petrus Posted November 2, 2014 Posted November 2, 2014 (edited) Hi, i don't know if anyone is aware of the dnsapi.dll thing, where certain MS domains are white-listed.So even if you block them in the "hosts" file, the dnsapi overrides it and microsoft.com keeps working.2K didn't have that yet, and in the XP and Win 7 dnsapi dlls you can hex it out.As in replace in the dll the values for microsoft.com and others with zeros.That in combination with this hosts file would then really block all ms domains! But on Win 8, i no longer see those domains in the dnsapi.dll, but they are still exempt!Maybe the domains are now hexadecimal instead of plain text, i don't know... any ideas? Edit/addendum: It turns out it is still there, even on 10TP, but in unicode, i can't believe unicode derailed me, doh!And a big thanks to the folks over at mydigitallife for figuring this out. Edited November 3, 2014 by petrus
aphelion Posted December 1, 2014 Posted December 1, 2014 (edited) clownoutbreak.com, really? hmm.. Edit: And gotyoursoul.com? Edited December 1, 2014 by aphelion
bphlpt Posted December 1, 2014 Posted December 1, 2014 Both those names sound like a variation of MS to me, at least in spirit. Cheers and Regards
NoelC Posted December 8, 2014 Posted December 8, 2014 What, you don't trust Microsoft with your most intimate secrets? Time was it was a bad thing to code "back doors" into a system. Today of course it's all in the "interest of keeping you safe". Mother Microsoft knows best. Out of curiosity, exactly what server names / domains do you find dnsapi.dll "whitelisting"? t turns out it is still there, even on 10TP, but in unicode, i can't believe unicode derailed me, doh! By the way, you may already know this, but for reference: 1. The excellent free search tool grepWin by Steven Kung will find Unicode strings in binary files, with the right combo of options. http://stefanstools.sourceforge.net/grepWin.html 2. The tool strings.exe by Mark Russinovich is good for finding strings in files. http://technet.microsoft.com/en-us/sysinternals/bb897439.aspx -Noel
jaclaz Posted December 8, 2014 Posted December 8, 2014 And, only to add to the list, a lesser known tool by McAfee called Bintext:http://www.mcafee.com/us/downloads/free-tools/bintext.aspxis very convenient/easy to use. jaclaz 1
NoelC Posted December 8, 2014 Posted December 8, 2014 Thanks, jaclaz. That's a handy addition to the stable of tools. -Noel
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now