Monday, January 23, 2012

Howto: Two different subnets same physical LAN how to get them to talk without a gateway

Have you ever ran into a problem where you had two windows boxes that were on different sub nets on the same physical LAN and you needed to establish temporarily communication?

Say you have these two computers with the following ip addresses.

Computer 1
172.16.1.2 

Computer 2
192.168.100.1



So what we are going to do is tell each computer that in order to get to the other computer they have to go out their local interface.

Open a command prompt and run each of the following commands on the respective computer.

Computer 1
route add 192.168.100.1 MASK 255.255.255.255 172.16.1.2

Computer 2
route add  172.16.1.2  MASK 255.255.255.255 192.168.100.1


This now should allow for communication to occur.

I wrote a batch file to help with adding the route command


@echo off
echo -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Echo Created By Tony Unger
Echo **********************************************************************
echo Note:

echo Setup Routing Table
Echo Enter IP address you wish to connect to
REM IP address that was entered
set /p IPAddress=

REM Find Local IP Address - Works for Win7 if you have more then 1 adapter this may not work

REM Windows 7
FOR /F "TOKENS=2* DELIMS=:" %%A IN ('IPCONFIG ^| FIND "IPv4"') DO FOR %%B IN (%%A) DO SET LOCIPADDR=%%B


route add %IPAddress% MASK 255.255.255.255 %LOCIPADDR% /p






Tuesday, January 17, 2012


ATTR attributes for Solidcore 5

These are not listed in the documentation I had to get this information from development.


Attr command can be used to configured the required files to behave corresponding the solidifier.

-a  Always authorized attribute
     This attribute allows the user to configure a supported file as always authorized to execute.
      File configured under this attribute will be allowed to execute whether solidified or not.


-b  Bypassed from memory control attribute
      This attribute allows user to configure a process to run bypassed from MP-mangking and MP-decoying.
      This is one of the memory protection technique provided by solidifier but it is disabled by default.


-c  Bypassed from Critical Address Space Protection attribute
     Critical Address Space Protection is the latest and most effective memory protection technique provided by Solidifier. It is enabled by default.


     -c attribute configures a process to run bypassed from MP-CASP.


-d  Bypassed from process stack randomization attribute

    This comes under MP-VASR which is enabled only on special request from customer.


-e  Rebase dll attribute
    Changing the base address of the dll.


-r  Bypassed from dll relocation attribute
     -d, -e and -r attributes belong to VASR memory protection technique. This feature is disabled by default as CASP
     is enabled.


-f  Full crawl attribute
     -f attribute belongs the MP-mangling and MP-decoying memory protection. This feature is disable by default.
 
-i  Bypassed from installer detection attribute
    -i belongs to pkg-ctrl feature which tracks for the installation and uninstallation of MSI based packages...


-u  Always unauthorized attribute
    block the file from execution even if solidified.

-o  Process Context registry bypass:

Solidifier will not track any registry operations for the process configured under this attribute. All the registry operations in context of the configured process will be bypassed from solidifier.


-n Bypassed from DEP:
DEP is the Data Execution Prevention provided by Solidifier for 64-bit Machines. It is  a Memory protection technique provided by solidifier for 64 bit machines.Memory protection check will not apply  on the process configured as ‘Bypassed from DEP’.

-l Anti-Debugging Bypass:


Anti-debugging feature is there to prevent any process to access Memory space of the solidifier product. This is usually done by the debuggers to debug the application.

Any process bypassed from Anti-debugging  feature shall be able to access the solidifier address space in the kernel.

-p Process Context File Operations Bypass

Solidifier will not track any file operations for the process configured under this attribute. All the file operations in context of the configured process will be bypassed from solidifier.

Wednesday, January 11, 2012



Runas Touch Screen Application
















Purpose:
One of the problems I had at work was the ability to run an application as a different user on a touch screen computer. So I wrote an application that dynamically creates buttons based on what it reads from a text file called paths.txt. This program does support arguments and should be able to figure out how to break up the path to find them.

To install just extract the application and paths.txt to a folder and runas away.

Requirements:
.net 4 framework
osk.exe in the usual place if you want to use the onscreen keyboard

TODO:
Add some more error checking with reading the text file
Clean code
Maybe allow this to work with domain user if someone wants.



Paths.txt 

name,path
------------------------------------------------------------------------------
Add\Remove Programs,rundll32.exe shell32.dll,Control_RunDLL Appwiz.cpl
Command Prompt,C:\Windows\System32\cmd.exe
Datetime,rundll32.exe shell32.dll,Control_RunDLL TimeDate.cpl
Display Properties,rundll32.exe shell32.dll,Control_RunDLL Desk.cpl
Notepad,C:\Windows\Notepad.exe
System Properties,rundll32.exe shell32.dll,Control_RunDLL Sysdm.cpl
Taskmgr,taskmgr
Control Panel,rundll32.exe shell32.dll,Control_RunDLL
------------------------------------------------------------------------------

Download Link: 
RunasUserTS.zip

Source code:
Leave a message and I will work on uploading the source