Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
This looks like a common question. But I was not able to find answer for it. When we try to install windows programs, what exactly happens? What files are copied where? What is written in the registry?
Most programs come with an installation program named Setup.exe or Install.exe. When you install a program, the installation program usually does the following:
Looks for a previous version of the program on your hard disk. If it
finds a previous version, the program may ask whether you want to
replace the previous version.
Creates a folder in which to store the program files. Most
installation programs ask where you'd like this folder. Some
installation programs also create additional folders within this
folder. Windows creates a folder named Program Files, usually in C:\
(if Windows is stored in a partition or drive other than C, the
Program Files folder is usually in the same partition). We recommend
you install all your programs in folders within the Program Files
folder.
note Some software vendors have the bad habit of installing
application programs in locations other than your Program Files
folder. You can't do much about this; the additional folders may
clutter up your root folder, but they don't do any harm.
Copies the files onto your hard disk. If the program files are
compressed, the installation program uncompresses them. Usually, the
installation program copies most of the files into the program's
folder, but it may also put some files into your C:\Windows,
C:\Windows\System, or other folders.
Checks your system for the files and hardware it needs to run. For
example, an Internet connection program might check for a modem.
Adds entries to the Windows Registry to tell Windows which types of
files the program works with, which files the program is stored in,
and other information about the program.
Adds a command for the program to your Start | All Programs menu
(some programs add submenus to the Start | All Programs menu to
contain several commands). The installation program may also add a
shortcut to your Windows desktop to make running the program easy for
you. You can change the position on the Start menu of the command for
the program, get rid of the command, or create a command if the
installation program doesn't make one. You can also create a shortcut
icon on the desktop, if the installation program hasn't done so, or
move or delete the program's shortcut.
Asks you a series of questions to configure the program for your
system. The program may ask you to type additional information, like
Internet addresses, passwords, or software license numbers. It may
also ask which users should be able to run the program.
Every installation program is different, because it comes with the application program, not with Windows. If your computer is connected to a LAN or to the Internet, the installation program may configure your program to connect to other computers on the network.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I downloaded Microsoft SDK and Visual Studio 2015 on Windows 10 and a shortcut to file WPCups.exe showed up on my desktop. It's located in C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TShell\TShell.
Some searching has turned up that it might be related to IP phones:
This is a CMD line utility to test and send ip over usb connectivity. Its included with the the WDK. It will connect to IPoverUSB.exe and will use RPC to talk to a Windows phone. It will drop a log file in your my documents folder that you may see also btw.
But it still seems odd to me, partially that it would install a shortcut onto my desktop. VirusTotal says it's clean, and IDA's disassembly looks like it's doing what the responder I quoted above says it should do, but I can't find any windows documentation, let alone a hash value.
In another forum someone mentioned that WPCups.exe is normally installed with Microsoft SDK, but I can't find any documentation confirming that.
It calls:
ADVAPI32.dll, KERNEL32.dll, WSOCK32.dll, WS2_32.dll, msvcrt.dll, IPHLPAPI.DLL, RPCRT4.dll.
Which seems reasonable.
I ran it on malwr.com but the analysis failed, that package "modules.packages.exe" start function raised an error...I suppose because of unmet dependancies? But the program looks like it should still end gracefully even without IPoverUSB.exe present.
Is anybody familiar with this file?
Update:
Because finding Windows documentation is apparently the most immediate path to madness:
From How Linux Works by Brian Ward
The standard printing system in Linux is CUPS (Linux CUPS), which is the same system used on Mac OS X. The CUPS server daemon is
called cupsd, and you can use the lpr command as a simple client to
send files to the daemon. One significant feature of CUPS is that it
implements Internet Print Protocol (IPP), a system that allows for
HTTP-like transactions amont clients and servers on TCP port 631. In
fact, if you have CUPS running on your system, you can probablt
connect to http://localhost:631/ to see you current configuration
and check on any printer jobs. Most network printers and print servers
support IPP, as does Windows, which can make setting up remote
printers a relatively simple task.
You probably won't be able to administer the system from the web
interface, because the default setup isn't very secure. Instead, your
distribution likely has a graphical settings interface to add and
modify printers. These tools manipulate the configuration files,
normally found in /etc/cups. It's usually best to let these tools do
the work for you, because configuration can be complicated. And even
if you do run into a problem and need to configure manually, it's
usually best to create a printer using the graphical tools so that you
have somewhere to start.
Many printers, including nearly all low-end models, do not understand
PostScript or PDF. In order for Linux to support one of these
printers, it must convert documents to a format specific to the
printer. CUPS sends the document to a Raster Image Processor (RIP) to
produce a bitmap. The RIP almost always uses the Ghostscript (gs)
program to do most of the real work, but it's somewhat complicated
because the bitmap must fit the format of the printer. Therefore, the
printer drivers that CUPS uses consult the PostScript Printer
Definition (PPD) file for the specific printer to figure out settings
such as resolution and paper sizes.
So, point Linux?
No, that has nothing to do with the Printing Deamon for Linux.
WPCups belongs to the TShell Powershell Module with is Part of the Development Toolskit for Apps which will be installed with the WDK.
This question already has answers here:
How do I update the running EXE?
(2 answers)
Closed 8 years ago.
I write a very tiny TSR program (passwordmanager.exe) and have two very small files of records.
Actually i save all files (exe, data) to one USB-Stick the user always transports, wherat the data contains sensible data.
Is there any technique to modify the internal resource of the passwordmanager.exe itself that is currently running? As far as i know the exe is copied to the RAM, so the passwordmanager.exe may have no write lock and i am able to let the passwordmanager.exe grow if the user enters new Passwords.
Why do i think this may work? Years ago i had a MSDOS program who asks for the password but unfortunatelly the user has forgotten his password. As i printed the contents of the MSDOS-Program to the console the user luckily found his password in the machine-code!
Question: How can i store the two very small files of records into the exe?
In your comments you wrote "Yes the antiviral program will get upset, i dont care"
Well, if you don't care that your program might be blocked. and you have write permissions to that USB device, I can think of a pattern like this:
Copy your running.EXE (Application.ExeName) to a patch.EXE (via CopyFile) - or generate that patch.EXE from a Resource (Antivirus would NOT like this!).
running.EXE Execute/Create new process patch.EXE with parameters e.g.
patch.EXE /update /your_record_parameters /pid:running_process_id
patch.EXE will start and check for /update; Signal running.EXE to shutdown; Wait for it to shut down; patch running.EXE; Execute running.EXE /patch_done; Shut down itself.
Finally, running.EXE could clean up now by checking the /patch_done and Delete patch.EXE
On NTFS, you could use alternate file streams:
http://support.microsoft.com/kb/105763
(I remember round about when Win2K first came out, seeing a magazine article (UK PC Pro) which showed how to use Notepad to store a secondary stream in an .Exe and was astonished that any OS with pretensions of security would provide this facility, but there you go.)
A tool for viewing them:
http://www.nirsoft.net/utils/alternate_data_streams.html
Is there any technique to modify the internal resource of the passwordmanager.exe itself that is currently running?
No there is not. When a process is started its executable file is locked exclusively and so cannot be modified.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Why do some software require system restart in windows ?
Meanwhile , I have never encountered such situation in Linux based Distros.
It is innate to the way Windows was designed. Loading an executable doesn't load the file into RAM. Windows creates a memory-mapped file for the executable instead. Chunks of the program get loaded into RAM on demand only as needed. A page fault copies 4096 bytes from the file. The RAM pages themselves are not backed by the paging file. If RAM is needed for other processes then Windows simply unmaps the page and throws away the bytes it contains. If the process again lands on the page then a page fault reloads RAM from the file. Very efficient, this mattered a great deal when you need to run a 32-bit operating system and many processes in only 16 megabytes of RAM. Still efficient today, but not as critical as it once was.
One side-effect of the memory-mapped file is that it puts a write lock on the file. Necessary to prevent another processes from altering the executable. That would be disastrous, RAM could contain a mix of old and new bytes in the file. That's guaranteed to cause the program to malfunction.
Of course that makes the life harder for programs that intentionally want to change the executable. Including the malicious variety btw. So having to stop the processes that have the file loaded is required, it releases the write lock. An update delivered through Windows Update tends to update executables that cannot easily be unloaded since they are part of the operating system. Which is the reason they tend to require a reboot, the file is updated as part of the boot sequence when the machine restarts.
One way to bypass the lock is to rename the file. The lock only protects the file data, not the directory entry. You can then create a new directory entry with the same name as the old one. And the next time the process gets started, it will use the new entry. One minor complication is that you have to eventually delete the renamed file.
One thing I can think of is that some software requires services to be running for it to run properly. The restart likely adds these services to the ones that automatically run when you start the computer so that the program can run smoothly.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
This is just a curiosity of mine about how a specific OS executes a binary file.
If I change dir to some path in UNIX or Windows I can execute a program just by entering its file name. In Linux I have to enter ./file_name (unless it's included in PATH). In know it's kind of a stupid question, but is there any reason for that?
Nothing magical - it's simply because, by default, Windows implicitly includes '.' in the executable search path. *nix does not.
The latter behavior is obviously more secure, if marginally less convenient.
You can obtain behavior similar to Windows under *nix (at some cost in security) by adding '.' to your path
For example, you could add the following to your .bash_profile:
export PATH=PATH:.
Of course, that's not exactly the same as Windows, as Windows (again, by default) looks in the CWD first. You could do the same in *nix by moving the '.' to the front of the system's PATH, but don't do that!
It opens you up to a large security risk. If someone were to be able to drop a malicious program with the same name as a system utility (say "ls", or "cp"), that program would run instead of the system utility. You can imagine the potential for "mischief" that provides!
To expand on what Gregj said, there is a PATH variable in both Windows and Linux, which tells the operating system where to look for executables when you don't tell it explicitly where it is. Linux doesn't include the current directory (.) for security concerns; a program could otherwise hide an executable with the name of a common utility (ls, for instance) in a lot of files so you might overlook it, and then it would be run instead of the utility you meant, potentially causing damage, loss of sensitive data, etc. Windows does search ., even if it's not explicitly in the path, for convenience and because of their lack of concern over security.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Is there a way to unlock Windows files without downloading a utility?
I have a few files on my Windows XP C: drive that are very old and very useless. When I try to delete these files I get the following message:
Cannot delete FILENAME.zip: It is being used by another person or program
Close any programs that might be using the file and try again.
No one is accessing this file. No program is using it currently. Windows has screwed up the file locking mechanism.
Is there a way to delete this file without downloading someone's unlocking utility? I find the sites offering these programs to be a tad sketchy.
How could you force the file to unlock from within a program? I'm competent in Java, Perl, and Ruby, but I haven't seen anything among their libraries that would aid me here.
I've successfully used Process Explorer to find out which process has the file open. It saves a reboot that may not fix the problem anyway.
In process explorer: Find > Handle or DLL... then search for the name of the folder/file, then double click one of the search results. It'll select a handle in the main window, which you can right click and close.
Try downloading "Unlocker". Google it and take my words that it doesn't have any worm/spyware/virus. It is pretty cool utility and works great. Give it a try.
Did you try the commandline command OpenFiles
It is built in (XP and above I believe) and has several arguments that can be passed in.
Use msconfig and start up with everything turned off.
Then try to move / delete the file.
Or you can always boot up in safe mode and delete it.
You do that by hitting f8 when the machine boots up.
If you reboot and the files are still locked, then there is some process on your machine that is still using them. First you should figure out what that process is and determine if the files really aren't used any more or not.
Rebooting to Safe Mode is often a very easy way to do it. When you boot in safe mode, it won't load all the stuff set to run on startup. Press F8 while it's booting to access the boot menu, and choose "safe mode".
I had a .jpg pfile that hasd that issue and I couldn't delete. That brought me to this thread. When nothing else worked I renamed the file and left off the .jpg. THEN I could delete it easily. Not sure why, but worked for me
You don't need any utility.
Just use Win32 api to unlock them (simply close the handle)