The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,977 other subscribers

Archive for the ‘Windows 8’ Category

A year ago on Telegram: “Do I need to use GarbageCollectAtoms in Delphi? I used it in delphi 7, but I dont know what is benefit. 😐”

Posted by jpluimers on 2022/10/20

Last week I found out that I had some Windows ATOM issues before, but this beats them easily was still a draft in stead if in the blog queue.

I got reminded to it by someone asking on Telegram about

“Do I need to use GarbageCollectAtoms in Delphi? I used it in delphi 7, but I dont know what is benefit. 😐”.

The short answer is: yes, if your Delphi application does terminate in a way that the Controls unit cannot cleanly unload (and cannot free the Windows atoms) or leaks Windows atoms in a different way. I have been in that situation and that’s why I wrote the above blog post that got published in 2016.

The longer answer is likely no, both the Windows atom and registered Windows message table share a heap and that registered VCL Windows message leaking bug got fixed some 10 years ago in Delphi XE2, see:

Read the rest of this entry »

Posted in Conference Topics, Conferences, Delphi, Development, Event, Power User, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows NT, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista, Windows XP | Leave a Comment »

I had some Windows ATOM issues before, but this beats them easily

Posted by jpluimers on 2022/10/19

I’ve had some issues with Windows ATOM tables filling up, but nothing like this security bypass:

A new Windows code injection technique, atombombing, which bypasses current security solutions.

Source: AtomBombing: Brand New Code Injection for Windows – Breaking Malware [WayBack] with source code at BreakingMalwareResearch/atom-bombing: Brand New Code Injection for Windows

Note that since writing the first draft, the above AtomBombing article moved via Wayback: blog.ensilo.com to [Wayback/Archive.is] AtomBombing – A Brand New Code Injection Technique for Windows | FortiGuard Labs.

Read the rest of this entry »

Posted in Development, Power User, Software Development, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows 9, Windows Development, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista, Windows XP | Leave a Comment »

GoogleDriveFS.exe – System Error; The program can’t start because libcef.dll is missing from your computer. (it wasn’t missing)

Posted by jpluimers on 2022/10/17

GoogleDriveFS - cannot find libcef.dll

GoogleDriveFS – cannot find libcef.dll

Don’t you love errors after things try to audo-update themselves without testing preerquisites:

---------------------------
GoogleDriveFS.exe - System Error
---------------------------
The program can't start because libcef.dll is missing from your computer. Try reinstalling the program to fix this problem. 
---------------------------
OK   
---------------------------

The message was from the csrss.exe Client/Server Runtime Subsystem – Wikipedia process:

Read the rest of this entry »

Posted in Google, GoogleDrive, Power User, Windows, Windows 8 | Leave a Comment »

Windows: require UAC elevation to enter password instead of a simple “Yes” helps preventing USB HID attacks

Posted by jpluimers on 2022/06/17

Of course you should be careful inserting random USB devices. Apart from USB HID attacks, they could perform other attacks like DMA ones.

To help preventing automated UAC elevation, you can make it harder to activate UAC by requiring a password. I think the below registry trick and policy is supported as of Windows 7, but it could be more recent (i.e. Windows 8.1).

The video below shows the trick, but does not document it in text. So here we go [WayBack] Windows doesn’t ask for your password when changing settings – Windows 10 Forums

reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorUser" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableInstallerDetection" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableSecureUIAPaths" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableUIADesktopToggle" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "FilterAdministratorToken" /t REG_DWORD /d "1" /f
reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t REG_DWORD /d "1" /f

(A more elaborate batch file with lots more hardening is at [WayBack] Win 10 edits · GitHub)

The registry trick is especially useful for Home editions of Windows which do not allow you to run the Security Policy control panel applet secpol.msc.

The first two values explained at [WayBack] How to configure Windows UAC prompt behavior for admins and users – gHacks Tech News:

ConsentPromptBehaviorAdmin

This key defines the User Account Control behavior for system administrators. The default value is set to prompt but do not require credentials to be entered. Here are all possible values:

  • 0: A value of 0 allows administrators to perform operations that require elevation without consent (meaning prompts) or credentials (meaning authentication).
  • 1: A value of 1 requires the admin to enter username and password when operations require elevated privileges on a secure desktop.
  • 2: The value of 2 displays the UAC prompt that needs to be permitted or denied on a secure desktop. No authentication is required.
  • 3:  A value of 3 prompts for credentials.
  • 4: A value of 4 prompts for consent by displaying the UAC prompt.
  • 5: The default value of 5 prompts for consent for non-Windows binaries.

ConsentPromptBehaviorUser

  • 0: A value of 0 will automatically deny any operation that requires elevated privileges if executed by standard users.
  • 1: The value of 1 will display a prompt to enter the username and password of an administrator to run the operation with elevated privileges on the secure desktop.
  • 3: The default value of 3 prompts for credentials on a secure desktop.

The changes should take effect immediately. You can for instance set the admin behavior to 0 so that no prompts are displayed, and user behavior to 0 as well to prevent them from running operations that require elevated privileges.

Related:

Read the rest of this entry »

Posted in Power User, Windows, Windows 10, Windows 8, Windows 8.1 | Leave a Comment »

How can you export the Visual Studio Code extension list? (via: Stack Overflow)

Posted by jpluimers on 2022/06/16

Adapted from [Archive.is] How can you export the Visual Studio Code extension list? – Stack Overflow, presuming that code is on the PATH:

  1. From the command-line interface on MacOS, Linux, BSD or on Windows with git installed:
    code --list-extensions | xargs -L 1 echo code --install-extension
  2. From the command-line interface on MacOS, Linux, BSD or on Windows without git installed:
    code --list-extensions | % { "code --install-extension $_" }

    or, as I think, more clearly (see also [WayBack] syntax – What does “%” (percent) do in PowerShell? – Stack Overflow):

    code --list-extensions | foreach { "code --install-extension $_" }

    or even more explanatory:

    code --list-extensions | ForEach-Object { "code --install-extension $_" }
  3. From the command-line interface on Windows as a plain cmd.exe command:
    @for /f %l in ('code --list-extensions') do @echo code --install-extension %l
  4. On Windows as a plain cmd.exe batch file (in a .bat/.cmd script):
    @for /f %%l in ('code --list-extensions') do @echo code --install-extension %%l
  5. The above two on Windows can also be done using PowerShell:
    PowerShell -Command "code --list-extensions | % { """""code --install-extension $_""""" }"

    Note that here too, the % can be expanded into foreach or ForEach-Object for clarity.

All of the above prepend “code --install-extension ” (note the trailing space) before each installed Visual Studio Code extension.

They all give you a list like this which you can execute on any machine having Visual Studio Code installed and its code on the PATH, and a working internet connection:

code --install-extension DavidAnson.vscode-markdownlint
code --install-extension ms-vscode.powershell
code --install-extension yzhang.markdown-all-in-onex

(This is about the minimum install for me to edit markdown documents and do useful things with PowerShell).

Of course you can pipe these to a text-file script to execute them later on.

The double-quote escaping is based on [Wayback/Archive.is] How to escape PowerShell double quotes from a .bat file – Stack Overflow:

you need to escape the " on the command line, inside a double quoted string. From my testing, the only thing that seems to work is quadruple double quotes """" inside the quoted parameter:

powershell.exe -command "echo '""""X""""'"

Via: [Archive.is] how to save your visual studio code extension list – Google Search

–jeroen

Posted in *nix, *nix-tools, .NET, bash, Batch-Files, CommandLine, Console (command prompt window), Development, Mac OS X / OS X / MacOS, Power User, PowerShell, PowerShell, Software Development, Visual Studio and tools, vscode Visual Studio Code, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1, Windows Development, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, WSL Windows Subsystem for Linux, xargs | Leave a Comment »

 
%d bloggers like this: