My company is using Rapid7 EDR and we always get alerts about:
Suspicious Process - RegASM.exe in Non-Standard Location
I have noticed that our RegASM is located at some other path:
"exe_path": "C:\magic\RegAsm.exe
Is there a way to change the path to the supposed path, which i saw is this one:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
I see the command we used is:
"cmd_line": "REGASM C:\magic\filename.dll /tlb:filename.tlb /codebase",
Update: Ok i found out that the parent process is:
"exe_path": "C:\Windows\System32\cmd.exe",
"cmd_line": "C:\WINDOWS\system32\cmd.exe /c "\\srv-dc01\netlogon\InstallPriorityCom.bat "",
And it's related to a game called Magic? how do I get rid of this?
Thanks
Related
Recently, when I load iTerm2 on my mac, it lists out the configuration of my profile (or possibly its something different).
This is what I see:
Last login: Tue Jun 21 19:54:38 on ttys000COLORFGBG='15;0'
COLORTERM=truecolor
COMMAND_MODE=unix2003
HOME=/Users/me
ITERM_PROFILE=Default
ITERM_SESSION_ID=w0t0p0:FD9764B1-4535-4FE2-932A-97AFD9D6C804
LANG=en_GB.UTF-8
LC_TERMINAL=iTerm2
LC_TERMINAL_VERSION=3.4.15
LOGNAME=me
OLDPWD=/Users/me
PATH=/usr/bin:/bin:/usr/sbin:/sbin
PWD=/Users/me
SHELL=/bin/zsh
SHLVL=1
SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.u21pRFo1wk/Listeners
TERM=xterm
TERM_PROGRAM=iTerm.app
TERM_PROGRAM_VERSION=3.4.15
TERM_SESSION_ID=w0t0p0:FD9764B1-4535-4FE2-932A-97AFD9D6C804
TMPDIR=/var/folders/dz/wvb1lxq56wg_wk3ppwqw4mdc0000gn/T/
USER=me
XPC_FLAGS=0x0
XPC_SERVICE_NAME=0
__CFBundleIdentifier=com.googlecode.iterm2
__CF_USER_TEXT_ENCODING=0x0:0:0
me#my-iMac ~ %
I don't really like this behaviour. I can't find where that has been set to happen. I can't see anything in .zshenv, .zshrc, .bashrc and can't see where in iTerm such a thing might be triggered. I've tried creating a new profile, but that also results in the same output.
Any other suggestions to how I can get back to the way it was a few weeks back where it just told me the last time I logged in?
If you add set -x to ~/.zshenv, the shell will print every line it runs with file names and line numbers. You can then find the offending command and remove or fix it. My best guess would be a call to export without any arguments: something like export $foo, where $foo is empty?
I have modified an nginx module in a way that it depends on a library.... let's call the library that I need libx.
I have modified auto/os/linux in such a way that I am able to detect if libx is present... by adding something like:
+ngx_feature="libx"
+ngx_feature_name="NGX_HAVE_LIBX"
+ngx_feature_run=no
+ngx_feature_incs="#include <libx.h>"
+ngx_feature_path=
+ngx_feature_libs=-lx
+ngx_feature_test="libx_init();"
+. auto/feature
Then, in the module code I do #ifs checking for NGX_HAVE_LIBX... something like:
#if (NGX_HAVE_LIBX)
libx_init();
#endif
And it works like a charm.... when I run auto/configure I get that the library is detected with something like:
checking for libx... found
and it compiles BUT at link time it's not including -lx as part of the flags sent to cc/ld when building the final objs/nginx binary. I would have expected that after the feature be detected in auto/os/linux it would automagically be added to the linking phase when creating the Makefile... but apparently that's not the case so I know I am missing something... what additional step do I need to do to pull it off?
This is on nginx 1.19.2 (well, master branch from nginx mirror).
I think I got it.
I needed to add something like this:
+ngx_feature="libx"
+ngx_feature_name="NGX_HAVE_LIBX"
+ngx_feature_run=no
+ngx_feature_incs="#include <libx.h>"
+ngx_feature_path=
+ngx_feature_libs=-lx
+ngx_feature_test="libx_init();"
+. auto/feature
if [ $ngx_found = yes ]; then
CORE_LIBS="$CORE_LIBS -lx"
NGX_LIBDL="-lx"
fi
Right now I'm trying to create wallet for TON.
I downloaded and built Fift interpreter an was trying to create new wallet with: ./crypto/fift new-walelt.fif
[ 1][t 0][1559491459.312618017][fift-main.cpp:147] Error interpreting standard preamble file `Fift.fif`: cannot locate file `Fift.fif`
Check that correct include path is set by -I or by FIFTPATH environment variable, or disable standard preamble by -n.
Although my path variable is set. Could anyone please help me with this?
First, locate {{lite-client-source-direcotry}}/crypto/fift
This is not the build directory, that's the directory where are the source files (lite-client that you downloaded). So verify you have that it contains Fift.fif file.
If you installed it in the user working directory, it should be:
~/lite-client/crypto/fift/
Now, you should either set FIFTPATH variable to point to this directory or run fift with -I option:
export FIFTPATH=~/lite-client/crypto/fift/
./crypto/fift new-walelt.fif
Or
./crypto/fift -I~/lite-client/crypto/fift/ new-walelt.fif
Have you tried ./crypto/fift -I<source-directory>/crypto/fift new-wallet.fif instead of setting environment variable? Are Fift.fif and Asm.fif library files inside FIFTPATH?
Make sure you have followed all the instruction written here:
https://test.ton.org/HOWTO.txt
It should work if you do all the above instruction correctly. If not, it might be a bug. Remember that TON is in a very early beta strage. You can submit the issue here:
https://github.com/copperbits/TON/issues
You also can use this:
cd ~/liteclient-build
crypto/fift -I/root/lite-client/crypto/fift/lib -s /root/lite-client/crypto/smartcont/new-wallet.fif -1 wallet_name
Try this (worked for me)
export FIFTPATH=~/lite-client/crypto/fift/lib
./crypto/fift new-wallet.fif
Simple question :
I am using cmder and i would like to be able to define ~(or ~USERID) as my %USERPROFILE% environment variables. I edited %CMDERROOT%\config\aliases to add this line : ~=%USERPROFILE% it does work for ls command but not for cd for instance.
Is there a better way to have this unix-like user profile aliases ?
For those who would like an answer to that question, it have been addressed in the following github issue :
https://github.com/cmderdev/cmder/issues/41
Not a direct answer, but a decent work-around was mentioned in the discussion on that page:
clink, the vendor package that would handle this has a similar issue report marked as "wontfix" So, here's the workaround
I'm using an AutoHotKey script for that:
#IfWinActive ahk_class VirtualConsoleClass
::~::D:/nicolas
#IfWinActive
It replaces automatically ~ with D:/nicolas in ConEmu console (and only ConEmu console)
I have not tried it in a script executed from the command line, but it works from the command line directly, as nicolas suggests.
I don´t remember where I got it but add these lines to your profile:
function cuserprofile { Set-Location ~ }
Set-Alias ~ cuserprofile -Option AllScope
you just hit ~ (enter) and you'll send to your home directory.
PS. I'm using PowerShell in cmder, regards.
For example, in directory /abc the command vim def/my.txt would edit file /abc/def/my.txt.
I want to get the path /abc in my vim plugin script, but I don't know which function can do it.
I have read related articles, like
(Please add http:// to following items if you want to access, I don't have enough reputation to post more than 2 links o(╯□╰)o ):
learnvimscriptthehardway.stevelosh.com/chapters/40.html
vim.wikia.com/wiki/Get_the_name_of_the_current_file
How to get path to the current vimscript being executed
But useless.
Thanks.
==============================
I noticed at http://vim.wikia.com/wiki/Get_the_name_of_the_current_file, it said:
:echo #% def/my.txt
I thought I found the hope.
Because I can get /abc by minus def/my.txt from full path.
But I tested above command in my vim environment, it didn't work. It just print my.txt.
I think you're looking for the :pwd command / getcwd() function.
When you edit def/my.txt from /abc, the latter is your current directory, and all files are addressed relative to it. (Unless you have something like :set autochdir.)
For dealing with file paths, the fnamemodify() function is also very helpful; e.g. to turn filespecs into absolute ones (:p argument), or to cut off head, tail, or file extension.