I have a compiled program which runs great after being compressed, copied to another computer using a USB key, extracted and ran.
However, if I upload the compressed file to Google Drive or Dropbox, download it and extract it, the program will not run. It gives me an error "program.exe has stopped working".
Using a tool called WinMerge, I compared the program that was extracted from a USB drive with the program that was extracted after being downloaded. Every file, both binary and text, was identical.
Next I used attrib -r -a -s -h on every program file in both folders, thinking perhaps one of the file attributes was incorrect. I still had the same problem; the copied program works, the downloaded one does not.
I also tried changing the name and location of the folders the program was in but it had no effect.
The only thing I can think of is some additional attribute that Windows gives files which were downloaded from the internet, to possibly trigger an additional UAC check which is interfering with the program. Does this exist?
This is on Windows 7.
Found the problem. Windows adds an Alternate Data Stream (ADS) to every file downloaded off the internet. For some reason, these streams were preventing the program from running. Stripping the ADS from each file allows it to run.
I used a Windows Sysinternals program called Streams to strip the ADS data.
Related
I have one Vbscript which runs continuously on my system to monitor a web page on Internet Explorer.
I have permanently deleted this Vbscript file from its original location on system by mistake, However the script is still in RAM and is still running and monitoring the web page.
This script is very important to me but I have lost it :(
I want to know if there is any way by which I can recover the code of Vbscript file from system's RAM or any temporary file as the script is still running.
I am not allowed to use any file recovery software, so please don't suggest to install any third party data recovery software.
Try using 'ADPlus.vbs' script from WinDbg:
1. http://msdn.microsoft.com/en-us/windows/hardware/hh852365
2. http://support.microsoft.com/kb/286350
As the code was running, I followed the below process to recover the running code:
Go to Task Manager
Select the process and create dump
Open online dump analyser (www.osronline.com)
Upload dump file
Download the dump analysis
The dump analysis provided almost 95% of the correct code. Code within some loops were distorted or changed. As I was the owner of the code I was able to correct it.
Use HxD, it can view all ram content relative to any process at fly. It is commonly used to hack currently running games etc.
After locating your script, it might be needed to clear alphanumeric mess between your code, N++ and regex knowledge may be useful.
I need to make a exe that will be started from a Windows server share. As soon as the application is running it should disappear from the servers open files list.
For example I have this simple Delphi source as a test - it compiles to a small 28k exe file that simply waits for user input when invoked. While the application is running it appears on the servers open files list. I already tried PEFlags setting IMAGE_FILE_NET_RUN_FROM_SWAP and IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP:
program RunFromShare;
Uses
Windows;
{$APPTYPE CONSOLE}
{$SetPEFlags IMAGE_FILE_NET_RUN_FROM_SWAP} // no exe file open on network share?
{$SetPEFlags IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP}
begin
WriteLn('Waiting for [Enter] key');
ReadLn;
end.
It seems like IMAGE_FILE_NET_RUN_FROM_SWAP (or IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP) tells Windows that it should load the whole EXE into memory (backed by the swap file). This doesn't mean it is copied and then run from the local disk, it just prevents page faults from happening later which cause access to the share (possibly after dismount; see such a case here). Which in turn means, the file on the network share is still open as long as the share is connected and the file running.
MSDN says this about IMAGE_FILE_NET_RUN_FROM_SWAP:
If Image is on Net, copy and run from the swap file.
I would interpret copy as copy to memory, not as copy to disk.
So if nobody does the job for you just do it yourself: copy your file and run it :)
I am in the middle of writing a tool that finds lost files of an iTunes library, for both Mac and Windows. On the Mac, I can quickly find files by naming using the wonderful "CatalogSearch" function.
On Windows, however, there seems to be no OS API for searching by file name (or is there?).
After some googling, I learned that there are tools (like TFind, Everything) that read the NTFS directory directly and scan it to find files by name.
I would like to do the same, but without having to start from scratch (although I've written quite a few disk tools in the past, I've never had the energy to dig into NTFS).
I wonder if there are ready-made libs around, possibly as a .dll, that would give me this search feature: Pass in a file name, get back its path.
Alternatively, what about the Windows indexing service? At least when I tried this on a recently installed XP Home system, the Search operation under the Start menu would actually scan all directories, which suggests that it has no complete database. As I'm not a Windows user at all, I wonder why this isn't working.
In the end, the complete solution I need is: I have a list of file names to find, and I need code that searches the entire disk (or uses a DB for it) to get me all results in one go. E.g, the search should not start a new full scan for every file I'm looking up. That's why I think the MFT way would be optimal, as it could quickly iterate over all names, comparing each to my list.
The best way to solve your problem seems to be by using the Windows Change Journal.
Problem: If it is not enabled for a volume or the volume is a non-NTFS you need a fallback (or enable the Change Journal if it is NTFS). You need administrator rights as well to access the Change Journal.
You get the files by using the FSCTL_ENUM_USN_DATA and DeviceIOControll with LowUsn=0. This directly accesses the MFT and writes all filenames into the supplied buffer. Because it sequentially acesses the MFT it is faster than the FindFirstFile API.
I have a build script where i create a text report file and output various log type stuff to it. The data is all being built onto an external hd which (according to 'mount') has file format "fuseblk" (which i've never heard of).
The building all seems to work ok but my report files are being saved as executables, which linux interprets as SOR files. I'd like them to just be regular text files, openable by default in my regular text editor.
I'm making the file, and writing to it, like this:
#report = File.open(File.join(DESTINATION_BUILD_FOLDER, "#{title.folder_name}_report.txt"),"w")
...
s = "making modules folder inside resource_library folder";puts s; #report.puts s
...
#report.close
I've done this lots of times before and never encountered this problem. Any ideas anyone?
cheers, max
ps i know that i can edit the saved files to make them non-executable, my question is 'why is this happening in the first place?'. Cheers :)
I don't think there's anything wrong with your program. The fuseblk just means it's being mounted through FUSE, which allows filesystem drivers to run as userspace programs, instead of kernel modules. Most likely, the filesystem is NTFS or FAT32.
The problem here is that Linux is assuming everything on the drive has the execute bit set. This is because neither NTFS nor FAT32 have the capability to store Linux permission bits (NTFS has a very different permissions system, FAT32 has virtually none). And I bet you're trying to double-click on the log files in something like the gnome file explorer, right?
Well, go there with the command line and use less or your favorite command-line editor to view them. Or right click on them in the file explorer, or open them with File -> Open from a text editor. If you ask your question to people who know Gnome (or KDE?) better, you'll probably get a better answer.
I have a VB6 desktop application that is deployed on well over 1200 desktops. The devices throughout are a mix of Windows XP SP2 and SP3 systems. All but one of these PCs (XP SP2) is able to successfully decipher the DOS 8.3 path (ie C:\PROGRA~1\DATFOL~1\Config\) that is used in an .ini file related to this application. This particular PC errors out with a message: "Run-time error '76': Path not found".
The string is obtained from the .ini file using the
GetPrivateProfileString function. (The string is not hard-coded into the application - it is obtained from an ini file).
Since there is only one machine having the problem, I'm looking towards some configuration value on that device as being the root cause. I looked at the NtfsDisable8dot3NameCreation setting in the registry to see if this might cause the issue, but I have been unable to reproduce the problem on any other machine when changing this setting.
Anybody have any thoughts or perhaps another direction I could take?
Don't use hard-coded paths or short filenames. The Program Files folder might not be on the C: drive, might not be named Program Files, and even if it is, might not have a short filename of PROGRA~1 (and the same for DATAFOL~1). Write the install path to an INI file or the registry during installation and read+use that in your program.
If someone was gimping around and made a temp/backup/testing \DataFolder_Temp, deleted the original then renamed, the short path would be DATAFOL~2.
Delete the directory and recreate it.
check the PC. The PROGRA~1 or DATFOL~1 might actually be ~2 instead. Put the 8.3 name used in your code into explorer and see what IT tells you.