skip to main |
skip to sidebar
In Windows network shares can be mapped as local drives by doing Right-Click on Network and by selecting Map Network Drive.
There is a command to map even local path names.
Command : subst [from command prompt]
Syntax :
C:\Documents and Settings\oracle>subst /?
Associates a path with a drive letter.
SUBST [drive1: [drive2:]path]
SUBST drive1: /D
drive1: Specifies a virtual drive to which you want to assign a path.
[drive2:]path Specifies a physical drive and path you want to assign to
a virtual drive.
/D Deletes a substituted (virtual) drive.
Type SUBST with no parameters to display a list of current virtual drives.
If the user needs to map a drive say 'C:\temp' to 'S:\' he needs to use the following command
subst s: c:\temp
To list the virtual drives created type
subst
To remove the prev created virtual drive
subst s: /D
Purpose :
Users who play games and create iso`s will find this useful ;-)
Something similar to virtual CD drive
A utility by name 'sfc' is available in Windows [XP and later versions] which can be used to restore the corrupted system files.
If any system files [exe/dll/sys/...] get corrupted or infected , the file can be restored with the 'sfc' command.
The help for 'sfc' can be accessed from command prompt.
C:\Documents and Settings\zulfi>sfc /?
Microsoft(R) Windows XP Windows File Checker Version 5.1
(C) 1999-2000 Microsoft Corp. All rights reserved
Scans all protected system files and replaces incorrect versions with correct Mi
crosoft versions.
SFC [/SCANNOW] [/SCANONCE] [/SCANBOOT] [/REVERT] [/PURGECACHE] [/CACHESIZE=x]
/SCANNOW Scans all protected system files immediately.
/SCANONCE Scans all protected system files once at the next boot.
/SCANBOOT Scans all protected system files at every boot.
/REVERT Return scan to default setting.
/PURGECACHE Purges the file cache.
/CACHESIZE=x Sets the file cache size.
To scan and restore corrupted files run 'sfc' from the 'Run' menu as follows.
sfc /scannow
Note: Windows setup disk maybe required.
Debug is a Program testing and editing tool that can be executed from windows command prompt.
Debug can be used to create large files.[like dd in linux, but its not dd,dd is a power tool]
Lets see how debug looks at a file .
Few commands in debug needed for this exercise
- r = view the registers
- w = write to the file or disk
- r bx = change register bx value
- r cx = change register cx value
- ? = help on debug
- q = Quit debug
When a file is opened in debug the register values are initialized as follows
bx:cx - the size of the file
ip - the starting address for execution
[which is 0000 for exe and 0100 for bat,other files]
D:\>dir /x Mathematica_5.1_Win.EXE
Volume in drive D is SOFTWARE
Volume Serial Number is 5CE3-FAD8
Directory of D:\
02/03/2005 10:27 AM 113,126,762 MATHEM~1.EXE Mathematica_5.1_Win.EXE
1 File(s) 113,126,762 bytes
0 Dir(s) 28,524,593,152 bytes free
D:\>debug mathem~1.exe
-r
AX=0000 BX=06BE CX=2B6A DX=0000 SP=00B8 BP=0000 SI=0000 DI=0000
DS=0B80 ES=0B80 SS=0B90 CS=0B90 IP=0000 NV UP EI PL NZ NA PO NC
0B90:0000 0E PUSH CS
-q
In the above listing BX:CX value translated to 06BE2B6A in hex which is
113126762 bytes in decimal.[The size of the file :)]
We can use the above info to create a large file and maybe even zero fill it.
When we open a non existent file , debug complains but lets you into the prompt.
And when we check the registers BX and CX and initialized to zero.
When we change the bx,cx value to the size of file and write the changes the file is created
with the specified size. :-)
Lets say we need to create a 1MB file.
Open up calculator and calculate the hex value for 1MB [1048576 bytes]
Fire up debug in command prompt and create the file.
D:\>debug a.txt
File not found
-r bx
BX 0000
:0010
-r cx
CX 0000
:0000
-w
Writing 100000 bytes
-q
D:\>dir a.txt
Volume in drive D is SOFTWARE
Volume Serial Number is 5CE3-FAD8
Directory of D:\
02/05/2009 09:16 AM 1,048,576 A.TXT
1 File(s) 1,048,576 bytes
0 Dir(s) 28,523,511,808 bytes free
D:\>
The file created will have alien data [taken from stack maybe].
Zero filling a file is possible in debug but it has a few limitations.
Lets create a 100 byte file and try to zero fill it
D:\>debug a2.txt
File not found
-r bx
BX 0000
:0000
-r cx
CX 0000
:0100
-d 0100
0B31:0100 4D 00 00 3D 00 00 00 00-00 00 00 00 00 00 00 00 M..=............
0B31:0110 43 4F 4D 53 50 45 43 3D-43 3A 5C 57 34 00 20 0B COMSPEC=C:\W4. .
0B31:0120 57 53 5C 53 59 53 54 45-4D 33 32 5C 43 4F 4D 4D WS\SYSTEM32\COMM
0B31:0130 41 4E 44 2E 43 4F 4D 00-41 4C 4C 55 53 45 52 53 AND.COM.ALLUSERS
0B31:0140 50 52 4F 46 49 4C 45 3D-43 3A 5C 44 4F 43 55 4D PROFILE=C:\DOCUM
0B31:0150 45 7E 31 5C 41 4C 4C 55-53 45 7E 31 00 41 50 50 E~1\ALLUSE~1.APP
0B31:0160 44 41 54 41 3D 43 3A 5C-44 4F 43 55 4D 45 7E 31 DATA=C:\DOCUME~1
0B31:0170 5C 7A 75 6C 66 69 5C 41-50 50 4C 49 43 7E 31 00 \zulfi\APPLIC~1.
-f 0100 L 100 0
-d 0100
0B31:0100 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0110 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0120 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0130 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0140 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0150 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0160 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0170 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-w
Writing 00100 bytes
-q
D:\>
Fill has this syntax
-f (memory_location) L (num_of_bytes_to_fill) (filler)
We used '0' as filles ,filler can be anything .ex: 1234 will fill the file with 1234`s
'0100' was used as offset since the file is loaded at 0100 [open a simple txt file and check for
Number of bytes can be specified to a max of FFFF [ not sure]
So to fill files bigger that FFFF I have to change the offset a couple of times and fill the
whole file which is not a good idea.
We`ll see of there`s a better way out...
A tuturial on Debug command can be found here :
http://www.armory.com/~rstevew/Public/Tutor/Debug/debug-manual.html
The windows key shortcuts :
Windows key + R = Run menu
Windows key + Break = System properties **
Windows key + F = Search for files and folders
Windows key + D = Hide/Display all windows **
Windows key + M = Minimize all open windows
Windows key + E = Open My Computer
Windows key + U = Open Utility manager
Shift+Windows+M = Undo minimize all open windows
Windows Key + F1 = Open Windows Help
Windows Key +Tab = Cycle through the Taskbar buttons
The other shortcuts : ALT + Tab = Switch between windows
ALT, Space, X = Maximize window **
CTRL + Shift + Esc = Task Manager
CTRL + C = copy
CTRL + X = cut
CTRL + V = paste
[F1] Open Help for active application
These commands can be typed in "Run" box for quicker access :
System
rstrui = System Restoredevmgmt.msc = Device Manager
msinfo32 = System Information **
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
eventvwr = Event Viewer
secpol.msc = Security Policies editor
services.msc = Services start/stop tool
mmc = Microsoft Management Console
compmgmt.msc = Computer Management **
taskmgr.exe = Task manager [Ctrl + Shift + Esc key is an easier way of doing it ]
MS Office
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
Utils
iexplore = Internet Explorer
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
Control Panel
control = Opens the Control Panel
control printers = Opens the Printers Dialog
control keyboard = Keyboard Settings
control mouse = Mouse Settings
