We’re excited to announce Sysmon, a new Sysinternals utility that monitors and reports key system activity via the Windows event log, including detailed information about process creation, network connections and file creation timestamp changes. With Sysmon installed on your systems, you can collect and analyze these events to identify the presence of attackers, and correlate events across your network to track them as they traverse your network.
Most things are simple when you know how to do it.
In this case it was to move the Dock to a different monitor (or to restore it to your main monitor when you accidentally moved it to a secondary monitor).
TbonesTech explains it in the below video, and it is this simple:
On the monitor on which you want the Dock to appear, move the mouse to the bottom of the screen.
Then wait a moment for the Dock to move to that location.
It works in Mavericks. It might work in older versions as well, but I’ve not checked that yet.
The location is kept just as long as needed, based on a well known Delphi reference counting mechanism: interfaces. The same one I used for the TTemporaryCursor class (and one of the reasons the TTemporaryCursor will keep functioning).
unit AnonymousMethodMementoUnit;
interface
uses
System.SysUtils;
type
IAnonymousMethodMemento = interface(IInterface)
['{29690E1E-24C8-43A5-8FDF-5F21BB32CEC2}']
end;
TAnonymousMethodMemento = class(TInterfacedObject, IAnonymousMethodMemento)
strict private
FFinallyProc: TProc;
public
constructor Create(const AFinallyProc: TProc);
destructor Destroy; override;
procedure Restore(const AFinallyProc: TProc); virtual;
class function CreateMemento(const AFinallyProc: TProc): IAnonymousMethodMemento;
end;
implementation
{ TAnonymousMethodMemento }
constructor TAnonymousMethodMemento.Create(const AFinallyProc: TProc);
begin
inherited Create();
FFinallyProc := AFinallyProc;
end;
destructor TAnonymousMethodMemento.Destroy;
begin
Restore(FFinallyProc);
inherited Destroy();
end;
class function TAnonymousMethodMemento.CreateMemento(const AFinallyProc: TProc): IAnonymousMethodMemento;
begin
Result := TAnonymousMethodMemento.Create(AFinallyProc);
end;
procedure TAnonymousMethodMemento.Restore(const AFinallyProc: TProc);
begin
AFinallyProc();
end;
end.
Like TTemporaryCursor, I’ve kept it self-contained.
It uses a TProc parameter – a parameterless anonymous method – called AFinallyProc that needs to be executed right before the memento goes out of scope.
It can be called like any method, as to the compiler it is a method.
I had been using a similar technique in Delphi since before I found out about the [WayBack] TRecall class and thought: I think my TTemporaryCursor is smarter, as it is based on interfaces.
My [WayBack] TTemporaryCursor (now [WayBack] at bitbucket) class only stores an integer, so it cannot derive from TRecall. Besides it is based on IInterface which got introduced in Delphi 6, but was present as IUnknown since Delphi 3 (see [WayBack] Interface It! A quick guide to the ins and outs of interfaces in Delphi. By Jimmy Tharpe).
This means that TRecall could have been based on IInterface, so I wonder why it was not.
Note I’m not the first to publish about such a class (Malcolm Grooves wrote [WayBack] TCursorSnapshot, SwissDelphiCenter has [WayBack] TMyCursor, Nick Hodges published about [WayBack] TAutoCursor), it’s just that it has been in my tool box for so long, and written memento classes that you will see 2 articles on it this week.
In the mean time (this works with Delphi 2009 and up), I also wrote a small class that does similar things for any [WayBack] anonymous method. More on that tomorrow.
Though I’ve written only a few blog posts about 7zip – my compressor of choice ever since I discovered 7zip some 10 years ago around version 3.13 (their history goes much further back: 1999) – here is a fresh one:
7zip is a fast, free, multi-platform and has great compression. No wonder Toms Hardware gave them an award last year: And The Undisputed Winner Is… 7-Zip.
For Windows, I take the downloads from 7-Zip: there are both x64 and x86 versions (x64 supports more memory so can handle bigger archives).
For Mac, I’ve been using Keka – the free Mac OS X file archiver. Both compressing and decompressing involve dragging the uncompressed or compressed files to the Keka dock icon.
That is slightly more involved than the context menu in Windows, but it works great.
For Windows command line usage, I use either 7za.exe or 7z.exe (uses DLLs, supports more compression)
When using Windows RDP you have the risk of a Shift key getting stuck.
This happens when press Ctrl and Shift. Make sure you release Shift first, otherwise Shift gets stuck.
Same with Alt and Shift: you have to release the Shift key first.
This is not a problem when using the OS X Remote Desktop application 8.x from Microsoft: only the Windows MSTSC.exe applications included in Windows 7 and higher suffer from this when you connect to Windows 7 and higher (including connecting from Windows to Windows Server and from Windows Server to Windows).
It does not happen with the MSTSC.exe in Windows 2000/XP and Windows Server 2003/2003 R2.
Results
Here are the important results:
Press Shift and Control (either order) -> Release Shift -> Release Control: Normal state
Press Shift and Control (either order) -> Release Control -> Release Shift: Problem state
Conclusion
RDP has a bug whereby the shift state incorrectly remains in the “pressed” state if, after pressing Shift+Control, the Control key is released first.
The Wiert Corner - irregular stream of stuff 