Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘Uncategorized’ Category

System Center Operations Manager LogoIn a SCOM Management Pack Custom Properties can be used for Alert Description and Notification as described in this blog by Kevin Holman.

In my case I wanted to add the Display Name and the Performance Counter Value in a Performance Threshold Monitor. In XML it would look this this:

But how to add these parameters when using the System Center 2012 Visual Studio Authoring Extensions?

(more…)

Sophos UTM IconI am currently implementing Sophos UTM and I quite like this solution. It is free up for home usage and can easily be installed on a hypervisor.

I wanted to scan encrypted traffic (ssl) as well so I activated the "Decrypt and scan" option:

image

When testing this on one of my iPad’s I noticed that the App Store didn’t work properly anymore.

When I tried to update applications I got the following error: "Cannot connect to iTunes Store". Additionally when I searched for Apps the search would return no results.

(more…)

System Center Operations Manager LogoToday I encounterd what seems to be a bug in the System Center 2012 Visual Studio Authoring Extensions. I wanted to define a Performance Collection Rule that reads out the percentage of free memory from an SNMP device.

Since the device returns only the percentage of used memory I needed to use the ComputedPerfProvider provider to substract the used memory percentage from 100.

I could of course report used memory instead of free memory but I wanted the resulst to appear in the default SCOM Performance View, which only lists Free Memory:

System Center Operations Manager | Default Performance View

(more…)

System Center Operations Manager LogoI am currently working on a Management Pack for SCOM and I have studies a few examples on adding processor and memory counters.

These examples all reference a Management Pack named "System.NetworkManagement.Monitoring.mp" but this Management Pack is not bundled with the System Center 2012 Visual Studio Authoring Extensions.

(more…)

Aaron Parker was talking about the uninstall guid in his session “Hands off my Golden Image Redux” at Citrix Synergy.

I remembered that I had written a small PowerShell script to read out the uninstall GUID from an MSI file. This way you do not need to actually install the software to determine the uninstall GUID.

How does that work?

There is a logical relation between the MSI Product Code property and the install guid. In this example I’ve taken install_flash_player_11.8.800.174_active_x.msi as an example.

The Uninstall key is HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A2E504D3D31C0D5409F28F3FDD565AD9

The interesting part of it is the GUID:

A2E504D3D31C0D5409F28F3FDD565AD9

If we look into the MSI properties with (Super)Orca we see:

screenshot

If we compare those GUIDS:

Uninstal    {A2E504D3-D31C-0D54-09F2-8F3FDD565AD9}

Product Code{3D405E2A-C13D-45D0-902F-F8F3DD65A59D}

We can see that we need to apply the following logic:

· First 8 bytes must be swapped right to left

· Next 4 bytes (skipping the hyphen) also swapped right to left

· Next 4 bytes (skipping the hyphen) also swapped right to left

· Next 4 bytes (skipping the hyphen) also swapped right to left

· Last 12 bytes must be byte swapped per byte (F8 -> 8F, F3 -> 3F etc).

Knowing that we can make life easier with PowerShell:

[posh]function Get-Property ($Object, $PropertyName, [object[]]$ArgumentList)

{

return $Object.GetType().InvokeMember($PropertyName, ‘Public, Instance, GetProperty’, $null, $Object, $ArgumentList)

}

function Invoke-Method ($Object, $MethodName, $ArgumentList)

{

return $Object.GetType().InvokeMember($MethodName, ‘Public, Instance, InvokeMethod’, $null, $Object, $ArgumentList)

}

function GetMsiProductCode([string]$path)

{

$msiOpenDatabaseModeReadOnly = 0

$Installer = New-Object -ComObject WindowsInstaller.Installer

$Database = Invoke-Method $Installer OpenDatabase @($path, $msiOpenDatabaseModeReadOnly)

$View = Invoke-Method $Database OpenView @(“SELECT Value FROM Property WHERE Property=’ProductCode'”)

Invoke-Method $View Execute | Out-Null

$Record = Invoke-Method $View Fetch

if ($Record)

{

Write-Output (Get-Property $Record StringData 1)

}

}

cls

$path = “c:\Users\rweijnen\Desktop\install_flash_player_11.8.800.174_active_x.msi”

$item = “” | Select-Object Path, ProductCode, UninstallGuid, UninstallRegistry

$item.Path = $path

$item.ProductCode = (GetMsiProductCode $item.Path)

$DestGuid = ([regex]::Matches($item.ProductCode.Substring(1,8),’.’,’RightToLeft’) | ForEach {$_.value}) -join ”

$DestGuid += ([regex]::Matches($item.ProductCode.Substring(10,4),’.’,’RightToLeft’) | ForEach {$_.value}) -join ”

$DestGuid += ([regex]::Matches($item.ProductCode.Substring(15,4),’.’,’RightToLeft’) | ForEach {$_.value}) -join ”

$DestGuid += ([regex]::Matches($item.ProductCode.Substring(20,2),’.’,’RightToLeft’) | ForEach {$_.value}) -join ”

$DestGuid += ([regex]::Matches($item.ProductCode.Substring(22,2),’.’,’RightToLeft’) | ForEach {$_.value}) -join ”

for ($i=25 ; $i -lt 37 ; $i = $i + 2)

{

$DestGuid += ([regex]::Matches($item.ProductCode.Substring($i,2),’.’,’RightToLeft’) | ForEach {$_.value}) -join ”

}

$item.UninstallGuid = “{” + ([Guid]$DestGuid).ToString().ToUpper() + “}”

$item.UninstallRegistry = “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\{0}” -f $DestGuid

$item | Format-List

Sample output:

Path              : c:\Users\rweijnen\Desktop\install_flash_player_11.8.800.174_active_x.msi

ProductCode       : {3D405E2A-C13D-45D0-902F-F8F3DD65A59D}

UninstallGuid     : {A2E504D3-D31C-0D54-09F2-8F3FDD565AD9}

UninstallRegistry : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A2E504D3D31C0D5409F28F3FDD565AD9

[/posh]

My presentation at E2EVC in Rome

imageI will be presenting a session at E2EVC in Rome next weekend.

Recently I published an article on my blog that shows how to run an executable of choice when the Citrix Receiver exits.

SNAGHTML29bc6f22In this session I will show you how to find such undocumented features in applications step by step. Using this example we will open the Citrix Receiver in Ida Pro and disassemble it.

Using public resources such as the Citrix Public Symbol Server we can analyze, understand and finally make the code more readable.

I will try to make this session not an “enter the matrix one” but one that could be considered as an intro into using Ida Pro for reverse engineering and app compat fixing.

Hope to see you all in Rome, my session is scheduled Friday November 1 from 18.30 – 19.15. There will be room for questions so feel free to take your own Crapplication™ and ask about it after the session.

See you in Rome!

Exchange 2010 Logo

I got the following error while installing Exchange 2010: “There are no more endpoints available from the endpoint mapper. (Exception from HRESULT: 0x800706D9)”

I looked up HRESULT 0x800706D9 which is defined in winerror.h as EPT_S_NOT_REGISTERED with the same error text.

I looked at the ExchangeSetup.log in C:\ExchangeSetupLogs and this indicates that the error occurs when the install-ADTopologyService cmdlet tries to add some rules to the firewall:


Windows Firewall LogoThe Windows Firewall service was disabled, so I set it to Automatic, started it and enabled it and then the setup ran without errors

Crack WEP Encryption

I think everybody knows that using WEP to encrypt your WiFi network is not very safe. To demonstrate this I will show you how easy it is to crack the WEP encryption in this post.

Note that I am using my own Access Point here so I am not actually cracking someone else’s WEP Key.

Requirements:

  • In this post I am using the 32 bit back|track 5 VMWare image which you can use with VMWare Workstation or VMWare player.back|track downloads

    After starting the back track Virtual Machine you can login with username root and password toor

    back track 5 logon screen

    (more…)

  • Installing Dell Wireless 5530 HSPA Mini PCI

    EDIT: See my followup article to learn how to reverse driver_auth.exe, decrypt and encrypt dell_wwan_sysID.dat.

    I bought a Dell Wireless 5530 HSPA Mini PCI card for my Dell Precision M4500 laptop.

    This is a small expansion card that works together with the built in SIM card slot that is present in most Dell (Business) laptops.

    -) 016

    This SIM card slot is usually located near the battery compartment:

    SimCardSlot

    The card was installed in a few minutes since the antenna cables were present already and on my laptop I only needed to remove the backcover with just one screw.

    Then I wanted to install the required software but this card is not officially supported in the M4500 (I bought this card because it was much cheaper on ebay).

    So I took the driver from the M4400/Latitude E range, labeled R251153 but I got this error message when installing:

    Internal error 23000. Authentification failed. The Dell Wireless 5540 HSPA Mobile Broadband Mini-Card cannot be installed on this computer

     

    (more…)

    Post Ratings Rant

    On my blog I offer visitors the options to rate the articles I write using either thumbs up/down or a 1-10 star rating.

    I am interested in what content my readers like so these ratings (and of course comments you leave) indicate what kind of articles you like and which you don’t.

    However some people feel the need to abuse this, take a look at this:

    image

     

    (more…)

    Donate


    Blogroll


    Categories


    Archives