Posts

Showing posts from 2018

SysInternals for File Handle Issues

An oldie but a goodie. https://docs.microsoft.com/en-us/sysinternals/downloads/procmon Win32 IO Exceptions easily ciphered. Use filers on PID and filter out SUCCESS to focus on failures only.

WinDBG on 32Bit Applications

On a 64-bit Windows installation is it possible to make both 32-bit and 64-bit dumps of 32-bit processes. The task manager will create a 64-bit dump, which therefore is often what you end up with users sending you. This is not a problem for native executeables since you can still load it in windbg and use the !wow64exts.sw extension to switch into the 32-bit view. However if your process is a .NET process and you want to use SoS to investigate it then you are out of luck, you'll just get the message "SOS does not support the current target architecture." This extension gets around this by hooking/patching functions in dbgeng.dll so that SoS thinks it's working with a 32-bit dump. ** Usage ** Copy soswow64.dll into the "winxp" subfolder of windbg. Then after loading a 64-bit memory dump of a 32-bit process you can simply load the extension: 0:000> .load soswow64 Successfully hooked IDebugControl::GetExecutingProcessorType. Successfully patched DbgEng!X...

WinDBG Standalone Installers

As with previous posts, using WinDBG for .NET Debugging between .NET IL and Win Kernal is the perfect tool to expose exception data. Download WinDBG Standalone http://codemachine.com/downloads.html

mRemoteNG - Simplify infrastructure management

Great new feature of mRemoteNG is the ability to add webpages to the treeview. Perfect for admin pages, one stop shop for your SSH, RDP, Telnet and HTTPS admin portals. There is a bug where it won't open Firefox if the cert is self-signed. To resolve: Manual fix to use your firefox exception SSL w/invalid certs: Copy: c:\users%USERNAME%\AppData\Roaming\Mozilla\Firefox\Profiles{RANDOM}\cert_override.txt and place it here c:\users%USERNAME%\AppData\Local\Geckofx\DefaultProfile\cert_override.txt Windows 2012 R2 warning - Gecko only works on mRemoteNG 1.75 - it is not working yet on 1.76. Reference: https://github.c om/mRemoteNG/mRemoteNG/issues/259

GREP in PowerShell

Simple but powerful script to search recursively through a windows directory searching for a string of text. PS C:\> get-childitem "C:\*" -recurse | select-string -pattern "what your looking for"