I'm trying to build a Windows Embedded Standard 2009 image, following a process written for creating an XP Embedded SP2 image with adjustments where necessary. When executing the XPECMD.wsf script (c:\Program Files (x86)\Windows Embedded\bin\xpecmd.wsf) using the cscript command, I get the following error:
c:\Program Files (x86)\Windows Embedded\bin\xpecmd.wsf(3405, 15) WScript.CreateObject: Could not create object named "CMI.CMI".
CMI is the Component Manager Interface, and the XPECMD.wsf script that contains that line is, I think, delivered with the Windows Embedded Std 2009 tools, so I don't think the problem is that Win Embedded Std obsoleted it. EDIT: In fact, apparently the whole point of XPECMD is to provide a scriptable interface to the CMI: http://msdn.microsoft.com/en-us/library/aa940741(v=winembedded.5).aspx
I have no idea what's causing this, I don't see any similar errors in google searches or elsewhere, and I don't even really know if this is an appropriate StackOverflow question, but I'm mystified, so if anyone can offer some suggestions, I'd appreciate it greatly.
I found the answer here: http://social.msdn.microsoft.com/Forums/en-US/79c59599-373d-4062-9900-55477429e759/help-error-component-manager-interface-cmi
The XPECMD script must be run with the 32-bit version of cscript.exe, which is found in %windir%\SysWoW64 rather than %windir%\system32. This can be done either by using the WoW64 version of cmd.exe to launch cscript or by explicitly calling %windir%\SysWoW6\cscript.exe.
Related
The official way to do this appears to be to use WinDbg. That should be able to give me the information I need, very easily. However, I don't have WinDbg, and my attempts to install it have failed for no known reason. So, is there another way to find my bad line of code? Or, is there a way other than using Microsoft's Windows SDK installer to get WinDbg?
My DLL is an unmanaged DLL (no CLR) built using Visual Studio 2012.
I'm trying to learn the basics of dll injection, so I created a really simple hello-world type DLL and an injector based off of code I found online. I wasn't able to find anything that works out of the box, so I had to make a few adjustments.
Injection Code, DLL Code
I'm running these on 64-bit windows. I'm compiling with Visual Studio 2010. The injector is a win32 console app, and the dll is win32 as well. I'm trying to inject my code into an existing notepad process (also 32-bit). All of this is running on Windows 7 x64.
When I run the injector, it fails every time at CreateRemoteThread, with GetLastError returning 5 (i.e. ERROR_ACCESS_DENIED). I've confirmed that the dll path is correct (although changing it to a bogus path gives the same behavior), and I've confirmed that the path is getting written to notepad's memory at the correct address using Cheat Engine. I'm having a difficult time with this because I'm not sure how to debug the problem further.
What could be causing CreateRemoteThread to fail?
The problem is that notepad.exe is a 64-bit process in 64-bit windows, and I was trying to inject with a 32-bit process.
I also come up with the same problem. My situation is this:
My system is 64-bit and the notepad is also 64-bit.
But the injector is the 32-bit process.
My solution is to replace the 64-bit notepad with the 32-bit notepad in the system directory.
first things first:
It was working when I used it last time (which is about more than a month ago).
The Problem is, that no command which is from an extension is working, it seems like no extension is loaded.
Only the default commands do work (like version etc.)
The output of the command "Version" is:
Extension DLL chain:
dbghelp: image 6.2.9200.16384, API 6.1.6, built Sat Nov 20 12:57:48 2010
[path: C:\Windows\system32\dbghelp.dll]
ext: (Not loaded)
wow64exts: (Not loaded)
exts: (Not loaded)
uext: (Not loaded)
ntsdexts: (Not loaded)
It says that no extensions were loaded, but the folder winext does exist in my system32 folder (C:\Windows\System32\winext), where the extensions are located in (as far as I know).
Commands like !gle do not work :/
I really have no Idea what I can do, please help me :)
Does the DBGTOOLS definition in your IDA.CFG point to the x86 WinDBG installation directory?
The following comes from IDA Pro's help:
Windbg debugger plugin has the following configuration options:
- The Debugging Tools folder: This should be configured to point to the same
folder where Microsoft Debugging Tools are installed. The plugin will try to
guess where the tools are, but if it fails, a manual intervention will be
required. If this option is not set, then the plugin will try to use dbgeng.dll
from MS Windows system folder, while normal debug operations will work,
extensions will not.
This information indicates that if IDA Pro is using dbgeng.dll from the Windows system folder, the extensions command (like !gle) will not work.
If you have already setup the DBGTOOLS to point to your WinDbg (x86 version) directory correctly in your /cfg/ida.cfg but IDA Pro is still using dbgeng.dll from your Windows system folder, then probably your IDA context is not configured to analyze the IBM PC processor. This may happen when you launch IDA Pro and click the 'Go' button directly to work on your own and start the WinDbg debugger.
Check the DBGTOOLS in the ida.cfg, you will find it is wrapped by #ifdef __PC__ #endif.
The __PC__ will only gets defined by IDA Pro if you are analyzing a Windows EXE file for example. Give a try to launch the WinDbg from the IDA Pro menu after you have successfully disassembled a Windows EXE file and see what happens.
If this still hasn't been answered your problem is most likely that you didn't uncomment the DBG Tools line in the ida.cfg file.
I just fixed this myself. hope this helps.
Also the other guys are correct as well. make sure you are escaping with double back slashes "\\" and make sure you pointing to the (x86) directory.
There is a similar question from stackoverflow. But I didn't find that the answer is helpful. I also used Google searched the websites, I have watched here and here.
I have tried the method they told to solve this problem but not got a satisfied answer.
My operating system is 32-bit Window 7. Noncircle.dll is generated by Matlab version 2010a in another machine which installed Matlab. I tried to add Noncircle.dll as a reference in a project written in C#(I didn't install Matlab on my computer), but Visual-Studio 2010 told me the error:
So I doubt that Noncircle.dll maybe have to be registered. So I put Noncircle.dll in C:\Windows\System32 and started Cmd.exe as a administrator and typed:
regsvr32 Noncircle.dll
Then I got an error:
"The module "Noncircle.dll" failed to load.Make sure the binary is sorted at the
specified path or debug it to check for problems with the binary or depenedent
.DLL files.The specified module coudl not be found."
Could you give me some hints, Thanks in advance!
Updated on 2012/10/18
But if I have installed Matlab version 2010a on my machine, this problem is solved.
I just had the same issue.
If you're running 64-bit Windows and you've placed the 32-bit DLL in Windows\System32\ then it'll give you this error.
Simply place the DLL into Windows\SysWOW64\ and register it from there.
Here's where I found the fix:
http://csi-windows.com/blog/all/73-windows-64-bit/378-fixing-qregsvr32-the-module-failed-to-load-the-specified-module-could-not-be-foundq
First of all try to use RegDllView, to see whether there is actually a COM server registered in the system.
Also check whether this DLL is a COM component.
I know its too late... but I am adding my solution for others because I faced the same error after following above mentioned answers:
"I just had the same issue.
If you're running 64-bit Windows and you've placed the 32-bit DLL in Windows\System32\ then it'll give you this error.
Simply place the DLL into Windows\SysWOW64\ and register it from there."
If you are facing same error after placing DDL to SysWOW64, then you need to turn on MSMQ feature.
Go to Start ->
Search "Turn Windows features on or off" ->
Find "Microsoft Message Queue(MSMQ) Server" and Enable it.
Now, register the same DLL again and this time it will be registered
I am looking for a CLI tool that will list all of the DLL files referenced in the Import section of a Windows executable file. Back in the day, Windows shipped with a GUI tool called QuickView that provided this information. However, I need a CLI-based application that will provide this information and preferrably a free / open-source application if possible.
IIRC, dumpbin tool from Microsoft could help. It is shipped with Microsoft Visual C++. The details are in MSDN.
Try dumpbin /IMPORTS <pe_file_to_analyze>.
I guess, the tool is not open source, however. But if it is included in Microsoft Visual C++ Express (not sure about that), you can get it for free.
After asking this question and doing some searching, I concluded that the easiest way to get a program like this was to write one. So I did.
The end result was a program named PEImportList (released under the MIT license). It does nothing more than open a PE executable (x86 only at the moment) and read the import data, printing a list of DLL names to the console.
The code will run on any platform and can be found in this single file here:
https://gist.github.com/nathan-osman/5b25da083ad5c6557e89
Simply invoke the program by passing the executable as a parameter. If you want only the DLL names printed, then stick the -l option in front of the executable parameter.