116 lines
6.9 KiB
Plaintext
116 lines
6.9 KiB
Plaintext
|
Episode: 40
|
||
|
|
Title: HPR0040: Sys internals Part 1
|
||
|
|
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr0040/hpr0040.mp3
|
||
|
|
Transcribed: 2025-10-07 10:39:24
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
.
|
||
|
|
.
|
||
|
|
.
|
||
|
|
.
|
||
|
|
.
|
||
|
|
.
|
||
|
|
.
|
||
|
|
.
|
||
|
|
.
|
||
|
|
.
|
||
|
|
.
|
||
|
|
.
|
||
|
|
I'm Zoke on IRC and I'm going to talk to you about the system tunnel suite.
|
||
|
|
Used to be done by an independent company and now it got bought out by Microsoft so you
|
||
|
|
may want to read the eulers very carefully.
|
||
|
|
First programs in the system tunnel suite, I'm just going to go through some of them.
|
||
|
|
You can go and google for them.
|
||
|
|
Some of the main programs that I used to use at work and I think you'll find quite useful.
|
||
|
|
So runs, this basically gives you a list of every program that automatically runs.
|
||
|
|
It's quite good in the fact that it does search the startup folders, the registry keys,
|
||
|
|
both the local machine and local user and a bunch of other places I'd never heard of.
|
||
|
|
It gives you an option to remove all of them, you can go through and rip any of the crap
|
||
|
|
that's on a machine out.
|
||
|
|
This also includes a lot of the spyware you can look like to hide itself in odd places
|
||
|
|
you can remove all that and clear up machines pretty well.
|
||
|
|
Next up we have BG info, this puts text on the desktop.
|
||
|
|
Yeah, exciting, isn't it?
|
||
|
|
You can put the IP address, version info, specific build, numbers and stuff.
|
||
|
|
We use it on the test machine so you can see what they were running.
|
||
|
|
Blue screen, screens over the emulates, blue screen or death, you're going to have that
|
||
|
|
just for putting on a friend's computer and watching them freak out as it blue screens
|
||
|
|
on them.
|
||
|
|
Filemon, short for filemonitor, this will monitor your files and show you what's accessing
|
||
|
|
them.
|
||
|
|
It's pretty much real time, it's going to take a fraction of a second touch, show on screen.
|
||
|
|
Basically you can run filemon and then you have to do is remove or filter all the hard drive
|
||
|
|
access that Windows does, which is a lot.
|
||
|
|
Your antivirus is going to be in there, if you've got a file wall that's going to be in
|
||
|
|
there.
|
||
|
|
Windows itself opens a ton of files all the time.
|
||
|
|
So you can just right lock on them and filter and remove them.
|
||
|
|
But then you run the program that you're going to install, watch it install and it will
|
||
|
|
show you exactly what it's installing where, which is very cool and useful.
|
||
|
|
Handle shows the open files, any file handles that you have open on your system.
|
||
|
|
So all the open files basically, that can be called to see what's got, what open, where,
|
||
|
|
there's DLLs, there's DLLs, funnily enough, this can be cool if you've got DLL issues.
|
||
|
|
A rather annoying problem we had at work was we had most of visual studio and then we
|
||
|
|
had the crystal reports, sports separately.
|
||
|
|
The version that came with visual basic was a very cut down crappy version of the full
|
||
|
|
blame version of crystal reports, but it had a higher number on the DLL.
|
||
|
|
So when we installed it, the program we used for rolling out all the software looked
|
||
|
|
at it and thought higher number, installed that one and ended up breaking half the stuff.
|
||
|
|
Things that Lissie allows will show you what open DLLs are on your system and you can
|
||
|
|
check the version numbers from there.
|
||
|
|
Log on sessions shows any logged on users on your machine.
|
||
|
|
It's very useful to see if someone's logged into your machine remotely.
|
||
|
|
For example, trying to do something like opening your CD-ROM drive, don't ask, there is
|
||
|
|
a story behind that though.
|
||
|
|
The HD-Frag will defrag a page file, that's what it says on the can basically, set it
|
||
|
|
to a D-Frag on next reboot and reboot pretty much simple.
|
||
|
|
Process Explorer, it's a very cool utility, it shows you what DLLs and any other things
|
||
|
|
are being called by a program, so you select the program and then you can see exactly
|
||
|
|
what it's calling.
|
||
|
|
So if you're looking for missing DLLs, you can see what the program is looking for and
|
||
|
|
specifically which calls in there.
|
||
|
|
Now we come to the PS Tools Suite which is one of the most useful bits in my mind anyway.
|
||
|
|
If for nothing else for then just for annoying or co-workers, you can download the entire
|
||
|
|
suite but there are various bits inside there and I'll go through some of the main programs.
|
||
|
|
PSExec, this executes files remotely on another machine assuming you have permission.
|
||
|
|
At work we had local admin access on every single machine because we were the IT guys.
|
||
|
|
You can use it to remotely install and register the DLLs for example on another machine
|
||
|
|
which we were looking at to fix problems if they had DLL issues.
|
||
|
|
Alternatively you could just take over a co-workers machine and make Internet Explorer,
|
||
|
|
load up two girls, one cup or another website that Dan's told you about.
|
||
|
|
File will show you any open files on a local or remote machine, this could be quite useful
|
||
|
|
if you're trying to upgrade one of the files and you can't because someone's using it,
|
||
|
|
you can see why.
|
||
|
|
PSInfo shows you information about the local or remote machine.
|
||
|
|
PSKill will kill a running process on a local or remote machine.
|
||
|
|
Found this quite useful, a friend had a VMware session up and it crashed.
|
||
|
|
He was running it full screen, couldn't do anything else on the machine.
|
||
|
|
He phoned me up around PSKill, killed the process off from he got his machine back, managed
|
||
|
|
to save the word document he had open and another window hadn't saved.
|
||
|
|
PSList lists the running processes on a local or remote machine, this can be very useful
|
||
|
|
in debugging.
|
||
|
|
PS logged on shows who's logged on, finally enough.
|
||
|
|
PSService, you can list start or stop services, very useful for debugging or even hacking
|
||
|
|
a machine if you so desired and PS shutdown will make the machine shut down, finally enough.
|
||
|
|
So you can go and copy some stuff over, set up services up to be started, whatever from
|
||
|
|
to reboot and pretty much run anything you want from the machine remotely.
|
||
|
|
Reg1, very similar to File1, instead of monitoring files, they're Reg1, monitors the registry.
|
||
|
|
If you were so inclined you could find some shareware 30 day only program, run Reg1, run
|
||
|
|
the 30 day program in Stooler, watch what registry files it changed where, delete the registry
|
||
|
|
files, oh look you've got your 30 days back again.
|
||
|
|
Of course there's no real point nowadays, you just have a virtual machine to do it and
|
||
|
|
then you don't get any extra crap floating around on your machine.
|
||
|
|
Hey it's there anyway, Rukit Reveals 1, I'll probably be talking about in a later episode.
|
||
|
|
It's Reveals Rukits, the Sony DRM stuff came up and was found by this by Mark Rusnovich
|
||
|
|
or however you pronounce the surname, run it, see what differences it thinks between the
|
||
|
|
operating system and what's actually on the disk again, I'll talk more about that later.
|
||
|
|
Just realised I pretty much guarantee that I'm going to be doing at least one more episode.
|
||
|
|
That'll be it for this episode.
|
||
|
|
In my next episodes I'll actually have to be good into windows and we'll go through
|
||
|
|
some of the tools and some of the actual options you can do.
|
||
|
|
Thank you very much for listening and if anyone wants to catch up on me, I'm normally
|
||
|
|
on the IRC in the 3.0.net in the Ash Linux reality and Ash a lot of Linux links rooms.
|
||
|
|
Thanks for listening.
|
||
|
|
Thanks for public radio, HPR is sponsored by Carol.net so head on over to CARO.NC for all
|