DOCSLIB.ORG

Using Salesware with Microsoft's 64-Bit Operating Systems – Known

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Using Salesware with Microsoft’s 64-bit operating systems – known issues Overview Salesware works on 64-bit operating systems. Nearly every new computer you buy now is “64-bit” – Core 2 Duo processors, any Intel processor that has a “D” like Pentium D or Celeron D, all the AMD processors. Differences in the registry Because Salesware applications are 32-bit applications, they run under something called WOW64 (Windows-on-Windows 64-bit), which is an emulator allowing 32-bit applications to run on a 64-bit operating system. To the user, this is quite transparent, but for support you should be aware of the following: • 32-bit applications are installed in a folder called ‘Program Files (x86)’. You will therefore find the ‘Siriusware’ folder here on a 64-bit PC instead of in ‘Program Files’, which contains 64-bit applications. • 32-bit system files are installed in ‘Windows\SysWOW64’ instead of ‘Windows\System32’, which contains 64-bit files. • 32-bit registry entries are written to a registry key called ‘Wow6432Node’. You will therefore find the ‘Siriusware’ key in ‘HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node’. • 32-bit ODBC registry entries are found in ‘Wow6432Node’ too. This makes things particularly interesting because after an install, you will see no System DSNs at all when you view ODBC Data Sources. Why not? Because you are only looking at 64-bit data sources. Yet our application works, because the install creates a 32-bit System DSN. To see 32-bit data sources, you must run the 32-bit ODBC data source application (C:\WINDOWS\SysWOW64\odbcad32.exe). Using ‘Control Panel/Administrative Tools/Data Sources (ODBC)’ to add a System DSN called SiriusSQL adds a 64-bit data source with does not appear to work with our applications. This only confuses things because it appears as if you have a working ODBC connection. You must add/configure ODBC data sources using the 32- bit data source application. To get RentEZ up and running on a Windows Server 2008 64-bit machine, you will encounter a problem. The problem was that the registry keys for a 32-bit application have a different registry path, as noted above. It has an extra “Wow6432Node” in the registry path as seen below: 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Siriusware] .NET 1.1 on 64-bit computers You need to perform an addition step to get Self Entry/ww.dll to work on 64-bit computers running Windows Server 2003. .NET 1.1 works only in 32 bit mode, so one has to enable that and then install asp.net 1.1.4322. The link to this info is http://support.microsoft.com/kb/894435 The following are the instructions from that link: ASP.NET 1.1, 32-bit version To run the 32-bit version of ASP.NET 1.1, follow these steps: 1. Click Start, click Run, type cmd, and then click OK. 2. Type the following command to enable the 32-bit mode: cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1 3. Type the following command to install the version of ASP.NET 1.1 and to install the script maps at the IIS root and under: %SYSTEMROOT%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe -i 4. Make sure that the status of ASP.NET version 1.1.4322 is set to Allowed in the Web service extension list in Internet Information Services Manager. Installing the SiriuswarePDF driver During installation of Common Files, installation of the SiriuswarePDF driver fails. To fix this, after you install Common Files: Note: Steps 1 – 3 are not required with the most recent version of the Common Files installer because the .dlls are installed. You will know you have the most recent version if those files are already in the directory specified in step #2. 1. Get the acfpdfuamd64.dll and acfpdfuiamd64.dll files from Siriusware Technical Support. 2. Drop the two .dlls in C:\Program Files (x86)\Siriusware\PDF 2 3. Run the Common Files installer again and select REPAIR (or do REPAIR from Add/Remove programs in Control Panel). This runs the Amyuni installer again, with the correct parameters for our license. This time, the Common Files installer should install SiriuswarePDF because those files are available to it on a 64 bit machine. 4. Finally, you must set the PORT for SiriuswarePDF to NUL on 64 bit systems: a. Make sure that you are logged in as a user with administrator rights. b. Select Control Panel, and click Devices and Printers. c. Right-click the SiriuswarePDF printer and select Printer Properties. d. Select the Ports tab, then click the Add Port... button. e. Select Local Port and click the New Port... button. f. Enter NUL for the new port name and click OK. Close the Printer Ports window. g. Ensure that the NUL port is selected in the Ports list. h. Select the Advanced tab. i. Select the Spool print documents radio button to make the options below it clickable. j. Clear (uncheck) the box labeled Enable advanced printing features. k. Select the Print directly to printer radio button again. l. Click the Apply button, and then click OK. ODBC connections on 64 bit Operating Systems Problem: When you create a new ODBC connector on Windows Server 2008 64-bit, ReportManager or SysManager fail to start. When you create an ODBC connector, it makes a bunch of registry entries in HKEY_LOCAL_MACHINE\SOFTWARE\ODBC\ODBC.INI. But when a 32-bit application looks for those entries (like ReportManager or SysManager), the applications look in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ODBC\ODBC.INI. So I exported the non- WOW entries, and edited the file, and re-imported them so they showed up under the Wow6432Node section, and ReportManager started. I strongly suspect this will happen on Vista 64 bit as well. I had some problems with the original install of Siriusware on my system related to this too. The funny thing was that there was an entry for the SiriusSQL ODBC connector in both places. Perhaps when a 32-bit app works on the registry directly, it does the right thing? Anyway – I had to change my ODBC connector after it was installed – but since my changes only happened in the non-Wow section, ReportManager wouldn’t work. I had to manually adjust the Wow section for it to start. Solution: I am running Vista 64 on my laptop and ODBC worked OK from the default installs. Although you have to run odbcad32.exe from the syswow64 folder in order to actually see or modify the ODBC connection. If you run it from administrator tools you get the 64-bit version which 3 shows nothing. Run that version if you are on a 64 bit OS, run the normal one from the Administrative Tools menu otherwise. For more information, see: http://portal.siriusware.com/docs/kb-pdf/error_and_other_messages/siriussql_2009_nov_18.pdf 64-bit Windows Server 2008 When installing Salesware on Windows Server 2008, you must turn on DEP and then exclude SysManager, ReportManager and Sales. See the Salesware Installation Guide for information about how to do this. After you do so, you may get the message: “The resource file is not valid. Overwrite it with a new empty one?” Click Yes. If you haven’t excluded Sales from DEP, you may get the message: “Unable to create instance of PrintEZ - Unable to load PrintEZ. Exception occurred.” If you haven’t excluded SysManager from DEP, you may get a message with the words: “Fatal error: Exception code=C0000005, Common Files\Microsoft Shared\VFP\vfp8rerr.log, called from SysManager line 484” or something similar. 4 Sales generates SalesData_64bit.inf for use with Food Service FileSync As of the 4.0.58 release, Sales generates the SalesData_64bit.inf file in the local Sales folder for use when using FileSync for shared data on a 64-bit computer. Installation of ww.dll on 64-bit operating systems Installation of ww.dll occurs exactly as described in the Salesware E-Commerce Installation Guide. However, you do not need to register it as a COM+ object because it can be pooled as a web garden using IIS 7, as described in http://portal.siriusware.com/docs/kb-pdf/Installation_and_updates/e- commerce_2010_mar_8.pdf. Note that if you are installing on a 64-bit computer then you need to modify the registry paths in ww.reg in order to get the registry entries installed in the correct locations. The following shows an example of the correct registry paths: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Siriusware\E-Commerce] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Siriusware\E-Commerce\CC] "Protobase"="65.118.84.235:4209" "TerminalID"="" "Operator"="Websales" "OCV"="" "AccountID"="" "Timeout"="120" "PreAuth"="TRUE" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Siriusware\E- Commerce\Preferences] "ConnectionString"="Provider=SQLOLEDB.1;Password=siriusweb;Persist Security Info=True;User ID=siriusweb;Initial Catalog=SiriusSQL;Data Source=BENJAMIN2" 5 "DefaultInfo"="<operator>WEBOP</operator><salespoint>WEBSP</salespoi nt>" "VerbosityLevel"="0" "LogDir"="" "EventLogVerbosity"="0" "SaveSize"="" "GuestFilter"="" "Secure"="TRUE" "SetAppRole"="FALSE" "TestCard"="5454545454545454" Testing ww.dll with 64-bit operating systems Siriusware provides the ww Test Script #1 and ww Test Script #1 scripts to test ww.dll on 64-bit operating systems. Download http://portal.siriusware.com/docs/kb-data/64-bit_wwdll_test_scripts.zip. These test scripts are used in conjunction with the ww.dll test scripts described in http://portal.siriusware.com/docs/kb-pdf/Utilities/e-commerce_2009_Jan_25.pdf. Execute from C:\Program Files\Siriusware or whatever directory is one folder “up” from where ww.dll is installed. Using these scripts is the equivalent of running: "C:\Windows\SysWOW64\cscript.exe" ww1.vbs "C:\Windows\SysWOW64\cscript.exe" ww2.vbs Steps required to successfully re-install the SiriuswarePDF driver on a 64-bit Windows 2008 server (applies to Windows 7 also) 1.
Recommended publications
  • Exploring the X64

    Exploring the X64

    Exploring the x64 Junichi Murakami Executive Officer, Director of Research Fourteenforty Research Institute, Inc. Who am I? • Junichi Murakami – @Fourteenforty Research Institute, Inc. – Both Windows and Linux kernel development – Reversing malware and P2P software, etc. – Speaker at: • Black Hat 2008 US and Japan, AVAR 2009, RSA Conference(2009-) – Instructor at Security & Programming Camp(2006-) 2 Environment • Windows 7 x64 Edition • Visual Studio 2008 • Windbg • IDA Pro Advanced – STD doesn’t support x64, an offering is needed! 4 Agenda • Windows x64 • ABI(Application Binary Interface) • API Hooking • Code Injection 5 Windows x64 • Native x64 and WoW64 • Virtual Address Space – 2^64 = 16 Exa Byte ( Exa: 10^18) – but, limited to 16TB by Microsoft • File/Registry reflection • New 64-bit APIs – IsWow64Process, GetNativeSystemInfo, etc. 6 ABI • Binary Format • Register • Calling Convention • Exception Handling • Systemcall(x64, WoW64) 11 Binary Format(Cont.) • Some fields were extended to 64-bits – IMAGE_NT_HEADERS.IMAGE_OPTIONAL_HEADER • ImageBase • SizeOfStackReserve • SizeOfStackCommit • SizeOfHeapReserve • SizeOfHeapCommit 13 Calling Convention • first 4 parameters are passed by RCX, RDX, R8, R9 – 5th and later are passed on the stack • caller allocates register home space on the stack • RAX is used for return values • leaf / non-leaf function – leaf function: never use stack – PE32+ contains non-leaf function’s information in its EXCEPTION DIRECTORY • Register’s volatility – volatile: RAX, RCX, RDX, R8-R11 15 Exception Handling •
  • Through the Looking Glass: Webcam Interception and Protection in Kernel

    Through the Looking Glass: Webcam Interception and Protection in Kernel

    VIRUS BULLETIN www.virusbulletin.com Covering the global threat landscape THROUGH THE LOOKING GLASS: and WIA (Windows Image Acquisition), which provides a WEBCAM INTERCEPTION AND still image acquisition API. PROTECTION IN KERNEL MODE ATTACK VECTORS Ronen Slavin & Michael Maltsev Reason Software, USA Let’s pretend for a moment that we’re the bad guys. We have gained control of a victim’s computer and we can run any code on it. We would like to use his camera to get a photo or a video to use for our nefarious purposes. What are our INTRODUCTION options? When we talk about digital privacy, the computer’s webcam The simplest option is just to use one of the user-mode APIs is one of the most relevant components. We all have a tiny mentioned previously. By default, Windows allows every fear that someone might be looking through our computer’s app to access the computer’s camera, with the exception of camera, spying on us and watching our every move [1]. And Store apps on Windows 10. The downside for the attackers is while some of us think this scenario is restricted to the realm that camera access will turn on the indicator LED, giving the of movies, the reality is that malware authors and threat victim an indication that somebody is watching him. actors don’t shy away from incorporating such capabilities A sneakier method is to spy on the victim when he turns on into their malware arsenals [2]. the camera himself. Patrick Wardle described a technique Camera manufacturers protect their customers by incorporating like this for Mac [8], but there’s no reason the principle into their devices an indicator LED that illuminates when can’t be applied to Windows, albeit with a slightly different the camera is in use.
  • Xilinx XAPP545 Statistical Profiler for Embedded IBM Powerpc, Application Note

    Xilinx XAPP545 Statistical Profiler for Embedded IBM Powerpc, Application Note

    Product Not Recommended for New Designs Application Note: Virtex-II Pro R Statistical Profiler for Embedded IBM PowerPC XAPP545 (v1.0) September 15, 2004 Author: Njuguna Njoroge Summary This application note describes how to generate statistical profiling information from the IBM PowerPC 405D, which is embedded in some Virtex-II Pro™ FPGAs. Specifically, the application note details how to convert trace output files generated from the Agilent Technologies Trace Port Analyzer into a gprof (GNU profiler) readable format. The gprof tool is capable of generating a histogram of a program's functions and a call-graph table of those functions. Introduction Profiling allows a programmer to assess where a program is spending most of its time and how frequently functions are being called. With this information, a programmer can gain insight as to what optimizations to make. In some cases, a programmer can identify bugs that would be otherwise undetectable. Using the RISCWatch application is a first step in profiling a program. Nonetheless, manually mulling through approximately 350 MB (or 8 million cycles) of trace data to discern the run-time profile of the program is a fruitless endeavor. In fact, the designers of RISCWatch realized this, so they standardized the trace output format to enable post processing of the trace. The regular format of the trace files allows scripts to parse through the trace and convert it to the gprof format. By converting the trace files into the gprof format, the widespread use of gprof in the profiling community
  • Minimum Hardware and Operating System

    Minimum Hardware and Operating System

    Hardware and OS Specifications File Stream Document Management Software – System Requirements for v4.5 NB: please read through carefully, as it contains 4 separate specifications for a Workstation PC, a Web PC, a Server and a Web Server. Further notes are at the foot of this document. If you are in any doubt as to which specification is applicable, please contact our Document Management Technical Support team – we will be pleased to help. www.filestreamsystems.co.uk T Support +44 (0) 118 989 3771 E Support [email protected] For an in-depth list of all our features and specifications, please visit: http://www.filestreamsystems.co.uk/document-management-specification.htm Workstation PC Processor (CPU) ⁴ Supported AMD/Intel x86 (32bit) or x64 (64bit) Compatible Minimum Intel Pentium IV single core 1.0 GHz Recommended Intel Core 2 Duo E8400 3.0 GHz or better Operating System ⁴ Supported Windows 8, Windows 8 Pro, Windows 8 Enterprise (32bit, 64bit) Windows 10 (32bit, 64bit) Memory (RAM) ⁵ Minimum 2.0 GB Recommended 4.0 GB Storage Space (Disk) Minimum 50 GB Recommended 100 GB Disk Format NTFS Format Recommended Graphics Card Minimum 128 MB DirectX 9 Compatible Recommended 128 MB DirectX 9 Compatible Display Minimum 1024 x 768 16bit colour Recommended 1280 x 1024 32bit colour Widescreen Format Yes (minimum vertical resolution 800) Dual Monitor Yes Font Settings Only 96 DPI font settings are supported Explorer Internet Minimum Microsoft Internet Explorer 11 Network (LAN) Minimum 100 MB Ethernet (not required on standalone PC) Recommended
  • A Definitive Guide to Windows 10 Management: a Vmware Whitepaper

    A Definitive Guide to Windows 10 Management: a Vmware Whitepaper

    A Definitive Guide to Windows 10 Management: A VMware Whitepaper November 2015 Table of Contents Executive Summary.................................................................................................................3 Challenges with Windows Management..........................................................................5 How Windows 10 Differs........................................................................................................7 Windows 10 Management Features....................................................................................9 New Methods of Updates......................................................................................................10 New Methods of Enrollment and Device Provisioning................................................11 Unified Application Experiences.........................................................................................13 Domain Joined Management................................................................................................16 Application Delivery.............................................................................................................17 Universal Applications.........................................................................................................17 Classic Windows Applications.........................................................................................17 Cloud-based Applications.................................................................................................17
  • Tanium™ Client Deployment Guide

    Tanium™ Client Deployment Guide

    Tanium™ Client Deployment Guide Version 6.0.314.XXXX February 05, 2018 The information in this document is subject to change without notice. Further, the information provided in this document is provided “as is” and is believed to be accurate, but is presented without any warranty of any kind, express or implied, except as provided in Tanium’s customer sales terms and conditions. Unless so otherwise provided, Tanium assumes no liability whatsoever, and in no event shall Tanium or its suppliers be liable for any indirect, special, consequential, or incidental damages, including without limitation, lost profits or loss or damage to data arising out of the use or inability to use this document, even if Tanium Inc. has been advised of the possibility of such damages. Any IP addresses used in this document are not intended to be actual addresses. Any examples, command display output, network topology diagrams, and other figures included in this document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Please visit https://docs.tanium.com for the most current Tanium product documentation. Tanium is a trademark of Tanium, Inc. in the U.S. and other countries. Third-party trademarks mentioned are the property of their respective owners. © 2018 Tanium Inc. All rights reserved. © 2018 Tanium Inc. All Rights Reserved Page 2 Table of contents Overview 8 What is the Tanium Client? 8 Registration 9 Client peering 9 File distribution 11 Prerequisites 14 Host system requirements 14 Admin account 15 Network connectivity and firewall 16 Host system security exceptions 16 Deployment options summary 18 Using the Tanium Client Deployment Tool 21 Methods 21 Before you begin 21 Install the Client Deployment Tool 23 Deploy the Tanium Client 25 Check for Tanium Client updates 32 Troubleshooting 33 Logs 34 Advanced settings 34 Deploying the Tanium Client to Windows endpoints 36 Step 1: Create the installer 36 Step 2: Execute the installer 37 © 2018 Tanium Inc.
  • An Efficient and Portable SIMD Algorithm for Charge/Current Deposition in Particle-In-Cell Codes✩

    An Efficient and Portable SIMD Algorithm for Charge/Current Deposition in Particle-In-Cell Codes✩

    Computer Physics Communications 210 (2017) 145–154 Contents lists available at ScienceDirect Computer Physics Communications journal homepage: www.elsevier.com/locate/cpc An efficient and portable SIMD algorithm for charge/current deposition in Particle-In-Cell codesI H. Vincenti a,b,∗, M. Lobet a, R. Lehe a, R. Sasanka c, J.-L. Vay a a Lawrence Berkeley National Laboratory, 1 Cyclotron Road, Berkeley, CA, USA b Lasers Interactions and Dynamics Laboratory (LIDyL), Commissariat À l'Energie Atomique, Gif-Sur-Yvette, France c Intel Corporation, OR, USA a r t i c l e i n f o a b s t r a c t Article history: In current computer architectures, data movement (from die to network) is by far the most energy Received 9 January 2016 consuming part of an algorithm (≈20 pJ=word on-die to ≈10,000 pJ/word on the network). To increase Received in revised form memory locality at the hardware level and reduce energy consumption related to data movement, 10 August 2016 future exascale computers tend to use many-core processors on each compute nodes that will have Accepted 19 August 2016 a reduced clock speed to allow for efficient cooling. To compensate for frequency decrease, machine Available online 19 September 2016 vendors are making use of long SIMD instruction registers that are able to process multiple data with one arithmetic operator in one clock cycle. SIMD register length is expected to double every four years. As Keywords: Particle-In-Cell method a consequence, Particle-In-Cell (PIC) codes will have to achieve good vectorization to fully take advantage OpenMP of these upcoming architectures.
  • Programming Model Intel Itanium 64

    Programming Model Intel Itanium 64

    11/11/2003 64-bit computing AMD Opteron 64 Application of Win32 Executable File Legacy 64 bit platforms Inbuilt 128-bit bus DDR memory controller with memory bandwidth speed up to 5.3GB/s. Infectors on Intel Itanium and AMD Benefits of 64-bit processors Opteron Based Win64 Systems Use of hyper transport protocol, “glueless” architecture. Oleg Petrovsky and Shali Hsieh Increased integer dynamic range Computer Associates International Inc. Available in up to 8 way configuration with the clock speeds 1 Computer Associates Plaza, Islandia, NY 11749, Much larger addressable memory space of 1.4 GHz, 1.6 GHz and 1.8 GHz . USA Benefits to database, scientific and cryptography Reuses already familiar 32-bit x86 instruction set and applications extends it to support 64-bit operands, registers and memory pointers. AMD64 Programming Model AMD64: Programming model Intel Itanium 64 X86 32-64 64 bit Itanium line of processors is being developed by Intel XMM8 X86 80-Bit Extends general use registers to 64-bit, adds additional eight 64-Bit X87 general purpose 64-bit registers. Itanium - 800 MHz, no on die L3 cache, Itanium 2 - 1GHz, RAX EAX AX 3MB L3 on die, Itanium 2003 (Madison) - 1.5 GHz, 6MB L3 on die cache, 410M transistors, largest integration on a RBX Reuses x86 instruction set. single silicon crystal today. XMM15 RCX Runs 32-bit code without emulation or translation to a native Itanium line of processors utilizes more efficient and robust XMM0 than legacy x86 instruction set architecture F instruction set. R8 L A Itanium has to use x86-to-IA-64 decoder a specifically Minimizes learning curve.
  • Sample2.Js Malware Summary

    Sample2.Js Malware Summary

    Threat Analysis Report Summary Threat Malicious Level File Name sample2.js MD5 Hash 580E637B97B16698CC750B445223D5C0 Identifier SHA-1 Hash 07E507426F72522DABFECF91181D7F64DC3B8D23 Identifier SHA-256 Hash 790999F47B2FA4396FF6B0A6916E295D832A12B3495A87590C859A1FE9D73245 Identifier File Size 3586 bytes File Type ASCII text File 2015-11-06 09:26:23 Submitted Duration 38 seconds Sandbox 27 seconds Replication Engine Analysis Engine Threat Name Severity GTI File Reputation --- Unverified Gateway Anti-Malware JS/Downloader.gen.f Very High Anti-Malware JS/Downloader.gen.f Very High YARA Custom Rules Sandbox Malware.Dynamic Very High Final Very High Sample is malicious: f inal severit y level 5 Behavior Classif icat ion Networking Very High Exploiting, Shellcode High Security Solution / Mechanism bypass, termination and removal, Anti Unverified Debugging, VM Detection Spreading Unverified Persistence, Installation Boot Survival Unverified Hiding, Camouflage, Stealthiness, Detection and Removal Protection Unverified Data spying, Sniffing, Keylogging, Ebanking Fraud Unverified Dynamic Analysis Action Severity Malware behavior: networking activities from non-executable file Very High ATTENTION: connection made to a malicious website (see Web/URL Very High reputation for details) Detected suspicious Java Script content High Downloaded data from a webserver Low Modified INTERNET_OPTION_CONNECT_RETRIES: number of times that Low WinInet attempts to resolve and connect to a host Connected to a specific service provider Low Cracks a URL into its component
  • Flare-On 5: Challenge 7 Solution – Worldofwarcraft.Exe

    Flare-On 5: Challenge 7 Solution – Worldofwarcraft.Exe

    Flare-On 5: Challenge 7 Solution – WorldOfWarcraft.exe Challenge Author: Ryan Warns Summary This challenge implements a 32-bit Windows binary meant to run in a Windows on Windows (WOW) environment. Analysis I often start my analysis of samples by quickly skimming the output of static analysis tools and looking through IDA. Performing basic static analysis on the binary we see that WorldOfWarcraft.exe is a simple 32-bit DLL. Running strings.exe on this binary shows us several strings that look like they might be related to the key. USER32 WS2_32 %[email protected] Cannot read payload! n1ght_4lve$_R_c00L.bin A_l1ttl3_P1C_0f_h3aV3n RSDS R:\objchk_win7_x86\i386\WorldOfWarcraft.pdb Figure 1 - strings in WorldOfWarcraft.exe Opening the binary in IDA we can see that the binary doesn’t appear to implement much in the way of functionality, with the main function only calling 3 subroutines. The subroutine at address 0x1001A60 contains references to our strings of interest. FireEye, Inc., 1440 McCarthy Blvd., Milpitas, CA 95035 | +1 408.321.6300 | +1 877.FIREEYE (347.3393) | [email protected] | www.FireEye.com 1 Figure 2 - Decompilation of function using interesting strings I’ve cleaned up the decompilation in the screenshot above to be slightly more accurate. Quickly skimming sub_1001910 reveals that this function grabs the contents of a file, so it looks like sub_0x1001A60 will read the file n1ght_4lve$_R_c00L.bin and XOR the contents against the string A_l1ttl3_P1C_0f_h3aV3n. The result of this operation is compared to a static array on the stack, and if the two match the sample will print our key.
  • Copyrighted Material

    Copyrighted Material

    Index Numerics Address Resolution Protocol (ARP), 1052–1053 admin password, SOHO network, 16-bit Windows applications, 771–776, 985, 1011–1012 900, 902 Administrative Tools window, 1081–1083, 32-bit (x86) architecture, 124, 562, 769 1175–1176 64-bit (x64) architecture, 124, 562, 770–771 administrative tools, Windows, 610 administrator account, 1169–1170 A Administrators group, 1171 ADSL (Asynchronous Digital Subscriber Absolute Software LoJack feature, 206 Line), 1120 AC (alternating current), 40 Advanced Attributes window, NTFS AC adapters, 311–312, 461, 468–469 partitions, 692 Accelerated Graphics Port (AGP), 58 Advanced Computing Environment (ACE) accelerated video cards (graphics initiative, 724 accelerator cards), 388 Advanced Confi guration and Power access points, wireless, 996, 1121 Interface (ACPI) standard, 465 access time, hard drive, 226 Advanced Graphics Port (AGP) card, access tokens, 1146–1147 391–392 Account Operators group, 1172 Advanced Graphics Port (AGP) port, 105 ACE (Advanced Computing Environment) Advanced Host Controller Interface (AHCI), initiative, 724 212–213 ACPI (Advanced Confi guration and Power Advanced Micro Devices (AMD), 141–144 Interface) standard, 465 Advanced Packaging Tool (APT), 572 Action Center, 1191–1192 Advanced Power Management (APM) Active Directory Database, 1145–1146, 1183 standard, 465 active heat sink, 150 Advanced Programmable Interrupt active matrix display, LCD (thin-fi lm Controller (APIC), 374 transistor (TFT) display), 470 Advanced RISC Computing Specifi cation active partition, 267,
  • Download Deploying Windows 7, Essential Guidance

    Download Deploying Windows 7, Essential Guidance

    FROM THE Windows® 7 Resource Kit Mitch Tulloch, Tony Northrup, Jerry Honeycutt, Ed Wilson, and the Windows 7 Team at Microsoft I Chapter 3 Deployment Platform .............................................. 85 I Chapter 4 Planning Deployment ............................................ 113 I Chapter 5 Testing Application Compatability ........................... 139 I Chapter 6 Developing Disk Images ......................................... 179 I Chapter 7 Migrating User State Data ...................................... 223 I Chapter 8 Deploying Applications .......................................... 247 I Chapter 9 Preparing Windows PE ........................................... 273 I Chapter 10 Confi guring Windows Deployment Services .............. 293 I Chapter 11 Using Volume Activation ........................................ 335 I Chapter 12 Deploying with Microsoft Deployment Toolkit ........... 355 DEPLOYING WINDOWS 7 83 Chapter 3 Deployment Platform n Tools Introduction 85 n Windows 7 Deployment Terminology 87 n Platform Components 89 n Deployment Scenarios 99 n Understanding Setup 101 n Basic Deployment Process 105 n Microsoft Deployment Toolkit Process 107 n Summary 110 n Additional Resources 111 uilding on technology that the Windows Vista operating system introduced, Windows 7 Bdeployment technology has evolved significantly since Windows XP Professional . For example, it supports file-based disk imaging to make high-volume deployments quicker, more efficient, and more cost effective . The Windows 7 operating system also provides