1 page 4 - Dave's Blog

Search
My timeline on Mastodon

Tweet from David Risney

2016 Aug 31, 6:06
Would be nice if CSP could help. CSP can block frame navigating parent but not window navigating opener https://twitter.com/bendhalpern/status/771021574426267648 
PermalinkComments

Tweet from David Risney

2016 Aug 30, 10:33
@Kevecca Rewound to listen several times =)
PermalinkComments

Tweet from David Risney

2016 Aug 30, 1:46
Turning up @Kevecca's plug them on latest comedy bang bang http://www.earwolf.com/episode/atlantis-dire-warning/ 
PermalinkComments

Tweet from Gimlet

2016 Aug 29, 11:40
So there's also this...📺 https://twitter.com/podcaststartup/status/770430060448714752 
PermalinkComments

Tweet from David Risney

2016 Aug 23, 1:50
Can I pitch a @SamplerShow spin off that is just like Sampler but covers exclusively PFT podcasts and podcast appearances?
PermalinkComments

Tweet from David Risney

2016 Aug 23, 1:48
Loved @PFTompkins ep of @SamplerShow https://gimletmedia.com/episode/25-paul-f-tompkins-the-mayor-of-podcastland/  including PFTs reaction to Ice-Ts reaction to fake Ice-T PFT conversation.
PermalinkComments

Tweet from Pwn All The Things

2016 Aug 21, 11:23
If insurance companies said "your premiums will go from $10m to $2m if you parameterize your SQL" SQL-injection would all be dead tomorrow.
PermalinkComments

Tweet from Joe Uchill

2016 Aug 19, 12:10
@da_667 Seriously, this. From the guy who runs the Social Engineering CTF.
PermalinkComments

Tweet from David Risney

2016 Aug 18, 5:40
Mother Jones on ending private prisons and their previous piece inside private prisons: http://www.motherjones.com/politics/2016/08/department-justice-plans-end-private-prison  https://twitter.com/AlexCKaufman/status/766300516007682048 
PermalinkComments

Tweet from Garrett Serack

2016 Aug 18, 2:57
For the record, yes you can run on Linux in Bash on Windows (aka ) /cc @bitcrazed @bradwilson
PermalinkComments

Tweet from David Risney

2016 Aug 5, 3:20
I've put my WPAD DHCP server Fiddler extension up on GitHub https://deletethis.net/dave/2016-08/WPAD+Server+Fiddler+Extension+Source 
PermalinkComments

WPAD Server Fiddler Extension Source

2016 Aug 5, 3:18

I've put my WPAD Fiddler extension source and the installer on GitHub.

Six years ago I made a WPAD DHCP server Fiddler extension (described previously and previously). The extension runs a WPAD DHCP server telling any clients that connect to connect to the running Fiddler instance. I've finally got around to putting the source on GitHub. I haven't touched it in five or so years so this is either for posterity or education or something.

PermalinkCommentsdhcp fiddler network security wpad

Tweet from Buzz Aldrin

2016 Jul 26, 12:25
47 years ago I submitted my travel voucher reimbursement for my trip to the moon.
PermalinkComments

Data breakpoints in JavaScript

2016 Jun 17, 5:44

The other day I had to debug a JavaScript UWA that was failing when trying to use an undefined property. In a previous OS build this code would run and the property was defined. I wanted something similar to windbg/cdb's ba command that lets me set a breakpoint on read or writes to a memory location so I could see what was creating the object in the previous OS build and what that code was doing now in the current OS build. I couldn't find such a breakpoint mechanism in Visual Studio or F12 so I wrote a little script to approximate JavaScript data breakpoints.

The script creates a stub object with a getter and setter. It actually performs the get or set but also calls debugger; to break in the debugger. In order to handle my case of needing to break when window.object1.object2 was created or accessed, I further had it recursively set up such stub objects for the matching property names.

Its not perfect because it is an enumerable property and shows up in hasOwnProperty and likely other places. But for your average code that checks for the existence of a property via if (object.property) it works well.

PermalinkCommentsdebug debugging javascript

WinRT Toast from PowerShell

2016 Jun 15, 3:54

I've made a PowerShell script to show system toast notifications with WinRT and PowerShell. Along the way I learned several interesting things.

First off calling WinRT from PowerShell involves a strange syntax. If you want to use a class you write [-Class-,-Namespace-,ContentType=WindowsRuntime] first to tell PowerShell about the type. For example here I create a ToastNotification object:

[void][Windows.UI.Notifications.ToastNotification,Windows.UI.Notifications,ContentType=WindowsRuntime];
$toast = New-Object Windows.UI.Notifications.ToastNotification -ArgumentList $xml;
And here I call the static method CreateToastNotifier on the ToastNotificationManager class:
[void][Windows.UI.Notifications.ToastNotificationManager,Windows.UI.Notifications,ContentType=WindowsRuntime];
$notifier = [Windows.UI.Notifications.ToastNotificationManager]::CreateToastNotifier($AppUserModelId);
With this I can call WinRT methods and this is enough to show a toast but to handle the click requires a little more work.

To handle the user clicking on the toast I need to listen to the Activated event on the Toast object. However Register-ObjectEvent doesn't handle WinRT events. To work around this I created a .NET event wrapper class to turn the WinRT event into a .NET event that Register-ObjectEvent can handle. This is based on Keith Hill's blog post on calling WinRT async methods in PowerShell. With the event wrapper class I can run the following to subscribe to the event:

function WrapToastEvent {
param($target, $eventName);

Add-Type -Path (Join-Path $myPath "PoshWinRT.dll")
$wrapper = new-object "PoshWinRT.EventWrapper[Windows.UI.Notifications.ToastNotification,System.Object]";
$wrapper.Register($target, $eventName);
}

[void](Register-ObjectEvent -InputObject (WrapToastEvent $toast "Activated") -EventName FireEvent -Action {
...
});

To handle the Activated event I want to put focus back on the PowerShell window that created the toast. To do this I need to call the Win32 function SetForegroundWindow. Doing so from PowerShell is surprisingly easy. First you must tell PowerShell about the function:

Add-Type @"
using System;
using System.Runtime.InteropServices;
public class PInvoke {
[DllImport("user32.dll")] [return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetForegroundWindow(IntPtr hwnd);
}
"@
Then to call:
[PInvoke]::SetForegroundWindow((Get-Process -id $myWindowPid).MainWindowHandle);

But figuring out the HWND to give to SetForegroundWindow isn't totally straight forward. Get-Process exposes a MainWindowHandle property but if you start a cmd.exe prompt and then run PowerShell inside of that, the PowerShell process has 0 for its MainWindowHandle property. We must follow up process parents until we find one with a MainWindowHandle:

$myWindowPid = $pid;
while ($myWindowPid -gt 0 -and (Get-Process -id $myWindowPid).MainWindowHandle -eq 0) {
$myWindowPid = (gwmi Win32_Process -filter "processid = $($myWindowPid)" | select ParentProcessId).ParentProcessId;
}
PermalinkComments.net c# powershell toast winrt

Tweet from Windows Blogs

2016 Jun 10, 3:01
Using Device Portal to view debug logs for UWP http://blogs.windows.com/buildingapps/2016/06/10/using-device-portal-to-view-debug-logs-for-uwp/ 
PermalinkComments

Tweet from Philip II

2016 Jun 9, 9:01
Silly Queen Elizabeth thinks her nation secure from our Spanish Armada. We will soon see @lizbet1533 in chains. No naval power. Sad!
PermalinkComments

Tweet from David Risney

2016 Jun 9, 4:02
Movie written by algorithm turns out to be hilarious and intense http://arstechnica.com/the-multiverse/2016/06/an-ai-wrote-this-movie-and-its-strangely-moving/ 
PermalinkComments

Tweet from David Risney

2016 Jun 9, 3:48
Is this how we find out who Trump wants as his VP? https://twitter.com/7im/status/740670716870156288 
PermalinkComments

Tweet from David Risney

2016 Jun 9, 3:26
Trying to avoid regulation? Put a gun on it. You can't regulate that! http://arstechnica.com/tech-policy/2016/06/man-who-built-gun-drone-flamethrower-drone-argues-faa-cant-regulate-him/ 
PermalinkComments
Older EntriesNewer Entries Creative Commons License Some rights reserved.