I use signtool.exe to codesign a Windows executable.
Which options of this tool can be used to define that a few bytes should be omitted from the hash calculation, and thus allowing that a digitally signed executable can have 8 or 16 bytes modified later?
This technique has been used by Mozilla (their .exe installer is different for each download, but has the same digital signature), see How can a .exe be modified and still keep a valid digital signature?.
The WinAPI function ImageGetDigestStream has an option DigestLevel to exclude resource information from the hash computation, but how to use this option when actually with signtool.exe or a similar tool?
This is explained by Didier Stevens in an article here: It's in the signature and he also provides a tool "disitool" to manipulate the signature.
Here are the steps to sign a file using Authenticode, and to append some data to it without breaking the signature:
A) Create a code siging certificate (you'll be required to enter passwords):
MakeCert /n "CN=MyOrg" /r /h 0 /eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" /sv MyOrg.pvk MyOrg.cer
note: 1.3.6.1.5.5.7.3.3 is szOID_PKIX_KP_CODE_SIGNING and 1.3.6.1.4.1.311.10.3.13 is szOID_KP_LIFETIME_SIGNING. This will create a private key file and a certificate file.
B) Add certificate to store (needs admin rights, could be a different store):
Certutil -addStore TrustedPeople MyOrg.cer
C) Create a Pfx file to sign:
Pvk2Pfx /pvk MyOrg.pvk /pi [Password goes here] /spc MyOrg.cer /pfx MyOrg.pfx
D) Sign your file:
SignTool.exe sign /fd SHA256 /v /a /f MyOrg.pfx /p [Password goes here] MyFile.exe
At this point MyFile.exe is signed using Authenticode:
E) Create some data.txt file. I've created one that just contains the "[Kilroy was here!]" text.
F) Now run disitool:
python.exe disitool.py inject --paddata MyFile.exe data.txt MyFile2.exe
And here is the result, MyFile2.exe is still valid without resigning the file:
While you can see data.txt's content added to its end:
From the original file's end:
I am attempting to export some database data using the BCP Utility.
Here is my batch command so far:
BCP [table] out [file] -c -T -S [server] -t"¶" | 7z.exe a -si [archive name] -sdel
The BCP part works just fine:
BCP [table] out [file] -c -T -S [server] -t"¶"
However, for the 7-Zip part:
7z.exe a -si [archive name] -sdel
It works to a point. The original file is not removed, and I'd also like to encrypt the archive with 128 bit or 256 bit encryption with a password.
Any suggestions?
I found a work around solution with a small VB .NET script.
The script takes in a table name, runs BCP into a text file, runs 7 Zip with encryption options (https://sevenzip.osdn.jp/chm/cmdline/switches/method.htm#Zip), and a password, then deletes the original text file.
These commands are run using the Process() object functions.
That way I can loop through the tables I need placed in files easily.
It is not the Windows batch answer I was looking for, but it works.
Any other suggestions are still welcome.
Thanks!
BCP .... | 7z u -sidirData -pMyPassword -mhe outputFile.7z
^ ^ ^ ^ ^______________ The file that will be generated
| | | |___________________ Encrypt file names
| | |________________________________ Password used for encryption
| |___________________________________________ Name of stored file
|_____________________________________________ update/create container file
Note that there are no spaces between the switches and the values
I am trying to write a batch file to connect to a shared folder on my LAN.
The command reads:
net use s: \\<server add>\sharename /user:username
How do I include the password in the command as well?
I've tried:
net use s: \\<server add>\sharename /user:username password
and get an incorrect syntax error.
The syntax of this command is:
NET USE
[devicename | *] [\\computername\sharename[\volume] [password | *]]
[/USER:[domainname\]username]
[/USER:[dotted domain name\]username]
[/USER:[username#dotted domain name]
[/SMARTCARD]
[/SAVECRED]
[[/DELETE] | [/PERSISTENT:{YES | NO}]]
NET USE {devicename | *} [password | *] /HOME
NET USE [/PERSISTENT:{YES | NO}]
This is all SOHO so assume no Server on network. I am using a windows 7 client.
The error message syntax positions the password (or a *) before the /USER: option. Putting the password before the user has always seemed illogical to me, but it's always worked.
I'm new to this, so bear with me a bit.
I'd like to write a batch file that can replace the etc/hosts file, depending on which VLAN I' m in when I log in.
ie: When I log in and I've got the xxx.xxx.102.xxx local IP, I'd like to use the hosts1 file. When I log in and I've got the xxx.xxx.103.xxx local IP, I'd like to use the hosts2 file.
So basically based on the output of an ipconfig, scan it for a "102" and a "103" and when that number is in the output, it could replace the hosts file in the Windows directory.
Ideas?
for %%a in (102 102 103) do (
ipconfig | find "xxx.xxx.%%a.xxx" >nul 2>&1 && copy /y hosts%%a "%SystemRoot%\system32\drivers\etc\hosts"
)
will work if you have admin permissions and your hosts files are anemd hosts101 hosts102 ...
you might try this. I use findstr's Regex capabilities here:
ipconfig | findstr /er "[0-9][0-9]*.[0-9][0-9]*.102.[0-9][0-9]*" && copy hosts1 "%windir%\system32\drivers\etc\hosts"
ipconfig | findstr /er "[0-9][0-9]*.[0-9][0-9]*.103.[0-9][0-9]*" && copy hosts2 "%windir%\system32\drivers\etc\hosts"
I'd like to modify the path to my application, but doing so breaks it because the service still points to the old location.
By going to Administrative Tools > Services you can open a properties dialog and view the Path to executable, but there is no way to change it.
Is there any way a user can modify the service path without having to reinstall the application ?
There is also this approach seen on SuperUser which uses the sc command line instead of modifying the registry:
sc config <service name> binPath= <binary path>
Note: the space after binPath= is important. You can also query the current configuration using:
sc qc <service name>
This displays output similar to:
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: ServiceName
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Services\ServiceName
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : <Display name>
DEPENDENCIES :
SERVICE_START_NAME : user-name#domain-name
It involves editing the registry, but service information can be found in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services. Find the service you want to redirect, locate the ImagePath subkey and change that value.
You could also do it with PowerShell:
Get-WmiObject win32_service -filter "Name='My Service'" `
| Invoke-WmiMethod -Name Change `
-ArgumentList #($null,$null,$null,$null,$null, `
"C:\Program Files (x86)\My Service\NewName.EXE")
Or:
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\My Service" `
-Name ImagePath -Value "C:\Program Files (x86)\My Service\NewName.EXE"
Open Run(win+R) , type "Regedit.exe" , to open "Registry Editor", go to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
find "Apache2.4" open the folder find the "ImagePath" in the right side, open "ImagePath"
under "value Data" put the following path:
"C:\xampp\apache\bin\httpd.exe" -k runservice foe XAMPP for others point to the location where Apache is installed and inside locate the bin folder "C:(Apache installed location)\bin\httpd.exe" -k runservice
Slight modification to this #CodeMaker 's answer, for anyone like me who is trying to modify a MongoDB service to use authentication.
When I looked at the "Path to executable" in "Services" the executed line already contained speech marks. So I had to make minor modification to his example.
To be specific.
Type Services in Windows
Find MongoDB (or the service you want to change) and open the service, making sure to stop it.
Make a note of the Service Name (not the display name)
Look up and copy the "Path to executable" and copy it.
For me the path was (note the speech marks)
"C:\Program Files\MongoDB\Server\4.2\bin\mongod.exe" --config "C:\Program Files\MongoDB\Server\4.2\bin\mongod.cfg" --service
In a command line type
sc config MongoDB binPath= "<Modified string with \" to replace ">"
In my case this was
sc config MongoDB binPath= "\"C:\Program Files\MongoDB\Server\4.2\bin\mongod.exe\" --config \"C:\Program Files\MongoDB\Server\4.2\bin\mongod.cfg\" --service -- auth"
You can't directly edit your path to execute of a service. For that you can use sc command,
SC CONFIG ServiceName binPath= "Path of your file"
Eg:
sc config MongoDB binPath="I:\Programming\MongoDB\MongoDB\bin\mongod.exe --config I:\Programming\MongoDB\MongoDB\bin\mongod.cfg --service"
i just felt like adding for Git Bash users you should put the path in single quotes ' ' as in
sc config <service name> binPath='<binary path>'
in e.g. sc config MongoDB binPath='"C:\Program Files\MongoDB\Server\5.03\bin\mongod.exe" --config "C:\Program Files\MongoDB\Server\5.03\bin\mongod.cfg" --service --auth'
this worked for me to update the path of the service with Git Bash on Windows 10
If you have Process Hacker installed, you can use it.
An alternative to using Invoke-WmiMethod is to use the newer CIM cmdlets. This also avoids the need for the #($null,$null...) object, as seen in a previous answer.
Get-CimInstance win32_service -Filter "Name='My Service'" | Invoke-CimMethod -MethodName Change -Arguments #{PathName="C:\Program Files\My Service\NewName.exe"}
A little bit deeper with 'SC' command, we are able to extract all 'Services Name' and got all 'QueryServiceConfig' :)
>SC QUERY > "%computername%-services.txt" [enter]
>FIND "SERVICE_NAME: " "%computername%-services.txt" /i > "%computername%-services-name.txt" [enter]
>NOTEPAD2 "%computername%-services-name.txt" [enter]
Do 'small' NOTEPAD2 editing..
Then, continue with 'CMD'..
>FOR /F "DELIMS= SKIP=2" %S IN ('TYPE "%computername%-services-name.txt"') DO #SC QC "%S" >> "%computername%-services-list-config.txt" [enter]
>NOTEPAD2 "%computername%-services-list-config.txt" [enter]
Raw data is ready for feeding 'future batch file' so the result is look like this below!!!
+ -------------+-------------------------+---------------------------+---------------+--------------------------------------------------+------------------+-----+----------------+--------------+--------------------+
| SERVICE_NAME | TYPE | START_TYPE | ERROR_CONTROL | BINARY_PATH_NAME | LOAD_ORDER_GROUP | TAG | DISPLAY_NAME | DEPENDENCIES | SERVICE_START_NAME |
+ -------------+-------------------------+---------------------------+---------------+--------------------------------------------------+------------------+-----+----------------+--------------+--------------------+
+ WSearch | 10 WIN32_OWN_PROCESS | 2 AUTO_START (DELAYED) | 1 NORMAL | C:\Windows\system32\SearchIndexer.exe /Embedding | none | 0 | Windows Search | RPCSS | LocalSystem |
+ wuauserv | 20 WIN32_SHARE_PROCESS | 2 AUTO_START (DELAYED) | 1 NORMAL | C:\Windows\system32\svchost.exe -k netsvcs | none | 0 | Windows Update | rpcss | LocalSystem |
But, HTML will be pretty easier :D
Any bright ideas for improvement are welcome V^_^
The best way for this scenario is to uninstall the application and reinstall the application. That is the right legal way.
You can delete the service:
sc delete ServiceName
Then recreate the service.