Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

If a train station is a place where a train stops, what's a workstation?


programming / alt.lang.asm / Re: Some horse shit this is, perhaps you can debug it ?

SubjectAuthor
* Some horse shit this is, perhaps you can debug it ?skybuck2000
+- Re: Some horse shit this is, perhaps you can debug it ?Kerr-Mudd, John
`* Re: Some horse shit this is, perhaps you can debug it ?skybuck2000
 `* Re: Some horse shit this is, perhaps you can debug it ?skybuck2000
  `- Re: Some horse shit this is, perhaps you can debug it ?skybuck2000

1
Subject: Some horse shit this is, perhaps you can debug it ?
From: skybuck2000
Newsgroups: alt.lang.asm
Date: Mon, 22 Nov 2021 18:44 UTC
X-Received: by 2002:a05:620a:4551:: with SMTP id u17mr51544297qkp.351.1637606678715;
Mon, 22 Nov 2021 10:44:38 -0800 (PST)
X-Received: by 2002:a4a:d319:: with SMTP id g25mr24829738oos.21.1637606678475;
Mon, 22 Nov 2021 10:44:38 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: alt.lang.asm
Date: Mon, 22 Nov 2021 10:44:38 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=84.25.28.171; posting-account=np6u_wkAAADxbE7UBGUIOm-csir6aX02
NNTP-Posting-Host: 84.25.28.171
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>
Subject: Some horse shit this is, perhaps you can debug it ?
From: skybuck2...@hotmail.com (skybuck2000)
Injection-Date: Mon, 22 Nov 2021 18:44:38 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 195
View all headers
Since a few days this toshiba laptop L670 with windows 7 home on it is displaying this nag screen:

http://www.skybuck.org/Windows7/WhatIsThisHorseShit/WhatIsThisHorseShit.png

Removing updated for windows KB 3004394 did not help.

THE MYSTERIOUS CONTINUES.

Scanning for WGA dlls related to windows activation technologies shows some interesting candidates for modification/denial/surpression:

C:\Windows\System32\slwga.dll

seems promising to disable ? not sure what this is yet.

This may be a case where help from some assembler debugger experts may be usefull/helpfull/required to get some insight into what is going on ?

Do you still have windows 7 ?

Can you inspect slwga.dll ?

Can you find the source of this trouble ? Strange...

Windows updated was disabled at least 1 year ago, been working fine, legal keys present etc, I did change date back to 2004 a few days ago for an experiment that may have something to do with it, meanwhile date restored to normal, this issue persists, very strange and mysterious.

"
Irrelevant folders snipped by Skybuck, kept wargaming log folder, might show some 3D chip failure:

Microsoft Windows [versie 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle rechten voorbehouden.

C:\Users\new>cd\

C:\>dir *wga*.* /s
 Het volume in station C heeft geen naam.
 Het volumenummer is FAAE-6E1D

 Map van C:\Program Files (x86)\Windows Kits\10\Lib\10.0.18362.0\um\arm

18-03-2019  18:10             1.710 slwga.lib
               1 bestand(en)            1.710 bytes

 Map van C:\Program Files (x86)\Windows Kits\10\Lib\10.0.18362.0\um\arm64

18-03-2019  19:05             1.718 slwga.lib
               1 bestand(en)            1.718 bytes

 Map van C:\Program Files (x86)\Windows Kits\10\Lib\10.0.18362.0\um\x64

18-03-2019  18:51             1.718 slwga.lib
               1 bestand(en)            1.718 bytes

 Map van C:\Program Files (x86)\Windows Kits\10\Lib\10.0.18362.0\um\x86

18-03-2019  17:44             1.730 slwga.lib
               1 bestand(en)            1.730 bytes

 Map van C:\Users\All Users\Wargaming.net\GameCenter\logs

22-10-2021  00:48             1.361 wgc_20211022_014800_345.log
22-10-2021  00:48             1.464 wgc_20211022_014815_223.log
               2 bestand(en)            2.825 bytes

 Map van C:\Windows\System32

21-11-2010  04:24            15.360 slwga.dll
               1 bestand(en)           15.360 bytes

 Map van C:\Windows\System32\spp\tokens\issuance

14-07-2009  02:53             3.617 client-issuance-wgalic.xrm-ms
               1 bestand(en)            3.617 bytes

 Map van C:\Windows\SysWOW64

21-11-2010  04:23            14.336 slwga.dll
               1 bestand(en)           14.336 bytes

 Map van C:\Windows\winsxs

14-07-2009  06:30    <DIR>          amd64_microsoft-windows-g..ets-slideshowgadg
et_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17
14-07-2009  06:30    <DIR>          amd64_microsoft-windows-g..howgadget-insideb
ar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397
14-07-2009  06:30    <DIR>          amd64_microsoft-windows-g..howgadget-ondeskt
op_31bf3856ad364e35_6.1.7600.16385_none_0790637f4328e8f9
28-02-2011  22:02    <DIR>          amd64_microsoft-windows-g..howgadget.resourc
es_31bf3856ad364e35_6.1.7600.16385_nl-nl_82a7edcc6623edd9
21-11-2010  04:24    <DIR>          amd64_microsoft-windows-security-spp-wga_31b
f3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55
14-07-2009  06:30    <DIR>          x86_microsoft-windows-g..ets-slideshowgadget
_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1
14-07-2009  06:30    <DIR>          x86_microsoft-windows-g..howgadget-insidebar
_31bf3856ad364e35_6.1.7600.16385_none_a8d08d1343d8b261
14-07-2009  06:30    <DIR>          x86_microsoft-windows-g..howgadget-ondesktop
_31bf3856ad364e35_6.1.7600.16385_none_ab71c7fb8acb77c3
28-02-2011  22:02    <DIR>          x86_microsoft-windows-g..howgadget.resources
_31bf3856ad364e35_6.1.7600.16385_nl-nl_26895248adc67ca3
21-11-2010  04:23    <DIR>          x86_microsoft-windows-security-spp-wga_31bf3
856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f
               0 bestand(en)                0 bytes

 Map van C:\Windows\winsxs\amd64_microsoft-windows-m..ow-gadget.resources_31bf38
56ad364e35_6.1.7600.16385_nl-nl_9d6be6f957e6608a

28-02-2011  22:02             3.584 WMPSideShowGadget.exe.mui
               1 bestand(en)            3.584 bytes

 Map van C:\Windows\winsxs\amd64_microsoft-windows-m..yer-sideshow-gadget_31bf38
56ad364e35_6.1.7600.16385_none_841e9494c8a32794

14-07-2009  02:39           165.888 WMPSideShowGadget.exe
               1 bestand(en)          165.888 bytes

 Map van C:\Windows\winsxs\amd64_microsoft-windows-s..-component-issuance_31bf38
56ad364e35_6.1.7600.16385_none_9dbd9c6261eb657b

14-07-2009  02:53             3.617 client-issuance-wgalic.xrm-ms
               1 bestand(en)            3.617 bytes

 Map van C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad36
4e35_6.1.7601.17514_none_5d778f71b9f4fd55

21-11-2010  04:24            15.360 slwga.dll
               1 bestand(en)           15.360 bytes

 Map van C:\Windows\winsxs\Manifests

14-07-2009  03:20            19.864 amd64_microsoft-windows-g..ets-slideshowgadg
et_31bf3856ad364e35_6.1.7600.16385_none_815d27dbb889ba17.manifest
14-07-2009  03:16             3.074 amd64_microsoft-windows-g..howgadget-insideb
ar_31bf3856ad364e35_6.1.7600.16385_none_04ef2896fc362397.manifest
14-07-2009  03:27             2.222 amd64_microsoft-windows-g..howgadget-ondeskt
op_31bf3856ad364e35_6.1.7600.16385_none_0790637f4328e8f9.manifest
28-02-2011  22:01             7.477 amd64_microsoft-windows-g..howgadget.resourc
es_31bf3856ad364e35_6.1.7600.16385_nl-nl_82a7edcc6623edd9.manifest
21-11-2010  04:16             2.264 amd64_microsoft-windows-security-spp-wga_31b
f3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55.manifest
14-07-2009  02:54            19.860 x86_microsoft-windows-g..ets-slideshowgadget
_31bf3856ad364e35_6.1.7600.16385_none_253e8c58002c48e1.manifest
14-07-2009  02:50             3.072 x86_microsoft-windows-g..howgadget-insidebar
_31bf3856ad364e35_6.1.7600.16385_none_a8d08d1343d8b261.manifest
14-07-2009  02:58             2.220 x86_microsoft-windows-g..howgadget-ondesktop
_31bf3856ad364e35_6.1.7600.16385_none_ab71c7fb8acb77c3.manifest
28-02-2011  22:01             7.475 x86_microsoft-windows-g..howgadget.resources
_31bf3856ad364e35_6.1.7600.16385_nl-nl_26895248adc67ca3.manifest
21-11-2010  04:16             2.262 x86_microsoft-windows-security-spp-wga_31bf3
856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f.manifest
              10 bestand(en)           69.790 bytes

 Map van C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e
35_6.1.7601.17514_none_0158f3ee01978c1f

21-11-2010  04:23            14.336 slwga.dll
               1 bestand(en)           14.336 bytes

     Totaal aantal weergegeven bestanden:

Click here to read the complete article
Subject: Re: Some horse shit this is, perhaps you can debug it ?
From: Kerr-Mudd, John
Newsgroups: alt.lang.asm
Organization: Dis
Date: Mon, 22 Nov 2021 21:20 UTC
References: 1
Path: i2pn2.org!i2pn.org!paganini.bofh.team!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: adm...@127.0.0.1 (Kerr-Mudd, John)
Newsgroups: alt.lang.asm
Subject: Re: Some horse shit this is, perhaps you can debug it ?
Date: Mon, 22 Nov 2021 21:20:17 +0000
Organization: Dis
Lines: 7
Message-ID: <20211122212017.ebe83fee1da3abf08c8ed1d2@127.0.0.1>
References: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: reader02.eternal-september.org; posting-host="167f381ffc1cd482961cfced62411788";
logging-data="18860"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/DxsvpQzlYIdbrntMIZphuhkLikS3PmIQ="
Cancel-Lock: sha1:g6CKgxHo0JWjxtscCqdKOYKRGm8=
X-Newsreader: Sylpheed 3.7.0 (GTK+ 2.24.30; i686-pc-mingw32)
;X-no-Archive: Maybe
GNU: Terry Pratchett
View all headers
On Mon, 22 Nov 2021 10:44:38 -0800 (PST)
skybuck2000 <skybuck2000@hotmail.com> wrote:

Since a few days this toshiba laptop L670 with windows 7 home on it
is displaying this nag screen:

Not asm; try a support group. Several support groups.


Subject: Re: Some horse shit this is, perhaps you can debug it ?
From: skybuck2000
Newsgroups: alt.lang.asm
Date: Tue, 23 Nov 2021 03:50 UTC
References: 1
X-Received: by 2002:a05:622a:1883:: with SMTP id v3mr2624244qtc.327.1637639426098; Mon, 22 Nov 2021 19:50:26 -0800 (PST)
X-Received: by 2002:a05:6830:4cf:: with SMTP id s15mr1474306otd.219.1637639425887; Mon, 22 Nov 2021 19:50:25 -0800 (PST)
Path: i2pn2.org!i2pn.org!aioe.org!feeder1.feed.usenet.farm!feed.usenet.farm!tr2.eu1.usenetexpress.com!feeder.usenetexpress.com!tr1.iad1.usenetexpress.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: alt.lang.asm
Date: Mon, 22 Nov 2021 19:50:25 -0800 (PST)
In-Reply-To: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=84.25.28.171; posting-account=np6u_wkAAADxbE7UBGUIOm-csir6aX02
NNTP-Posting-Host: 84.25.28.171
References: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <e9e7f4c9-ae7e-45bf-be5b-06a0e1326bc9n@googlegroups.com>
Subject: Re: Some horse shit this is, perhaps you can debug it ?
From: skybuck2...@hotmail.com (skybuck2000)
Injection-Date: Tue, 23 Nov 2021 03:50:26 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 28
View all headers
From another newsgroup/thread:

Why not get a legit copy of Windows? Just a thought. ;^)

It is a legit copy of Windows 7 home edition because my mother/half-sister bought this laptop !

Do you want to see proof ? :)
Kind of. In some strange sense.

Here ya go:

http://www.skybuck.org/Windows7/WhatIsThisHorseShit/ActivatedWoopsMaybeKeyLeakedOnYouTube.png

This discussion what you was actually usefull !

New hypothesis:

Windows 7 home edition product key leaked via one of my youtube videos ?!?!?

How the fuck am I supposed to know that Microsoft is stupid enough to display the product key on this SCREEN ?!

Oh my fucking god.

Now the question is: is this information enough to steal my key and cause an activation problem ?!?!?!?

Gjes mothafucking christ.

Bye,
  Skybuck.


Subject: Re: Some horse shit this is, perhaps you can debug it ?
From: skybuck2000
Newsgroups: alt.lang.asm
Date: Tue, 30 Nov 2021 03:50 UTC
References: 1 2
X-Received: by 2002:a05:620a:404e:: with SMTP id i14mr11965961qko.111.1638244257765;
Mon, 29 Nov 2021 19:50:57 -0800 (PST)
X-Received: by 2002:a05:6808:2388:: with SMTP id bp8mr2083138oib.38.1638244257537;
Mon, 29 Nov 2021 19:50:57 -0800 (PST)
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!news.misty.com!border2.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: alt.lang.asm
Date: Mon, 29 Nov 2021 19:50:57 -0800 (PST)
In-Reply-To: <e9e7f4c9-ae7e-45bf-be5b-06a0e1326bc9n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=84.25.28.171; posting-account=np6u_wkAAADxbE7UBGUIOm-csir6aX02
NNTP-Posting-Host: 84.25.28.171
References: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com> <e9e7f4c9-ae7e-45bf-be5b-06a0e1326bc9n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <90e52bb4-a36e-4870-aaca-2dcef64ab9c1n@googlegroups.com>
Subject: Re: Some horse shit this is, perhaps you can debug it ?
From: skybuck2...@hotmail.com (skybuck2000)
Injection-Date: Tue, 30 Nov 2021 03:50:57 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Lines: 79
View all headers
Zoomin on this horse shit:

I just saw this WatAdminSvc.exe pop-up in task manager !

A quickle google sheds some light on this:

https://www.bleepingcomputer.com/startups/WatAdminSvc.exe-26949.html

"

WATADMINSVC.EXE Information

This is a valid program that is required to run at startup.

This program is required to run on startup in order to benefit from its functionality or so that the program will work. The following information is a brief description of what is known about this file. If you require further assistance for this file, feel free to ask about in the forums.



Name

Windows Activation Technologies Service


Filename

WatAdminSvc.exe


Command

C:\Windows\System32\Wat\WatAdminSvc.exe


Description

Microsoft service that periodically determines if your Windows Product ID is valid, and if not, displays warnings that your copy of Windows may not be Genuine.


File Location

%System%\Wat\WatAdminSvc.exe


Startup Type

This startup entry is installed as a Windows service.


Service Name

WatAdminSvc


Display Name

Windows Activation Technologies Service


HijackThis Category

O23 Entry


Note

%System% is a variable that refers to the Windows System folder. By default this is C:\Windows\System for Windows 95/98/ME, C:\Winnt\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP/Vista/7.

"

Bye for now,
  Skybuck.




Subject: Re: Some horse shit this is, perhaps you can debug it ?
From: skybuck2000
Newsgroups: alt.lang.asm
Date: Tue, 30 Nov 2021 16:07 UTC
References: 1 2 3
X-Received: by 2002:a05:620a:4495:: with SMTP id x21mr149280qkp.604.1638288429469;
Tue, 30 Nov 2021 08:07:09 -0800 (PST)
X-Received: by 2002:a05:6830:4cf:: with SMTP id s15mr136017otd.219.1638288429231;
Tue, 30 Nov 2021 08:07:09 -0800 (PST)
Path: i2pn2.org!i2pn.org!aioe.org!news.uzoreto.com!news.misty.com!border2.nntp.dca1.giganews.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: alt.lang.asm
Date: Tue, 30 Nov 2021 08:07:09 -0800 (PST)
In-Reply-To: <90e52bb4-a36e-4870-aaca-2dcef64ab9c1n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=84.25.28.171; posting-account=np6u_wkAAADxbE7UBGUIOm-csir6aX02
NNTP-Posting-Host: 84.25.28.171
References: <9bcf0bd6-b2f4-4222-9e8e-a289dca2acd0n@googlegroups.com>
<e9e7f4c9-ae7e-45bf-be5b-06a0e1326bc9n@googlegroups.com> <90e52bb4-a36e-4870-aaca-2dcef64ab9c1n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <a8e63058-2131-4f1a-8fca-9c5ef4c518c5n@googlegroups.com>
Subject: Re: Some horse shit this is, perhaps you can debug it ?
From: skybuck2...@hotmail.com (skybuck2000)
Injection-Date: Tue, 30 Nov 2021 16:07:09 +0000
Content-Type: text/plain; charset="UTF-8"
Lines: 20
View all headers
This problem was caused by windows update KB 971033 installed in 2014.

It installs 4 files in c:\windows\system32\wat

npWatWeb.dll
WatAdminSvc.exe
WatUX.exe
WatWeb.dll

It adds 2 validation tasks to task schedular.

If the system date/time is changed to 2004 or something like that it causes a bug where these validation tasks start running one day before the date/time is re-synched to now.

One of these validation tasks will run approx each 6 hours which causes this annoying nag screen to pop-up.

This problem/bug can be solved by uninstalled windows update KB 971033

This is further evidence windows updates can cause system problems: Bug ? Or sabotage ? I will let you decide on that.

Bye,
  Skybuck.


1
rocksolid light 0.7.2
clearneti2ptor