Posted by jpluimers on 2025/07/21
This started out ad a post to make things easier for my mentally brother, but then I figured it makes it so much easier for myself as well: getting rid of the evern returning Windows nag screens. Not just the ones after logon during initial Windows install that get back about every other Windows 20H update (thank god they stepped away from 19## version numbering that felt so, ehm, last millennium), but also the various “suggestions” in start menu, on the taskbar and elsewhere.
I understand that basically giving Windows 10 and 11 for free to many Windows 7/8 licensed machines or Windows-preinstalled machines induces Microsoft to see Windows as an advertising environment, but hey: many users can do without these distractions.
It is hard to solve, as even the underlying registry settings seem to be reset every once in a while, and solving it globally is not an option: the settings are a per-user one. Which means you need to run script early during every Windows logon to overwrite these settings.
Read the rest of this entry »
Posted in Batch-Files, CommandLine, Conference Topics, Conferences, Development, Event, Power User, PowerShell, PowerShell, Registry Files, Scripting, Software Development, Windows, Windows 10, Windows 11, Windows Development | Tagged: 48 | Leave a Comment »
Posted by jpluimers on 2025/06/12
I wrote about Sequoiaview in depth in SequoiaView Homepage, made some research notes in “cushion treemap” delphi – Google Search and touched it slightly in A choco install list.
I never heard back from my request for Sequoiaview source code, and given ever increasing local storage media sizes, the speed of it now has become an issue, so I started looking to see if more alternatives have appeared and what sets them apart.
TL;DR
- There is the open source WinDirStat that runs as non-admin and is about as slow as Sequoiaview
- There is the closed source but free for personal use WizTree that requires admin elevation and is much faster than Sequoiaview and WinDirStat
Neither of them allow for a view that is cushion treemap only.
The reason that WizTree is fast is that it directly uses the NTFS MFT (Master File Table) to read the information from. This requires elevated permissions.
This is the same mechanism used by the Everything search tool, but unlike Everything, WizTree:
Read the rest of this entry »
Posted in C++, Development, Encoding, Mojibake, Software Development, UTF-8, Windows Development | Tagged: include | Leave a Comment »
Posted by jpluimers on 2025/05/20
For my link archive: [Wayback/Archive] Debugging Win32 binaries in Ghidra via Wine
[Wayback/Archive] Ghidra is a cross-platform reverse-engineering and binary analysis tool, with recent versions including support for dynamic analysis. I want to try using it as a replacement for IDA Pro in reverse-engineering of Win32 binaries, but hit bugs related to address space detection when running gdbserver with Wine ([Wayback/Archive] ghidra#4534).
This post contains custom GDB commands that allow Ghidra to query the Linux process ID and memory maps of a Win32 target process running in 32-bit Wine on a 64-bit Linux host.
Via [Wayback/Archive] Ptrace Security GmbH on Twitter: “Debugging Win32 binaries in Ghidra via Wine #Pentesting #Debugging #CyberSecurity #Infosec”.
--jeroen
Posted in Debugging, Development, Software Development, Windows Development | Tagged: CyberSecurity, Debugging, infosec, Pentesting | Leave a Comment »
Posted by jpluimers on 2025/04/10
Over the last years a few C:\Windows.msi vulnerabilities have been discovered (and fixed), of which some are linked below.
The core is that the Windows Installer tries to be transactional, and NTFS is, but the combination with installer processes isn’t.
That leads into vulnerabilities where you can insert malicious Roll Back Scripts (.rbs files) and Roll Back Files (.rbf files), and I wonder if by now more have been discovered.
So this post is a kind of reminder to myself (:
Oh, and I learned much more about whoami on Windows, as there whoami /groups shows very detailed SID information. From that, I learned more on the internals of SIDs too!
Read the rest of this entry »
Posted in Blue team, C++, Development, Power User, Red team, Security, Software Development, Visual Studio C++, Windows, Windows Development | Tagged: 1, else, endif, if | Leave a Comment »
The Wiert Corner - irregular stream of stuff 