How to enable DirectPlay in Windows 10 in 4 easy steps!
Windows Error Reporting – Local crash dump collection – Graphical tool
According to Microsoft, the Windows Error Reporting feature is defined as follows:
The error reporting feature enables users to notify Microsoft of application faults, kernel faults, unresponsive applications, and other application specific problems. Microsoft can use the error reporting feature to provide customers with troubleshooting information, solutions, or updates for their specific problems. Developers can use this infrastructure to receive information that can be used to improve their applications.
When a program crashes in Windows, if it did not have built-in exception handling and crash dump generation, the Windows Error Reporting tool usually creates a crash dump and then queues it for upload to Microsoft.
The Windows Error Reporting tool can be configured in such a way to collect the crashes locally instead of queuing them for upload. The following document explains how.
In short, you have to add the follow registry values:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\<program_name>.exe] "DumpFolder"=hex(2):43,00,3a,00,5c,00,74,00,65,00,6d,00,70,00,00,00 "DumpCount"=dword:00000100 "DumpType"=dword:00000002
Tweaking the registry manually is often not the best thing to do, therefore I wrote a simple open-source graphical utility that does the registry modification on your behalf.
WerFault GUI Tool
The graphical tool is very simple, but let me explain a few things.
WerFault supports three crash dump types: custom, mini or full memory dumps. Only when the custom dump is selected you can specify additional custom dump flags to WerFault. The custom flags are for advanced users.
In most cases it is advised to select the “Full dump” option because it captures lots of information needed for debugging. And finally, the dump count option lets you specify how many crash dumps to keep around.
There are two blue buttons that allows you to add or update an entry and to delete an entry. That’s it!
In the downloaded package, there’s an executable called crash.exe that you can use for testing. Continue reading “Windows Error Reporting – Local crash dump collection – Graphical tool”
Detect executable format using Python
In this article, I am sharing with you a small Python script that lets you detect if a file is an executable file and what platform the executable is targeting.
The following formats for 32 bits and 64bits processors are supported:
- Mach-O files: both regular and universal formats
- Windows PE files
- Linux ELF files
The script
#---------------------------------------------------------------------
EXEFLAG_NONE = 0x0000
EXEFLAG_LINUX = 0x0001
EXEFLAG_WINDOWS = 0x0002
EXEFLAG_MACOS = 0x0004
EXEFLAG_MACOS_FAT = 0x0008
EXEFLAG_32BITS = 0x0010
EXEFLAG_64BITS = 0x0020
# Keep signatures sorted by size
_EXE_SIGNATURES = (
("\x4D\x5A", EXEFLAG_WINDOWS),
("\xCE\xFA\xED\xFE", EXEFLAG_MACOS | EXEFLAG_32BITS),
("\xCF\xFA\xED\xFE", EXEFLAG_MACOS | EXEFLAG_64BITS),
("\xBE\xBA\xFE\xCA", EXEFLAG_MACOS | EXEFLAG_32BITS | EXEFLAG_MACOS_FAT),
("\xBF\xBA\xFE\xCA", EXEFLAG_MACOS | EXEFLAG_64BITS | EXEFLAG_MACOS_FAT),
("\x7F\x45\x4C\x46\x01", EXEFLAG_LINUX | EXEFLAG_32BITS),
("\x7F\x45\x4C\x46\x02", EXEFLAG_LINUX | EXEFLAG_64BITS)
)
def get_exeflags(filepath):
try:
with open(filepath, "rb") as f:
buf = ""
buf_len = 0
for sig, flags in _EXE_SIGNATURES:
sig_len = len(sig)
if buf_len < sig_len:
buf += f.read(sig_len - buf_len)
buf_len = sig_len
if buf == sig:
return flags
except:
pass
return EXEFLAG_NONE
7 DLL injection techniques in Microsoft Windows
In this article, I am going to list half a dozen DLL injection techniques that can be used by a user mode process running on MS Windows. There could be more techniques but I am sharing with you the techniques that I had first hand experience with.
1. AppInit_DLLs
People used to rely on the AppInit_DLLs registry key. The OS loader queries this value and loads the DLLs specified there when a process is created. I have not used this technique in a long while (last time I used it was on Windows XP) and I heard it is now restricted or discontinued because it was widely used by malware.
2. SetWindowsHookEx API
The SetWindowsHookEx API installs an application-defined hook procedure into a given hook chain. There are various supported hook chains (CBT, Journal, Window messages, keyboard, mouse, etc).
When using the SetWindowsHookEx API, you are instructing the operating system to inject your custom hook DLL into other process where it is relevant. The Windows hooks work when the other processes import / use functionality from USER32.dll.
Continue reading “7 DLL injection techniques in Microsoft Windows”
Microsoft Surface Studio – A cool All-in-one computer but what’s with 6:18?
During the October 2016 Microsoft event, Microsoft announced the Surface Studio all-in-one computer and I really like it! Good job Microsoft!
https://www.youtube.com/watch?v=BzMLA8YIgG0
But…I could not help but notice the time and the date on the screen poster to be 6:18 (which is also Saturday, June 18th, 2016)…
Any thoughts?
You might also like:
- Microsoft’s New Surface Book Review
- Surface Computing!
- Batchography: Useful keyboard shortcuts for editing and working with the command prompt
- Inside the Microsoft Visitor Center – Redmond, Washington
Batchography: Changing the MAC address on Windows – A free Batch script
In a previous post entitled “How to get unlimited free Internet at Airports“, I showed you how to circumvent the time limit imposed by the “free” Wi-Fi connections in certain airports.
For that trick to work, you were required to update the MAC address of your computer each time the free time is over.
In this blog post, I am going to share with you the ChangeMACAddressBatch script that I wrote with the help and instructions from the excellent Batchography book.
The script makes use of various recipes illustrated in the Batchography book (in Chapter 4) and uses the various Batch scripting language syntax (Chapters 1 and 2) and methodologies (Chapter 3). Therefore, I will not be explaining the script’s contents or how it works because it will become evident if you read the Batchography book.
Get the book from Amazon:
- Paperback edition
- E-book edition
How to use the script interactively
To begin with, you need to run the script with administrative privileges.
Running the script as an administrator
On Windows 8 and above, just press Win+X and choose “Command Prompt (Admin)” like this:
Otherwise, if you are using the Windows Explorer window, then right-click on your script and choose “Run as Administrator”:
Starting the script
When you first run the script, you will be presented with the main menu that will show you a list of all the adapters you have on your system.
On my laptop for instance, I have 4 adapters:
- An Ethernet adapter
- 2 x VMWare virtual adapters
- A Wi-Fi adapter
Using the keyboard, type the adapter number that you want to inspect and/or change its MAC address:
Let’s press “4” in this case and go inside that adapter’s information screen. Continue reading “Batchography: Changing the MAC address on Windows – A free Batch script”