Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Chemistry is applied theology. -- Augustus Stanley Owsley III


devel / alt.lang.asm / Re: Some horse shit this is, perhaps you can debug it ?

SubjectAuthor
* Some horse shit this is, perhaps you can debug it ?skybuck2000
+- Re: Some horse shit this is, perhaps you can debug it ?Kerr-Mudd, John
`* Re: Some horse shit this is, perhaps you can debug it ?skybuck2000
 `* Re: Some horse shit this is, perhaps you can debug it ?skybuck2000
  `- Re: Some horse shit this is, perhaps you can debug it ?skybuck2000

1
Some horse shit this is, perhaps you can debug it ?

<9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=187&group=alt.lang.asm#187

 copy link   Newsgroups: alt.lang.asm
X-Received: by 2002:a05:620a:4551:: with SMTP id u17mr51544297qkp.351.1637606678715;
Mon, 22 Nov 2021 10:44:38 -0800 (PST)
X-Received: by 2002:a4a:d319:: with SMTP id g25mr24829738oos.21.1637606678475;
Mon, 22 Nov 2021 10:44:38 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: alt.lang.asm
Date: Mon, 22 Nov 2021 10:44:38 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=84.25.28.171; posting-account=np6u_wkAAADxbE7UBGUIOm-csir6aX02
NNTP-Posting-Host: 84.25.28.171
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>
Subject: Some horse shit this is, perhaps you can debug it ?
From: skybuck2...@hotmail.com (skybuck2000)
Injection-Date: Mon, 22 Nov 2021 18:44:38 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 195
 by: skybuck2000 - Mon, 22 Nov 2021 18:44 UTC

Since a few days this toshiba laptop L670 with windows 7 home on it is displaying this nag screen:

http://www.skybuck.org/Windows7/WhatIsThisHorseShit/WhatIsThisHorseShit.png

Removing updated for windows KB 3004394 did not help.

THE MYSTERIOUS CONTINUES.

Scanning for WGA dlls related to windows activation technologies shows some interesting candidates for modification/denial/surpression:

C:\Windows\System32\slwga.dll

seems promising to disable ? not sure what this is yet.

This may be a case where help from some assembler debugger experts may be usefull/helpfull/required to get some insight into what is going on ?

Do you still have windows 7 ?

Can you inspect slwga.dll ?

Can you find the source of this trouble ? Strange...

Windows updated was disabled at least 1 year ago, been working fine, legal keys present etc, I did change date back to 2004 a few days ago for an experiment that may have something to do with it, meanwhile date restored to normal, this issue persists, very strange and mysterious.

"
Irrelevant folders snipped by Skybuck, kept wargaming log folder, might show some 3D chip failure:

Microsoft Windows [versie 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle rechten voorbehouden.

C:\Users\new>cd\

C:\>dir *wga*.* /s
Het volume in station C heeft geen naam.
Het volumenummer is FAAE-6E1D

Map van C:\Program Files (x86)\Windows Kits\10\Lib\10.0.18362.0\um\arm

18-03-2019 18:10 1.710 slwga.lib
1 bestand(en) 1.710 bytes

Map van C:\Program Files (x86)\Windows Kits\10\Lib\10.0.18362.0\um\arm64

18-03-2019 19:05 1.718 slwga.lib
1 bestand(en) 1.718 bytes

Map van C:\Program Files (x86)\Windows Kits\10\Lib\10.0.18362.0\um\x64

18-03-2019 18:51 1.718 slwga.lib
1 bestand(en) 1.718 bytes

Map van C:\Program Files (x86)\Windows Kits\10\Lib\10.0.18362.0\um\x86

18-03-2019 17:44 1.730 slwga.lib
1 bestand(en) 1.730 bytes

Map van C:\Users\All Users\Wargaming.net\GameCenter\logs

22-10-2021 00:48 1.361 wgc_20211022_014800_345.log
22-10-2021 00:48 1.464 wgc_20211022_014815_223.log
2 bestand(en) 2.825 bytes

Map van C:\Windows\System32

21-11-2010 04:24 15.360 slwga.dll
1 bestand(en) 15.360 bytes

Map van C:\Windows\System32\spp\tokens\issuance

14-07-2009 02:53 3.617 client-issuance-wgalic.xrm-ms
1 bestand(en) 3.617 bytes

Map van C:\Windows\SysWOW64

21-11-2010 04:23 14.336 slwga.dll
1 bestand(en) 14.336 bytes

Map van C:\Windows\winsxs

14-07-2009 06:30 <DIR> amd64_microsoft-windows-g..ets-slideshowgadg
et_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17
14-07-2009 06:30 <DIR> amd64_microsoft-windows-g..howgadget-insideb
ar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397
14-07-2009 06:30 <DIR> amd64_microsoft-windows-g..howgadget-ondeskt
op_31bf3856ad364e35_6.1.7600.16385_none_0790637f4328e8f9
28-02-2011 22:02 <DIR> amd64_microsoft-windows-g..howgadget.resourc
es_31bf3856ad364e35_6.1.7600.16385_nl-nl_82a7edcc6623edd9
21-11-2010 04:24 <DIR> amd64_microsoft-windows-security-spp-wga_31b
f3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55
14-07-2009 06:30 <DIR> x86_microsoft-windows-g..ets-slideshowgadget
_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1
14-07-2009 06:30 <DIR> x86_microsoft-windows-g..howgadget-insidebar
_31bf3856ad364e35_6.1.7600.16385_none_a8d08d1343d8b261
14-07-2009 06:30 <DIR> x86_microsoft-windows-g..howgadget-ondesktop
_31bf3856ad364e35_6.1.7600.16385_none_ab71c7fb8acb77c3
28-02-2011 22:02 <DIR> x86_microsoft-windows-g..howgadget.resources
_31bf3856ad364e35_6.1.7600.16385_nl-nl_26895248adc67ca3
21-11-2010 04:23 <DIR> x86_microsoft-windows-security-spp-wga_31bf3
856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f
0 bestand(en) 0 bytes

Map van C:\Windows\winsxs\amd64_microsoft-windows-m..ow-gadget.resources_31bf38
56ad364e35_6.1.7600.16385_nl-nl_9d6be6f957e6608a

28-02-2011 22:02 3.584 WMPSideShowGadget.exe.mui
1 bestand(en) 3.584 bytes

Map van C:\Windows\winsxs\amd64_microsoft-windows-m..yer-sideshow-gadget_31bf38
56ad364e35_6.1.7600.16385_none_841e9494c8a32794

14-07-2009 02:39 165.888 WMPSideShowGadget.exe
1 bestand(en) 165.888 bytes

Map van C:\Windows\winsxs\amd64_microsoft-windows-s..-component-issuance_31bf38
56ad364e35_6.1.7600.16385_none_9dbd9c6261eb657b

14-07-2009 02:53 3.617 client-issuance-wgalic.xrm-ms
1 bestand(en) 3.617 bytes

Map van C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad36
4e35_6.1.7601.17514_none_5d778f71b9f4fd55

21-11-2010 04:24 15.360 slwga.dll
1 bestand(en) 15.360 bytes

Map van C:\Windows\winsxs\Manifests

14-07-2009 03:20 19.864 amd64_microsoft-windows-g..ets-slideshowgadg
et_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17.manifest
14-07-2009 03:16 3.074 amd64_microsoft-windows-g..howgadget-insideb
ar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397.manifest
14-07-2009 03:27 2.222 amd64_microsoft-windows-g..howgadget-ondeskt
op_31bf3856ad364e35_6.1.7600.16385_none_0790637f4328e8f9.manifest
28-02-2011 22:01 7.477 amd64_microsoft-windows-g..howgadget.resourc
es_31bf3856ad364e35_6.1.7600.16385_nl-nl_82a7edcc6623edd9.manifest
21-11-2010 04:16 2.264 amd64_microsoft-windows-security-spp-wga_31b
f3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55.manifest
14-07-2009 02:54 19.860 x86_microsoft-windows-g..ets-slideshowgadget
_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1.manifest
14-07-2009 02:50 3.072 x86_microsoft-windows-g..howgadget-insidebar
_31bf3856ad364e35_6.1.7600.16385_none_a8d08d1343d8b261.manifest
14-07-2009 02:58 2.220 x86_microsoft-windows-g..howgadget-ondesktop
_31bf3856ad364e35_6.1.7600.16385_none_ab71c7fb8acb77c3.manifest
28-02-2011 22:01 7.475 x86_microsoft-windows-g..howgadget.resources
_31bf3856ad364e35_6.1.7600.16385_nl-nl_26895248adc67ca3.manifest
21-11-2010 04:16 2.262 x86_microsoft-windows-security-spp-wga_31bf3
856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f.manifest
10 bestand(en) 69.790 bytes

Map van C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e
35_6.1.7601.17514_none_0158f3ee01978c1f

21-11-2010 04:23 14.336 slwga.dll
1 bestand(en) 14.336 bytes

Totaal aantal weergegeven bestanden:
42 bestand(en) 53.175.056 bytes
10 map(pen) 12.883.824.640 bytes beschikbaar

C:\>
"

Bye for now,
Skybuck.

Re: Some horse shit this is, perhaps you can debug it ?

<20211122212017.ebe83fee1da3abf08c8ed1d2@127.0.0.1>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=188&group=alt.lang.asm#188

 copy link   Newsgroups: alt.lang.asm
Path: i2pn2.org!i2pn.org!paganini.bofh.team!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: adm...@127.0.0.1 (Kerr-Mudd, John)
Newsgroups: alt.lang.asm
Subject: Re: Some horse shit this is, perhaps you can debug it ?
Date: Mon, 22 Nov 2021 21:20:17 +0000
Organization: Dis
Lines: 7
Message-ID: <20211122212017.ebe83fee1da3abf08c8ed1d2@127.0.0.1>
References: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: reader02.eternal-september.org; posting-host="167f381ffc1cd482961cfced62411788";
logging-data="18860"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/DxsvpQzlYIdbrntMIZphuhkLikS3PmIQ="
Cancel-Lock: sha1:g6CKgxHo0JWjxtscCqdKOYKRGm8=
X-Newsreader: Sylpheed 3.7.0 (GTK+ 2.24.30; i686-pc-mingw32)
;X-no-Archive: Maybe
GNU: Terry Pratchett
 by: Kerr-Mudd, John - Mon, 22 Nov 2021 21:20 UTC

On Mon, 22 Nov 2021 10:44:38 -0800 (PST)
skybuck2000 <skybuck2000@hotmail.com> wrote:

> Since a few days this toshiba laptop L670 with windows 7 home on it
> is displaying this nag screen:
>
Not asm; try a support group. Several support groups.

Re: Some horse shit this is, perhaps you can debug it ?

<e9e7f4c9-ae7e-45bf-be5b-06a0e1326bc9n@googlegroups.com>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=189&group=alt.lang.asm#189

 copy link   Newsgroups: alt.lang.asm
X-Received: by 2002:a05:622a:1883:: with SMTP id v3mr2624244qtc.327.1637639426098; Mon, 22 Nov 2021 19:50:26 -0800 (PST)
X-Received: by 2002:a05:6830:4cf:: with SMTP id s15mr1474306otd.219.1637639425887; Mon, 22 Nov 2021 19:50:25 -0800 (PST)
Path: i2pn2.org!i2pn.org!aioe.org!feeder1.feed.usenet.farm!feed.usenet.farm!tr2.eu1.usenetexpress.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: alt.lang.asm
Date: Mon, 22 Nov 2021 19:50:25 -0800 (PST)
In-Reply-To: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=84.25.28.171; posting-account=np6u_wkAAADxbE7UBGUIOm-csir6aX02
NNTP-Posting-Host: 84.25.28.171
References: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <e9e7f4c9-ae7e-45bf-be5b-06a0e1326bc9n@googlegroups.com>
Subject: Re: Some horse shit this is, perhaps you can debug it ?
From: skybuck2...@hotmail.com (skybuck2000)
Injection-Date: Tue, 23 Nov 2021 03:50:26 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 28
 by: skybuck2000 - Tue, 23 Nov 2021 03:50 UTC

From another newsgroup/thread:

> >> Why not get a legit copy of Windows? Just a thought. ;^)
> >
> > It is a legit copy of Windows 7 home edition because my mother/half-sister bought this laptop !
> >
> > Do you want to see proof ? :)
> Kind of. In some strange sense.

Here ya go:

http://www.skybuck.org/Windows7/WhatIsThisHorseShit/ActivatedWoopsMaybeKeyLeakedOnYouTube.png

This discussion what you was actually usefull !

New hypothesis:

Windows 7 home edition product key leaked via one of my youtube videos ?!?!?

How the fuck am I supposed to know that Microsoft is stupid enough to display the product key on this SCREEN ?!

Oh my fucking god.

Now the question is: is this information enough to steal my key and cause an activation problem ?!?!?!?

Gjes mothafucking christ.

Bye,
Skybuck.

Re: Some horse shit this is, perhaps you can debug it ?

<90e52bb4-a36e-4870-aaca-2dcef64ab9c1n@googlegroups.com>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=200&group=alt.lang.asm#200

 copy link   Newsgroups: alt.lang.asm
X-Received: by 2002:a05:620a:404e:: with SMTP id i14mr11965961qko.111.1638244257765;
Mon, 29 Nov 2021 19:50:57 -0800 (PST)
X-Received: by 2002:a05:6808:2388:: with SMTP id bp8mr2083138oib.38.1638244257537;
Mon, 29 Nov 2021 19:50:57 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: alt.lang.asm
Date: Mon, 29 Nov 2021 19:50:57 -0800 (PST)
In-Reply-To: <e9e7f4c9-ae7e-45bf-be5b-06a0e1326bc9n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=84.25.28.171; posting-account=np6u_wkAAADxbE7UBGUIOm-csir6aX02
NNTP-Posting-Host: 84.25.28.171
References: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com> <e9e7f4c9-ae7e-45bf-be5b-06a0e1326bc9n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <90e52bb4-a36e-4870-aaca-2dcef64ab9c1n@googlegroups.com>
Subject: Re: Some horse shit this is, perhaps you can debug it ?
From: skybuck2...@hotmail.com (skybuck2000)
Injection-Date: Tue, 30 Nov 2021 03:50:57 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 79
 by: skybuck2000 - Tue, 30 Nov 2021 03:50 UTC

Zoomin on this horse shit:

I just saw this WatAdminSvc.exe pop-up in task manager !

A quickle google sheds some light on this:

https://www.bleepingcomputer.com/startups/WatAdminSvc.exe-26949.html

"

WATADMINSVC.EXE Information

This is a valid program that is required to run at startup.

This program is required to run on startup in order to benefit from its functionality or so that the program will work. The following information is a brief description of what is known about this file. If you require further assistance for this file, feel free to ask about in the forums.

Name

Windows Activation Technologies Service

Filename

WatAdminSvc.exe

Command

C:\Windows\System32\Wat\WatAdminSvc.exe

Description

Microsoft service that periodically determines if your Windows Product ID is valid, and if not, displays warnings that your copy of Windows may not be Genuine.

File Location

%System%\Wat\WatAdminSvc.exe

Startup Type

This startup entry is installed as a Windows service.

Service Name

WatAdminSvc

Display Name

Windows Activation Technologies Service

HijackThis Category

O23 Entry

Note

%System% is a variable that refers to the Windows System folder. By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP/Vista/7.

"

Bye for now,
Skybuck.

Re: Some horse shit this is, perhaps you can debug it ?

<a8e63058-2131-4f1a-8fca-9c5ef4c518c5n@googlegroups.com>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=202&group=alt.lang.asm#202

 copy link   Newsgroups: alt.lang.asm
X-Received: by 2002:a05:620a:4495:: with SMTP id x21mr149280qkp.604.1638288429469;
Tue, 30 Nov 2021 08:07:09 -0800 (PST)
X-Received: by 2002:a05:6830:4cf:: with SMTP id s15mr136017otd.219.1638288429231;
Tue, 30 Nov 2021 08:07:09 -0800 (PST)
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!news.misty.com!border2.nntp.dca1.giganews.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: alt.lang.asm
Date: Tue, 30 Nov 2021 08:07:09 -0800 (PST)
In-Reply-To: <90e52bb4-a36e-4870-aaca-2dcef64ab9c1n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=84.25.28.171; posting-account=np6u_wkAAADxbE7UBGUIOm-csir6aX02
NNTP-Posting-Host: 84.25.28.171
References: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>
<e9e7f4c9-ae7e-45bf-be5b-06a0e1326bc9n@googlegroups.com> <90e52bb4-a36e-4870-aaca-2dcef64ab9c1n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <a8e63058-2131-4f1a-8fca-9c5ef4c518c5n@googlegroups.com>
Subject: Re: Some horse shit this is, perhaps you can debug it ?
From: skybuck2...@hotmail.com (skybuck2000)
Injection-Date: Tue, 30 Nov 2021 16:07:09 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 20
 by: skybuck2000 - Tue, 30 Nov 2021 16:07 UTC

This problem was caused by windows update KB 971033 installed in 2014.

It installs 4 files in c:\windows\system32\wat

npWatWeb.dll
WatAdminSvc.exe
WatUX.exe
WatWeb.dll

It adds 2 validation tasks to task schedular.

If the system date/time is changed to 2004 or something like that it causes a bug where these validation tasks start running one day before the date/time is re-synched to now.

One of these validation tasks will run approx each 6 hours which causes this annoying nag screen to pop-up.

This problem/bug can be solved by uninstalled windows update KB 971033

This is further evidence windows updates can cause system problems: Bug ? Or sabotage ? I will let you decide on that.

Bye,
Skybuck.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor