Security Essentials on Server 2008

Thursday, November 26, 2009

Update 15. 3. 2010: this technique will fail at the genuity verification step of setup with recent Security Essentials installers. So it doesn’t work anymore. (And I will not be writing an update of this post, because I have moral problems with bypassing genuity verifications, sorry.)

I was getting a lot of e-mail about my recent article on installing Microsoft Security Essentials on Windows Server. Because the article shows up pretty high on google when searching for “security essentials windows server”, people kept asking me for a step-by-step tutorial. Originally, I didn’t want to do it because if someone isn’t able to follow the brief instructions I wrote in the original article, he won’t be able to fix problems that might show up after installing updates to Security Essentials. But whatever. Fasten your seat belts because here it comes:

REMEMBER: THIS IS NOT SUPPORTED BY MICROSOFT. IF YOU FOLLOW THESE INSTRUCTIONS, YOUR COMPUTER MIGHT BECOME UNBOOTABLE, SECURITY ESSENTIALS MIGHT APPEAR THEY WORK BUT THEY SILENTLY WON’T. ALSO, NIGHT ELVES WILL EAT ALL GROCERIES FROM YOUR FRIDGE WHILE YOU SLEEP.

This will only work for 64bit versions of Windows Server.

1. Follow my original article up to (and including) the point where you copy the unpacked setup files.
2. Download and install Microsoft Debugging Tools for Windows. Choose the version of debugging tools matching your operating system version.
3. Find WinDbg in the start menu and launch it elevated.
4. In the WinDbg menu choose File -> Open Executable and open the unpacked Setup.exe. Say no to the question about saving workspace.
5. A new window will show up. There will be a box for entering commands at the bottom of the new window. This is the command line.
6. Write this into the command line and hit enter: bp ntdll!RtlGetNtProductType "as /x ReturnValue rcx; gu; ed ReturnValue 1; g". This will set up a breakpoint that will modify the return value of RtlGetNtProductType (anyone has a clean way of doing this for 32bit Windows?)
7. Write g on the command line and hit enter to resume the installer.
8. The installer will start – focus it’s window and click Next.
9. Go back to WinDbg. Hit Ctrl-Break. Type the command bc * to remove the breakpoint and after that g to resume the setup. Finish installing. Done.

If at some point in the future something breaks, don’t go back crying to me. I warned you.

Topics: Uncategorized | Comments Off on Security Essentials on Server 2008

Autodesk SketchBook Mobile

Tuesday, November 3, 2009

Can you say “resource leak”?

Topics: Uncategorized | Comments Off on Autodesk SketchBook Mobile

Security Essentials on Windows Server

Saturday, October 17, 2009

UPDATE 25. 11. 2009: here is a step-by-step tutorial for 64bit versions of Windows Server.

Even though not officially supported, Microsoft’s free antivirus Security Essentials installs and runs just fine on Windows Server 2008. You only have to trick it into thinking it’s Vista while installing.

The first challenge is downloading the installer. If you live in a country like Slovakia – when visiting the above URL, you’ll get redirected here (“You appear to be in a country or region where Microsoft Security Essentials is not available. Thank you for your interest in Microsoft Security Essentials.”). That sucks. But google cache is your friend: visit the website from google’s cache and download the thing from a link in the cached page. The download itself has no geoip restrictions.

The installer has two stages: the first stage unpacks the setup to your hard drive, the second one installs the real product. When you run the installer, it will tell you your operating system is not supported. No big deal: keep the setup running, find the unpacked files and copy them to a different location. Then close the setup and fire up OllyDbg. Load setup.exe in OllyDbg. Find all references to GetVersionEx function. Set a breakpoint on them. Run the setup. Anytime you hit the breakpoint, modify wProductType field in the returned OSVERSIONINFOEX: from VER_NT_SERVER (3) to VER_NT_WORKSTATION (1). You’ll have to to this a few times. After you get past the welcome screen, remove breakpoints, finish installing and you are done!

The setup would be much faster if Microsoft officially supported server version of Windows, but hell, it took me 10 minutes to figure this out and now I have a sleek and free antivirus on my test home server.

An obvious disclaimer: don’t do this on a production machine as this configuration was most probably not tested by Microsoft and may go berserk anytime.

And here is a proof:

UPDATE 24. 11. 2009: Brett Wilhelm adapted these steps for use with WinDbg. You can follow his instructions if you are installing the 64bit version of Security Essentials. It will probably work with the 32bit version too and it’s easier than doing what I did above (he doesn’t edit the structure returned from GetVersionEx – instead he is patching the return value of RtlGetNtProductType called from GetVersionEx). Here is what he did to make it work:

Using Windows Debugger with Symbols loaded:

1. set breakpoint using ‘bp ntdll!RtlGetNtProductType+0x1A’ in the command window.
2. Everytime this breakpoint is hit, modify the EAX CPU register (View -> Registers) to be 1 instead of 3
3. *After* you’ve passed the Windows Validation screen, run until you hit the breakpoint again then remove it (Edit -> Breakpoints).

Thanks Brett!

Topics: Uncategorized | 6 Comments »

Headless Windows installation

Friday, October 16, 2009

I recently faced a problem with installing Windows on a headless (no monitor, no keyboard) computer. The computer in question was HP MediaSmart Server LX195 – a nice and cheap piece of hardware. The server comes with Windows Home Server preinstalled – a very neat consumer-grade server operating system. But being a geek – the operating system was not for me. I desperately wanted the new features and feel that came with Windows Vista. So I chose the path of installing something else on this server.

Installing Windows Server 2008 R2

My reinstallation adventures started with Windows Server 2008 R2. It didn’t take long to figure out that the server won’t boot from USB and having no DVD drive, the only option was a disk-based install. The other problem was the absence of a keyboard and a monitor. The only option was some kind of unattended installation. This is quite simple to do with Windows:

• On the Windows Server 2008 R2 installation DVD you’ll find a headlessunattend.xml file (in Support\Samples). This is an unattended installation script that will automate the installation process. Copy this file somewhere and edit it to suit your needs. (I modified it to format partition 1 of disk 0, mark it as active and install Windows on it.) You can also use the Windows AIK (Automated Installation Kit) if you prefer GUIs and want to avoid errors.
• Rename the file to autounattend.xml and copy it to the root of a USB flash drive.
• Copy the contents of the Windows installation DVD to the root of the second partition on home server’s disk (D:).
• Use bootsect.exe to modify the boot sector of the second partition on the home server (we need a boot sector that will fetch a BOOTMGR style loader (NT 6.0 style) instead of the NTLDR style (pre-NT 6). Bootsect.exe is a part of Windows AIK but maybe you can find it somewhere else too.
• Open disk management tool on the home server and mark the second partition as active.
• Plug in the flash drive with the XML file and restart home server

If everything went well, the new boot sector on the now active partition will fetch the Windows installation on the second partition as if you booted from a DVD. The XML file on the thumb drive will be automatically detected and processed by the installation. After ~30 minutes, you will have a working Windows 2008 R2 installation on the home server.

I really recommend to try this out in a virtual environment first. If you use Windows Virtual PC, you can use a virtual floppy drive instead of a flash drive. Use WinImage to to create a floppy image.

Installing Windows Server 2008

The problem with Server 2008 R2 is that it’s 64-bit only. I don’t have much RAM in my home server so it didn’t really make much sense. So I decided to roll back to Windows Server 2008. I tried the same approach as above – and failed. The problem is that if you try installing Server 2008 from a hard drive, it will hang asking you for a driver. I never figured out what driver it wants. So I had to try another unattended installation option: sysprep.

• I took out the hard drive from my home server, connected it to a standard computer, popped in a Server 2008 installation DVD and installed it.
• I downloaded the drivers for my home server chipset (Intel 945G), storage (Intel Matrix Storage driver floppy) and network card (Marvell Yukon 88E8071). I used pnputil.exe (part of Windows installation) to integrate these drivers in the system driver storage (pnputil -a path\to\driver.inf).
• I enabled remote desktop.
• I created an unattended XML file to automate the specialization and OOBE phases that would run after sysprep and require user interaction (setting computer name, passwords,…). Use internets to find out what you need to automate.
• I executed c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:full\path\to\xml. This command removed all the drivers for the machine I used to install Windows Server with and set the system to a hardware-neutral state. On the next boot a full hardware detection and specialization will take place.
• Then I popped the hard drive back to my home server, powered it on and after a few minutes I had a Server 2008 installation on it that I could use remotely.

Topics: Uncategorized | 2 Comments »

Reclaim disk space after SP2 install

Wednesday, May 27, 2009

Quick post. If you already installed Vista SP2, you probably noticed the decrease in free disk space on your system drive. The reason for that is that the SP2 installer stores all data that is neccessary for uninstalling it.

If you don’t plan on removing SP2, you can reclaim the disk space pretty easily: start an elevated command prompt and type compcln. Say yes to the question it asks you, wait a few seconds and enjoy your reclaimed disk space.

Topics: Uncategorized | Comments Off on Reclaim disk space after SP2 install

iPhone OS 3.0

Monday, May 18, 2009

There has been a lot of buzz about the coming iPhone OS 3.0 in the last few weeks, but I never really had time to look at the new features before today. According to the Apple website, these will be the key new features of the new “most advanced mobile OS”:

• The ability to search your iPhone
• Cut, copy, and paste
• Send photos, contacts, audio files, and location via MMS
• Read and compose email and text messages in landscape

Windows Mobile could do all of this for ages. I think I will spend the rest of the day searching my HTC Touch Diamond, cutting, copying and pasting text, and composing e-mails in landscape mode, so as to be prepared when the new iPhone OS arrives to my iPod Touch.

If these are the real highlights of the new iPhone OS, then Apple is definitely losing it’s position of an innovator. The new iPhone OS will only address features that were criticised in reviews since iPhone OS 1.0. It’s not even worth increasing the major version number.

Topics: Uncategorized | Comments Off on iPhone OS 3.0

Dangers of web code snippets

Tuesday, May 5, 2009

Every programmer knows these situations: you are in the middle of programming something when you realize you need to do a thing you never did before. Instead of opening library/programming language/toolkit documentation, you just fire up google, type in a few keywords and import the first snipped that google finds straight into your source code.

I’ve hit these situations many times. The problem is that usually these snippets are just plainly wrong. Often, you end up importing source code from a 12-year old blogger with 3 months of experience in programming. Not really what you want to do in production code.

I’ve hit this situation today, again. I needed my C# WinForms application to go fullscreen. Google immediately yielded some results. First result was this, the second one this.

The first one didn’t really do what I needed. And when I saw the ugly P/invokes in the second one, I decided to do it myself.

The solution was dead simple: set FormBorderStyle to None, TopMost to true and WindowStyle to Maximized. That’s it. A fullscreen form without P/invokes or other voodoo, that will even work with Mono.

So, be careful with random web code snippets and always read comments for the article where those snippets appear. They are usually pretty good at telling you if this is a bad solution and pointing you in the right direction.

Topics: Uncategorized | Comments Off on Dangers of web code snippets

Geolocation over WiFi

Wednesday, April 22, 2009

I was playing with my iPod Touch today, skimming throught Google maps, when I accidentaly hit the Show current location button. I knew that my iPod doesn’t have a GPS so I never really expected it to work. I was really stunned when after 3 seconds it showed me a map of Uppsala, with a circle around a place that actually was my location.

My first reaction was: what?! And I immediately went to check if my iPod really does not have a GPS. It didn’t. So I started googling and after a few links I finally knew what was going on: iPod uses WiFi to provide geolocation.

Still, this was not an answer for me. WiFi access points usually don’t report their own GPS coordinates. That would make them too expensive with very little benefit to the user. Something different had to be behind this.

A few more minutes after that I found the answer: there is a company that runs cars with a GPS and WiFi on board, that scan MAC addresses of WiFi access points and stores them together with their positions. When a device like my iPod Touch needs to find out it’s location, it sends a list of all access points around it to a web service of this company. If you are lucky, the MAC addresses are already in their database and using triangulation, they can find your location with precision of ~100 meters.

That’s pretty impressive for a device with no real geolocation hardware.

Topics: Uncategorized | Comments Off on Geolocation over WiFi

GDB and QEMU on Windows

Tuesday, April 21, 2009

A few weeks ago I started to work on a small operating system for a MIPS-based development motherboard. When thinking about a development toolchain, I immediately looked at one of my favorite emulators – QEMU.

QEMU has a few nice features that make development of operating systems easier than ever. One of these features is the -kernel command line parameter that loads a custom operating system kernel right into memory without the need to write a custom boot loader. Another useful command line option is -s which starts a GDB server inside QEMU so you can connect to it with GDB (with the command target remote :port_number) and debug your loaded kernel with full symbols.

At first, this didn’t work for me. GDB refused to connect to the server for no apparent reason (No connection could be made because the target machine actively refused it.). It took me almost half an hour to figure out where the problem was: QEMU was opening an IPv6-only port and GDB was using IPv4. Quick fix: open up gdbstub.c in QEMU sources, locate the line where the connection string is being created (in QEMU 0.10.2 it’s the line 2300; there is a string that says: tcp::%d,nowait,nodelay,server) and fix the connection string to look like this: tcp::%d,nowait,nodelay,server,ipv4.

Topics: Uncategorized | Comments Off on GDB and QEMU on Windows

Compiling GDB under Windows

Wednesday, April 15, 2009

Just a quick post to make things simpler for everyone who is googling for help when compiling GDB debugger under Windows.

There are two small oddities that require edits in the source code when compiling GDB 6.8 using MingW with MSYS.

• In sim\common\sim-signal.c: replace #ifdef _MSC_VER with #ifdef _WIN32
• In gdb\tui\tui-io.c: find the line with /* #undef TUI_USE_PIPE_FOR_READLINE */ and uncomment it

After you change this, just “configure” and “make” and you are good to go.

And if you want the TUI (textmode GUI interface), install PDCurses to your MSYS directory (and create a link from MSYS\lib\libpdcurses.a to MSYS\lib\libcurses.a; not sure it’s neccessary, but that’s what I did) before running the configure script.

Topics: Uncategorized | Comments Off on Compiling GDB under Windows

« Previous Entries Next Entries »

Recent Posts

• Find me on GitHub
• Celeron J1900 supports EPT
• Bluetooth background tasks in WP 8.1
• Always launch new instances
• OFFICE 2013 AND ALL CAPS
• A useful Windows 8 shortcut
• AVG Mobilation for Windows Phone
• A look at the Windows Phone JIT compiler
• .Net back- and frontend for GCC
• Geosense for Windows

Archives

• November 2015
• August 2014
• July 2014
• February 2014
• August 2013
• March 2012
• September 2011
• July 2011
• March 2010
• November 2009
• October 2009
• May 2009
• April 2009
• September 2008
• April 2008
• March 2008
• October 2007
• September 2007
• August 2007
• July 2007

Topics

• .NET
• Performance
• Personal
• Programming
• Projects
• Reversing
• Security
• Uncategorized

Footer

• XHTML 1.0
• CSS 2
• ©2001–2012, Michal Strehovsky

This is a personal web page, with personal opinions.
Content posted herein does not establish the official position of my employer.