash disks:

Read the rest of this entry »

Citrix Receiver and StoreFront error messages are sometimes confusing or lacking details so I decided to make little blog notes about common issues when I see them. So without further ado here’s #1:

In Citrix Receiver I tried to logon remotely via NetScaler Gateway and got the following error message: “Cannot get your apps from the store”

Citrix Receiver

Read the rest of this entry »

If you try to enable “Developer mode” on the VW Discover Pro navigation with VCDS you will get the following error: “Request out of range:”

This happens because VCDS uses a type 0x02 (Programming) session but this adaptation needs type 0x4F (Developer) session.

Read the rest of this entry »

Today I stumbled upon Shodan, a search engine for devices and services.

I decided to search for Citrix and this was the first page of results:

It’s interesting to see that we get details such as the name of published applications. But it’s possible to get even more details:

Read the rest of this entry »

When I was trying to delete a folder from my local harddrive (cygwin64 in my case) I got the following error message: “Invalid file handle.“:

I then attempted to delete the folder from the command prompt which failed as well with an “Access is denied” error:

Read the rest of this entry »

There has long been a debate about how to accurately view the size of your Citrix Provisioning Services ram cache size. SO much so that even Citrix clarified on how to view this detail using yet another tool

The thing is, this is all fine and well, but it’s a bit of a pig to actually get this data when you need it, or in an automated way. Wouldn’t it be better if we could have something easier?

Lately, Andrew Morgan and I decided to sit down and create an easy to use, Windows performance counter for the key metrics in a PVS cache and provide them to the community for use.

These counters turned out to be fascinating, as they really show how the cache works.

Our latest counters (which can be downloaded below) provide the following counters for easy access:

• PVS Ram cache size (MB)
• PVS metadata size (MB)
• PVS Write Cache VHD disk size (MB)
• PVS Ram Cache Percent used. *


* As there is no accurate way to detect how much ram is assigned to cache via Citrix Provisioning services, this value must be provided or this performance counter is missing.

Read the rest of this entry »