Archive for the ‘Windows Development’ Category
Posted by jpluimers on 2025/04/02
Steps for installing Chocolatey on Windows 11 and up or 10 version 1803 and up.
Since I often install Windows on machines where it is not easy to copy/paste longer install commands my steps are slightly different than the ones on [Wayback/Archive] Chocolatey Software | Installing Chocolatey:
- Start a regular command prompt
- Either these two (the options are equivalent, see [Wayback/Archive] curl: transfer a URL | curl Commands | Man Pages | ManKier for
--remote-name and -O):
curl --remote-name https://community.chocolatey.org/install.ps1curl -O https://community.chocolatey.org/install.ps1
Note the cURL pre-installed on Windows 10 since at least 6 years*: release 1803 or insider build 17063 is good enough to download the Chocolatey install script
- Inspect the downloaded
install.ps1 to check if you spot anything you dislike
- Start an elevated (administrator) command prompt
- Start PowerShell
- Execute this command
Set-ExecutionPolicy Bypass -Scope Process -Force
- Execute this command in the folder where you downloaded
install.ps1
- Yup, a custom build of cURL has been pre-installed on Windows 10 and up since more than 6 years:
Read the rest of this entry »
Posted in *nix, *nix-tools, Chocolatey, cURL, Development, Power User, Software Development, Windows, Windows 10, Windows 11, Windows Development | Leave a Comment »
Posted by jpluimers on 2025/02/25
On the reading list wondering which tool chains can deliver NtAPI based development: [Wayback/Archive] Going Native – Malicious Native Applications
Via [Wayback/Archive] Thread by @MrPc69257431 on Thread Reader App with first tweet at
https://x.com/MrPc69257431/status/1864855379651498292
Note that being able to call NtAPI from your code base does not mean NtAPI based development: Pure NtAPI means you need a linker that can target a different output. See the quote from the above article (emphasis mine):
So, to get started with an empty native executable, all we have to do is include the “phnt.h” file, and set up the NtProcessStartup function. Then it’s important to tell the linker that we want to link against ntdll, and that we’ll be making a native application by passing in the “Native” text to the Subsystem linker option
It means that for instance Delphi is kind of out of the question for this, see these links on why:
Read the rest of this entry »
Posted in Conference Topics, Conferences, Delphi, Development, Event, Software Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2025/02/18
I unconsciously wanted a tool like this for a long time, and was glad I finally searched for it:
A keyboard logging and presentation utility for presentations, screencasts, and to help you become a better keyboard user.
[Wayback/Archive] Code52/carnac: A utility to give some insight into how you use your keyboard
The first time I saw something similar was in the Delphi days where it was part of a plugin for CodeRush in Delphi (think Delphi 5-6 era), the famous developer productivity tool by Mark Miller that later got rewritten for Visual Studio and became part of DevExpress.
So I searched for [Wayback/Archive] windows show keystrokes – Google Search which found [Wayback/Archive] How to show keystrokes on Windows 10 which in turn mentioned a fork of Carnac.
As it turns out Read the rest of this entry »
Posted in .NET, Delphi, Development, Hardware, Keyboards and Keyboard Shortcuts, KVM keyboard/video/mouse, Power User, Software Development, Windows, Windows Development | Leave a Comment »
Posted by jpluimers on 2025/01/14
For my link archive: below a series of articles my Raymond Chen on “The AArch64 processor (aka arm64)” in the order of appearance from a few years back and still very relevant today.
It is part of a few more series on processors that (were) supported by Windows. A good reference to find which version supported which processor architecture is the tables in List of Microsoft Windows versions – Wikipedia.
Read the rest of this entry »
Posted in AArch64/arm64, ARM, Assembly Language, Development, History, MIPS R4000, PowerPC, Software Development, The Old New Thing, Windows Development, x64, x86 | Leave a Comment »
Posted by jpluimers on 2025/01/08
(All below statements were run elevated as Administrator)
I had arp -d fail with any parameter combination on one of my systems always throwing the error The ARP entry deletion failed: The parameter is incorrect..
Luckily I found out that this did clear the ARP cache correctly:
netsh interface ip delete arpcache
I found that via [Wayback/Archive] “The ARP entry deletion failed: The parameter is incorrect.” – Recherche Google:
Read the rest of this entry »
Posted in Batch-Files, Development, Power User, Scripting, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/12/12
Simple (but fully working) code for NPLogonNotify(). The function obtains logon data, including cleartext password.
[Wayback/Archive] PSBits/PasswordStealing/NPPSpy at master · gtworek/PSBits has been used in the wild since about 2022 (the code is from 2020).
The code is a ~100 line C file resulting in a DLL exporting the NPGetCaps() and NPLogonNotify() functions.
Background/related:
Read the rest of this entry »
Posted in .NET, Blue team, C, CommandLine, Development, Power User, PowerShell, PowerShell, Red team, Scripting, Security, Software Development, Windows Development | Tagged: NPPSPY | 1 Comment »
Posted by jpluimers on 2024/12/05
For my link archive as this is environment variable override trick to override DLL loading is not just limited to executables shipping with Windows, but also with other products (likely: virus scanners that run privileged); another alternative is running a local process serving the WebDAV protocol.
Read the rest of this entry »
Posted in Development, Power User, Security, Software Development, Windows, Windows 10, Windows 11, Windows Development | Tagged: DEFCON30 | Leave a Comment »
Posted by jpluimers on 2024/12/04
Need to write a tool for this that sets/clears the ………… flag in the PE .EXE header.
Officially it is for this:
[Wayback/Archive] IMAGE_FILE_HEADER (winnt.h) – Win32 apps | Microsoft Learn
- IMAGE_FILE_UP_SYSTEM_ONLY
- 0x4000
|
The file should be run only on a uniprocessor computer. |
In practice, this sets the affinity to 1 single CPU core (which is kind of random, and could change each time you start the executable).
This is ideal for code that is known for causing trouble executing on multiple cores, or – more importantly – to disallow core-switching for programs that give best performance when executed on a single core.
Via: [Wayback/Archive] Thread by @0gtweet on Thread Reader App – Did you ever hear about IMAGE_FILE_UP_SYSTEM_ONLY flag in NtHeader->FileHeader->Characteristics of an exe file?
Read the rest of this entry »
Posted in Development, Software Development, Windows Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 