Perl: One liner for Search and Replace in Multiple Files

Problem Statment:

Want to search a nd replace a string in multiple files? That to in one line? Simple! Read ahead..

Solution:

Install Perl and use Perl single line execution ie perl -e

Here's the actual statement taht will do the trick:

perl -pi -i.back -e 's///g;' *.txt

Explaination:

perl.exe is of course required for you to run the script.

-p : runs over the complete files.

-i : edits the files required.

-e : execute the script.

-i.bak : this creates a back-up of the file that is opened for editing.

*.txt : Search and Replace operation works on all files with extension '.txt'.

Small Tip: this is an important interview question. Adds more interest to the post, isn't it? :)

Hope this helps!

Kernel: Finding drivers that are not digitally signed

Problem Statement:

Finding drivers on a user system that are not digitally signed.

Solution:

Windows provides a tool that hist the nail on its head. File Signature Verification Tool by Windows helps the user to find files that are not digitally signed. Since we are interested in drivers, we could target a folder C:\Windows\System32\drivers and find all the driver (.sys) files that are not digitally signed.

Using File Signature Verification Tool:

StartUp:

1. Goto Start->Run.

2. Type in sigverif. This will start the tool (sigverif.exe) and a file signature

verification window pops-up.

Searching Options:

User can search files of specified extensions in a specified folder.

- Check the option that says "Lokk for other files that are not digitally signed"

Under Serach Options:

- Select the file type that can be used for scanning. (like *.sys, *.dll or*.*)

- Select the folder "Look in this folder" option by browsing to the location.

- Check "Include subfolders" for recursive directory listing.

Logging Options:

User can configure the logging options as follows:

- Check the "Save the file signature verification results to a log file"

Under logging options:

- Select "Append/Overwrite existing log file" to either append the results of differents tests in a log file or overwrite the log file for a new test that's triggered every time.

- Log file name: Mention the log file name with appropriate path. Note: Pathnames need not to have (\\) as escape sequences.

Running the tool:

After configuring the tool. click OK and press Start. The tool now starts scanning all the files in all the configured folders to find all the files matching the configuration criterion that are not digitally signed.

Report:

A report of the test is genetated in a log file (configured by user in logging options) that gibes information on:

- Files that are scanned with the folder structure path.

- Files that are digitally signed with information on:

* File Modified date.

* File Version Information, if available.

* Catalog file information in which the file can be found.

* Signing Authority.

- Files that could not be scanned.

Case Study:

Let's say we want to find all the drivers present in C:\Windows\System32\drivers folders and check if they are digitally signed or not. Here are some snapshots that depict the configuration required.

System Specs:

Running the test on WINXP SP3 32 bit system.

2 GB RAM and 320 GB HDD.

Searching Options:

Logging Options:

We have now configured the tool check:

- All the driver files

- Under C:\Windows\System32\drivers folder

- Log the results in SIGVERIF.TXT file.

- Running the tool would yield the results on a UI (in case of files that are not digitally signed) and in the log file.

Results of case Study:

While running the test for the case study, it found some drivers on my laptop that were not digitally signed. Here's a snapshot depicting the unsigned driver files.

Contents of SIGVERIF.TXT Log File:

********************************

Microsoft Signature Verification

Log file generated on 5/17/2010 at 9:59 AM

OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion: Service Pack 3

Scan Results: Total Files: 237, Signed: 229, Unsigned: 7, Not Scanned: 1

User-specified search path: *.*

User-specified search pattern: C:\WINDOWS\system32\drivers

File Modified Version Status Catalog Signed By

------------------ ------------ ----------- ------------ ----------- -------------------

[c:\windows\system32\drivers]

1028_dell_lat_d820.m 2/25/2009 None Not Signed N/A

1394bus.sys 4/14/2008 2:5.1 Signed NT5.CAT Microsoft Windows Component Publisher

acpi.sys 4/14/2008 2:5.1 Signed NT5.CAT Microsoft Windows Component Publisher

acpiec.sys 4/14/2008 2:5.1 Signed NT5.CAT Microsoft Windows Component Publisher

aec.sys 4/13/2008 2:5.1 Signed NT5.CAT Microsoft Windows Component Publisher

aegisp.sys 2/25/2009 3.4.9.0 Not Signed N/A

afd.sys 8/14/2008 2:5.1 Signed KB956803.cat Microsoft Windows Component Publisher

Unscanned Files:

------------------

[c:\windows\system32\drivers]

sptd.sys The process cannot access the file because it is being used by another process.

Thus the user gets the information on all the Digitally Signed and Unsigned driver files.

Kernel: Finding drivers loaded on user system

Problem Statement:

Find all the drivers that are loaded on user system and get the information pertaining to code, initialiazed and un- initialiazed static data and driver paging.

Solution:

Drivers.exe, a tool from WinDDK helps the user in finding all the drivres that are loaded on user system.

Drivers tool can be found at C:\winddk\7600.16385.1\tools\Other\i386 location of Winddk once the kit is installed on your system.

Using the tool:

1. Go to the command prompt.

2. Browse to the location where drivers.exe is present.

3. Run the command: "drivers.exe >> C:\report.txt"

This will save the information on all the drivers that were loaded on the user system on the harddisk location C:\report.txt.

Information obtained from the tool:

ModuleName: Represents the driver filename.

Code: Indicates the non-paged code in the driver file in bytes.

Data: Represents the initialiazed static data of the driver file in bytes.

BSS: Un-initialized static data in the image. Generally initialized to 0 or NULL.

Paged: Represets the data that is paged by the driver, in Bytes.

Init: Indicates the data that is not needed after the driver is initialized. Represented inBytes.

LinkDate: Its the date when the driver was linked.

Drivers.exe Output:

------------------------------------------------------------------------------

ModuleName Code Data Bss Paged Init LinkDate

------------------------------------------------------------------------------

ntkrnlpa.exe 479232 106496 0 1183744 180224 Tue Feb 16 18:55:00 2010

hal.dll 35968 42496 0 30976 15488 Mon Apr 14 00:01:27 2008

KDCOM.DLL 2560 256 0 1280 512 Sat Aug 18 02:19:10 2001

BOOTVID.dll 5632 3584 0 0 512 Sat Aug 18 02:19:09 2001

Tool Utility:

1. The tool can be used to identify if a particular driver is loaded on the user system.

2. Could verify if a driver loads on different operating systems and in different modes like Normal or Safe operating modes.

3. User can run the tool twice with in specified time frame and compare the results to check if there are any issues loading a driver under test.

Supported OS:

I have used the tool on the following platforms and it works fine.

- WINXP SP3 x32

- WIN 7 Ultimate x32

Python: Get and Set FileAttributes

Problem Statement:

Getting and Setting File Attributes in python

Code Implementation:

import os, win32file, win32con, win32api

import sys

def Getfileattrib(filepath):

""" Will check for a particular attribute is enabled for a file or not"""

try:

attributes = []

attrib = win32file.GetFileAttributes(filepath)

if not os.path.isfile(filepath):

print filepath + ": File Not Found"

print "Exiting..."

sys.exit(1)

if((attrib & win32con.FILE_ATTRIBUTE_ARCHIVE)):

attributes.append("A")

if((attrib & win32con.FILE_ATTRIBUTE_SYSTEM)):

attributes.append("S")

if((attrib & win32con.FILE_ATTRIBUTE_HIDDEN)):

attributes.append("H")

if((attrib & win32con.FILE_ATTRIBUTE_READONLY)):

attributes.append("R")

return attributes

except Exception:

raise

def Setfileattrib(filepath, attributes):

""" Will set attributes for a file taking list of attributes in a list"""

try:

if not os.path.isfile(filepath):

print filepath + ": File Not Found"

print "Exiting..."

for attribute in attributes:

os.system("attrib +%s %s" % (attribute.upper(), filepath))

except Exception:

raise

TechTip: Windows Autologon using UI

My last post talks about how to enable logon using regitsry changes...

Here's something that can be done using an UI.

Steps:

1. Go to Run and type "cotrol userpassword2".

2. This would take you to "User Accounts" screen where all the users for your machine are listed.

3. Under this uncheck the option "user must enter a username and password to use this computer".

4. Click on "Apply", which will take you to "Automatically Logon" Screen.

5. Enter the Username and Password for the User you want to enable automatic logon.

And you are done!

You can get more methods on this at: http://www.logonexpert.com/freeautologon.html

DOS: Batch Script to enable Windows Logon through Registry

Problem Statement:

Script to enable Windows Logon through Registry changes.

Batch Script Contents:

REG ADD "HKLM\software\Microsoft\windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d USERNAME /f

REG ADD "HKLM\software\Microsoft\windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d PASSWORD /f

REG ADD "HKLM\software\Microsoft\windows NT\CurrentVersion\Winlogon" /v AuotAdminLogon /t REG_SZ /d 1 /f

REG ADD "HKLM\software\Microsoft\windows NT\CurrentVersion\Winlogon" /v ForceAutoLogon /t REG_SZ /d 1 /f **

**Note: Run the first three commands for Windows XP and above OS.

If working on Windows 2K use all the four commands.

Utility:

You could now use this script on the system where you want to enable auto logon.

You can get more methods on this at: http://www.logonexpert.com/freeautologon.html