Microsoft’s PowerShell hangs when output is captured using Windows API

Posted on August 15, 2011 by Maris

I was debugging a program that uses Windows API (Creating a Child Process with Redirected Input and Output) to capture stdout of Microsoft’s Windows PowerShell.

Script passed to PowerShell (-File switch) didn’t execute and PowerShell just hanged until killed by Task Manager.

It turns out that you need to use undocumented parameter “-InputFormat none”:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -InputFormat none -File file.ps1

This is discussed in MS Connect site: PowerShell.exe can hang if STDIN is redirected.

Similar issue at StackOverflow: Silently executing a PowerShell script from WiX Hangs PowerShell.

Posted in Computers, OS, Programming | Tagged , , | Leave a comment

2011 links no. 2

Posted on July 31, 2011 by Maris

Stack Overflow profiler open sourced: Profiling your website like a true Ninja.

Smaller is Faster (and Safer Too). Chrome team have just started using a new compression algorithm called Courgette to make Google Chrome updates small. Read more.

Ask Amir Taaki About Bitcoin. From Slashdot.

The Four Stages of NTFS File Growth from Windows Server Core Team.

Some articles from CodeProject:

Rosa Golijan writes about what happens on the Internet every 60 seconds.

The Biggest Changes in C++11 (and Why You Should Care) by Danny Kalev.

Are You Too Good For Code Reviews? Articles and discussion in Slashdot.

Google’s Swiffy converts Flash SWF files to HTML5.

Have you wondered whether WordPress can handle high-volume traffic? High Traffic Tips For WordPress.

The most detailed story about Stuxnet: How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History.

How to build your own 135TB RAID6 storage pod for $7,384 from extremetech.com.

Investigation: Is Your SSD More Reliable Than A Hard Drive? from tomshardware.com.

pdf.js is a technology demonstrator prototype to explore whether the HTML5 platform is complete enough to faithfully and efficiently render the ISO 32000-1:2008 Portable Document Format (PDF) without native code assistance. From Dr. Andreas Gal.

Posted in Programming, Web | Tagged , , , , , , , , , , , | Leave a comment

Urih.com has online resource viewer for executable files

Posted on July 28, 2011 by Maris

One of very interesting online tool we launched in urih.com is online resource viewer for executable files. We call it – Portable executable online viewer.

This new (online) tool can be used like any old (offline) tool to view images embedded into executable (PE format) file.

Also, many properties of executable file are shown, like Date compiled – date when exe is build (not same as file date/time), minimum OS version, application manifest XML file, and more.

Here is an example of how it looks like for calc.exe file from Windows 7.

Posted in Computers, OS, Programming | Tagged , , | Leave a comment

Strange HTTP GET requests from IP 150.70.x.x and IP 62.24.x.x

Posted on July 8, 2011 by Maris

Recently I started to notice that one of our sites gets strange HTTP GET requests from two IP ranges: 150.70.x.x and IP 62.24.x.x.

The short version of this goes as follows: we have web service when users can submit results via HTTP GET request. For example:
http://www.example.com/service?guid={BEDC2C9A-C5E6-4766-B57C-7CC07BB26F59}&result=x

Each (next) user/request gets a new GUID, like:
http://www.example.com/service?guid={412E9B56-E9CE-4FB5-9804-676FDC9EA3EC}&result=a
http://www.example.com/service?guid={64A00D1D-BCDB-4B5A-9DF3-51CF2BB6B663}&result=b
http://www.example.com/service?guid={CA5B86A1-A6B4-4CA8-AAA6-DC9302CF34D3}&result=c

Because GUIDs are unique, we should get each GUID only once. But this was not true for our web-service. We occasionally got duplicate requests. We started to investigate closer, and found that all double requests come from two IP ranges 150.70.x.x and IP 62.24.x.x, and all “second” requests follows the first after 30s – 5 min.

We did a Google search and found, that 150.70 IP range belongs to Trend Micro. There are even some statement from them:

Dear Site Owner,

To protect our customers from visiting a malicious or harmful site, web pages of the applicable URLs are downloaded and scanned by our servers. Thus, you may have noticed a few visits from our IPs. Please be assured that this poses no security risk to your web sites as our servers do not perform any action other than scanning the sites.
We then store the rating of the web site in our server cache so that our servers will no longer access those pages for analysis when a customer chooses to visit those web sites again. We have already asked our server owner to add the rating for the following domain(s);
…..
The setting will take effect soon, please verify it again on your site.
Sorry for any inconvenience and please inform us of any other concerns you may have.
Best Regards,
Trend Micro’

More: http://forum.notebookreview.com/security-anti-virus-software/331930-trendmicro-servers-japan-accessing-webservers.html

It seems, that Trend Micro is spying after their customers. Second range comes from Talk Talk UK’s ISP, who apparently spies after their customers too.

Here are some links with more reading:
Search Engine Spider and User Agent Identification Forum from webmasterworld.com
IP Address Inspector – projecthoneypot.org
Im Being Monitored/Watched?

P.S. Most probably they do not try to do HTTP POST request, I do not know. We probably should use POST too, but that’s another story.
P.S.S. Some encryption like SSL should be mandatory for all Internet traffic in future.

Posted in Computers, Programming, Web | Tagged , , | 2 Comments

Windows API PlaySound error / silence

Posted on July 2, 2011 by Maris

Today stumbled at strange behavior of Windows API function PlaySound in combination with SND_FILENAME flag.

There are two scenarios:

  1. No sound is played, and PlaySound returns success (TRUE) in combination with SND_ASYNC;
  2. No sound is played, and PlaySound returns failure (FALSE) when using the same wav file, but without asynchronous flag.

The cause is, that system where this is happening is Windows Server 2008 R2, which is apparently missing some WAV codec. Files coded with different codec works.

Posted in Computers, OS | Tagged , , | Leave a comment

Error while receiving Verisign Authenticode certificate

Posted on June 20, 2011 by Maris

Today when I was downloading/receiving Verisign Authenticode certificate I got the following error window:
---------------------------
VBScript
---------------------------
Error: 1AD occured, your certificate may not be co`rrectly installed
---------------------------
OK
---------------------------

Then I was redirected to the page with the following text:
Your Certificate Could Not Be Installed Your certificate could not be installed in your web browser. The most likely reasons for this problem are:


The certificate is already installed.
Check your installed certificates. In Internet Explorer, go Tools > Internet Options and select the Contents tab. In the Certificates section, click the Certificates button. In the Personal tab, review the list of certifiicates. If your certificate is in the list, you do not need to install it again.


The browser and/or computer you are using now is not the same one used when you enrolled for your certificate.
You must use the same browser on the same computer to enroll for and install your certificate.


You are not running the latest version of Internet Explorer.
Click here to get the latest version of Internet Explorer.


The certificate database in the Web browser is not accepting the new certificate (the database may be corrupted).
Reinstall Internet Explorer and enroll again for the certificate.

It seems, that Verisign site is trying to install this certificate two times, because when I looked at the installed certificates in Internet Explorer, the certificate was already there.

Posted in Computers, Web | Tagged , , , | Leave a comment

Call to OpenFileDialog or SaveFileDialog hangs or freezes

Posted on June 8, 2011 by Maris

Today I was debugging a very strange issue when call to OpenFileDialog and SaveFileDialog hanged, froze, never returned…

At first I thought the problem is, that call is made from SysTray (Notification area) hidden window. However, digging deeper things got more bizarre. I found a thread in MS forum, where was a workaround – add help button to OpenFileDialog.

When I say that it “hangs” I mean that the dialog does not display but no exception is thrown and the system eventually throws in a little wait cursor to indicate that the program is getting time. It doesn’t hang the entire computer, fortunately, but the application has to be terminated.

For OpenFileDialog the ShowHelp property must be explicitly set.
For SaveFileDialog the ShowHelp, CreatePrompt, and OverwritePrompt properties must be explicitly set.

It’s not consistent though. I’ve had SaveFileDialog work with just ShowHelp set in simple situations. But I have an app which didn’t start running again until I also set CreatePrompt and OverwritePrompt properties then it started working again. They don’t have to be set to true, they just have to be initialized to either true or false.

Original forum post: click here.

So I tried:
myDialog.ShowHelp = true;

And it worked. So bizarre I thought.

After little more testing I found next problem. If file is not found, then dialog must show warning that ‘File not found. Check the file name and try again.’ And it showed the warning… and hanged…

From the beginning I was ignoring one fact, that this actually is a .NET COM object, and that I am calling it from MTA threading model (multi-thread apartment). By default .NET COM objects advertise themselves as BOTH (STA, MTA), so I changed calling thread to STA. Changed CoInitializeEx to CoInitialize, and suddenly everything worked like a charm.

I am not a COM expert, so if you find some flaws please let me know in comments!

Posted in Computers, Programming | Tagged , , , | 3 Comments

2011 links no. 1

Posted on May 9, 2011 by Maris

3D Software Rendering Engine – Part I by darkoman.

Fluent CSV/XML Exporter For List by Sacha Barber allows to export / save any C# container to CSV and XML.

Push Framework – A C++ toolkit for high performance server development in Windows by Ahmed Charfeddine.

Next part in Task Parallel Library: 5 of n by Sacha Barber.

ISO C++ Committee Approves C++0x Final Draft. Standard is going to be published, to be known as C++ 2011.

Is it reasonable to use the prefix increment operator ++it instead of postfix operator it++ for iterators. Andrey Karpov about C++ iterators.

Which Version of .NET is Built into Windows? To my surprise, Windows Server 2008 have .NET 3.0 off by default.

Microsoft Mathematics (formerly Microsoft Math) is free as in beer.

What do you do for lunch every day? Where do you eat it? With whom? Joel Spolsky writes about software teams.

Invoke .NET Assembly from Native C++ Code. With examples for Visual Studio. Hosted on CodePlex.

The attackers plant their PHP scripts, similar to those I described in previously mentioned diaries. These scripts vary from simple to very advanced scripts that can automatically monitor Google trend queries and create artificial web pages containing information that is currently interested. More on Google image poisoning.

Video: How Google is protecting their Data Centers (logically and physically).

Posted in OS, Programming, Web | Tagged , , , , , , , , , | Leave a comment

Strange file named “剐䍏塅ㅐ〰匮卙” in C:\Windows\System32\drivers

Posted on April 25, 2011 by Maris

Today, looking in directory C:\Windows\System32\drivers, I found strangely named file “剐䍏塅ㅐ〰匮卙”. First thought was: it is driver form LG PC suite… I remember, that some files have Korean characters in it. However, looking closer, I found, that file is digitally signed by Sysinternals.

So it can not be a computer virus, because in that case they would need a private key form Microsoft Sysinternals.

I have a couple of programs from Sysinternals installed. So I started to google, but could no find answer easily. Here is a link to relevant discussion. Running logonsessions creates…

It talks, that file C:\Windows\System32\drivers\剐䍏塅ㅐ〰匮卙 is created by LogonSessions utility. So file really comes from Microsoft, so it is not a virus.

Posted in Computers, OS | Tagged , , , | Leave a comment

fatal error C1083: Cannot open include file: ‘ammintrin.h’: No such file or directory

Posted on April 15, 2011 by Maris

I can not compile my C++ projects after installing ‘Security Update for Microsoft Visual Studio 2010 (KB2455033)’, see my yesterday’s post: Security Update for Microsoft Visual Studio 2010 (KB2455033) failed with Code 643.

Visual Studio 2010 shows the following error:
1>------ Build started: Project: some_project_name_i_am_hiding, Configuration: Debug Win32 ------
1> stdafx.cpp
1>c:\program files (x86)\microsoft visual studio 10.0\vc\include\intrin.h(26): fatal error C1083: Cannot open include file: 'ammintrin.h': No such file or directory
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

Error is caused because file intrin.h have reference to ammintrin.h, and after this update there is no such file. Relevant fragment from intrin.h:
#if defined(_M_IX86) || defined(_M_X64)
#include <immintrin.h>
#include <ammintrin.h>

Searching Google for the answer I found only one link in Russian. Russian developer says, he have reinstalled Visual Studio. Tried to search MS Connect again, and found: Windows Update KB2455033 breaks build with missing ammintrin.h.

The workaround is to install Visual Studio 2010 SP1. Download it form Microsoft Website: Microsoft Visual Studio 2010 Service Pack 1 (Installer).

Installing service pack 1 takes some time while I am writing this blog post… 30 minutes… And Building / compiling after SP1 is successful. So installing Microsoft Visual Studio 2010 Service Pack 1 fixes this issue.

Screenshots from the process below.

Posted in Programming | Tagged , , , | 2 Comments