## Launch Process Suspended

Do you ... analyze a lot of malware? Dynamically, too? Or do you just want to launch suspended processes? Well either way, although this is really easy to do, my intense web research did not yield satisfactory results. So here you go, this will just take the entire command line that is passed to it and execute it as a new, suspended process:
#include <Windows.h>
#include <Shlwapi.h>

BOOL ChrIsWhiteSpace(WCHAR x) {
return x == 32 || (x >= 9 && x <= 13);
}

int WinMainCRTStartup() {
int ArgCount = 0;
WCHAR* CommandLine = GetCommandLineW();
WCHAR** ArgList = CommandLineToArgvW(CommandLine, &ArgCount);
if (ArgList && ArgCount > 1) {
WCHAR* PtrRest = StrStrW(CommandLine, ArgList[1]);
if (PtrRest) {
STARTUPINFOW StartupInfo;
PROCESS_INFORMATION ProcessInfo;

while (!ChrIsWhiteSpace(*PtrRest))
PtrRest--;

GetStartupInfoW(&StartupInfo);

CreateProcessW(
NULL,
++PtrRest,
NULL,
NULL,
FALSE,
CREATE_SUSPENDED | INHERIT_PARENT_AFFINITY | DETACHED_PROCESS | CREATE_DEFAULT_ERROR_MODE,
NULL,
NULL,
&StartupInfo,
&ProcessInfo
);
CloseHandle(ProcessInfo.hProcess);
}
LocalFree(ArgList);
}
ExitProcess(0);
}

Do you want the Base64 encoded binary?

## Stop entering Away Mode

I have finally solved an annoying problem with my Windows 10 setup which was sortof hard to Google, so I am sharing. For quite some time, the computer had refused to go to sleep when it was not running on battery. Instead of going to sleep when instructed to, it would simply turn off the screen and mute the volume while continuing to *actually not sleep*. Moving the mouse a tiny bit would swiftly end the charade. In a recent fit of rage I decided to inspect the event log, and behold, there were some Kernel Power events that said: > _The system is entering Away Mode._ Which is entirely _not_ what I wanted when I told it to go to sleep. However, there was no option _anywhere_ in the power settings to be found that turned off this _"Away Mode"_. Well, the option actually does exist, but for some reason it is not visible unless you set the Attributes value to 2 in the following, easily memorable registry key:
HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\25DFA149-5DD1-4736-B5AB-E8A37B5B8187

Armed with this registry tweak, you can go back to the _"advanced"_ power settings, aka:
rundll32 shell32.dll,Control_RunDLL PowerCfg.cpl @0,/editplan:

Navigate to Sleep and there should be an option that says Allow Away Mode Policy or something similar. And that policy should be set to no, not even when plugged in, never, just sleep, for crying out loud, why does this even exist.

## Cleaning Up Windows Without Interaction

To reduce the size of some of my virtual machines, I often run the Windows cleanup tool to get rid of update artifacts and temporary files. While the cleanmgr command has some undocumented options such as /setup, /autoclean and /verylowdisk, I could not achive what I wanted with any combination of these: I wanted to have one command that simply cleans _everything_ without interaction. TL;DR: Put this in a batch file:
@echo off
set rootkey=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches
for /f "tokens=*" %%K in ('reg query %rootkey%') do >NUL REG add "%%K" /v StateFlags0000 /t REG_DWORD /d 2 /f
cleanmgr /sagerun:0

Essentially, this script manually creates the registry keys that would be created by a call to cleanmgr /sageset:0 and checking all the boxes. It then runs cleanmgr /sagerun:0 which non-interactively calls cleanmgr performing every cleanup task available. Remember to run this as an administrator to remove Windows update artifacts. Would you like to have that as PowerShell?

## Powershell DPAPI Script

I am writing a backup script which is supposed to backup data to a remote server, encrypted, and run as a scheduled task on a Windows machine. If you want all of that, you will have to store the encryption key somewhere. Instead of storing the password in plaintext, I had the idea to use the [Data Protection API]. Initially worried that I might have to write a wrapper for [CryptProtectData] myself, I quickly found the decent looking github project [DPAPIbridge]. Ultimately however, I figured out that Powershell can do all things. Presenting vault.ps1:
Param(
[string] $StoreSecret, [Parameter(Mandatory=$True,Position=0)]
[string] $filename ) [void] [Reflection.Assembly]::LoadWithPartialName("System.Security")$scope = [System.Security.Cryptography.DataProtectionScope]::CurrentUser
if ($StoreSecret -eq "") {$data = Get-Content $filename$ciphertext = [System.Convert]::FromBase64String($data)$plaintext = [System.Security.Cryptography.ProtectedData]::Unprotect(
$ciphertext,$null, $scope ) [System.Text.UTF8Encoding]::UTF8.GetString($plaintext)
} else {
$plaintext = [System.Text.UTF8Encoding]::UTF8.GetBytes($StoreSecret)
$ciphertext = [System.Security.Cryptography.ProtectedData]::Protect($plaintext, $null,$scope )
[System.Convert]::ToBase64String($ciphertext) >$filename
}

This script can be run as vault.ps1 [-StoreSecret SECRET] FILE. If the optional argument is present, it will store a protected blob containing SECRET in FILE, otherwise it will read a blob of protected data from FILE and print the enclosed secret string. [DPAPIbridge]: https://github.com/vincepare/DPAPIbridge [Data Protection API]: https://msdn.microsoft.com/en-us/library/ms995355.aspx [CryptProtectData]: https://msdn.microsoft.com/de-de/library/windows/desktop/aa380261(v=vs.85).aspx [Borg]: https://borgbackup.readthedocs.io/en/1.1.2/usage/general.html?highlight=borg_passcommand#environment-variables

## The Full Disk Encryption Dilemma for Windows 10

I am quite unsatisfied with the current state of full disk encryption solutions available for use with Windows 10 on a Laptop with SSD. This blag post will mirror some of what [Bruce Schneier already said on the matter][Schneier2]: I will discuss some of the options and point out problems. I am not offering a solution, just a variety of bad choices to pick from. [Schneier2]: https://www.schneier.com/blog/archives/2015/06/encrypting_wind.html Do you want to know more?

## Get the MSDN Library for offline use

So you develop in [Microsoft Visual Studio Community Edition](https://www.visualstudio.com/de/vs/community/) and you long for the old days when there was a way to get the [MSDN Library](https://msdn.microsoft.com/en-us/library/) as an offline help file? Fear not, you still can. Open Visual Studio, type Ctrl+Q to open the quick access bar, usually located in the upper right corner of your interface. Enter Help Viewer, it should yield one result by that name, marked as an *"individual component"*. Selecting that entry should allow you to download and install the Help Viewer. Now relaunch Visual Studio and start the Help Viewer via quick access in the same way. You will be prompted whether you want to download some *content* - and I bet you do.

Part of me wants to write about all the [horror](https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/) and [glory](https://crates.io) there is to be seen in package management, but quite frankly it'll take too long. Instead, I will just leave you with a tiny piece of advice. Here comes. If you are on Windows and you want to install a *legitimate* Python package (like for example [PyCryptodome](https://pypi.python.org/pypi/pycryptodome), because naturally you are **fully aware** that [PyCrypto is dead](https://github.com/dlitz/pycrypto/issues/173).), which in reality is a bottomless pit, at the center of which there is a C library, straight from hell - then maybe get the [Microsoft Compiler for Python](http://www.microsoft.com/en-us/download/details.aspx?id=44266) instead of, who knows, wasting hours or even days looking for a less reasonable solution. Credit, as so very often, [goes to stackoverflow](https://stackoverflow.com/a/27327236/1578458).

## Batch edit your PuTTY Sessions

The color that [PuTTY](http://www.putty.org/) uses for blue is simply too dark. The scrollback buffer, by default, is 200 lines. That's ridiculous, I have several gigabytes of RAM going to waste here. In case you have a lot of stored sessions, it's quite tiresome to use PuTTY to go through all of them and fix whatever settings you would like to change. You can edit them directly in the registry, though - or use this Python 3 script!
from winreg import OpenKey, EnumKey, QueryValueEx, SetValueEx, \

class callrange:
def __init__(self, call_function):
self.call = call_function
def __getitem__(self,index):
try: return self.call(index)
except OSError: raise IndexError

with OpenKey(HKCU,"SOFTWARE\SimonTatham\PuTTY\Sessions") as sessions:
for s in callrange(lambda i: EnumKey(sessions,i)):
for name,value in [
('Colour14','100,100,250'),
('Colour15','120,120,250'),
('TerminalType','xterm'),
('ScrollbackLines',6000)
]:
type = QueryValueEx(key,name)[1]
SetValueEx(key,name,0,type,value)

By the way, searching the tubes reveals [some useful suggestions to improve PuTTY's default settings](http://dag.wiee.rs/blog/content/improving-putty-settings-on-windows).

## Disable the Windows 8 / 10 lock screen

Are you also annoyed with the Windows lock screen? You know, the one you must swipe or click away before you can enter your login data. The one that doesn't even respond to shift anymore since Windows 10. It can be disabled as follows: * Open the Group Policy Editor. Either 1. press Win+R and run gpedit or, if you don't have gpedit.msc, 2. open the Microsoft Management Console by pressing Win+R and entering mmc. Go to FileAdd/Remove Snap-In, select the Group Policy Object Editor, press Add, Finish and OK. Expand the Local Computer Policy. * Navigate to 3. Computer Configuration 4. Administrative Templates 5. Control Panel 6. Personalization, edit Do not display the lock screen and set it to Enabled.

## Make VIM work in Cygwin

Well. In case you have not stumbled across the corresponding StackOverflow post, and if you have always wondered why vim does not work properly in cygwin, just
[rattle@ALICE:~]\$ cat .vimrc
set nocompatible
set backspace=indent,eol,start

and your worries will be over.

## Show Text File on Windows Desktop as Background

Finally there is an official way of setting a text file as your Desktop Background: Windows Sysinternals BgInfo. This tool can show a lot of information about your system but may also show the contents of a Textfile: Press the button Custom... on the right and then New.... There you may select Contents of a file and include a path to the text file. After you saved the BfInfo config file somewhere on your system, you can call BgInfo in the following way to update the background image:
bginfo c:\System\config\bginfo.bgi /timer:0

This may be useful to show log files that you want to keep an eye on or the shadowfile of your favorite TaskWarrior report.

## Latex unter Windows mit Vorschau und deinem Lieblingseditor

Mein Eindruck ist, dass viele vernünftige Leute das Problem haben, unter Windows texen zu wollen und bei schrecklichen Programmen wie LaTeX Editor oder TeXnicCenter hängen bleiben. Prinzipiell funktionieren die ja auch. Vielleicht nicht perfekt und manchmal sind sie hier oder da etwas unpraktisch, oder stürzen ab (beim Editiern von Text) - aber sie tun ihre Arbeit und, hey, es gibt ja auch nichts besseres. Do you want to know more?

## Building Perl stand-alone applications with a GUI using Mojolicious and PAR-Packer

You might have come across the same problem I have faced pretty often: You want to write a small snippet of code for a friend who's not into programming to solve some task. You want to use the scripting language of your choice (yeah, [Perl](http://www.perl.org/)). But for many people, especially Windows users, explaining them how to [install perl](http://www.perl.org/get.html), install some modules from [CPAN](http://cpan.org), and finally how to use the script from the command line is tedious and often takes more time than writing it in the first place. And sometimes it even takes more time than solving the task by hand which is quite frustrating. So I always wanted to build stand-alone applications with a GUI for those cases. But building GUIs is usually a huge pain in the ass, so I always avoided it; until I got the idea to build web applications with [Mojolicious](http://mojolicio.us/) as GUI. Building stand alone executables without the need of installing perl, modules, or libraries can be solved with [PAR-Packer](http://search.cpan.org/dist/PAR-Packer/). So far, that was just a thought. A few days ago I got a small task: My brother wanted an application to automatically correct one kind of systemic error in large data sets. So I wanted to put that idea to the test. It worked out quite well! Do you want to know more?