Proper syntax to run CLIREG32? - c++

I'm trying to install a legacy VB6 client on a Windows 7 (64-bit) machine that can talk to a DCOM server written in Visual C++. I know I need to run CLIREG32 and pass it the .VBR file as a parameter. I'm trying it like this:
clireg32 myvbrfilehere.vbr -s <ip address> -d -l
It seems to run without a hitch, but I think I should be able to search the registry and see the IP address i entered as a parameter. So something tells me I'm missing something during this command. (I've also tried adding -t mytypelibrary.tlb but that doesn't help either)
Any thoughts on using this ancient technology? I'm not in a position to rebuild everything right now. I'm starting to get desperate...
Thanks

There is at least limited information in Microsoft article Q155939.
(Archived copy.)
Paraphrasing the useful parts:
Q155939: HOWTO: Use Clireg32.exe for Remote Automation
Article: Q155939
Last Modified: 31-JUL-1999
-------------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Visual FoxPro for Windows, versions 5.0, 6.0
-------------------------------------------------------------------------------
SUMMARY
=======
This article provides an explanation of Clireg32.exe and how it is used for
remote automation.
MORE INFORMATION
================
The Clireg32.exe component allows you to register an OLE server (.exe) remotely.
It differs from the Remote Automation Connection Manager (RacMan) in that the
server does not need to be located on the machine registering it. The Setup
Wizard handles the maintenance of registering remote servers for you.
NOTE: Remote servers and Clireg files are stored in the \Windows\Olesrv\
directory, which is similar to Visual Basic if it is installed via the Setup
Wizard.
The Clireg32.exe program takes a number of parameters. The only required one is
the name of the .vbr file (generated with the server during build):
Clireg32 myexesvr.vbr
In order to fully register a remote server, you must provide the network name,
network protocol, and security access. Clireg32 prompts you with a dialog box if
these options are not passed. For a list of all the parameters, simply execute
Clireg32.exe by itself.
Copyright Microsoft Corporation 1986-2002.

Related

Windows Defender Blocking Installer (MSI) for a 32-bit, MFC app on Customer PCs

I'm supporting a 32-bit, MFC-based application. For deployment to customers an MSI installer file is created via Visual Studio 2015. I have some customers reporting that the cannot install the application due to Microsoft Defender reporting a severe warning:
Exploit:O97M/CVE-2017-11882.JR!MTB
On my side, Norton Internet Security shows all the files to be clean. MalwareBytes also shows all files to be clean. How do I prevent this warning from showing up on my customer side?
Digital Signing: The setup can obviously be infected on the end user's PC even if your original setup is not - or your own setup could contain real malware or a false positive. Digital signing can help a bit - as stated by others. A digital signature verifies that the setup has arrived unchanged from the vendor. Certificates are not 100% reliable, and they are also expensive if you get an EV certificate ("Extended Validation Certificate").
Signtool.exe: See this old answer: Odd 'Program name' when installing signed msi installer. For ad-hoc signing I suppose you can try the signwizard as shown here. For build automation you would want the full command line. I haven't tested that in a while, maybe try this answer.
Warning: Be careful not to sign malware! Obviously. Then you have: signed malware. In that sense it is proven - certified even - to come from you. Irony.
VirusTotal.com: You should run scan on all binaries by zipping them and uploading to virustotal.com as your first step. This is screening for both malware and false positives. Sometimes I try the Kaspersky checker too. ESET has a free scan feature for your computer (not uploaded files): https://www.eset.com/int/home/online-scanner/ and also a "SysInspector" tool which can help diagnose potential infections on any computer.
SmartScreen: Windows Defender includes SmartScreen - a trust-based feature which flags setups that are unknown, unsigned and deemed unsafe. Here is some information: Windows Installer, Digital Certificates and SmartScreen
See these existing answers:
How can i generate windows certificate so my msi doesn't shows warning to users
Microsoft Defender Smart Screen Preventing my MSI to run
Process Explorer: A nifty feature of Process Explorer from Sysinternals / Microsoft is the ability to scan every process on your computer and using VirusTotal.com from inside the tool. See this video. Here is a screenshot of the tool in action - it has found malware running on the PC:
Links:
InstallShield: Digital Signing and Security
Using SignTool to Sign a File
Thanks for all of the ideas.
The problem seemed to go away with signing via adding this command to the "PostBuildEvent"
"C:\Program Files (x86)\Windows Kits\10\bin\x86\signtool.exe" sign /a $(BuiltOuputPath)

How exactly does the WiX 'Service Install' work internally?

I have a problem with a web service that is installed and started with a .msi that is created with the WiX toolset.
The service can be installed and started on all the machines I tested so far (shown as running in the Services Manager) but on some machines it is not reachable (for example via a browser) and not shown in the list of listening ports on that machine (displayed with 'netstat -a').
I am trying to figure out what's going wrong but I am not really familiar with web service development and configuration. It's a third party service, thus I don't know how it works internally.
A good starting point for me would be to find out, what exactly happens when a service is installed and started during the execution of the .msi-file.
Maybe I could try to tackle the problem on a lower level then.
Below is my code in the ServiceInstall-Element:
<ServiceInstall
Id="ServiceID"
Type="ownProcess"
Vital="yes"
Name="ServiceName"
DisplayName="ServiceDisplayName"
Description="Lorem Ipsum"
Start="auto"
Account="LocalSystem"
ErrorControl="normal"
Interactive="no"
Arguments="action=run">
</ServiceInstall>
The argument is important - without it, the service won't start or run.
Maybe someone else encounterd the same or a similar problem and can help me out.
Thanks already in advance - each hint is appreciated.
EDIT I (15.04.18):
As it might be a problem with the specific service, I will add some further information here:
It's a third party software called CryptoLicensing:
http://www.ssware.com/cryptolicensing/cryptolicensing_net.htm
Part of this software is that specific program, that serves as a License Server and does the license registration, for example in a customer's network.
The service can be run as a Windows application or installed and run as a Windows service. In both cases it should be listening on a (pre-)specified port on the installed machine.
Whenever I start the .exe as an application, everything works as intended. The service is reachable (for example with the browser) and can be accessed from other machines in the network.
When the .exe is installed and started as a service, it does not work as intended on every machine. For example if I install and start the service on my laptop, it is shown as running in the Services Manager, but is not reachable on its assigned URL (not even on the localhost) nor is the specific port displayed in the active listening ports, for example with 'netstat -a'.
The service itself starts without any error messages and does not log any errors or exceptions as it seems to be running without any problems.
I contacted the vendor, but sometimes he doesn't reply quickly and he is not very specific in his replies.
Before asking the question I assumed that it was a problem with the Windows user rights and the WiX installer but during the discussion here I had the feeling that it might a problem with the service itself.
I hope this 'new' piece of information helps in isolating and location the problem.
Thanks to everyone who helped so far!
Hopefully not stating the obvious here, but WiX doesn't do much except populate the ServiceInstall table in the MSI file, so this is about why Windows Installer won't start the service. ServiceInstall table:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa371637(v=vs.85).aspx
Also, this isn't really about ServiceInstall - it's probably about the ServiceControl element in your WiX source, but it's not clear whether that's how you're starting it or if you're starting it manually later on. That does make a difference. What is the error message and where are you getting it, and is it a 1920 or 1921 error (in the context of ServiceControl).
The main reason a service will start on one system but not another is missing dependencies. If your service is C++ based (the post doesn't say) then there are probably dependencies on C runtimes, UCRT runtimes, MFC or ATL runtimes and so on.
First: are you sure this service is intended to run as LocalSystem? (MSDN, SO).
Second: did you check the event logs in detail for anything obvious? If the service is good you should find a hint at least. Something to start with. I find that I sometimes miss the actual logs in the event viewer because it is so "crowded". My take on it: empty the log and stop and restart the service.
Something locking / blocking: If the service installs and runs OK I would suspect other factors such as firewalls (hardware & software), security software in general (anti-virus, malware scanners), network configuration issues (proxies, WINS, DNS and all the complexities involved in networking). Is the service trying to reach an UNC path?
Diverse Machines: What are the target machines? Are they virtual, are they physical, are they test machines, are they operative SOE machines in corporate networks? Are they the same OS version and edition?
Further Ideas: It is not quite related, but maybe skim this list of suggestions for debugging from another answer (I am not sure why it was down-voted, I think it is an OK list to inspire debugging ideas): Windows Application Startup Error Exception code: 0xe0434352 (maybe just skim the bolded words for ideas - Recommended).
sc.exe: And finally, perhaps check the sc.exe tool (Service Control) and see if it can provide you with some useful information for debugging.
sc.exe in the context of killing hung services (sample use).
sc.exe from MSDN
Some further links:
Windows Services Frequently Asked Questions (FAQ). Content seems to be up to date - at face value at least. These guys claim to be experts on services. I have no idea who they are.
Essential Tools for Windows Services: SC.EXE
Run Service Control (sc.exe) command on secure port
After almost 20 months we finally (and accidentally) found a solution to the problem! For the few machines, on which the service did not run properly, setting the NoInteractiveServices value in the registry to 0 did the trick. A value of 1 (which is default) means that no service is allowed to run interactively, regardless of whether it has the SERVICE_INTERACTIVE_PROCESS property. More information on Interactive Services.
I am not completely satisfied with the solution, because on all the other machines NoInteractiveServices is set to 1 AND the service runs properly anyway. However, on the machines where the service did not run interactively this solution worked for us. Thus I will accept this as an answer.
If anyone has more information on this issue and can explain why this works, feel free to
add them - I would be very interested!

C++: Remotely hibernate a PC

How can I hibernate a Windows machine that runs Windows 7 or 8 over my LAN from another PC?
Is there a WinAPI function for that? Or do I have to send special magic packets or something like this?
All I know is that PsShutdown.exe is able to do it (allegedly. I haven't tried it).
I don't want to use third party libraries and I also don't want to run a service on the computer that is supposed to get hibernated. I want to use the existing mechanism.
I'd also like to know if I need to change specific settings on the target computer.
I'm not sure if that's important, but shutdown /s /m \\ComputerName did not work on my target PC.
The TechNet document Restart or Shut Down a Remote Computer and Document the Reason describes the requirements to use the shutdown.exe command against a remote computer.
In order to use this feature, the Remote Registry service must be enabled on the remote computer.
Access to the Remote Registry or membership in the Administrators group on the remote computer is the minimum required to complete this procedure
To the best of my knowledge, the only way to remotely hibernate a machine is to use the same method that psshutdown does: copy an executable to the remote machine and install it as a system service.
The OpenSCManager API allows you to specify a target computer, and you can use the handle it returns to call CreateService and then StartService. The service can delete itself once it has done its work.

Using sample code in RFC 4777 - InitializeSecurityContext returns error

I am trying to create a single-sign on connection to a System i server using the example published in IBM's iSeries Telnet Enhancements RFC 4777 within a client telnet app written in C++.
The code sample given calls AcquireCredentialsHandle and then a call to InitializeSecurityContext. The call to InitializeSecurityContext returns an error of SEC_E_TARGET_UNKNOWN, presumably because it does not understand the target name I am passing.
The RFC 4777 says this target name should be a string with kbsrv400 then my server name fully qualified in lower case. I interpretted this as "krbsrv400/iseries.domain.com". I've tried a variety of combinations here but can't get anything to work and not yet found any other code samples that use the MS SSPI API to connect to IBM System i.
I know the Kerberos setup on the System i and domain is working OK as IBM's own iSeries Access is able to login OK and perform a telnet 5250 signon using kerberos.
I am running on Windows 7 signed into a domain. The domain is setup under Active Directory in Windows 2008. I'm using MS Visual Studio 2005 to build my telnet app. The System i server OS is V6R1.
Has anyone got this sample code working?
Any advice on what the format of the target name should be when using it to talk to System i?
Thanks!
Additional info: 9/8/2011
Have got this working OK under Windows XP client with a Windows 2003 managed Domain.
There were two errors in the RFC:
1) It said to use a name of "krbsrv400/spi name" but looking at the ticket in kerbtray that was generated when I logged in using iSeries Access, I saw the actual format was "krbsvr400/spi name".
2) The RFC said to pad the ticket length sent to the system i but when I used Wireshark to look at the IBM iSeries access telnet, I found they did not pad it.
Changing the above got single-signon working OK in my app on Windows XP. I am still experiencing problems on Windows 7.
This is a different domain (managed by the company, and on Windows 2008 and Windows 2003 servers across the world) and with a different iSeries.
Strangely, I can use Kerberos login in System i Access OK, but when I look in kerbtray I do not see a kerbsvr400/... ticket for the system i machine like I do on Windows XP. My app does not work and fails with a SEC_E_TARGET_UNKNOWN error.

Remote C++ Development using SSH only inside Eclipse Environment

How do you integrate Remote Systems Explorer and CDT plugin inside eclipse ?
What I mean is that you can use Remote Systems Explorer (RSE) plugin to work on C++ code on a remote linux box inside Eclipse but when you try to compile, you basically run a shell command through SSH. The CDT plugin is unable to locate the remote system and off course the remote compiler.
Is there a way to integrate both the plugins so that we can use the parsing / suggestion features of CDT for the remote system as well; and also features like remote compilation, remote debugging using SSH only. If this is not possible, then what is the closest open source alternative to the above problem.
While I don't know how to integrate the plugins you mentioned I do something similar to what you want to achieve on a daily basis with SSH's X forwarding.
If the remote box has X libraries installed and you have a local X server running, you can just ssh -CXY ... into the development box and simply run eclipse (or any other X application) there. The process will live on the remote box and, therefore, have access to all the filesystems and tools, but the GUI elements and those alone will be displayed in your local X session. That, though, may require quite a bit of bandwidth. Please see man ssh and X documentation for security stuff and compression settings.
The PTP project is building a remote build for CDT. Not sure how good that works, but you could always use the Terminal view from RSE to manually call your remote build (make).
I have not used it myself, but maybe you could try NetBeans and see if it works for you.
According to page https://netbeans.org/kb/docs/cnd/remotedev-tutorial.html it has everything you need, even
[...] system includes, macro definitions, platform, etc. All of this information is gathered from the remote server and stored locally on your client system, so that when you edit locally the code assistance will work even when the project is set up to use a remote build host.