I'm just a unisexual dog of no breed, disguised as a Homo sapiens in front of computer.
All content of this site is licensed under a Creative Commons Attribution 3.0 License, unless stated otherwise. Some images and logos belong to their corresponding trademark / copyright owners.It had been some while ago since last time I was using netcat for Windows. Indeed it is always an invaluable tool, indispensable for any network admin or computer security workers. So it is kind of shocked when the official site for win32 netcat, http://www.vulnwatch.org/netcat/, is not even available on Google cache.
看過今個星期 e-zone 的 Linux 友都一定會感到疑惑:為甚麼給 Ubuntu 的分數會那麼低的?說到外觀,不是有 Compiz 的嗎?明明裝了它後比 Vista 還要炫啊!(最起碼我已經有朋友這樣問過了。) 如果看完下面的理由後,就不難理解的了。
撇開三個平台本身不說,從短短訪問的數小時中,我覺得 Derek 的說話是最中肯的,因為三種平台他都玩過一下,有好說好,有壞說壞;Sammy 則有心借貶低別的系統來抬高 Vista,至少這是言談之中給我的感覺。對他來說,無論是哪一方面,Vista 都必定是最好的:
Thanks to one of my students in class, I was given a Windows 2008 server beta DVD for testing. The ‘core’ installation rumour is true; there is one extra installation mode available with just a command prompt and a plain blank desktop.
Installation process is really simple, just a few clicks (literally) and it’s done. Well, the process is so simple, people won’t even be given a chance to specify user name and password — one have to figure out that in order to login, one should enter user name ‘administrator’ without any password.
But then, doing administration with terminal isn’t a simple thing. Luckily there is a step-by-step guide available from TechNet blog. It provides tutorial on each and every command needed for server maintenance, including setting administrator password (grin), network setup, etc. Time for command learning, urgh.
Actually most administration can be done remotely, but I can’t. The problem is, no VMWare network driver is available, so there is no networking. The only way to share file is through USB thumbdrive, and that is troublesome. I definitely don’t want to risk rendering my harddisk unusable by installing directly.
Some more screenshots before and after installation:
 |
 |
 |
 |
The plain blue desktop with terminal reminds me of X Windows + XTerm during the old Slackware days. But indeed at that time Slackware is way more stupid — the only available action after closing XTerm is to press Ctrl-Alt-Backspace. Not to mention, one can run any GUI program after invoking Task Manager, though that’s a bit clumsy…
The documentation (on web) about needed harddisk space for installation is quite wrong however; actually a full installation needs 7GB, whilst core installation takes 3GB of space.
Haven’t investigated any service yet (because there is no networking). But what I really need is its Recycle Bin format; for this purpose alone, I’ve got satisfactory result. The Recycle Bin format is the same as Vista one, nothing changed. That means no change is necessary for my rewritten rifiuti to read 2008 Recycle Bin, yeppee!
頗幸運的一天,因為以往找了許久找不到的軟件,今天卻誤打誤撞找到了。
之前一直嘗試在 Windows 之下找 Memory dump 的工具,但沒一個能完整 dump 所有 RAM 出來;所有工具不是只能 dump 一個 process 的 memory(例如 Microsoft Support Professionals Toolkit 的 User Mode Process Dumper,或是 PMDump),就是只能 dump 少部份,有些甚至一開就 crash(在 Windows 2000 上),根本不能用(例如 MemDump,它只支援 DOS)。網上所有記載有關程序的網頁都提到 Forensic Acquisition Utilities 中的 dd.exe 可以做得到,但希望愈大,失望愈大——現在能下載的版本寫得清清楚楚,不支援 \\.\PhysicalMemory (代表 RAM 內容的 device object,相等於 Linux 的 /proc/kcore)。當然看到時很不甘心,但試過工具後發覺確實如此,FAU 的網頁也不見有舊版可以下載。
但事實上一直未死心,終於皇天不負有心人,昨天在某個存放 DEFCON 的工具的 mirror 中找到最初版本的 FAU,其中的 dd 真的能夠用。雖然最後有些奇怪的錯誤訊息,dump 的 RAM 也不完整,但問題不是太大。該程式的作者在 DEFCON 寫的另一個記憶體分析工具也註明了無法 dump 完整的 RAM 出來。
昨天才有機會接觸到 Vista,終於可以一看它的 Recycle Bin 是甚麼樣子(近來一直在研究這個課題)。
雖然結構上是改了一些地方,例如 C:\RECYCLER 變成 C:\$Recycle.Bin,檔案的 indexing 方法也變了,以往的 INFO2 (記載所有移入 Recycle bin 的檔案的資料)拆開變成每個檔案自己都有一個獨立的 index;但分析倒是比以往容易了,它的 binary format 很易拆解。我先放置了一個 sample 的 PDF 文件在自已的站裏面,遲些做進一步的分析(雖然感覺上能分析的東西好像不太多)。
As there is no copy of Ghost around, I was unable to move my Windows 2000 to new harddisk for a short while. After Bunny’s suggestion, I give ntfsclone a try. It only claims to be able to move NTFS partition, nothing more. Not even fixing boot record.
Probably I’m lucky, since after cloning a damaged NTFS partition (with lots of bad sector), Windows still manage to boot! Most likely because of my habit of always installing Windows on the very first partition of every disk, thus the boot record of cloned partition fits completely on the new disk. The bad sectors have been biting me in the past (damaging an important DLL and render the Windows partition unbootable), so it is still unsafe to say I have a fully usable Windows again. Still, perhaps time for a reinstall, but at least there is a plan B.
2007-07-02 update: Finally, I have spent a whole night re-installing Windows. The bad sectors have damaged some not-so-critical yet still essential files (shellext, java stuff, …) . Under that state some applications can’t be installed, basically leaving me a broken system.
Most Chinese Windows users should have heard about CP950, which is the implementation of Big5 character mapping inside traditional Chinese Windows. However, what the heck is CP951? Is it somehow related to CP950? Yes! This code page exists, but is rarely mentioned in internet, and I didn’t manage to find any page that clearly documents it so far; not even inside M$’s web site.
Now most of the content is moved to another static page, since it deserves some research value. Visit that page for more detail.
RSS