MS Word and Printed Watermarks – Stupidity


Using watermarks in word documents looks really cool. But the problem occurs when the documents become too big. In such cases, the document becomes exceedingly slow to react to scrolling. Adobe PDF conversion is an even bigger problem.
To remove the watermark it is simple enough : Format -> Background -> Printed Watermark. Then click on “No watermark” and you are golden (or you should be golden).
I’ve observed that the watermark does not get removed many times when you have too many sections in the document.
In such cases: Goto View -> Header and Footer. Click on “Show/Hide Document Text”.
You should see that all your text has disappeared except the watermark. Click on the watermark and you should be able to select it like a floating image. Press the “delete” key and lo! behold! the watermark is gone.
This took me a while to figure out and it was quite frustrating. I hope this post helps someone!


Setting up a Windows 7 Kernel Development Environment


If you are writing some Ring0 (or privileged mode code), say something like device drivers in Windows you’d probably be better served with a separate development machine and a deployment machine. This helps you to write poor code and still not lose hair because your development machine blue screens! 🙂

My setup was using a Windows 8.1 development machine and a Hyper-V based Windows 7 machine for debugging. You will need to execute different tasks on the “guest” (Hyper-V based Windows 7 virtual machine) and some other tasks on the development machine.  I followed many of the things from the MSDN blog post here

On your guest machine you would want to setup a named pipe and setup debug settings. To do that this is what you need to do:

Setup a virtual com port in the Hyper-V Settings (File -> Settings) , this port will be used to communicate from the host machine to the guest to communicate the Kernel debugging commands.


Now make sure that your target guest machine is configured to “listen” those commands.  Inside the guest VM, start a command shell (cmd.exe -> Run as Administrator).



Configure the bcdedit commands so that the machine can now be debugged.  Right after the 2nd command, reboot your Virtual Machine.



With the VM now configured to listen the debug commands via the COM1 port, and the debug mode on in the bootup settings, now start the WinDbg x64 on the host (using “Run as administrator”; you need administrative privileges for communication via Serial port).  In your kernel debugger on the host or the development machine (I’m assuming that these are both on the same physical hardware here).  Click on File -> Kernel Debug and you should see the following screen in the WinDbg window:


Hit Ctrl+Break or Debug -> Break and you will see something like this:


Just remember that when you break in the debugger, your guest in Hyper-V should become “unresponsive”.  The only thing is that it is not really unresponsive, its just being debugged.  Just to make sure, that you have the symbols package that is quite useful for debugging run the following command:

!process 0 0

If you see something like the following screen show up:


The following error means that the symbols are not defined.  Symbols help the debugger give more information about the commands that you are going to execute in the debugger.

NT symbols are incorrect, please fix symbols

To fix this, use the following commands:

kd> .sympath SRV*c:\symcache*http://msdl.microsoft.com/download/symbols
kd> .symfix
kd> .symfix c:\symcache
kd> !sym noisy
kd> .reload /o

Then again try the command: !process 0 0 and see if you get a good response.  A good response looks like the following:


With this you should be good to go! Happy debugging and writing cool Ring0 code.




Socat compilation on Cygwin


While compiling socat-2.0.0-b5 on cygwin (Windows) I got a few errors and here’s how I fixed it:
xioopts.c: In function 'applyopts_single':
xioopts.c:3998: error: 'struct single' has no member named 'fd1'
xioopts.c:4000: error: 'struct single' has no member named 'fd1'
make[1]: *** [xioopts.o] Error 1

Edit the file xioopts.c in your favorite editor and replace ‘fd1’ by ‘rfd’ in both lines (3998 & 4000). That fixed this error but then I got my next error.

xio-ip.c:480: error: structure has no member named `ipi_spec_dst'
Edit xio-ip.c and comment out the entire snprintf statement in xio-ip.c line 480.

Continue compilation and it should now work fine.


ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: NO)


If this is the error you are getting then one of the solutions is to reset your root password on the MySQL database server.

$ pkill mysql
$ sudo mysqld --skip-grant-privileges
$ mysql

At this point you get the mysql command shell. You will need to update the root password and flush the table when you reset the password.

mysql> set UPDATE mysql.user SET Password=PASSWORD('YOUR_NEW_PASSWORD') WHERE User='root';

Now that you’ve flushed your passwords, just restart your mysql daemon.

$ sudo pkill mysqld
$ sudo /etc/init.d/mysqld start
$ mysql -u root -p

You should be all set now!


Rainbow Tables from Hak5


I started downloading rainbow tables LM Hashes for all symbols. They were 120 GB big and were available for download via torrent. But I’d been stuck at 92.2% of the download forever thinking that there were no seeders. As it turns out, the problem was in the torrent file. The torrent for the 120 GB LM Hashes all symbols can be obtained from 120 GB LM Hashes [all english characters] Rainbow Tables.


nature’s signatures


One more in the list of technical posts! Yesterday was a day of 17 hrs in the lab (phew 🙂
So we were capturing packets but the packit tool did not randomize the source IPs enough so we were getting decent signatures for TCP traffic but not for ICMP! So looking at the signature generation I found that the checksum was also being used to get the hash value. But, when I stopped using the checksum values for generation of hash the signatures started coming properly. Antoine, somehow, thought that the IP addresses were affecting the has values that we got. But looking deeply into the code we saw that it was not the case. The conclusion (which is really surprising) is that packit was generating similar packets quite a few packets and that too from the same source IP (but they really should have been randomized!)…I don’t know whether this conclusion is correct??? May be some packit developers would be able to help me on this!
So now the challenge becomes to send those ICMP signatures across…but icmp_send() method requires skbuff structure…I looked at the net/ipv4/ipip.c file for the usage of icmp_send() methods but it is still not clear to me how it should be used!

Rajat’s Homepage


Truecrypt password in history file


To avoid saving the truecrypt password in history files and mounting the Truecrypt partitions on bash the following trick helps:

history -d $((HISTCMD-1)) && sudo truecrypt --mount <PATH_TO_TRUECRYPT_VOL> --non-interactive -p <PASSWORD>

This will avoid saving the password in the .bash_history file and also mount the truecrypt volume from the command line.  Of course, if you use this in a shell script then the shell script will have the password in it, so you must not do that.