A very quick and dirty way to create a service from a vbscript file

Creating service from VB Script

1. Execute the below Command:
instsrv.exe C:\windows\System32\srvany.exe

Note: 'Service Created' message indicates Service Created Successfully

2. Copy the srvany.exe file from C:\windows\System32 at the same path of your script

3. Open Registry Editor and create a Key "Parameters" under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\

4. under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\Parameters, create the following values
AppDirectory REG_SZ "C:\Current Work\Service\" < Directory path of your VB Script
Application REG_SZ wscript.exe < u can change to Wscript or cscript>
AppParameters REG_SZ "C:\Current Work\Service\one.vbs" < your VB Script Name with path

5. Open Services under Control Panel and select the Service Name which create at Step 1

Click on properties, open Logon Tab and select the Check Box 'Allow Service to Interact with Desktop'
Click ok on Properties window
Now Start the service.

Note: Whenever you change anything in your script, restart the Service

Some Real Cool videos of Mark Russinovich on Windows 7 and Windows 2008 R2 Kernel Changes

Must watch videos guys

http://microsoftpdc.com/Sessions/P09-20

http://microsoftpdc.com/Sessions/CL29

My processor driver is dated 2004.. is there something wrong??

Sitting alone at coimbatore airport is not fun...  Next best option.. mess around with the system!!

Took a boot time capture of my system using procmon.  Even though it didn't make much sense to me initially the following registry key was among those queried very early.. HKLM\System\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}

It turned out to be related to the processor.. with two subkeys named "1" and "2" which I assume is related to to my two cores of the processor..

All is well till this time.. But I am a bit surprised by the driver date of my processor.. Here is the graphic for you..

Questions: Why is the driver dated 2004.. was the original driver so stable that it did not need an update ? Or am I missing an update ???

PS: The processor device driver processr.sys also is dated "August 2004"

A very nice article on code signing best practices

A very nice article on code signing best practices

http://www.microsoft.com/whdc/winlogo/drvsign/best_practices.mspx

Check it out.

A call that made my day...

Was a very very busy day.. In fact so busy that I didn't even open up my own blog to check if someone commented (for which I eagerly wait) or if there are many online.. ( which I fancy ). Accept it or not guys.. we all are attention seekers.. At least I am..I would love it to see my blog getting popular.. Alas.. wishes are on one end and the reality is at other.. Yes I do know the kind of attention I could expect with all these craps I write :-)..

However ( this is a bad habit I have developed of late.. I just cant write "but".. I have this strange feeling that somebody is having an OTS (over the shoulders) view of my screen and screaming "YOU SHOULDN'T WRITE "BUT".. " ) my day was made when I received a call at night 1:30.. Wasn't slept.. It was my close friend from Gujrat on the other end.. spoke to him for some time.. and he handed the mobile to the next guy..

He too was in my college..I had lesser interaction with him while I was in college .. Still when ever we met, it wasn't less than a good friendship.. We spoke quite a while today.. And I in fact felt good.. It really feels good when some one you haven't spoken with for so many years speaks to you.. with the same warmth that was there you met last time.. Years back..

Before he dropped the call he said few things.. and those sweet few words really touched me.. Yes. I felt really good..

" I keep reading what ever you write. Its just that I don’t comment back"

 Dude !! I am being read.. I am on cloud nine.. :-)

Now I want to re-use those sweet little words for all those blogs that I read but just can't make it to comment..

"Its just that I don’t comment on your blogs.. I am reading you.. Line by line.."

Nostalgia and loneliness made me write this...

Browsing through couple of old photographs brings in a mixed feeling.  You feel happy and a bit gloomy at the same time..

We did visit Muzhappilangad Drive-in beach some time back. It is an amazing place to be.. You can drive right close to the Sea..   On Sundays our local group used to go to the beach and play football. All fun..

 But when you go with special some one, the picture is different. This  place is absolutely romantic.. And those who want to show some driving heroics can show that off here with out taking much risks..

[caption id="attachment_249" align="aligncenter" width="300" caption="Muzhappilangad Drive-in Beach.. "][/caption]

 

[caption id="attachment_248" align="aligncenter" width="300" caption="Watching the Sea and the setting Sun.. "][/caption]

Well, places does not become special just due to the way they look.. They are special coz you have good memories associated.. :-)

Climate is changing.. not just in hyderabad.. in kerala too..

It has been a real  hot day..  As planned, we were to go out for couple of purchases Rejin had to do before his hard earned vacation.
We started from our home at around 3:30 and could feel the sun  was just burning above our head.. To top it up, the concrete structures and the rocks were eminating the heat they accumulated from morning.. Real burning sensation.. When we reached Vipin's home.. we were half fried.. Lift didn't work as there was a power cut.. Not a nice scene altogether..

Being a resident of Hyderabad, Andhrapradesh,  people might say still it is expected.. But whats happening in Kerala.. From what I heard from those back home, things aren't any better out there.. Kerala is loosing that status of a place with moderate climate swing.. things are getting tougher..

It is not the same Gods Own Country... Its HOT AND HUMID...

We need actions now.. Hats off to guys like Shahid (http://insane-joys.blogspot.com/) .. with initiatives like Chlorophil ( http://chlorophyll.org.in/) .. It doesn't take too much of research now to understand we need now to look back and nurture mother earth.. Else.......

So those who can initiate such stuff.. Join such pro-nature movements.. we are actually helping our younger generations.. We are atleast trying to show a nice gesture back to our mother nature...

What happens when you think too complex...

Being with an escalated support team is fun.. people aren't satisfied unless you follow your statement with a
root cause..

One ground rule: Things can't fail for simple reason.. It has to be something really complex about the failure.. about the behaviour..

However, at times complex thinking proves too expensive. Here is what happened today.

My team lead started experiencing a very strange issue with his mail client. When ever he forwards an email to any one, it is lost from his inbox view.. He figured out that under an option called "All Documents" his mails were safe.. He was concerned so were we..

An immediate quick meeting was called and action items were charted

• Take the back up of the mail data base


• To do that, get an alternate laptop, configure it for back to back connection and dump the data on to it.


• Our lotus notes expert wanted to try a "Design" replace option to see if any of the "Templates" were corrupt. Once the back up was completed, he was  to try that.

Backup went fine. We assembled back to discuss the strategy further.

I thought something related to "Automatic Inbox Cleaning"  agent was playing the trick. Opened the backend script and tried to see if I could find something interesting..

With my halfcooked knowledge, I have enlightened the whole team about the possibility of an automatic inbox cleaning up happening and why it did not happen on my system and why it didn't happen to my lead last week and.......

We took control of the impacted system again.. Asked our lead to test it once again before we were game for the big operation.. Alas.. The issue repeated.. So we called operation mail client "START"

Meanwhile, our only sensible team mate ( at least for the moment) decided to hit the "Insert" button, which is for marking an email "read". To our surprise, that mail too vanished.

He then took the mouse control... Selected a small menu on the right hand top corner.. which initially read " VIEW UNREAD MAILS ONLY"..

He changed it to "VIEW ALL MAILS" and everthing was back to normal..

The whole team was dumb for few moments.. which was followed by uncontrollable laughter..

Sometimes.. it helps if you dont think too complex.. :-)

Cheers guys...

I have pasted the below sticker on my old home door( sreekarun.livejournal.net)

It goes like this..
( http://sreekarun.livejournal.com/14672.html )

"Yes. I found a new place to write online.. :-)

The decision to move over to a new place does not mean I was feeling restricted with free online journals and publishing tools. But I always wanted to know first hand on how to set up a website.. What is like owning one.. and what goes behind setting up a site..

I knew I need to register a domain and then would need some web space to launch it.. Google helped me find a list of providers from which I zeroed in to Znetindia.com. There may be other providers equally or more competative, didn't want to do that extend of research anyway..

They allowed me to register my site sreekarun.net for around 450 Rs an year.. That was one part of it.. To host my site, I started looking for options and they were offering linux based solutions and windows based solutions.. PHP + Mysql attracted me than ASP.. Hence decided with the linux version and paid around 1000 Rs for 6 months hosting charges..

The control panel interface that znetindia has is awsome. Hardly did I talk to their tech experts. setting up things were a cake walk with tools provided in the control panel interface..

Next question was what to put in there.. Did some research on the available components and faced with terms like bulletin board softwares... Content Management Softwares and blogging softwares..

The look and feel of Mambo CMS attracted me initially.. played around with it and finally managed to get a site up under the tag portal.sreekarun.net.. I did write some articles in Live journals back in 2009 and this year too. rewriting them or individually porting them sounded painful.. CMS had lot options and some time felt too many... Moreover I couldn't find a way to add a comment option for my articles and manage them...

I Sat back and though for a while. I realized most of the things that I want to publish are blog like artcles. So decided to try the blogging software, wordpress..

Wordpress impressed me.. Lot of themes. Widgets.. configuration options .. You may even configure it as a CMS. So sticked to it.. Wrote a small php to redirect all traffic to http://sreekarun.net to http://sreekarun.net/blogs

Having tried many themes in Wordpress I am now using F2. One more great thing that made my life sweet is the import functionality.. it allowed me to import all my livejournal posts along with comments to my wordpress blog.. Great isn't it..

I have added couple of widgets like a clock and word of the day.. it all works well..

I think I am happy with the move over.. Atlest till the time znetindia send me a reminder email mentioning my hosting expiry date..

:-)"

A quick and dirty way to run a command prompt under system context

A quick and dirty way to run a command prompt under system context

Pre-requisite: you must have administrator previlege

Open up a command prompt and create a scheduled task using at command..

c:\> at "14:01" /interactive "cmd.exe"

this would start a new shell at 14:01.. dont forget to change the time as per your requiremnt when you try this..

What would you want to do once you get access to this shell.. Well system account is the most powerful account on your system.. Yes.. more than you "Administrator" account..

Have fun guys..

Something about ADS

Windows Alternate Data Streams is one thing you would like to explore.. A nice article in beeping computers explains it well.

www.bleepingcomputer.com/tutorials/tutorial25.html

The command line option to start the embedded exe is not working for Win7 though.. May be something changed ???

Hey.. This is new in Win 7 - Attaching vdisk

Win7 supports attaching vdisks and manipulating it natively.

So next time you have a .vhd file with you, you might want to try if you can attach that using diskpart.. And yes. The diskpart.exe now supports a new create option..

Create vdisk

Have fun guys..

A cmd ping sweeper demo.. I am testing flash blogging too..

Who is hogging My CPU:IE & SVCHOST acting for akamai ( Adobe download manager)

To find a change from  investigating client issues, today I decided to spend some time with my vista system analyzing its performance..

Thought of clearing the %temp% first.. Lot of active .tmp files where present.. That means.. I couldn't delete them..  Got curious about this and decided to investigate it further.. Fired up Process Explorer and Searched for .tmp file in the "Find Handle" option. To my great surprise, all those files were held up by Internet Explorer. I use IE8 on Vista..

I have lots of RSS feeds saved, so suspecting something related to that, decided to review the Feed reader configuration.. Dumb me.. It was accidently configured as 15 mts sync. with my 50+ feeds.. sycning every 15mts.. Now I know why sometimes my system was behaving really odd..

But that didn't answer the .TMP file question.. closed down all IE Windows.. and the files went off..Fired IE windows.. those files came up..
With each tab there were around 4 to 5 new .tmp files created.. So its not just the temporary internet files that IE uses for caching.. It uses
%temp%. Finding out the exact details of this behavior has been stored as a low priority item in my to do list..

I decided to move on.. Playing around with process explorer.. One application was taking so much of private bytes.. the process name was searchindexer.exe hosted as a service " Windows Search". So its the indexing service that is using some resources for searches that I rarely do.. Not a recommendation.. I decided to turn off the service for some days to monitor. The result is very evident..

The next biggest consumer was SVCHOST.EXE a poor generic service host who has to take blame of all the services it hosts.. Windows decided to go ahead with this multihost model to conserve resources..

But this time I am surprised, really really surprised..  As much as I read till this time, SVCHOST Can not be used by third parties to host their application..

And here is one Akmai Download Manager, which I installed to download an Adobe product ( Akmai is Adobe's download manager ) using SVCHOST to serve him..  On top of it, there were large context switches happening..



There weren't any  download happening at that time. So for sure the application was mis behaving.. There was an unistaller in the product folder using which I uninstalled the product.. I should say the system is much better now..

20 mts of small investigation using Process Explorer.. The system is back on feet.. but opened up a pandora's box full of questions to be answered...

Enabling extended logging for Windows Update Agent Service

The Windows Update Agent Service ( wuauserv ) is responsible for keeping the system updated by scanning the system for missing updates and installing those if properly configured to do so..

WSUS and the Windows Update Site uses this client agent to accomplish tasks.. If you are aware of MBSA, which is a Microsoft Tool to asses your system security compliance level, also uses the windows update agent for scanning. Additionally if you have any custom application which uses windows update APIs to perform scan / installation of updates also uses the same service..

Pretty critical eh.. It leaves behind a log file.. which is very difficult to decrypt for fresh eyes.. Even then some times the logged information proves insufficient to identifiy some issues..That is when you should be considering the extended logging option of Windows Update Agent.

How to do that ?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace
Value name: Flags
Value type: REG_DWORD
Value data: 00000007

Value name: Level
Value type: REG_DWORD
Value data: 00000004

This registry key turns on an extended tracing to the %systemroot%\Windowsupdate.log file. Additionally, this registry key turns on an extended tracing to any attached debuggers.

Refer to the MS Documentation for additional details. http://support.microsoft.com/kb/902093

P.S. : While investigating a very peculiar MBSA Scan issue ( offline scan wouldn't work if network cable is disconnected.. Then why shoud it be called an offline scan right ? ). Once the extended scanning was enabled, it gave some references to the ipV6 interface not being up and stuff..

In windows xp, the ipV6 stack can be installed or removed easily by

c:\>ipv6 install

and

C:\> ipv6 uninstall

The system that gave issue did not have the ipv6 stack enabled. Taking clues from the log file, I enabled it and scan started working. .Not happy yet as I am yet to reach to the root cause.

Big Surprise! Where did the /etc/inittab file go ???

This is what happens when you switch technologies..

Its like going back to your old mate with out knowing what happened while you were away..

One file that my seniors/ Unix gurus @HCL adviced me to be very careful with is /etc/inittab while teaching me the ABC's of SCO Unix and Linux.. They said..

It is Systems Configuration Database.
The system (init process ) reads configuration from this file.
If this file is corrupt you are GONE.

I do respect my seniors and gurus.. I always used to take back up of those files before editing / changing them..

Time moved on.. My new role is purely a windows based role.. Since I knew nothing in windows, I had to put in lot of efforts to learn some thing about the OS.. Result, I had to leave my long time buddy, linux..

Old habits die hard.. When I got some spare time, I decided to install the latest Ubuntu version and try out my memory.. type couple of ls, clear commands.. ;-).. seeing the black screen I got nostalgic and missed the "vi" badly.. And how can I forget the /etc/inittab file.. Alas !! the file was not present..
I was pretty sure.. I am out now.. I knew a bit of linux... no longer true..

UPSTART he has taken my init away..

"Upstart is an event-based replacement for the /sbin/init daemon which handles starting of tasks and services during boot, stopping them during shutdown and supervising them while the system is running. "

Feature Highlights

• Tasks and Services are started and stopped by events


• Events are generated as tasks and services are started and stopped


• Events may be received from any other process on the system


• Services may be respawned if they die unexpectedly


• Supervision and respawning of daemons which separate from their parent process

Communication with the init daemon over D-Bus

Known Users

• Ubuntu 6.10 and later


• Fedora 9 and later


• Debian (as an option)


• Nokia's Maemo platform


• Palm's WebOS


• Google's Chrome OS

http://upstart.ubuntu.com/

Atleast now I will ask my friend who call me up still to find out if there are any linux residue left about the distribution they are using before asking them to edit the /etc/inittab..

Windows Task Manager "Mem Usage" and VM Size column

A quick post :-)

You know how to bring up the task manager.. ( refer http://sreekarun.livejournal.com/7267.html ) 

As mentioned in the blog, the Mem Usage gives you only the figure of amount of physical memory used or the working set.

The VM Size gives you the private bytes; The amount of virtual memory, or address space, committed to a process

Lets learn Windbg: the !cpuid extension

Its an effort to learn and document windbg extensions..

So here is the first one !cpuid

lkd> !cpuid

CP  F/M/S  Manufacturer     MHz  
0  6,23,6  GenuineIntel    2394  
1  6,23,6  GenuineIntel    2393

the first lkd> means the current debug session is a local kernal debugging. How do we do that ? Open Windgb; Select File -> Kernal Debug and select local. 

Well I have seen this doesnt work with Vista normally. And as you can see, other options are remote kernal debugging which include COM, 1394, USB 2.0  and ET ( yes you can do it over TCP/IP as well )

A small lesson on VbScript - Learned the hard way

Today, we were required to write a script to gather some information from Windows client systems.  The script seemed to work fine till the "Quality Control" ghost took control.. Obviously..it was me who suggested this catastrophic idea of having "error handling" mechanism.

VbScript,  by defaul throws any error during execution as run time error.. This is a controllable behaviour though..

The two important statements are

On Error Resume Next

On Error Goto 0

The first one enables the error handling mechanism.. ie you will not be getting run time errors as earlier.. So you need to handle it manually..

And the second one disables error handling mechanisms.. any code error = run time error..

Now how to work with error handling


Err.Number will give you the error number.. and more down here

On Error Resume Next
strComputer = "fictional"
Set objWMIService = GetObject("winmgmts:\\" & strComputer)
If Err.Number <> 0 Then
    WScript.Echo "Error: " & Err.Number
    WScript.Echo "Error (Hex): " & Hex(Err.Number)
    WScript.Echo "Source: " &  Err.Source
    WScript.Echo "Description: " &  Err.Description
    Err.Clear
End If

http://www.microsoft.com/technet/scriptcenter/resources/scriptshop/shop1205.mspx#EMC

All that theory is just fine.. However, the script which has grown to around 600+ lines made us go mad.. One specific module to modify  a registry hive wont work..

And finally we found where we went wrong..

"An On Error Resume Next statement becomes inactive when another procedure is called, so you should execute an On Error Resume Next statement in each called routine if you want inline error handling within that routine."

http://msdn.microsoft.com/en-us/library/aa266173(VS.60).aspx

 

We had around 5 to 6 functions in the script. We added the "On Error Resume Next" stuff on all those and we were back on track after that.. A lesson learned in the hardway.. Long live the VbScript Error Handling.

Cheers !!

Sree

Wow... I am on Twitter now..

Yep.. Just wanted to try out what is happening out there.. Thanks to Shashi Taroor..  :-)

https://twitter.com/sreekarun