Managing Software with Scripts on 64-Bit Windows

Total Page:16

File Type:pdf, Size:1020Kb

Managing Software with Scripts on 64-Bit Windows Managing Software AND Scripts on 64-bit Windows Darwin Sanoy, Principal Consultant & windows.com Trainer, CSI-Windows.com - http://csi 1 Darwin Sanoy Principal Consultant and Trainer • CSI-Windows.com – Provides Training and Resources… – to Help Application Provisioning Specialists... windows.com – Put Applications on Windows 7, Virtualization and - Windows 8. http://csi • This session is an abridged version of our course ENG-52 Windows 7 Application Support Engineer 2 64-bit Software Spectrum Windows OS 64-bit 32-bit 64-bit Edition 64-bit Compatible Edition Compatible “Just Works” Edition 64-bit 64-bit Win7 32-bit Win7 32-bit XP 32-bit binaries binaries WOW WOW binaries binaries binaries windows.com - 64-bit Drivers 64-bit Drivers WOW64 (Windows On Windows) http://csi 64-bit Drivers Windows 7 API + UAC 64-bit Hardware (Most “Business Class” HW for last 6 years) Why Mixed 32 and 64-bit? • Target XP, Win7 32-bit and 64-bit: – Minimize number of source files. – Minimize number of compiles. windows.com – Minimize number/complexity of installers. - • Simultaneous Maintenance of Both Bitnesses http://csi • Reuse Legacy Binaries • 32-bit Middleware 64-bit Platform • Only 64-bit, Signed Drivers Allowed • 32-bit Services OK • EXEs around 20% Larger • Threads Each Use 512KB More (32 & 64-bit) windows.com • 1.5 Gbytes Bigger on Disk (1.1 is SysWOW64) - • Duplicate 32-bit Environment http://csi – 32-bit System32 – 32-bit WinSxS – .NET Framework WOW64 Defined • WOW64 = Windows(32) On Windows64 • Design which allows 64-bit Windows to supports 32-bit EXES windows.com • By tricking 32-bit processes to think they are on a 32-bit - OS. http://csi • using process Level redirections of certain file paths and reg keys • to load 32-bit OS DLLs instead of 64-bit. 64-bit Platform Nomenclature • Bitness = How Many Bits? • x86 = 32-bit • x64 = 64-bit windows.com - • Thunking = translating different bitness http://csi Naming and Folders • Legacy Locations RESERVED for 64-bit. • Filenames ending in “32” mean nothing. • \System32 = 64-bit Windows DLLs windows.com - • \SysWOW64 = 32-bit Windows DLLs http://csi • WOW6432Node = 32-bit Registry The OS Through Process Eyes Process (ABC.EXE) ABC.EXE Kernel32.DLL User32.DLL ABC.DLL Advapi32.DLL Windows XYZ.DLL ComDlg32.DLL NTDLL.DLL windows.com - Ole32.DLL http://csi Shell32.DLL Sechost.DLL A Bunch Of DLLs With Me In My Process DLL Injection & API Interception Process (ABC.EXE) ABC.EXE ReportGen.DL • Used For ->2e7f ->2e7f L IAT -> 6c9b IAT -> 6c9b – WOW64 RegCreateKey RegCreateKey – AppCompat – AppVirt (App-V) Shlwapi.DLL IAT RegCreateKey windows.com ->2e7f - ->6c9b http://csi Injected.DLL ADVAPI32.DLL Custom Function [6c9b] RegCreateKeyW (code) [2e7f] WOW64 Architecture 32-bit Process math.exe (32bit) Load Write System32\User32.dll HKLM\Software\Math WOW64 Wow64Win.dll NTDll.dll Wow64CPU.dll Wow64.dll windows.com - Redirected to Redirected to SysWOW64\User32.dll HKLM\Software\Wow6432Node\Math http://csi \Windows\SysWOW64 HKLM\Software\Wow6432Node (32-bit Windows DLLs) (32-bit Software Registry) 64-Bit \Windows\System32 HKLM\Software Windows (64-bit Windows DLLs) (64-bit Software Registry) Bitness: Processes and Binaries 32-bit Process 64-bit Process math.exe (32-bit) math.exe (64-bit) Arithmatic.dll (64-bit) Arithmatic.dll (32-bit) Load windows.com - stats.exe (32-bit) http://csi stats.exe (64-bit) IPC Default Script Execution • .CMD/.BAT = 64-bit • .VBS, .JS = 64-bit • .PS1 = 64-bit windows.com - • .REG = 64-bit http://csi • .HTA/.HTM = 32-bit Other Environments • The Bitness of the Agent EXE Will Dictate Script Engine Bitness – Desktop Management Agent – Software Distribution Agent – Group Policy (64-bit) • Most Third Party Services Will Default 32-bit For A While windows.com - • Watch: They May Miss the Impact on You of Full 64-bit Agent Binaries http://csi • 32-bit VBScript w/out Admin Will UAC Virtualize (Protected Admins / Standard Users) Script Engine Bitness Impacts • Calls to 32-bit EXEs are Ok in x64 • Scriptable Objects – 32/64 Bit are different – VBS: CreateObject – PS: New-Object windows.com • Path to System32 - – Do You Have Custom Subfolders? http://csi • Registry Redirection – Pushing HKLM\Software\<company> needs redirection to match software. Per-Bitness Configuration • PowerShell Must Be Activated Per-bitness – %windir%\System32\Powershell.exe Set-ExecutionPolicy RemoteSigned – %windir%\sysWOW64\Powershell.exe Set-ExecutionPolicy RemoteSigned windows.com • VBScript \ Jscript Re-Registering is Per-bitness - – Elevate “\system32\cmd.exe” http://csi – Regsvr32 vbscript.dll – Elevate “\sysWOW64\cmd.exe” – Regsvr32 vbscript.dll Extensions Example • SetACL (Good) – 32 and 64-bit EXE – 32 and 64-bit Scriptable COM Object windows.com • Register BOTH - • Errors http://csi – "ActiveX component can't create object 'xxx.xxx'. Code: 800A01AD Force 32-Bit • .CMD/.BAT: ...\SysWOW64\cmd.exe • .VBS: ...\SysWOW64\cscript.exe windows.com • .PS1: - …\SysWOW64\WindowsPowerShell\v1.0\power http://csi shell.exe • .REG: ...\SysWOW64\regedit.exe WMI Registry Access • Has Bitness on Registry Provider • Defaults to bitness of caller • Can force cross bitness access with two new windows.com Wbemscripting properties - – “__ ProviderArchitecture", 32 http://csi – “__RequiredArchitecture", TRUE • 32-bit Script Read 64-bit Registry Retrofit Scripts for 32-bit Bitness • Snippet of code at top of script. • Re-calls script w/ desired bitness. • If it not run in desired bitness. • windows.com Does nothing if desired bitness not available (e.g. - 64-bit on 32-bit OS) • Works for XP and Win7. http://csi • One small modification to run on XP 32, Win7 32 and Win7 64. General Logic If DesiredProcBitness <> CurrentProcBitness AND Running on 64-bit Then Recall this script with the desired engine Exit the script (so we don’t run twice) End If windows.com - <Script Working Code Here> http://csi (In full course the code is provided for VBS, .CMD/.BAT and .PS1) Windows Installer • Default MSIEXEC.EXE is 64-bit • .MSIs can be tagged “x64” • During Package Processing EVERYTHING defaults to 32-bit regardless of 64-bit MSIEXEC.EXE and even if the .MSI is windows.com tagged “x64” - • One MSI Can Supported Mixed Bitness http://csi • 64-bit MSI Processing Must be Opted Into on a Per-Item Basis • Do Not Call sysWOW64\msiexec.exe OPT In Tags: • Package Must Be Marked x64 • For files, new folder properties must be used: ProgramFiles64Folder, System64Folder (only accurate if pkg marked x64) windows.com • Must Tag Components as 64-bit - • Must tag Scripted Custom Actions as 64-bit http://csi • EXE/DLL Custom Actions execute according to their inherent bitness Properties and Attributes • ProgramFilesFolder = “C:\Program Files (x86)” • VersionNT64 (detect 64-bit) • ProgramFiles64Folder • System64Folder windows.com • CommonFiles64Folder - • msidbComponentAttributes64bit http://csi • msidbLocatorType64bit • msidbCustomActionType64BitScript Favor 32-Bit Software • DO NOT “Use 64-bit Versions Whenever Available” – Plug-in and Runtime dependencies windows.com • Especially where dependencies are not well - known ahead of time. http://csi Follow Up • Visit http://csi-windows.com/packagingevent for code samples and presentation slides. • Check out our training at windows.com http://csi-windows.com/courses - http://csi 26 .
Recommended publications
  • Exploring the X64
    Exploring the x64 Junichi Murakami Executive Officer, Director of Research Fourteenforty Research Institute, Inc. Who am I? • Junichi Murakami – @Fourteenforty Research Institute, Inc. – Both Windows and Linux kernel development – Reversing malware and P2P software, etc. – Speaker at: • Black Hat 2008 US and Japan, AVAR 2009, RSA Conference(2009-) – Instructor at Security & Programming Camp(2006-) 2 Environment • Windows 7 x64 Edition • Visual Studio 2008 • Windbg • IDA Pro Advanced – STD doesn’t support x64, an offering is needed! 4 Agenda • Windows x64 • ABI(Application Binary Interface) • API Hooking • Code Injection 5 Windows x64 • Native x64 and WoW64 • Virtual Address Space – 2^64 = 16 Exa Byte ( Exa: 10^18) – but, limited to 16TB by Microsoft • File/Registry reflection • New 64-bit APIs – IsWow64Process, GetNativeSystemInfo, etc. 6 ABI • Binary Format • Register • Calling Convention • Exception Handling • Systemcall(x64, WoW64) 11 Binary Format(Cont.) • Some fields were extended to 64-bits – IMAGE_NT_HEADERS.IMAGE_OPTIONAL_HEADER • ImageBase • SizeOfStackReserve • SizeOfStackCommit • SizeOfHeapReserve • SizeOfHeapCommit 13 Calling Convention • first 4 parameters are passed by RCX, RDX, R8, R9 – 5th and later are passed on the stack • caller allocates register home space on the stack • RAX is used for return values • leaf / non-leaf function – leaf function: never use stack – PE32+ contains non-leaf function’s information in its EXCEPTION DIRECTORY • Register’s volatility – volatile: RAX, RCX, RDX, R8-R11 15 Exception Handling •
    [Show full text]
  • Through the Looking Glass: Webcam Interception and Protection in Kernel
    VIRUS BULLETIN www.virusbulletin.com Covering the global threat landscape THROUGH THE LOOKING GLASS: and WIA (Windows Image Acquisition), which provides a WEBCAM INTERCEPTION AND still image acquisition API. PROTECTION IN KERNEL MODE ATTACK VECTORS Ronen Slavin & Michael Maltsev Reason Software, USA Let’s pretend for a moment that we’re the bad guys. We have gained control of a victim’s computer and we can run any code on it. We would like to use his camera to get a photo or a video to use for our nefarious purposes. What are our INTRODUCTION options? When we talk about digital privacy, the computer’s webcam The simplest option is just to use one of the user-mode APIs is one of the most relevant components. We all have a tiny mentioned previously. By default, Windows allows every fear that someone might be looking through our computer’s app to access the computer’s camera, with the exception of camera, spying on us and watching our every move [1]. And Store apps on Windows 10. The downside for the attackers is while some of us think this scenario is restricted to the realm that camera access will turn on the indicator LED, giving the of movies, the reality is that malware authors and threat victim an indication that somebody is watching him. actors don’t shy away from incorporating such capabilities A sneakier method is to spy on the victim when he turns on into their malware arsenals [2]. the camera himself. Patrick Wardle described a technique Camera manufacturers protect their customers by incorporating like this for Mac [8], but there’s no reason the principle into their devices an indicator LED that illuminates when can’t be applied to Windows, albeit with a slightly different the camera is in use.
    [Show full text]
  • Minimum Hardware and Operating System
    Hardware and OS Specifications File Stream Document Management Software – System Requirements for v4.5 NB: please read through carefully, as it contains 4 separate specifications for a Workstation PC, a Web PC, a Server and a Web Server. Further notes are at the foot of this document. If you are in any doubt as to which specification is applicable, please contact our Document Management Technical Support team – we will be pleased to help. www.filestreamsystems.co.uk T Support +44 (0) 118 989 3771 E Support [email protected] For an in-depth list of all our features and specifications, please visit: http://www.filestreamsystems.co.uk/document-management-specification.htm Workstation PC Processor (CPU) ⁴ Supported AMD/Intel x86 (32bit) or x64 (64bit) Compatible Minimum Intel Pentium IV single core 1.0 GHz Recommended Intel Core 2 Duo E8400 3.0 GHz or better Operating System ⁴ Supported Windows 8, Windows 8 Pro, Windows 8 Enterprise (32bit, 64bit) Windows 10 (32bit, 64bit) Memory (RAM) ⁵ Minimum 2.0 GB Recommended 4.0 GB Storage Space (Disk) Minimum 50 GB Recommended 100 GB Disk Format NTFS Format Recommended Graphics Card Minimum 128 MB DirectX 9 Compatible Recommended 128 MB DirectX 9 Compatible Display Minimum 1024 x 768 16bit colour Recommended 1280 x 1024 32bit colour Widescreen Format Yes (minimum vertical resolution 800) Dual Monitor Yes Font Settings Only 96 DPI font settings are supported Explorer Internet Minimum Microsoft Internet Explorer 11 Network (LAN) Minimum 100 MB Ethernet (not required on standalone PC) Recommended
    [Show full text]
  • A Definitive Guide to Windows 10 Management: a Vmware Whitepaper
    A Definitive Guide to Windows 10 Management: A VMware Whitepaper November 2015 Table of Contents Executive Summary.................................................................................................................3 Challenges with Windows Management..........................................................................5 How Windows 10 Differs........................................................................................................7 Windows 10 Management Features....................................................................................9 New Methods of Updates......................................................................................................10 New Methods of Enrollment and Device Provisioning................................................11 Unified Application Experiences.........................................................................................13 Domain Joined Management................................................................................................16 Application Delivery.............................................................................................................17 Universal Applications.........................................................................................................17 Classic Windows Applications.........................................................................................17 Cloud-based Applications.................................................................................................17
    [Show full text]
  • Programming Model Intel Itanium 64
    11/11/2003 64-bit computing AMD Opteron 64 Application of Win32 Executable File Legacy 64 bit platforms Inbuilt 128-bit bus DDR memory controller with memory bandwidth speed up to 5.3GB/s. Infectors on Intel Itanium and AMD Benefits of 64-bit processors Opteron Based Win64 Systems Use of hyper transport protocol, “glueless” architecture. Oleg Petrovsky and Shali Hsieh Increased integer dynamic range Computer Associates International Inc. Available in up to 8 way configuration with the clock speeds 1 Computer Associates Plaza, Islandia, NY 11749, Much larger addressable memory space of 1.4 GHz, 1.6 GHz and 1.8 GHz . USA Benefits to database, scientific and cryptography Reuses already familiar 32-bit x86 instruction set and applications extends it to support 64-bit operands, registers and memory pointers. AMD64 Programming Model AMD64: Programming model Intel Itanium 64 X86 32-64 64 bit Itanium line of processors is being developed by Intel XMM8 X86 80-Bit Extends general use registers to 64-bit, adds additional eight 64-Bit X87 general purpose 64-bit registers. Itanium - 800 MHz, no on die L3 cache, Itanium 2 - 1GHz, RAX EAX AX 3MB L3 on die, Itanium 2003 (Madison) - 1.5 GHz, 6MB L3 on die cache, 410M transistors, largest integration on a RBX Reuses x86 instruction set. single silicon crystal today. XMM15 RCX Runs 32-bit code without emulation or translation to a native Itanium line of processors utilizes more efficient and robust XMM0 than legacy x86 instruction set architecture F instruction set. R8 L A Itanium has to use x86-to-IA-64 decoder a specifically Minimizes learning curve.
    [Show full text]
  • Sample2.Js Malware Summary
    Threat Analysis Report Summary Threat Malicious Level File Name sample2.js MD5 Hash 580E637B97B16698CC750B445223D5C0 Identifier SHA-1 Hash 07E507426F72522DABFECF91181D7F64DC3B8D23 Identifier SHA-256 Hash 790999F47B2FA4396FF6B0A6916E295D832A12B3495A87590C859A1FE9D73245 Identifier File Size 3586 bytes File Type ASCII text File 2015-11-06 09:26:23 Submitted Duration 38 seconds Sandbox 27 seconds Replication Engine Analysis Engine Threat Name Severity GTI File Reputation --- Unverified Gateway Anti-Malware JS/Downloader.gen.f Very High Anti-Malware JS/Downloader.gen.f Very High YARA Custom Rules Sandbox Malware.Dynamic Very High Final Very High Sample is malicious: f inal severit y level 5 Behavior Classif icat ion Networking Very High Exploiting, Shellcode High Security Solution / Mechanism bypass, termination and removal, Anti Unverified Debugging, VM Detection Spreading Unverified Persistence, Installation Boot Survival Unverified Hiding, Camouflage, Stealthiness, Detection and Removal Protection Unverified Data spying, Sniffing, Keylogging, Ebanking Fraud Unverified Dynamic Analysis Action Severity Malware behavior: networking activities from non-executable file Very High ATTENTION: connection made to a malicious website (see Web/URL Very High reputation for details) Detected suspicious Java Script content High Downloaded data from a webserver Low Modified INTERNET_OPTION_CONNECT_RETRIES: number of times that Low WinInet attempts to resolve and connect to a host Connected to a specific service provider Low Cracks a URL into its component
    [Show full text]
  • Flare-On 5: Challenge 7 Solution – Worldofwarcraft.Exe
    Flare-On 5: Challenge 7 Solution – WorldOfWarcraft.exe Challenge Author: Ryan Warns Summary This challenge implements a 32-bit Windows binary meant to run in a Windows on Windows (WOW) environment. Analysis I often start my analysis of samples by quickly skimming the output of static analysis tools and looking through IDA. Performing basic static analysis on the binary we see that WorldOfWarcraft.exe is a simple 32-bit DLL. Running strings.exe on this binary shows us several strings that look like they might be related to the key. USER32 WS2_32 %[email protected] Cannot read payload! n1ght_4lve$_R_c00L.bin A_l1ttl3_P1C_0f_h3aV3n RSDS R:\objchk_win7_x86\i386\WorldOfWarcraft.pdb Figure 1 - strings in WorldOfWarcraft.exe Opening the binary in IDA we can see that the binary doesn’t appear to implement much in the way of functionality, with the main function only calling 3 subroutines. The subroutine at address 0x1001A60 contains references to our strings of interest. FireEye, Inc., 1440 McCarthy Blvd., Milpitas, CA 95035 | +1 408.321.6300 | +1 877.FIREEYE (347.3393) | [email protected] | www.FireEye.com 1 Figure 2 - Decompilation of function using interesting strings I’ve cleaned up the decompilation in the screenshot above to be slightly more accurate. Quickly skimming sub_1001910 reveals that this function grabs the contents of a file, so it looks like sub_0x1001A60 will read the file n1ght_4lve$_R_c00L.bin and XOR the contents against the string A_l1ttl3_P1C_0f_h3aV3n. The result of this operation is compared to a static array on the stack, and if the two match the sample will print our key.
    [Show full text]
  • Copyrighted Material
    Index Numerics Address Resolution Protocol (ARP), 1052–1053 admin password, SOHO network, 16-bit Windows applications, 771–776, 985, 1011–1012 900, 902 Administrative Tools window, 1081–1083, 32-bit (x86) architecture, 124, 562, 769 1175–1176 64-bit (x64) architecture, 124, 562, 770–771 administrative tools, Windows, 610 administrator account, 1169–1170 A Administrators group, 1171 ADSL (Asynchronous Digital Subscriber Absolute Software LoJack feature, 206 Line), 1120 AC (alternating current), 40 Advanced Attributes window, NTFS AC adapters, 311–312, 461, 468–469 partitions, 692 Accelerated Graphics Port (AGP), 58 Advanced Computing Environment (ACE) accelerated video cards (graphics initiative, 724 accelerator cards), 388 Advanced Confi guration and Power access points, wireless, 996, 1121 Interface (ACPI) standard, 465 access time, hard drive, 226 Advanced Graphics Port (AGP) card, access tokens, 1146–1147 391–392 Account Operators group, 1172 Advanced Graphics Port (AGP) port, 105 ACE (Advanced Computing Environment) Advanced Host Controller Interface (AHCI), initiative, 724 212–213 ACPI (Advanced Confi guration and Power Advanced Micro Devices (AMD), 141–144 Interface) standard, 465 Advanced Packaging Tool (APT), 572 Action Center, 1191–1192 Advanced Power Management (APM) Active Directory Database, 1145–1146, 1183 standard, 465 active heat sink, 150 Advanced Programmable Interrupt active matrix display, LCD (thin-fi lm Controller (APIC), 374 transistor (TFT) display), 470 Advanced RISC Computing Specifi cation active partition, 267,
    [Show full text]
  • Download Deploying Windows 7, Essential Guidance
    FROM THE Windows® 7 Resource Kit Mitch Tulloch, Tony Northrup, Jerry Honeycutt, Ed Wilson, and the Windows 7 Team at Microsoft I Chapter 3 Deployment Platform .............................................. 85 I Chapter 4 Planning Deployment ............................................ 113 I Chapter 5 Testing Application Compatability ........................... 139 I Chapter 6 Developing Disk Images ......................................... 179 I Chapter 7 Migrating User State Data ...................................... 223 I Chapter 8 Deploying Applications .......................................... 247 I Chapter 9 Preparing Windows PE ........................................... 273 I Chapter 10 Confi guring Windows Deployment Services .............. 293 I Chapter 11 Using Volume Activation ........................................ 335 I Chapter 12 Deploying with Microsoft Deployment Toolkit ........... 355 DEPLOYING WINDOWS 7 83 Chapter 3 Deployment Platform n Tools Introduction 85 n Windows 7 Deployment Terminology 87 n Platform Components 89 n Deployment Scenarios 99 n Understanding Setup 101 n Basic Deployment Process 105 n Microsoft Deployment Toolkit Process 107 n Summary 110 n Additional Resources 111 uilding on technology that the Windows Vista operating system introduced, Windows 7 Bdeployment technology has evolved significantly since Windows XP Professional . For example, it supports file-based disk imaging to make high-volume deployments quicker, more efficient, and more cost effective . The Windows 7 operating system also provides
    [Show full text]
  • Oracle Database Platform Guide for Windows
    Oracle® Database Platform Guide 10g Release 1 (10.1) for Windows Part No. B10113-01 December 2003 Oracle Database Platform Guide, 10g Release 1 (10.1) for Windows Part No. B10113-01 Copyright © 1996, 2003 Oracle Corporation. All rights reserved. Primary Author: Craig B. Foch Contributing Author: Mark Kennedy and Helen Slattery Contributor: David Collelo The Programs (which include both the software and documentation) contain proprietary information of Oracle Corporation; they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright, patent and other intellectual and industrial property laws. Reverse engineering, disassembly or decompilation of the Programs, except to the extent required to obtain interoperability with other independently created software or as specified by law, is prohibited. The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. This document is not warranted to be error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose. If the Programs are delivered to the U.S. Government or anyone licensing or using the programs on behalf of the U.S. Government, the following notice is applicable: Restricted Rights Notice Programs delivered subject to the DOD FAR Supplement are "commercial computer software" and use, duplication, and disclosure of the Programs, including documentation, shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement.
    [Show full text]
  • Product Name User Guide
    Smart-X Software Solutions Core Configurator User guide _______________________________________________________________ SmartX Software Solutions Core Configurator User Guide Table of content: WELCOME 4 FEATURES AND CAPABILITIES 5 MORE SYSTEM MANAGEMENT TOOLS 6 REQUIREMENTS 8 LICENSING AND INSTALLATION 8 EVALUATION VERSION LIMITATION 8 INSTALLATION 8 INSTALLING CORECONFIG ON WINDOWS 7 / 2008 R2 BETA VERSIONS 9 LICENSING 10 WORKING WITH CORE CONFIGURATOR 11 שגיאה! הסימניה אינה מוגדרת. CORE CONFIGURATOR MAIN SCREEN – 32 BIT HOW IT WORKS 11 CORE CONFIGURATOR MAIN SCREEN – 64 BIT 12 ACTIVATION SCREEN 13 HOW IT WORKS: 13 DISPLAY SETTINGS 14 HOW IT WORKS 14 TIME ZONE 15 HOW IT WORKS 15 REMOTE DESKTOP 16 HOW IT WORKS 16 ACCOUNT MANAGEMENT 17 HOW IT WORKS 17 FIREWALL 18 HOW IT WORKS 18 WINRM 19 HOW IT WORKS 19 NETWORKING 20 HOW IT WORKS 21 COMPUTER NAME 22 HOW IT WORKS 22 FEATURES 23 HOW IT WORKS 23 BACKUP PERFORMANCE 24 DCPROMO 25 HOW IT WORKS 26 AUTOMATIC UPDATES 27 HOW IT WORKS 29 REGIONAL LANGUAGES 30 HOW IT WORKS 30 REGISTRY EDITOR 31 2 SmartX Software Solutions Core Configurator User Guide HOW IT WORKS 31 TASK MANAGER 32 HOW IT WORKS 32 SERVICE 33 HOW IT WORKS 33 SYSTEM INFO 34 SHOW COMMANDS 35 3 SmartX Software Solutions Core Configurator User Guide Chapter 1 Welcome Welcome to Smart-X. Thank you for choosing Core Configurator™, one of the top tools developed by Smart-X Software Solutions expert team in an effort to optimize your everyday work. Core Configurator helps you manage your system efficiently, effortlessly and productively. This chapter describes the features and capabilities of Core Configurator, and lists additional tools in the same field that can help optimize your work environment.
    [Show full text]
  • The Evolution of TDL: Conquering X64
    The Evolution of TDL: Conquering x64 Revision 1.1 Eugene Rodionov, Malware Researcher Aleksandr Matrosov, Senior Malware Researcher 2 2 CONTENTS 3 INTRODUCTION ..................................................................................................................................................... 4 1 INVESTIGATION ............................................................................................................................................. 5 1.1 GANGSTABUCKS ............................................................................................................................................... 6 2 INSTALLATION ............................................................................................................................................. 11 2.1 INFECTING X86 SYSTEMS .................................................................................................................................. 11 2.2 INFECTING X64 SYSTEMS .................................................................................................................................. 13 2.3 THE DROPPER’S PAYLOAD ................................................................................................................................ 14 2.4 COMPARISON WITH TDL3/TDL3+..................................................................................................................... 15 3 THE BOT .....................................................................................................................................................
    [Show full text]