Technoblog.org » Windows http://technoblog.org Technoblogging Mon, 23 Aug 2010 07:58:59 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 New version of Process Explorer (and some other tools) http://technoblog.org/2010/03/new-version-of-process-explorer-and-some-other-tools/ http://technoblog.org/2010/03/new-version-of-process-explorer-and-some-other-tools/#comments Tue, 30 Mar 2010 06:08:39 +0000 jrp http://technoblog.org/?p=83 Microsoft Sysinternals just released a new version of Process Explorer (v12).
In the new version you can see what svchost is hosting, the mapping of service names to threads and the TCP/IP tabs on Vista/Win 7. There are also some features related to IE8.

Process Explorer:
http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

They also updated som other tools:

VMMap
http://technet.microsoft.com/en-gb/sysinternals/dd535533.aspx

DiskView
http://technet.microsoft.com/en-gb/sysinternals/bb896650.aspx

Read the entire blog post here:
http://blogs.technet.com/sysinternals/archive/2010/03/25/updates-process-explorer-v12-vmmap-v2-62-diskview-v2-4-sdelete-v1-7.aspx

]]> http://technoblog.org/2010/03/new-version-of-process-explorer-and-some-other-tools/feed/ 0 0-day SMB remote exploit in Windows 7 and Windows Server 2008 R2 http://technoblog.org/2009/11/0-day-smb-remote-exploit-in-windows-7-and-windows-server-2008-r2/ http://technoblog.org/2009/11/0-day-smb-remote-exploit-in-windows-7-and-windows-server-2008-r2/#comments Fri, 13 Nov 2009 08:18:21 +0000 jrp http://technoblog.org/?p=74 There is a new 0-day remote exploit available for Windows 7 and Windows Server 2008 R2.
This only works on R2 of Windows Server, but it work even with all the latest patches applied.

Exploitation of the exploit crashes the system. This is done by sending a NetBios header that specifies that the SMB-packet is 1, 2 or 4 bytes larger or smaller than what it actually is.

When the system crashes, there is no BSOD, the system simply freezes. And there is no traces in the event logs (after reboot).

When the system receives the packet, it goes into an infinite loop.

The crash itself happens in KeAccumulateTicks() due to NT_ASSERT()/DbgRaiseAssertionFailure() (which is caused by an infinite loop).

The vulnerability could possibly be exploited through IE.

And the proof of concept works by:

1. Running the python code on a *nix box, and ensuring port 445 is open.
2. Connecting through SMB to the *nix box.

Read more:
http://isc.sans.org/diary.html?storyid=7573
http://blog.trendmicro.com/new-smb-zero-day-exploit/
http://praetorianprefect.com/archives/2009/11/how-to-crash-windows-7-and-server-2008/
http://g-laurent.blogspot.com/2009/11/windows-7-server-2008r2-remote-kernel.html

]]> http://technoblog.org/2009/11/0-day-smb-remote-exploit-in-windows-7-and-windows-server-2008-r2/feed/ 0 Installing Windows XP on a Dell XPS M1330 http://technoblog.org/2009/09/installing-windows-xp-on-a-dell-xps-m1330/ http://technoblog.org/2009/09/installing-windows-xp-on-a-dell-xps-m1330/#comments Mon, 07 Sep 2009 19:15:08 +0000 jrp http://technoblog.org/?p=64 If you want to install Windows XP Professional on a Dell XPS M1330 laptop, its enough to set the S-ATA controller to “ATA”-mode in the BIOS (yes, disable ACHI, and remember to disable the flash cache thingy too).

]]> http://technoblog.org/2009/09/installing-windows-xp-on-a-dell-xps-m1330/feed/ 0