Monthly Archives: July 2014

Debugging A PowerShell String

A friend had asked for some assistance with a script that was adding objects into Active Directory. It was failing to create Active Directory groups – “Invalid DN Syntax” was the descriptive message we received. However the DN syntax appeared … Continue reading

Posted in Debugging, PowerShell | Tagged | Leave a comment

When Windows 8.1 VM Host Runs Out of Disk Space…

When copying a large file in Windows 8.1 Parallels Virtual Machine, the host ran out of disk space… We can see from the stack trace explorer was copying file at time of crash… 0: kd> !analyze -v********************************************************************************                                                                             **                        Bugcheck Analysis                                    … Continue reading

Posted in WinDbg | Tagged | Leave a comment

Continuing Case of ByRef Corruption–.NET Patching

A new revision of app we previously met here https://chentiangemalc.wordpress.com/2014/05/22/case-of-the-invalid-base-key-error/ was out… The “Invalid Base Key” error had been patched, but now we had another. It looked like another case of variables being unexpectedly modified due to liberal and incorrect … Continue reading

Posted in .NET, Hacking, MSIL, Patching | Tagged | Leave a comment

Launching .NET EXE extracted from Memory DMP

Using the SOS debugging extension (http://msdn.microsoft.com/en-us/library/bb190764(v=vs.110).aspx) we can easily save modules in a .NET memory dump. I wanted to do some runtime analysis of an EXE, but I only had dmp file. 0:000> .load C:\windows\microsoft.net\Framework64\v2.0.50727\sos.dll0:000> lmv m qfbox2start             end                 module … Continue reading

Posted in .NET, 64-bit, WinDbg | Tagged | Leave a comment

Case of the Group Policy Preference Fail

A customer had an issue with mail not appearing in their Inbox. Their Exchange team had advised to set a registry value under HKEY_CURRENT_USER\Software\Policies\Microsoft\Office15.0\Outlook\Options\mail A group policy had been created to set the value, and it successfully worked on five … Continue reading

Posted in Group Policy | Tagged | Leave a comment

Importing Reg Files Into Group Policy Preferences

Surprisingly there doesn’t seem to be any obvious way to import “reg” files into Group Policy Preferences. And using the Registry Import Wizard can be tedious ticking many many tick boxes. Looking around existing tools I could find one commercial … Continue reading

Posted in Group Policy, PowerShell | Tagged , | 23 Comments