Page 5 of 10 FirstFirst 12345678910 LastLast
Results 61 to 75 of 142

Thread: USB drivers for Win 7 on 8th generation Intel chipset

  1. #61
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    So you got it connected? Know what the problem was?

    I've only ever used Windbg remotely for driver debugging, but I'm finding using it for remote user-mode debugging a real PITA. I followed the advice of some guy here

    https://stackoverflow.com/questions/31295295/how-to-break-on-the-entry-point-of-a-program-when-debug-in-kernel-mode-with-wind

    and found that setting _NT_SYMBOL_PATH in the guest VM to a shared folder (mapped to Z:\) helped when using ntsd in the target. You may need to set up a shared symbol folder as well if you haven't already.


    To be honest, I don't really "get" how to use ntsd - d calc.exe in the remote target to debug it through Windbg in the host. The remote VM is locked up after breaking on $exentry, naturally, but there's no disassembly window in Windbg, or F8/F10, etc. to use. I don't want to debug ON the remote target through ntsd, I want to work through the Windbg interface on the host.

    Going the other route, strictly through the kernel debugger with
    !gflag +ksl
    sxe ld calc.exe
    works, in a way, but I can't seem to make it behave in a normal user-mode way after the initial exception, such as breaking on $exentry to single step.

    More RTFMing I suppose...

  2. #62
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    ntsd -d is for using a present existing kernel debugger connection for debugging a user mode application running in the target

    you run calc.exe in inside the vm using ntsd -d calc

    this breaks in the kernel debugger at exactly the same place where you will break if you open it in a windbg instance inside vm

    you can do everything you can as if you are physically debugging the app in target with a user mode debugger running inside the target

    you need a symbol path that is relative to ntsd running inside target that is you need a symbol path that is inside target for this

    you dont want to download gigbytes of craps for each of the vm you have

    so you right click the mycomputer and map a network drive

    ie net use * \\blah\foo

    now the target is happy it got a path that is relative to itself

    host is happy because it found the symbols

    and host can happily download the symbol to one central place viz srv*drive:\folder*httpsXXXXX\msdlXXXXX.com

    you can run n thousand vms with n^n thousand os versions and you have all the symbols for all the versions in one single place



    Code:
    E:\SYMBOLS>dir /s /b *ntdll*
    E:\SYMBOLS\ntdll.dll
    E:\SYMBOLS\ntdll.pdb
    E:\SYMBOLS\wntdll.pdb
    E:\SYMBOLS\ntdll.dll\4802A12Caf000\ntdll.dll
    E:\SYMBOLS\ntdll.dll\49901D48b2000\ntdll.dll
    E:\SYMBOLS\ntdll.dll\4CE7B96E13c000\ntdll.dll
    E:\SYMBOLS\ntdll.dll\521EA91C13c000\ntdll.dll
    E:\SYMBOLS\ntdll.dll\56A84B3317b000\ntdll.dll
    E:\SYMBOLS\ntdll.dll\FAC1B31418d000\ntdll.dll
    E:\SYMBOLS\ntdll.pdb\120028FA453F4CD5A6A404EC37396A582\ntdll.pdb
    E:\SYMBOLS\ntdll.pdb\1751003260CA42598C0FB326585000ED2\ntdll.pdb
    E:\SYMBOLS\ntdll.pdb\6992F4DAF4B144068D78669D6CB5D2072\ntdll.pdb
    E:\SYMBOLS\ntdll.pdb\8670B02D0AAB58B6417C99F75EC9F6181\ntdll.pdb
    E:\SYMBOLS\ntdll.pdb\ABF1BB59358045878B4834C02650F1AA1\ntdll.pdb
    E:\SYMBOLS\ntdll.pdb\CD4062A231154A17A18DAE7D1A0FBACC2\ntdll.pdb
    E:\SYMBOLS\ntdll.pdb\CD4062A231154A17A18DAE7D1A0FBACC2\oldntdll.pdb
    E:\SYMBOLS\wntdll.pdb\F42E56BB23DF4C2A9CAA683DA90E032F1\wntdll.pdb
    
    
    E:\SYMBOLS>dir /s /b *ntkr*
    E:\SYMBOLS\ntkrnlmp.exe
    E:\SYMBOLS\ntkrnlmp.pdb
    E:\SYMBOLS\ntkrnlpa.exe
    E:\SYMBOLS\Ntkrpamp.exe
    E:\SYMBOLS\ntkrpamp.pdb
    E:\SYMBOLS\ntkrnlmp.exe\4CE78A06404000\ntkrnlmp.exe
    E:\SYMBOLS\ntkrnlmp.pdb\00625D7D36754CBEBA4533BA9A0F3FE22\ntkrnlmp.pdb
    E:\SYMBOLS\ntkrnlpa.exe\521E9CB6413000\ntkrnlpa.exe
    E:\SYMBOLS\Ntkrpamp.exe\4CE78A09412000\ntkrpamp.exe
    E:\SYMBOLS\ntkrpamp.pdb\684DA42A30CC450F81C535B4D18944B12\ntkrpamp.pdb
    E:\SYMBOLS\ntkrpamp.pdb\68D8223983D9498BA98FCDE6FE21A6F01\ntkrpamp.pdb
    E:\SYMBOLS\ntkrpamp.pdb\8D19793666974C2381B49539536AC9EE1\ntkrpamp.pdb
    E:\SYMBOLS\ntkrpamp.pdb\E4AF624F009A4D99A4F85690E0164DBC2\ntkrpamp.pdb
    
    
    E:\SYMBOLS>set _NT
    _NT_SYMBOL_PATH=srv*E:\symbols*http://msdl.microsoft.com/download/symbols;
    Name:  ntsd.gif
Views: 76
Size:  119.2 KB
    Last edited by blabberer; March 15th, 2019 at 01:27.

  3. #63
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Yeah I can break on $exentry, with symbols, but I was stuck as where to go from there. I was hoping most of the Windbg functions would be available, including the Disassembly window and F8/F10 keys, but I realize now it's mostly limited to ntsd/cdb commands inputted on the command line. "t" = F8, "p"=F10, "u ." to try to figure out where the hell you are in the code, blah, blah.

    Hmm, ntsd is useful for some purposes I'm sure, but doesn't look like a lot of fun. Maybe I'll try x64dbg or Windbg for user-mode debugging within VM's and leave the remote Windbg stuff strictly for kernel mode.

    Thanks for the help.

  4. #64
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    yeah ntsd is useful for exotic situations not for normal debugging of calc.exe

    ntsd is useful if you are debugging a nonui session 1 process under ui session2 process (IMAGINE NETWORK_SERVICES )

    it can sit there headless and just serve as command interpreter

    i think you will never be able to ( x64dbg or ollydbg or radare2 or even windbg usermode) a winlogon.exe or csrss.exe right from start

    well it is exotic and is to be used for exotic purposes

    there is absolutely no joy debugging calc.exe it is just an exercise in masochistic sadism

  5. #65
    Quote Originally Posted by Kayaker View Post
    So you got it connected? Know what the problem was?
    The initial connection problem was in the null modem cable. As I explained in my rambling blurb, it's easy to invert the D-shell serial connector and reverse pins 1 and 5. As far as the 'waiting to reconnect', that is still unresolved.

    The problem may be in the USB-Serial interface I am using. Microsoft is finicky with their demands. With network connections for Windbg, they only allow certain models of network cards. Maybe they are using the RS-232 interface in a non-standard manner. However, their explanation of a serial connection requires a null modem format and that's exactly how I have wired my null model cable, to Msoft specifications.

    Getting closer through. I found an excellent book on Windows debugging which covers that very question. The book seems to think it's in the connection parameters but I am beginning to suspect more.

    I am wondering about the possibility of debugging windbg using windbg?

    Realizing I know nothing about how the debugger interacts with the OS, or the facts behind host/guest or local/remote/target, I have rolled up the sleeves and decided to understanding it all from the bottom up.

    I have already covered a lot of it in books like Windows Internals and this book begins with a good explanation of the OS architecture from user mode through ntdll, ntoskrnl and Hal to the hardware level. The author uses that to explain user mode debugging versus kernel mode debugging.

    I have skimmed some of it to see what they are getting at and the author explains a remote session versus a remote stub. So, it seems more involved than simply connecting two machines together, you have to decide whether the debugger will be on the target machine or the local machine and as Blabbs said, you have to decide where to put the symbols.

    There is also the question of what debug mode does to connect itself to windbg on the other computer. That is all explained in the book but I have yet to digest it.

    Amazingly, you can actually setup debug mode in msconfig under the boot tab. You can turn debug on/off and set the com port and the baud rate. You can even make it permanent.

    To compound the issue, this author is talking about a straight, pin to pin serial cable and does not mention a null modem cable. I can almost get that provided the communication is from one machine to the other with no data required in the opposite direction.

    More research required.

  6. #66
    Quote Originally Posted by blabberer View Post
    so you right click the mycomputer and map a network drive

    ie net use * \\blah\foo
    Thanks for tip. I might add that on my system I had to give permission on the shared folder before the network share could be implemented. I just right/clicked the shared folder, selected 'Share' then selected 'Everyone' under the Share button.

    There is also an Advanced button where you can do more intricate permissions.

  7. #67
    One major issue with using a USB - serial converter is the availability of the port when the target machine is booted.

    Answering my own question, when I set up wdbg on a host machine and set it in kernel mode, then reboot the target in debug mode, the target OS loads a file called kdcom.dll during boot for a serial port connection on the target end. kdcom looks for s REAL serial port with wdbg on the other end and my mickey mouse USB - serial converter driver has not yet been loaded. Therefore, no serial port is seen.

    One problem solved.

    But wait... a light just went on. Suppose I reverse the connection so wdbg is on the laptop with the serial port working, then reboot the desktop with the real serial port? Hmmmm. Gotta check and see if my desktop version of W7 has a kdcom.dll in sys32.

    I do have a Firewire port on my laptop but no Firewire capabilities on my Asus B360 mobo. Don't know if a converter is available between Firewire and a serial port, or USB port.

    If there was such an animal it would likely work because the Firewire port on my laptop is an actual port. It would be available at boot time in debug mode and the other end should not matter since wdbg already has it open.

    Apparently a network connection is not available on W7.

    Sigh!!!

    I do have a modem port (RJ-11 connector) on my laptop and it is driven by a removable module. The modem 'should' be connected to an internal serial port but I have no idea what is available on it.

    I was wondering why my BIOS lists a serial port and no external physical port can be seen.

    I never really understood what Bluetooth was about till the other day. Apparently it is a wifi version of RS-232. My Bluetooth devices on my laptop are marked COM5 and COM7, which are serial ports but I'd likely run into the same issues where those Bluetooth were not available early enough to connect with kdcom.dll.

    The research never ends.

    I know, blabbs, I know....use a friggin VM and get on with it. What if I ran a W7 VM as host, could I use it to debug the physical machine?

  8. #68
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    I was wondering why my BIOS lists a serial port and no external physical port can be seen.
    i have been told or i have read somewhere that a mother board can have headers that you can reach at if you are in factory
    but not physically exposed

    especially usb headers are supplied by many vendors for extensing usb ports to front panel

    here is a b360 motherboard snapshot (not sure if it is your b360 it is google's first hit b360)
    PRIME-B360-PLUS/

    see if you can locate a serial header in there

    Name:  isthereacomheader.JPG
Views: 47
Size:  80.3 KB



    and here is a link to some soldersoldier's attempt to put some x cable to y pinouts to give birth to a exposed z

    soldersoldier/

    can i use w7 vm as host ??
    why not try it out ?
    actually vmware has two options to declare which end is what

    but from my feeble understanding of vm's i think a virtual machine can work on top of one physical machine only

    i havent tried to connect a vm that is running on top a physical machine to another remote physical machine connected by a cable

    if that is what you are referring to
    Last edited by blabberer; March 18th, 2019 at 10:33.

  9. #69
    Quote Originally Posted by blabberer View Post
    i have been told or i have read somewhere that a mother board can have headers that you can reach at if you are in factory
    but not physically exposed
    Yeah....I have seen that done before. RS-232 is still a common communication protocol and some electronic equipment is tested via a serial port then the port is abandoned.

    That's what I was talking about with my laptop which has a modem output via an RJ-11 jack, a common telephone jack. The jack has a cable running to it and is coupled to the mobo via a coupler that I presume converts the serial output on the mobo to a modem-compatible 2-wire circuit. If I'm lucky, the port where the coupler connects may be an RS-232 port. Or, as you point out, there may be header traces on the mobo for an abandoned RS-232 i/f.

    It may not be full RS-232, however. The simplex form only uses a transmit and receive terminal with a ground. I'd be lucky if it had the full compliment of handshake signals as required by Microsoft in their specifications for connecting two computers with a serial null modem cable.

    I would have looked at it by now but it's not a trivial device to reach. It requires dismantling a good deal of the laptop and I have not had time as of yet. Another option may be the Bluetooth module. It may connect to an RS-232 port where the module acts as a converter from RS-232 to wireless RS-232. I need to research that more.

    At the link you provide, the guy was lucky not to have damaged his mobo. I presumed the mobo serial pin configuration was the same as on the DB-9 connector but it was not. Luckily Asus supplied the pinout.

    BTW...in the article at the link he claims DB-9 is not the correct terminology. DB-9 has been regarded as the correct terminology throughout the industry as long as I can recall.

    Quote Originally Posted by blabberer View Post
    here is a b360 motherboard snapshot (not sure if it is your b360 it is google's first hit b360)
    Close but it's the Asus Prime B360 Plus and mine is a B360M-C. The one in your photo has three full sized PCI slots grouped together and mine only has one.

    If you look at the bottom left side of the board in your photo you'll see two serial ports. They are rectangular in shape with a slot in the bottom edge.

    Quote Originally Posted by blabberer View Post
    i havent tried to connect a vm that is running on top a physical machine to another remote physical machine connected by a cable

    if that is what you are referring to
    No. I was talking about setting up a pipe between the VM and the host mobo so I could debug the USB driver stack in W10 on that particular B360 mobo. I want to then compare that to the W7 stack to see where it differs.

    There are W7 drivers supplied by Intel (I posted a link earlier) for a slightly earlier version of the 300-series mobo of which my B360 is a part. However, those drivers refuse to start under W7 on my mobo and I think it's because the driver above them, supplied by msoft, to interface those drivers to the kernel, is too old to deal with USB 3 drivers. If I can figure out how it works in W10, maybe I can find a driver in W8 or so that will do the job.

    What I want to do, in W10, is trace the action of a USB device as it is plugged into a USB port. I want to trace through the USB driver stack (not the call stack) which consists of several drivers between the kernel and the physical USB device. They communicate via IRPs.

    I asked you this a while back. Can Wdbg trace as low as HAL and right to the device? From what I am reading now it can only be done via a remote connection using kernel debugging. However, it's still not clear whether I can use wdbg to trace right through ring 0 code to the device level.

    I seem to recall you saying it can be done.

  10. #70
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Waxford, just to let you know, I mentioned earlier about IRPMon

    https://github.com/MartinDrab/IRPMon

    I was able to run it on a VM after selecting "Disable driver signature enforcement" from the boot menu and monitor USB IRP's. You'll have to read the docs and play around with which usb drivers to hook, but I did get some results such as DriverObject and IRP Addresses. Since you can combine that monitoring with a Windbg kernel session at the same time, it might help your cause.

    For example, here is the output of !irp from an IRP address captured by IRPMon when I had a usb stick plugged in:

    Code:
    kd> !irp fffffa8002186ca0
    Irp is active with 7 stacks 7 is current (= 0xfffffa8002186f20)
     No Mdl: No System Buffer: Thread 00000000:  Irp stack trace.  Pending has been returned
         cmd  flg cl Device   File     Completion-Context
     [N/A(0), N/A(0)]
                0  0 00000000 00000000 00000000-00000000    
    
                Args: 00000000 00000000 00000000 00000000
     [N/A(0), N/A(0)]
                0  0 00000000 00000000 00000000-00000000    
    
                Args: 00000000 00000000 00000000 00000000
     [N/A(0), N/A(0)]
                0  0 00000000 00000000 00000000-00000000    
    
                Args: 00000000 00000000 00000000 00000000
     [N/A(0), N/A(0)]
                0  0 00000000 00000000 00000000-00000000    
    
                Args: 00000000 00000000 00000000 00000000
     [IRP_MJ_INTERNAL_DEVICE_CONTROL(f), N/A(0)]
                0  0 fffffa8002ce9050 00000000 fffff880032361b4-00000000    
               \Driver\usbehci    USBSTOR!USBSTOR_CswCompletion
                Args: 00000000 00000000 0x0 00000000
     [IRP_MJ_INTERNAL_DEVICE_CONTROL(f), N/A(0)]
                0  0 fffffa8002fdab60 00000000 fffff8800199dd40-fffffa8002bbda88    
               \Driver\USBSTOR    CLASSPNP!ClasspMediaChangeDetectionCompletion
                Args: fffffa8002bbda88 00000000 0x0 00000000
    >[IRP_MJ_CREATE(0), N/A(0)]
                2  0 fffffa8002191790 00000000 00000000-00000000    
               \Driver\Disk
                Args: 00000000 00000000 00000000 00000000
    and the results from IRPMon for that capture:

    Code:
    ID = 1424
    Time = 3/20/2019 5:40:37 AM
    Type = IRPComp
    Device object = 0xFFFFFA80021D5440
    Device name = 
    Driver object = 0xFFFFFA80025EB460
    Driver name = \Driver\usbhub
    Result = STATUS_MORE_PROCESSING_REQUIRED (0xC0000016)
    IRP address = 0xFFFFFA8002186CA0
    Thread ID = 0
    Process ID = 0
    IRQL = Dispatch
    IOSB.Status = STATUS_SUCCESS (0x0)
    IOSB.Information = 0x0000000000000000

    On a side note, I've been able to break on the start of any usermode process while running Windbg in kernelmode on the host, without requiring the use of ntsd/cdb on the guest VM. In other words, the full Windbg gui is available, including the disassembly window, so all the benefits of Olly + Softice. The procedure steps through bp's on nt!NtMapViewOfSection and ntdll!RtlUserThreadStart then calculating the OEP of the target. A simple script can automate most of the sequence, which I can outline later.

  11. #71
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    ah you asked me earlier about irpmon equivalent with signed drivers

    no i havent found one

    btw youdont have to calculate the oep when on RtlUserThreadStart they are already available in registers

    check the post i made for ollydbg here http://www.woodmann.com/forum/showth...ll=1#post97607

    btw @kayaker
    keep in mind that !gflag +ksl ; sxe:ld will work only once per boot

    you may need to do some jugglery to catch it again check this thread

    https://community.osr.com/discussion/comment/233214/
    Last edited by blabberer; March 20th, 2019 at 06:20.

  12. #72
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Nice trick picking up the OEP from the register. Not sure how that would work in 64 bit though. Here's the start of RtlUserThreadStart after the break. I have to step into the RAX call, to get to the next bit of code where RDX holds the call to the program (in this case Autoruns64).

    Name:  RtlUserThreadStart1.jpg
Views: 37
Size:  44.3 KB
    Name:  RtlUserThreadStart2.jpg
Views: 40
Size:  39.4 KB

    EDIT: Actually, looking at the code, it might be in RCX, I'll check next time.
    EDIT: Yes it is.


    I've been using this script snippet, called as
    $$>a< C:\..\script.wds <image name>
    where <image name> is interpreted as the base address

    Code:
    .block{
        r $t0 = ${$arg1}+dwo(${$arg1}+dwo(${$arg1}+3c)+28)
        .printf "BaseAddress = %p OEP = %p \n", ${$arg1}, @$t0
        bp0 /p @$proc @$t0
        g
        .printf "Welcome to OEP \n"    
    }
    Oh, and $exentry only works on programs with symbols it seems, else it always points to nt!KiSystemStartup for some reason.

    Most times I've been able to Break or .restart after letting the app run and repeat without too much problem, I think usually, but yeah sometimes it seems to wipe out !gflag and sxe.

  13. #73
    Quote Originally Posted by Kayaker View Post
    I was able to run it [IRPmon] on a VM after selecting "Disable driver signature enforcement" from the boot menu and monitor USB IRP's. You'll have to read the docs and play around with which usb drivers to hook, but I did get some results such as DriverObject and IRP Addresses. Since you can combine that monitoring with a Windbg kernel session at the same time, it might help your cause.
    Thanks, Kayaker. I find this intrusiveness by Msoft to be irritating. When I installed IPRmon, I got a nasty message telling me the driver is not signed therefore I should uninstall the app. I mean, after purchasing Windows, does it belong to me to use as I like, or do they still hold the right to dictate what I should and should not load?

    On my desktop, I have put the OS in test mode so I can load what I want and I have defeated file checker so I can test different versions of drivers and dlls so it won't erase what I install.

    I'll try IRPmon out soon. At the moment I am deliberately isolating everything I can think of that might interfere with wdbg on a host seeing the target. I came across some permission issues and I am thinking of turning off DEP in BIOS. Ran takeown and icacls on my c:\ drive to restore permissions but forgot about reparse points/junctions. I would think icacls and takeown would be familiar with the reparse points since it is issued by msoft. It's not. Seems I have to run them directory by directory to avoid those directories with junction points.

    I have noticed in the W7 registry, under HKLM in enumeration, there are sub-hives called Properties. They are strongly defended by access denied warnings. I am going to run an app to reset permissions in the registry but I'd like to reset Properties as well so I can see what's in there.

    I fear the DEP is likely running shotgun on serial port communications early in the boot process, either that or one of those new fangled boot code monitors is at work.

    I am also checking out my Comodo firewall. It has a means of enabling or disabling ports but I'm trying to figure out if the 0x2F8 - 0x2FF addresses associated with COM2 are actual port addresses that I can enter in Comodo to ensure those ports are enabled. To complicated further, the ports in Comodo are in decimal, not hex.

    Quote Originally Posted by Kayaker View Post
    On a side note, I've been able to break on the start of any usermode process while running Windbg in kernelmode on the host
    Not sure what you mean, more out of my ignorance of wdbg than anything. I have run notepad right from the wdbg GUI, under File/Open Executable, and it is stopped in ntdll by design. Is that considered k-mode wrt wdbg? I was not aware you could run it in different modes, I thought it was the KD cmd line debugger with a GUI.

    I have been able to set a BP to trap a File/Open in notepad while it is running just as I would have done with sice. Did not try tracing into K32, or ntdll to see if it would hit a sysenter and carry on into the kernel.

  14. #74
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    I have run notepad right from the wdbg GUI, under File/Open Executable, and it is stopped in ntdll by design. Is that considered k-mode wrt wdbg?
    no absolutely not if you open notepad.exe on the same computer running windbg and if it breaks on ntdll!Kixxxstartyyy you are doing plain usermode debugging as if you are debugging it in ollydbg / x64dbg / whatever debug including visual-studio f5

    now if you run notepad.exe in the target computer and if it breaks in the windbg running in host
    you are debugging the notepad under kernel debugger in this case you can view the notepads complete virtual space ie on a 32 bit computer
    you can see the target notepad.exe's virtual address space from 0x00000000 to 0xffffffff or their physical pages

    like i said earlier get your feet wet instead of editing ntfs mft root acls billions of computers are running doze and probably billions went through windbg / kd and yes hal also needs debugging so you can step through hal function oh by the way you can disassemble bios amli code with windbg
    and debug acpi tables will that qualify your requirement you posted few threads ago ?

    calc.exe stopped in kernelmode when Section is mapped

    Name:  calckd.gif
Views: 28
Size:  89.8 KB
    Last edited by blabberer; March 22nd, 2019 at 06:52.

  15. #75
    re turning of DEP in BIOS, I can do it on my HP laptop but not on my B360 BIOS.

    I recall being advised with sice while setting up windoze to start in debug mode to use a switch like /opt out to stop DEP. Does anyone know if something similar can be added to the W7 debug string in debug mode to stop DEP loading in debug mode?

    Closest I have seen is adding a line with bcdedit as:

    bcdedit.exe /set nx AlwaysOff

    I don't know if that can be entered verbatim or if the 'x' in 'nx' is a variable.

    ps. I have a whole lot of grief with file/folder permissions. Ran chkdsk and it stalled at 0%. Remembered that I had applied a drive letter to the system partition so I could read it. Turning that off got chkdsk to 70% where it has stalled overnight checking security descriptors.

    I have lost bcdedit. The system complains it's folder is missing. Under HKLM there is usually a bcdedit entry titled BCD000000.... It's gone.

    Good Grief!!!! .....Charley Brown.

Similar Threads

  1. Key generation
    By rebx in forum The Newbie Forum
    Replies: 4
    Last Post: December 17th, 2011, 12:46
  2. License generation WLSCGEN
    By calvin in forum The Newbie Forum
    Replies: 0
    Last Post: March 2nd, 2010, 04:38
  3. how does certificate generation work ?
    By p_2001 in forum The Newbie Forum
    Replies: 15
    Last Post: March 17th, 2009, 11:57
  4. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 18th, 2001, 13:14
  5. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: June 15th, 2001, 05:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •