Baby Do’s and Don’ts

Quotes for the Software Side in you…..

“I invented it, Bill made it famous.”
David Bradley (wrote the code for Ctrl-Alt-Delete on the IBM PC)

“As soon as we started programming, we found to our surprise that it wasn’t as easy to get programs right as we had thought. Debugging had to be discovered. I can remember the exact instant when I realized that a large part of my life from then on was going to be spent in finding mistakes in my own programs.”
Maurice Wilkes discovers debugging, 1949.

“Java is C++ without the guns, knives, and clubs”
James Gosling, co-inventor of Java

“Keyboard not found. Press < F1 > to RESUME. ”
Source unknown (appears in many common BIOSes as a real error message)

“There are only 10 types of people in the world: Those who understand binary, and those who don’t.”
unknown

“There are only 10 types of people in this world. Those who know ternary, those who don’t and those who confuse it with binary.”
unknown

“A language that doesn’t have everything is actually easier to program in than some that do”
Dennis M. Ritchie

“Adding manpower to a late software project makes it later”
F. Brooks, The Mythical Man-Month.

“Always program as if the person who will be maintaining your program is a violent psychopath that knows where you live.”
Martin Golding

“Any sufficiently advanced bug is indistinguishable from a feature.”
Bruce Brown

Serial Debugging with WinDbg and VMWare

When debugging a Windows GINA, driver, or service it is sometimes necessary to debug a target computer from a second computer via the serial port. Using the same concept, you can debug a target VMWare computer from the host computer using a named pipe.

For this example, I am using VMWare Workstation 5.5.3 build-34685 with a Windows XP Professional SP 2 virtual machine. On the host computer (also Windows XP Professional SP2) I am using WinDbg 6.7.0005.0.

Part 1: Create a named pipe on the VMWare target machine.

  1. In VMWare Workstation select VM \ Settings from the menu.
  2. In the Virtual Machine Settings window select the Hardware tab (if not already selected).
    VMWare Virtual Machine Settings
  3. Click the Add button to launch the Add Hardware Wizard.
  4. In the Add Hardware Wizard Welcome screen click the Next button.
    VMWare Add Hardware Wizard
  5. In the Add Hardware Wizard Hardware Type screen select Serial Port and click the Next button.
    VMWare Hardware Type
  6. In the Add Hardware Wizard Serial Port Type screen select Output to named pipe and click the Next button.
    VMWare Serial Port Type
  7. In the Add Hardware Wizard Specify Named Pipe screen do the following:
    1. Use the default pipe name of:
      \\.\pipe\com_1
    2. Select This end is the server.
    3. Select The other end is an application.
    4. Tick the Connect at power on check box.
    5. Click the Advanced button.

    VMWare Specify Named Pipe

  8. In the Add hardware Wizard Specify Advanced Options screen tick the Yield CPU on poll check box and click the Finish button.
    VMWare Specify Advanced Options
  9. In the Virtual Machine Settings window click the OK button.

Part 2: Modify the VMWare target machine boot.ini file.

  1. Boot the VMWare target machine.
  2. Remove the read-only permissions from c:\boot.ini if they exist.
  3. Copy an existing Windows line and append the following to the end of it:
    /debugport=com1 /baudrate=115200 /break
  4. Your boot.ini file should look something like this when you are done:
    [boot loader]
    timeout=30
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - Debug COM1" /fastdetect /debugport=com1 /baudrate=115200 /break

    See “Boot INI Options Reference” for more info.

  5. Restart the virtual machine and select the new Debug boot option.
    Windows XP Debug Boot Menu

Part 3: Run WinDbg

  1. Launch WinDbg.
  2. Select File \ Kernel Debug from the menu.
  3. In the Kernel Debugging window do the following:
    1. Enter 115200 for the Baud Rate.
    2. Enter the following for the Port.
      \\.\pipe\com_1
    3. Tick the Pipe check box.
    4. Remove tick from the Reconnect check box.
    5. Enter 0 for Resets.
    6. Click the OK button.

    WinDbg Kernal Debugging Settings

  4. WinDbg should connect and break.
    WinDbg Kernal Debugging

You are ready to debug.

Forensic Imaging using Symantec Ghost

Selecting sector and MBR options in Symantec Ghost to not result in a true unaltered image of a hard disk. Instead there are some unadvertised command line switches which must be used:

To copy the entire disk, including the entire boot track, all sectors, and unpartitioned space, and to prevent Ghost from filtering extraneous or erroneous information from the boot track, run Ghost with the -IR switch.

Ghost also puts a “fingerprint” on all drives imaged. To create an exact copy, you must use the -FNF switch to disable the fingerprinting.

It is possible to use these switches with the Ghost GUI. Simply run the following command:

ghost32.exe -IR -FNF

The GUI will launch and you can proceed through the wizard-like interface, selecting the source an destination options. As long as you do not change the copy options you should see that Ghost is copying the disk in RAW mode.

Source:

Symantec. “Forensic Imaging Using Ghost.” Document ID: 1999110813413225 [Alt URL] [Alt2 URL]. December 2007.

How to automatically start VMWare Tools in Ubuntu

To start VMWare tools from Ubuntu 7.10 (Gnome) do the following:

  1. Click System \ Preferences \ Sessions from the panel.
  2. In the Sessions window click the Add button.
  3. In the New Startup Program window enter the following in the Name field:
    VMWare Tools
  4. Enter the following in the Command field:
    /usr/bin/vmware-toolbox --minimize
  5. Click OK to close the New Startup Program window.
  6. Click Close to close the Sessions window.

Source:

Watching the Net. “How To Automatically Start VMWare Tools In Ubuntu And Kubuntu.” August 2007.