Martin Zugec blog : Development

Lnk, shortcuts - real disaster??

martin — Thu, 29 May 2008 22:20:57 GMT

Maybe you noticed that one of my projects I would like to finish in summer is also offline shortcuts editor - and you probably think "why some editor when I can build shortcuts using Explorer?"...

Think twice - it's not as easy as it looks like and you will be maybe surprised how many gotchas are there.

Problem with .lnk files is that they are WYSINWYG (What You See Is NOT What You Get). Windows is sometimes too "intelligent" - and it can be very, very annoying.

My blog is primarily focused on scripting, deployment and SBC - so I expect that my audience have also some experiences with this. And most people tried to create some shortcut and copy it somewhere else (you create shortcut to some drive letter on your PC and then copy it to desktop of all users for example). Problem is that together with shortcut you provide more information that you know - you provide also last successful resolution of that shortcut and you won't see this information anywhere in properties of such shortcut.

Let me show you example. You map home drives of your users to H: drive. You want to have shortcut to H:\MyDocs on your desktop. So if you create shortcut to H:\MyDocs, then you just need to distribute it to all your workstations and its done. You open properties of this shortcut and you see that it points to H:\MyDocs, so it should work everywhere, right?

WRONG - don't forget, Windows can be sometimes unpredictable ;) If you open properties of your .lnk file, you can see that it is (still) pointing to H:\MyDocs - however .lnk file also contains information that H:\MyDocs is in fact \\Servers\Administrator$\MyDocs and it will automatically open this folder even from different PC! Quite nasty, right?

And thats not all - try to remove that drive letter and open shortcut - because it remembers that location, it will automatically map H: to \\Servers\Administrator$\MyDocs

If you will try to map something else (\\Servers\Projects) to H: drive, Windows will surprise again - not only it will map that shortcut to different drive (X:), but it will also modify your shortcut so it is automatically changed from H:\MyDocs to X:\MyDocs... Which means that if you have 50 shortcuts pointing to H: drive, 1 accidental click can corrupt that shortcut for you.

You can find many (well, not tons of, but still few of them exists) offline shortcuts editors, however most of them covers only situation I described above (and not of all them covers this). There are some bugs that are (as far as I know) not solved by any existing product - for example if you use variables to define your folders (for example %Programs% for D:\Programs), you WON'T be able to create such shortcut if variable is not defined. When you try to create it, C:\ prefix is automatically appended (so %Programs% is in fact pointing to C:\D:\Programs, which is invalid value).

Well, this was just quick overview why I want to have offline editor where all such bugs will be fixed (btw I already have first version of code and it works correctly there, so it must be something in Explorer itself)... There are tons of other bugs - I will try to spend some time testing different results and share results with you. I am now very sorry Microsoft didn't implement something like XLNK in Windows Vista :(

SystemSherlockGUI - one package that rules them all ;)

martin — Mon, 26 May 2008 20:42:13 GMT

Good news everyone - I just received email from Roger (a.k.a. Kephyr) - he is author of brilliant SystemSherlock. He allowed me to include SystemSherlock in one package with my GUI - so now you can download one package with both GUI and command line interface :)

To remind you, SystemSherlock is snapshoting utility (like Regshot), that can track changes on your filesystem or registry...

Snapshoting is sometimes (often) better than using ProcMon\RegMon\FileMon - you only see real changes, no reads etc... So I prefer snapshoting when I for example want to find where in registry are some changes hapenning.

Compared to RegShot, SystemSherlock is I think much better - you can compare unlimited dumps (not only 1st & 2nd snapshot) and I like GUI more ;)

Download and enjoy :)

P.S.: If you have any feature requests or bugs to report, feel free to contact me, I would like to keep SystemSherlock alive

Elevator - command line

martin — Mon, 19 May 2008 15:15:39 GMT

If you tried elevator, you probably know that it is running thought context menu:

It is assigned only to exe files (if it is needed, I can extend it)... But sometimes you may want to change shortcut to always run specific action using elevator.

In fact it is pretty easy - just run ElevatorRunner.exe with filename and parameters and you are all set :)

First parameter is executable you want to run and then any command line arguments you want to include.

For example if you want to elevate MMC.exe, simply runs ElevatorRunner MMC.exe and thats it.

To also show example with command line parameters, this is command line I use to run Joost:
C:\Data\SkipUAC\ElevatorRunner.exe "C:\Program Files (x86)\Joost\xulrunner\tvprunner.exe" "C:\Program Files (x86)\Joost\application.ini"

In following screenshot you can see few examples:

It is also pretty easy to modify shortcuts to use Elevator:

Martin

SystemSherlock - snapshot using GUI or CMD

martin — Sat, 17 May 2008 21:32:00 GMT

Recently I wrote about SystemSherlock Lite - really nice snapshoting tool that supports command line... I also posted small utility for parsing log files.

After that I started to heavily use SystemSherlock - and I must say that it is really really great utility. Problem is that usually you want to have command line AND GUI interface - and SystemSherlock is cmd only :(

So I decided to create wrapper around it - and for me combination of GUI and SystemSherlock is much better snapshoting tool than RegShot or InstallRite...

SystemSherlock GUI consists of 3 different tabs - one for creating snapshots, second for comparing snapshots and third for displaying log files in friendly structure.

Create snapshot

Below is GUI used for taking snapshots:

It allows you to create snapshot configuration, specify output file and also to include exclusion list if you want to ignore particular entries. This is configured snapshot for detecting HKCU and C:\Temp folder:

I tried to implement quite logical interface, so there are feature like auto-suggest or auto-repair of entries (for example HKLM is automatically translated HKEY_LOCAL_MACHINE)... Another feature is that entry type is automatically detected (you can see it in video - I don't select whether entry is registry or filesystem, it is automatically filled):

Update: Embedded video from Jing doesn't work :( So click on following link instead).

Once you specified what you want to monitor, just click on create button - dump is automatically created. Then do whatever you want - and just click on Create button again. One of SystemSherlock advantages is that it allows you to create as many dumps as you want - you can even compare current dump with one created months ago...

When finished, move to Compare snapshots tab.

Compare snapshots

Below is screenshot of Compare snapshots tab:

It is divided to two parts - on left you can see source dumps and on right target dumps. Source dumps are the ones that were taken first - this is VERY important to understand that source must be always older.

System Sherlock Lite can report unexpected results if you are not aware of this behavior - if you will swap source and target (so target will be older file and source will be newer file), results will be opposite (for example if you deleted folder between snapshots, it will report that this folder was created etc.).

For this reason I implemented some logic to processing. When you select any file on left, ONLY newer files then selected are displayed on right.

Parse logs

When you compare two dumps, differences between these two entries are automatically displayed in GUI.

Current version should be already functional, but I am sure that there will be some issues - after all, this is really first version I just finished. If you encounter any problems or you have some features requests, feel free to post them in comments - if nothing, I will at least respond (but probably also implement such changes).

Advantages compared to RegShot:

Fully supports command line - can be scripted
Imho better GUI
Supports multiple dumps - not only comparison of 2 snapshots (easily review historical changes)
Exclusion list based on RegExes
GUI for reading log files

Download

Utility to display logs from SystemSherlock Lite

martin — Thu, 15 May 2008 10:29:00 GMT

As mentioned in my post about SystemSherlock Lite, I really love this tool after few days... Only problem I had is that it can take some time to realize what really happened - you need to read pretty big log files and you can spend precious time reading through temporary entries or documents and settings and miss one important entry saying that applications copied something to your System32 folder.

I was playing with Sherlock yesterday and I spent lot of time parsing through log files generated by SystemSherlock. Then I spend 20 minutes writing some automated parser and I want to share with you ;)

Usage is pretty simple - just click on Open log file, select your log file and output similar to following should appear:

I dont know what else to add - this utility is pretty simple, however can save your time ;) One more notice - log parse is able to handle also mixed logs (so if you have one log where you store different entries together with log output from SystemSherlock Lite, you can use it and it will only show entries from SystemSherlock Lite.

Any comments, requests? Feel free to post comments...

System.OutOfMemory and random errors

martin — Thu, 28 Feb 2008 15:40:00 GMT

One of my (read "created by me") programs suddenly stopped working - to my surprise, for everyone else everything was working flawlessly - except me...

It was giving me range of random errors (most common was System.OutOfMemory), even when I run it through debugger, it was crashing on random lines with really strange errors (psadi.dll was not found...)... That was really strange. And it was really strange that all other .NET applications were working fine. Most of the time System.OutOfMemory was throwing when reading 5 text files (all of them contained 1 line of text) - come on, we are not in middle age, modern computer should be able to handle it ;)

For all my applications (and many of my project) I really love to use Subversion - if you dont know it, drop me line and I will write some details about it.. I decided to revert to older version of application.

Because I also wanted to keep my current version, I saved file under different file name - and tadaaa - it was working flawlessly again. Then I tried to rename also my latest version - and now it was running smoothly. So I checked HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options - this is the key where all debuggers etc are hooking to application processes (including my tool Hook Application)...

To my surprise MyApp.exe contained tons of subkeys with strange names like DangerousAPIs, Locks etc... I tried to rename this registry key - and application was working..

After small investigation I traced the root of problem to Application Verifier - and then I remembered that this week I had presentation where I showed also AppVerif - and I was presenting on my program.

To make long story short - if your application works after you rename main exe, check Image File Execution Options registry key and maybe it will help you.

AD Groups overview

martin — Thu, 20 Dec 2007 13:54:00 GMT

So another small project is coming... Sometimes you need to get something from active directory. For example (because my environment is using groups heavily), I want to see relationships between different groups or I want to see my memberships - which groups I belong to (not just MemberOf, but also nested groups), but I also want to see how am I member of that groups...

That is why I wrote small utility called ADGO (AD Groups Overview), that is able to visually represents some data to you. For example I have user called ADGOTest. He is member of group ADGOTest_Group1 and this group is member of ADGOTest1, ADGOTest2 and ADGOTest3.

After running ADGO, I selected Add group, Add and typed ADGOTest. After clicking OK button, following result will appear on screen:

You can use it with user accounts, but also with groups. I will post some additional details on how to use it, what can be done etc, however I think this tool could be really usefull for some people (and it is invaluable in cases when you want to consolidate).

First version allows you to zoom in, zoom out, print, save, expand objects by doubleclicking on them etc... Really easiest way to understand is to try it:

NO Installation needed, only .NET Framework 2.0
Download & extract project
Run ADGroupsOverview.exe
Click on Add group
Click on Add and select your username (mzugec for example). Or you can specify groups. You can add as many objects as you want.
Click on OK - relationships overview will be created automatically.

If you will like it (and please let me know by leaving comments), I will start adding new features (for example linking to published applications of Citrix, so you will see what and how is published and which groups got access).

You can download it from my SkyDrive below.

Martin