#StackBounty: #windows-10 #command-line #freeze #threads Console program randomly freezes

Bounty: 50

On my Windows10 laptop, I run a simple USB camera snapshot program, commandcam.exe (from https://batchloaf.wordpress.com/commandcam/), in a console .cmd script, which has one line:

FOR /l %%i in (1,1,1000000) DO FOR /F "usebackq delims==" %%G IN (`c:systoolsdate "+%%Y%%m%%d-%%H%%M%%S"`) DO commandcam /devnum 2 /filename %%G.bmp /quiet & sleep 55

where date.exe and sleep.exe in my c:systools were downloaded from http://unxutils.sourceforge.net Basically, the commandcam program creates files like 20210911-113214.bmp and sleeps 55 seconds and repeats. But once every few hours to a few days, my script freezes, with a blinking cursor. (This is absolutely unrelated to the problem that you accidentally click somewhere in the console to put it in text select mode. Note: my cursor always blinks)

I extensively checked all messages in the event viewer corresponding to the time it started to freeze. Found none relevant. Checked all processes with a start time corresponding to that time with a sysinternals tool pslist. Found only one, which is a new cmd.exe shown below (pid 22264 here):

cmd.exe (pid 16364)
  conhost.exe
  cmd.exe (pid 22264) <-- this one started when my cmd script froze

I notice when my script works, the parent cmd (16364) spawns commandcam, which takes a camera shot and exits, then the cmd spawns sleep; there will not be a new cmd process. When I see this new cmd, the script freezes. In case it helps, here’s more info about this new cmd process:

pslist v1.28 - Sysinternals PsList
Copyright ⌐ 2000-2004 Mark Russinovich
Sysinternals

Process and thread information for <my laptop>:

Name                Pid Pri Thd  Hnd   Priv        CPU Time    Elapsed Time
cmd               22264   8   1  136  83040     0:00:00.046     4:24:07.933
                      VM      WS    Priv Priv Pk   Faults NonP Page
                 4194303    6856   83040   84512     2561   11  133
 Tid Pri    Cswtch            State     User Time   Kernel Time   Elapsed Time
19500   9        94     Wait:UserReq  0:00:00.000   0:00:00.031    4:24:07.933

I notice that its private memory is kind of high (83040 KB). So I checked with Task Manager, which shows:

Mem active private ws 12K; private ws 12K; shared ws 6776K; Paged pool: 133K; NP pool: 11K; Handles: 136

There’s great difference between pslist and Windows’ Task Manager (only 12 KB). I think it’s because pslist shows virtual private memory while Task Manager shows working set.

I don’t know what else I can check. The "Wait:UserReq" process state is normal. By the way, I find that if I use Process Explorer and try to examine the thread call stack of this new cmd process, this process will be gone and commandcam will start, followed by sleep 55 seconds, … i.e. everything will be back to normal. I don’t know why. It’s like checking the thread stack triggers something and it breaks the hang.


Get this bounty!!!

#StackBounty: #windows-10 #google-chrome #keyboard-shortcuts Shortcut for Focusing Console Filter in Chrome

Bounty: 50

I’m frequently needing to filter out my Chrome console during web development. Unfortunately every time I want to filter for a different term, I must manually click the search box. I don’t see anything about a shortcut for focusing the filter bar in the Chrome devtools shortcut docs, is there a way to assign a shortcut to do this? This would make using the filter much master.

If there’s an extension that will do it I’m also open to that.

OS: Windows 10

enter image description here


Get this bounty!!!

#StackBounty: #windows-10 #bluetooth Connecting headphones to bluetooth to the same computer twice (in different operating systems)

Bounty: 500

I have two pair of headphones, both can connect to multiple devices (Bose QC 35 and Bose 700). I have a computer that has 2 installations of Windows 10 and in both I’m seeing the same behaviour: when I connect to one of the two installations, the other one is automatically removed from the list of devices. This is not because I’m reaching the max amount of devices. Do you know what’s going on? how to fix it?

I don’t know much about Bluetooth, but I imagine the hardware of that computer has an id and the headphones can’t have two pairings to the same id? something similar to a MAC? Is it possible to change it by software?


Get this bounty!!!

#StackBounty: #metasploit #windows-10 #antimalware #virtualbox How to find discrepancy between exploitable and unexploitable VM

Bounty: 50

For several years, I have been setting up VMs with 2-3 year old versions of Windows as well as some additional applications to demonstrate two-stage exploits using Metasploit for educational purposes (more precisely Bachelor-level IT security courses).

This year, I set up a Windows VM from an x86 1803 ISO, installed Firefox 38 and successfully and reproducibly managed to obtain SYSTEM privileges after first using exploit/windows/browser/firefox_smil_uaf (both on its own and via browser_autopwn2) and subsequently exploit/windows/local/appxsvc_hard_link_privesc. This VM works perfectly and I have a restore point from before any attacks that I can go back to and successfully use both exploits.

However, when trying to build a new VM for the course from scratch, I cannot get any of the two exploits to work (Windows Defender detects them as malware every single time). I use the exact same ISO file and installed the exact same software – I kept a folder of all binaries/files as well as a log of every setting that I changed. I tried setting up the Windows VM at least three times now, but every time, Windows Defender detects the exploits, whereas they work flawlessly (i.e., undetected) in my first VM. The VMs have the same amount of memory etc. None of them is connected to the Internet at any time.

How can I find out what difference exists between the VMs (my first, working one, and all the others that I set up based on my notes)? There must be some difference that I missed or accidentally misconfigured. I did not touch any Windows Defender settings in any of the VMs.

A workaround would also be fine for me. I already tried to set the payload(s) to windows/meterpreter/reverse_winhttps and used different encoders, but to no avail in the new VMs. In my first VM, the exploits always work, regardless of the payload or used encoder. Any clues are appreciated.


Get this bounty!!!

#StackBounty: #powershell #windows-10 #wdac WDAC policy not accepting MS signed DLLs

Bounty: 250

I’m working on WDAC / windows defender application control policy. Around 80% of what I have left is from system32 DLL files, hundreds of them. Windows 10 client systems, mostly 20h2.

The base policy is about as stock as you can get. Allow MS using allowmicrosoft.xml sample policy, the recommended best practice block drivers & apps, and SCCM. The DLLs are failing are MS signed but are coming back with event 3091 failures that will be blocked when going to enforcement mode.

All the DLLs failing share these certificate attributes.

[Subject]
  CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

[Issuer]
  CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

I added the certs on the chain to a blank policy using Add-SignerRule -CertificatePath .signature1.cer -user -kernel -update, and merged them. These certificates should definitely exist now, even if they weren’t part of allowmicrosoft.xml for some reason.

The check still fails, even after a policy refresh. What am I missing?


Get this bounty!!!

#StackBounty: #windows-10 #google-chrome #firefox Is there any way to reduce more than the minimum width that browsers allow?

Bounty: 100

Operation System: Windows 10
Screen resolution: 1366×768

I’m trying to make the browsers even smaller in width, but they won’t let me pull more to the side than this amount below, Google Chrome on the left and Firefox on the right. Is there any way to remove this block and lessen more than that?

Note: My problem is screen space on my monitor, so I needed to be able to shrink a little more the browser’s.

The idea is to increase this black space between browsers and have more freedom to adjust the width without blocking the minimum.

enter image description here


Get this bounty!!!

#StackBounty: #windows-10 #networking #lan #wired-networking Slow internet, high ping/jitter on Ethernet on Windows 10 only

Bounty: 100

My desktop PC (Windows 10) has slow internet, high ping and jitter on Ethernet.

I ran out of ideas on how to troubleshoot and fix this.

[UPDATE] This happens on this Windows 10 only (ie. software issue). It’s fine on Linux on the same machine.

The issue:

Average result using the same LAN cable / docking station:

  • On the desktop (Windows 10):
    20 Mbps / 18 Mbps, 30ms / 10ms (<– Download/Upload, Ping/Jitter)
  • On the same desktop (Ubuntu) and on other Windows 10 laptops:
    52 Mbps / 18 Mbps, 13ms / 2ms

My findings so far:

  • It is not the router or LAN cable, because the same cable achieves much higher speed and much lower ping/jitter on my other Windows 10 laptops (both directly (Ethernet port) or via docking station (USB 3), WiFi disabled to be sure).

  • It is not my docking station, because using Ethernet from the docking station on laptop (via the same USB 3 cable) is still fast, and plugging in the LAN cable directly on the PC is still slow.

  • [UPDATE] It is not the hardware, because when I try Ubuntu USB on the same machine it is fast (same speed as my laptops).

What I have tried:


Get this bounty!!!

#StackBounty: #windows-10 #drivers #printer #lenovo-laptop #scanner Canon printer error 2, 140, 21

Bounty: 50

I have a canon Pixma MG2500 series 2570 printer that is 3 years old, and I wanted to test if it would work before scrapping it.
To day I installed the drivers from this Canon official website
everything worked fine(upto installation) but then I tried to scan something and then it displayed the following message:

enter image description here

I tried restarting the computer, reinstalling the drivers, and even a new usb cable.

I think what the problem is that maybe some windows process is using it in the background for my "convenience" and that’s whats preventing the software from using.

Sometimes it even gives the "folder access denied" so I just allowed all the exe’s related to canon to my files and folders.

note: it does not have ink, I just want to use it as a scanner.
I also downloaded the Windows Scan app to see if it help, but no it didn’t.

I would really appreciate it if anyone helped me. thanks.

For additional info: I’m on a Lenovo G50-80, 8 Gb RAM, Intel i3 5005u, 1Tb HDD, Windows 10 20H2


Get this bounty!!!

#StackBounty: #windows-10 #file-management #deduplication #bug "Replace or Skip Files" is broken with Windows 10

Bounty: 50

Super strange behavior from newest version of Windows 10. There are 200+ file conflict when copying, but in the list which files do you want to keep? It is blank and white after 20 items.

https://youtu.be/xwak9QtWGfM I took a video of the bug. Maybe I’m doing something wrong but I can reproduce the strange result. Maximum 20 results appear. I tried file system repair and the computer is rather new.

Trying to repair it step 1

enter image description here

then reboot

enter image description here

enter image description here

and the problem is still there. Only the first 20 duplicates are displayed in the list.

enter image description here

Wrote a question about it, with deep regrets that I trusted Microsoft ever to deliver something https://answers.microsoft.com/en-us/windows/forum/all/replace-or-skip-files-dialog-is-broken/42937da6-f6a4-4a87-84a6-9e10461afc5e

Next, another terrible experience trying to reset and reinstall, getting two problems for one again and again.

enter image description here


Get this bounty!!!