Wednesday 27 August 2014

View MessageBox Text In Windbg

Get the second argument to the message box function:
0:005> ~0kb
ChildEBP RetAddr  Args to Child            
0012e924 7739bf53 7739610a 00000000 00000000 ntdll!KiFastSystemCallRet
0012e95c 7738965e 094700da 00000000 00000001 USER32!NtUserWaitMessage+0xc
0012e984 7739f762 77380000 001959b8 00000000 USER32!InternalDialogBox+0xd0
0012ec44 7739f047 0012eda0 00000000 ffffffff USER32!SoftModalMessageBox+0x94b
0012ed94 7739eec9 0012eda0 00000028 00000000 USER32!MessageBoxWorker+0x2ba
0012edec 773d7d0d 00000000 0017d938 00194e08 USER32!MessageBoxTimeoutW+0x7a
0012ee20 773c42c8 00000000 01d74e90 01d74e28 USER32!MessageBoxTimeoutA+0x9c
0012ee40 773c42a4 00000000 01d74e90 01d74e28 USER32!MessageBoxExA+0x1b
[...]

Dump ASCII contents:
0:005> da 01d74e90
01d74e90  "File does not exist:.C:\TEMP\FO"
01d74eb0  "LDER\DATA\FILE.DAT"
Posted by at No comments:

Friday 8 August 2014

Prevent Profile In HKEY_USERS From Unloading After Logoff

2003 server:
1. Add the user whose SID you wish to remain loaded in HKU to the following registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPHClean\Parameters\USER_EXCLUSION_LIST. The format should be netbiosdomainname\username (or hostname\username for local accounts).
2. Restart the User Profile Hive Cleanup service.

2008 Server:
1. Go to the following location in group policy editor: Computer Configuration > Administrative Templates > System > User Profiles
2. Set the "Do not forcefully unload the users registry at logoff" to Enabled.
3. Apply the updates (gpupdate)
Posted by at No comments:
Subscribe to: Posts (Atom)