DOCSLIB.ORG

Windows Embedded Standard 2009 Prepkit

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Windows Embedded Standard 2009 Prepkit MCTSi Exam 70-577 Windows Embedded Standard 2009 Preparation Kit Certification Exam Preparation Automation Not for resale. ii Table of Contents Contents at a Glance 1 Creating and Customizing the Configuration 2 Managing the Development Environment 3 Integrating Embedded Enabling Features 4Creating Components 5 Generating and Deploying an Image 6 Adding Windows Functionality Chapter 3 Integrating Embedded Enabling Features This chapter discusses Microsoft® Windows Embedded Standard 2009 Embedded Enabling Features (EEFs), which are components that address scenarios specific to embedded devices, such as deploying run-time images on read-only media, managing and updating your device remotely, and mass deployment. Exam objectives in this chapter: ■ Implement Device Update Agent (DUA) ■ Implement a USB Boot solution ■ Implement Enhanced Write Filter (EWF) ■ Implement File Based Write Filter (FBWF) ■ Implement Message Box Default Reply Before You Begin To complete the lessons in this chapter you need the following: ■ Windows Embedded Studio for Windows Embedded Standard 2009 installed. ■ Completed Chapters 1 and 2. ■ The configuration you created in Chapter 1. 73 74 Chapter 3 Integrating Embedded Enabling Features Lesson 1: Implement DUA The DUA component enables you to remotely update the run-time image of your Windows Embedded Standard 2009 devices. It is a service that runs on your device and processes a script that performs update and maintenance operations. DUA is useful for updating Windows Embedded Standard 2009 images, and is a small component with few dependencies. With DUA, you can update applications or application data, deploy new binaries and device drivers, make registry changes, and automate cleanup and management tasks. After this lesson, you will be able to: ■ Add and configure DUA in your image configuration. ■ Understand and be able to create a device update script. ■ Deploy a DUA run-time image. ■ Reconfigure the DUA engine on a remote device. Estimated lesson time: 30 minutes. Adding the DUA Component to the Configuration DUA is a component that gives your run-time image the ability to remotely update itself. To enable this functionality, you need to add DUA to your configuration and configure it so that it can poll a defined location for updates. Adding the DUA Component To add the DUA component to your configuration, locate the Device Update Agent component in Target Designer’s browser under Software>System>Management> Infrastructure, and add it to your configuration. To test and manage DUA on your device, add the Event Log component that is located under Software>System> Management>Applications in component browser, and the Registry Editor component that is located under Software>System>User Interface>Shells>Windows Shell. At this point check dependencies before you configure DUA settings. Configuring the DUA Component Because DUA runs as a service on your device and polls a specified location for updates, you must configure it to poll the location containing the updates, as well as its startup and runtime parameters. DUA has a number of other configurable settings, for example, specifying user account permissions for the service, poll interval and Lesson 1: Implement DUA 75 jitter (start at random time in the poll interval) for polling a Web site or media, environment variables, and the working directory. Device Update Script DUA uses an executable compiled by the Device Update Script Compiler (Dusc.exe) from a custom script (.dus file) that you create. Before running Dusc.exe, you must register the Duscaut.dll file by running regsvr32 duscaut.dll at a command prompt. These files are located on your development computer under the[drive]\Program Files\Windows Embedded\bin directory. Note that on a Windows Vista system Dusc.exe must be run with administrator permissions. The script itself is composed using a set of 17 predefined commands, as shown in Table 3-1. In the script, you use the command number or its name and an array of arguments. After you create your update command script, run the script compiler to create the command file (.dup file) that is placed in the polling location specified in the DUA settings, along with the files that need to be applied to the image as part of the update. Table 3-1 Device Update Script Commands Command Ordinal Description Reboot 1 Shut down and restart the system Delay 2 Suspend execution Execute 3 Execute new process—specified context CreateDirectory 4 Create a new directory RemoveDirectory 5 Remove an existing directory SetFileAttributes 6 Sets the attributes of a file CopyFile 7 Copy existing file to a new file DeleteFile 8 Delete existing file RegCreateKey 9 Create a key in the registry RegDeleteKey 10 Delete an existing registry key RegSetValue 11 Set data and type for a specified registry value RegDeleteValue 12 Remove a named value from a specified key 76 Chapter 3 Integrating Embedded Enabling Features Table 3-1 Device Update Script Commands (Continued) Command Ordinal Description RegSaveKey 13 Saves a key and sub keys to a specified file RegRestoreKey 14 Restore registry key from a file ExecuteProcess 15 Execute new process HTTPGet 16 Read and retrieve a remote file via HTTP(S) MoveFile 17 Move existing file to a new location Script Editing Use a simple text editor such as notepad.exe to create and modify DUA scripts. You can also use the DUAScriptGen tool from http://www.codeplex.com/duascriptgen. This tool provides a GUI to help you create DUA scripts. It was specifically created to make scripting DUA files for security updates easier. Mike Hall and Aaron Stebner originally created the tool. It has since been published via Codeplex. DUA scripts follow the command syntax described in Table 3-1. For example, to delay 10 seconds, create a c:\UpdatesDUA directory, and restart the system, you can use the following script: 2,0,10 4,,,C:\UpdatesDUA 1,,DAREBOOTOPT_REBOOT To carry out tasks that go beyond the available commands, you can execute additional programs and, if the programs support it, pass command-line parameters by using the DUA Execute command. Runtime Reconfiguration It is possible to initially deploy DUA with default settings and then reconfigure it by using a DUA script. This is useful if you need to change frequency, update source, or other similar settings. For example, to change the polling location, you can use the following script: //Delete existing poll location registry value 10,0,HKEY_LOCAL_MACHINE,,System\CurrentControlSet\Services\DUAgent\Parameters\Config\Session s\0000 //New registry key Lesson 1: Implement DUA 77 9,0,HKEY_LOCAL_MACHINE,,System\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessions \0000,0 //Specify polling location and type 11,0,HKEY_LOCAL_MACHINE,0,SYSTEM\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessio ns\0000,0,Type,4,1 //Set remote host to CustomHost 11,0,HKEY_LOCAL_MACHINE,0,SYSTEM\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessio ns\0000,0,HostName,1,CustomHost //Set the host port to 80 11,0,HKEY_LOCAL_MACHINE,0,SYSTEM\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessio ns\0000,0,HostPort,4,80 //Set the protocol to HTTP (0) 11,0,HKEY_LOCAL_MACHINE,0,SYSTEM\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessio ns\0000,0,Protocol,4,0 Lesson Summary The DUA component enables you to configure updates for your device. The DUA component includes an executable that runs as a service on the device and parses a file that you create by writing a script that outlines the actions it takes to perform the update. After you create the command script, compile it by using the Device Update Script Compiler to produce the executable file, which you then deploy to the device. Quick Check 1. What operations can be performed through the DUA services? 2. How do you reconfigure DUA on a running device? Quick Check Answers 1. Update applications or application data. Deploy new binaries, device drivers, or registry changes. Automate cleanup and management tasks. Change the DUA polling time. 2. Create a script to manipulate the registry on the device and reconfigure DUA by changing its registry values. 78 Chapter 3 Integrating Embedded Enabling Features Lesson 2: Implement a USB Boot Solution USB devices are readily available and provide a cost-effective alternative to various boot media such as compact flash, or even CD or DVD. The high speed capabilities of USB 2.0 opened the door to booting from USB storage for Windows Embedded Standard 2009 devices. Starting from USB in the case of Windows Embedded Standard 2009 means starting from USB mass storage media, popularly known as Disk on Key (DoK), but not from CD or DVD USB drives. After this lesson, you will be able to: ■ Define the requirements for booting your device from a USB storage device. ■ Prepare the USB device. ■ Prepare your image for starting from USB. Estimated lesson time: 15 minutes. USB Boot Requirements First, your device needs to have USB 2.0 high speed support and the BIOS must support INT 13H. Because the NT loader, NTLDR, makes calls to INT 13H to access the disk on your device, the BIOS on your device must support these calls to INT 13H by complying with BIOS Enhanced Disk Drive Services 2 specifications and USB Mass Storage Specification for bootability. Only USB 2.0 high speed storage devices are supported, so make sure your USB device has a minimum write speed of 9 MB/sec and single-level cell not-and (SLC NAND) flash memory, which provides high performance and long time reliability. The USB mass storage media must have a bootable partition and be formatted. There are several caveats with booting from USB mass storage media. Hibernation is not supported; therefore, Enhanced Write Filter Hibernate Once/Resume Many (EWF HORM) is not supported. Crash dumps and pagefiles are also not supported. Lesson 2: Implement a USB Boot Solution 79 Preparing a USB Mass Storage Media for Booting You must prepare your USB storage device (DoK) before you can write an image to it.
Load more

Recommended publications
  • Operating System Boot from Fully Encrypted Device
    Masaryk University Faculty of Informatics Operating system boot from fully encrypted device Bachelor’s Thesis Daniel Chromik Brno, Fall 2016 Replace this page with a copy of the official signed thesis assignment and the copy of the Statement of an Author. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Daniel Chromik Advisor: ing. Milan Brož i Acknowledgement I would like to thank my advisor, Ing. Milan Brož, for his guidance and his patience of a saint. Another round of thanks I would like to send towards my family and friends for their support. ii Abstract The goal of this work is description of existing solutions for boot- ing Linux and Windows from fully encrypted devices with Secure Boot. Before that, though, early boot process and bootloaders are de- scribed. A simple Linux distribution is then set up to boot from a fully encrypted device. And lastly, existing Windows encryption solutions are described. iii Keywords boot process, Linux, Windows, disk encryption, GRUB 2, LUKS iv Contents 1 Introduction ............................1 1.1 Thesis goals ..........................1 1.2 Thesis structure ........................2 2 Boot Process Description ....................3 2.1 Early Boot Process ......................3 2.2 Firmware interfaces ......................4 2.2.1 BIOS – Basic Input/Output System . .4 2.2.2 UEFI – Unified Extended Firmware Interface .5 2.3 Partitioning tables ......................5 2.3.1 MBR – Master Boot Record .
    [Show full text]
  • Server Support Interview Questions and Answers Guide
    Server Support Interview Questions And Answers Guide. Global Guideline. https://www.globalguideline.com/ Server Support Interview Questions And Answers Global Guideline . COM Server Support Job Interview Preparation Guide. Question # 1 Tell me where are cluster logs stored? Answer:- Please share your answers. Read More Answers. Question # 2 What are the Logical / Physical Structures of the AD Environment? Answer:- Active Directory Logical components are Forests, Trees, Domains, OUs and Objects. Active Directory Physical components are Domain Controllers, Sites and subnets. Read More Answers. Question # 3 What applications or services use AD application partitions? Name a couple? Answer:- Application partition contains the information of application data and other data related to application as well. But it does not contain any data related AD object such as USER, COMPUTER and GROUP. The saved data will be replicated to some of the particular DC not to all the DCs. Read More Answers. Question # 4 What are the types of hard disks used in servers? Answer:- Mostly we use scsi hardrive in server due few reason to it, high scalability & flexibility in raid array, faster from other type of hdd interface like-sata,ata,ide also it reliable & compatible with older scsi devices Read More Answers. Question # 5 What are some of the command-line tools available for managing a Windows 2003 Server/Active Directory environment? Answer:- Command Line Tools 1) GPupdate 2) Where 3) SystemInfo 4) CSVDE 5) LDIFDE 6) CMDCONS 7) Ipconfig 8) RoboCopy 9) CMDHere 10) PathPing Read More Answers. Question # 6 What if a FSMO server role fails? Answer:- FSMO roles are important role in server .
    [Show full text]
  • Invalid Class String Error
    Tib4231 July, 2001 TECHNICAL INFORMATION BULLETIN Invalid Class String Error KODAK DC215, KODAK DC240, KODAK DC280, DC3400, and DC5000 Zoom Digital Cameras An Invalid Class String error may occur when you try to launch the camera software for the first time, or the Mounter or Camera Properties software may not operate properly.This error is caused when the program RegSvr32.exe is not located in the C:\Windows\System folder, preventing the DLL files from being registered. Use this document to help you properly locate the RegSvr32.exe program in your system, and if necessary, manually register the DLL files. The instructions in this document assume that you are familiar with copying and moving files in your computer, and installing software. Relocating RegSvr32.exe 1. Go to Start > Find > Files and Folders and search for regsvr32*.* Note the location of the program. 2. In WINDOWS Explorer or My Computer, copy RegSvr32.exe to the C:\Windows\System folder if it is not already there. When the file is in place, go on to Step 3. 3. Uninstall the KODAK software using the KODAK Uninstall application, or go to Start > Settings > Control Panel > Add / Remove Programs. 4. Close all background programs except Explorer and Systray by pressing Ctrl Alt Del, selecting each program one at a time, and clicking End Task after each. 5. Install the KODAK camera software. 6. Start the KODAK Camera Mounter and Camera Properties software for your camera. If the Invalid Class String error appears, manually register the DLL file using the procedure that follows for your camera.
    [Show full text]
  • How Will You Troubleshoot the Issue? What Are the Steps to Followed? A
    1. A user in a corporate network contacts service desk saying he/she has lost network connectivity: How will you troubleshoot the issue? What are the steps to followed? A. First I will check the network cable is plugged in or not. Then check the network connections and the ip address is assigned or not. Then check connecting to website or not. IP conflict. 2. A User calls in and complains that her computer and network is running very slow. How would go about troubleshooting it? A. 3. How would you create an email account for a user already in AD? A. Open Microsoft Outlook if you are using office 2000, and click on "Tools" tab. Go to "Email Accounts". There you can find two option like Email and Directory. Click on "Add a new Account" and click next. If you are using Exchange Server then click over there, this depends on that particular Organization. According to the their setup you have to choose. And if you are using POP3 server then next popup will come along with your name, email address POP3 and SMTP IP address, Password etc. and after that click on Next and finish it..... 4. A PC did not receive an update from SMS. What steps would we take to resolve this? A. If SMS not updated in client system. 1. Need to check system getting IPaddress or not. 2. Need to check system in domain or not 3.Ensure that windows firewall should be off. 5. How do you set the IP address by using the command prompt A.
    [Show full text]
  • Windows XP for Embedded Applications
    Windows XP for embedded applications Written by: Patric Dove, Advantech Corporation, Industrial Automation Group The embedded version of Windows XP is a componentized version of the well-known Windows XP Professional operating system. Instead of everything being wrapped tightly into a single package, XP Embedded breaks the OS down into more than 10,000 individual components, allowing developers to create systems that have the functionality and familiar features of XP. One of the most attractive features of XP Embedded is that it is much smaller than XP for desktop systems — so small, in fact, that it can fit on a 512 MB CompactFlash® card, and still leave room for system applications and data backup. The CompactFlash card resists vibration and shock for reliable storage and can be replaced easily for fast system upgrades. Also of great interest for the embedded system developer are XP Embedded’s choices of boot methods, its wide range of communications options, and the array of tools available for system configuration. XP Embedded uses the same application programming environment as XP, which makes application development quick and easy, and allows the same application to run on desktop and embedded machines. And it has improved code protection for critical kernel structures, file protection and more. Suggested industrial applications for XP Embedded include human-machine interface (HMI) panels, process automation systems, industrial robots, inspection systems, Soft programmable logic controllers (Soft PLCs), remote control devices and factory monitoring systems. Accordingly, many Advantech systems are compatible with XP Embedded. A few of the many possible consumer and commercial applications of XP Embedded would include set top boxes and terminals such as kiosks and ATMs.
    [Show full text]
  • Copyrighted Material
    Index Numerics Address Resolution Protocol (ARP), 1052–1053 admin password, SOHO network, 16-bit Windows applications, 771–776, 985, 1011–1012 900, 902 Administrative Tools window, 1081–1083, 32-bit (x86) architecture, 124, 562, 769 1175–1176 64-bit (x64) architecture, 124, 562, 770–771 administrative tools, Windows, 610 administrator account, 1169–1170 A Administrators group, 1171 ADSL (Asynchronous Digital Subscriber Absolute Software LoJack feature, 206 Line), 1120 AC (alternating current), 40 Advanced Attributes window, NTFS AC adapters, 311–312, 461, 468–469 partitions, 692 Accelerated Graphics Port (AGP), 58 Advanced Computing Environment (ACE) accelerated video cards (graphics initiative, 724 accelerator cards), 388 Advanced Confi guration and Power access points, wireless, 996, 1121 Interface (ACPI) standard, 465 access time, hard drive, 226 Advanced Graphics Port (AGP) card, access tokens, 1146–1147 391–392 Account Operators group, 1172 Advanced Graphics Port (AGP) port, 105 ACE (Advanced Computing Environment) Advanced Host Controller Interface (AHCI), initiative, 724 212–213 ACPI (Advanced Confi guration and Power Advanced Micro Devices (AMD), 141–144 Interface) standard, 465 Advanced Packaging Tool (APT), 572 Action Center, 1191–1192 Advanced Power Management (APM) Active Directory Database, 1145–1146, 1183 standard, 465 active heat sink, 150 Advanced Programmable Interrupt active matrix display, LCD (thin-fi lm Controller (APIC), 374 transistor (TFT) display), 470 Advanced RISC Computing Specifi cation active partition, 267,
    [Show full text]
  • APOLLO Windows XP Embedded Quickstart
    APOLLO Windows XP Embedded Development Kit Quickstart Manual APOLLO Windows XP Embedded Quickstart Disclaimer The information in this manual has been carefully checked and is believed to be accurate. Eurotech Ltd assumes no responsibility for any infringements of patents or other rights of third parties, which may result from its use. Eurotech Ltd assumes no responsibility for any inaccuracies that may be contained in this document. Eurotech Ltd makes no commitment to update or keep current the information contained in this manual. Eurotech Ltd reserves the right to make improvements to this document and/or product at any time and without notice. Warranty This product is supplied with a 3 year limited warranty. The product warranty covers failure of any Eurotech Ltd manufactured product caused by manufacturing defects. The warranty on all third party manufactured products utilised by Eurotech Ltd is limited to 1 year. Eurotech Ltd will make all reasonable effort to repair the product or replace it with an identical variant. Eurotech Ltd reserves the right to replace the returned product with an alternative variant or an equivalent fit, form and functional product. Delivery charges will apply to all returned products. Please check www.eurotech-ltd.co.uk for information about Product Return Forms. Trademarks Windows XP and Windows XP Embedded, Windows Embedded Studio, Target Designer, Component Designer and Visual Studio are all trademarks of the Microsoft Corporation. All other trademarks and copyrights referred to are the property of their respective owners. All other trademarks recognised. Revision History Manual PCB Date Comments Issue A v1ix 27th June 2005 First full release of manual.
    [Show full text]
  • Boot Problem Solutions B 102/1
    B102.qxp_July 2018 25/05/2018 10:00 Page 23 BcdEdit: Boot Problem Solutions B 102/1 If Windows Goes on Strike while Booting Up: Use BcdEdit to Take Back Control Using the information given in this article you will be able to: Edit your Windows system’s boot configuration, Remove an old operating system from the boot menu, Restore a faulty boot sector using BootRec. On Windows XP, you could change the boot menu and configure the process simply by editing the BOOT.INI file. This was especially useful if you had a multi- boot system, and needed to quickly change the options displayed in the menu when you start up your PC. With the introduction of Windows 7, everything changed, and modifying your boot menu became much more complicated than editing a single file. That’s because Microsoft replaced the BOOT.INI file with the BCD (Boot Configuration Data) database. Unfortunately, this data could no longer be edited with a text editor and now it is only possible to make configuration changes using the BcdEdit tool. In this article, I’ll show you how to use the BcdEdit program in order to add operating systems to the boot configuration data, or remove entries from the list of displayed operating systems. • BcdEdit: The New Boot File Editor in Windows .... .......... B 102/2 • BcdEdit: The Boot Configuration Data Editor .... ............. B 102/4 • You Should Know these BcdEdit Parameters ..... ............. B 102/5 • Manage Multi-boot Systems Using BcdEdit .... ............... B 102/8 • How to Rescue Windows 10, 8.1 & 7 Multi-boot Systems ..
    [Show full text]
  • Windows Embedded Standard 2009 Prepkit
    MCTSi Exam 70-577 Windows Embedded Standard 2009 Preparation Kit Certification Exam Preparation Automation Not for resale. ii Published by Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publica- tion. Information in this document, including URL and other Internet Web site references, is subject to change with- out notice. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmit- ted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any pur- pose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Copyright © 2009 Microsoft Corporation. All rights reserved. Internet Explorer, Microsoft, MS-DOS, Visual Studio, Win32, Windows and Windows Vista are trademarks of the Microsoft group of companies.
    [Show full text]
  • Windows Embedded Standard 2009 Prepkit
    MCTSi Exam 70-577 Windows Embedded Standard 2009 Preparation Kit Certification Exam Preparation Automation Not for resale. ii Table of Contents Contents at a Glance 1 Creating and Customizing the Configuration 2 Managing the Development Environment 3 Integrating Embedded Enabling Features 4Creating Components 5 Generating and Deploying an Image 6 Adding Windows Functionality Chapter 6 Adding Windows Functionality Microsoft® Windows® Embedded Standard 2009 enables you to add to the run-time image custom functionality that enhances security and the user experience. For example, you can customize a client shell to expose selected functionality of the device. You can also enable remote administration on your device, add multiple languages, and add multiple user accounts. Exam objectives in this chapter: ■ Create a custom shell component ■ Configure multiple user accounts ■ Configure security ■ Add support for multiple languages ■ Add support for remote administration Before You Begin To complete the lessons in this chapter you need the following: ■ Windows Embedded Studio for Windows Embedded Standard 2009 installed. ■ Completed Chapters 1–5. 177 178 Chapter 6 Adding Windows Functionality Lesson 1: Create a Custom Shell Component Windows Embedded Standard 2009 provides several shells, such as Explorer shell, Task Manger shell and Command shell. You can extend the functionality they provide by creating a custom shell that reflects your application and OS design functionality. For example, if your device monitors a car’s engine at a service garage, the display may need to present gauges that show engine condition and buttons to operate the device. Because the use of embedded devices is so specific, it is preferable that the user not be able to start applications, access the file system or interact in the way they usually do with regular Windows XP client based computers.
    [Show full text]
  • The Evolution of TDL: Conquering X64
    The Evolution of TDL: Conquering x64 Revision 1.1 Eugene Rodionov, Malware Researcher Aleksandr Matrosov, Senior Malware Researcher 2 2 CONTENTS 3 INTRODUCTION ..................................................................................................................................................... 4 1 INVESTIGATION ............................................................................................................................................. 5 1.1 GANGSTABUCKS ............................................................................................................................................... 6 2 INSTALLATION ............................................................................................................................................. 11 2.1 INFECTING X86 SYSTEMS .................................................................................................................................. 11 2.2 INFECTING X64 SYSTEMS .................................................................................................................................. 13 2.3 THE DROPPER’S PAYLOAD ................................................................................................................................ 14 2.4 COMPARISON WITH TDL3/TDL3+..................................................................................................................... 15 3 THE BOT .....................................................................................................................................................
    [Show full text]
  • How to Evade Application Whitelisting Using REGSVR32
    EXTERNAL/INTERNAL, RED TEAM, RED TEAM TOOLS CASEY SMITH, COM+ SCRIPLETS, DLL, FOLLOW US 10 SUBTEE, WEVADE, WHITELISTING MAY 2017 How to Evade Application Whitelisting Using REGSVR32 Jo Thyer // I was recently working on a Red Team for a customer that was very much up to date with their defenses. This customer had tight egress controls, perimeter proxying, strong instrumentation, and very tight application whitelisting controls. My teammate and I knew that we would have to work very hard to get command and control outbound from this environment, and that would be after obtaining physical access (yet another signicant challenge). Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD The week before going on-site, we began to LOOKING FOR research all of the various methods for SOMETHING? potential application whitelisting bypass. We assumed the best case defensive scenario whereby the customer would have all binary execution blocked with the exception of specic applications permitted. In prior tests SUBSCRIBE TO THE with other customers and this same BHISBLOG customer, we had used “rundll32.exe” to execute DLL content. This method is really useful if you can host shellcode Don't get left in the dark! Enter within a DLL, and have a nice controlled entry point. In the Metasploit case, the your email address and every DLL entry point is named “Control_RunDLL”. While this might evade time a post goes live you'll get instant notication! We'll also whitelisting, we also knew this old trick had been played before and we likely add you to our webcast list, so could not count on it again.
    [Show full text]