awakecoding.com
Remote desktop protocol expert, OSS contributor and Microsoft MVP. I love designing products with Rust, C# and PowerShell. Proud to be CTO at Devolutions. 🇨🇦
2,158 posts
4,054 followers
2,291 following
Regular Contributor
Active Commenter
comment in response to
post
Montreal to Brussels, Brussels to Stockholm, and then Stockholm to Malmö. I'm sure other travelers will have tips for me for next year 🙃
But hey, now I just have to Uber from the Malmö airport to the hotel!
comment in response to
post
One last flight ✈️
comment in response to
post
Nooooo not you as well!
comment in response to
post
Me too, what a coincidence! 😂
comment in response to
post
This is really awesome! I just tried it, using a subprocess with IPC is probably the best approach to solve the UI threading problem for PowerShell GUIs
comment in response to
post
That's a transparent png in that screenshot, clearly I haven't figured out how to properly load it. GDI+ looks like the "simplest" API I can use for that
comment in response to
post
My bet is it was written in C++ back in the .NET Framework days, and it looked overkill to bring managed code for such a simple web service, and nobody really touched it since then. Whatever the reasons, tons of simple services in Windows that could be written in C#, haven't been written in C#.
comment in response to
post
Sure, but why isn't it already written in C#? Either C# or Rust is fine for this
comment in response to
post
The Microsoft KDC proxy could be rewritten in Rust. How many CVEs can a simple web service that accepts POST requests on /KdcProxy to forward to the KDC can have? We implemented MS-KKDCP in Rust in Devolutions Gateway, and memory-safety is not an issue for us: msrc.microsoft.com/update-guide...
comment in response to
post
Count me in! 🚲
comment in response to
post
Storing credentials in the registry for autologon is only suitable for lab environments, but I'd like to explore secure ways of injecting credentials as well, especially for the Hyper-V enhanced session mode which doesn't have guest login integration *at all*.
comment in response to
post
I'll need a proper name for the project. I originally called it RdpCredentialProvider but there's now a DLL from Microsoft using that name. It doesn't need to be RDP-specific but it could be used to automate Winlogon in various ways
comment in response to
post
That's one thing that may be useful. Do you know how to decrypt SPNEGO-based payloads in various protocols in Wireshark, and how to dump the required secrets? I'd really like to provide decrypted RDP captures (TLS is handled already) that include decrypted CredSSP payloads (not handled yet)
comment in response to
post
While I didn't know there was a pktmon extension for Windows Admin Center, that's not where it's badly needed. We need a built-in npcap replacement that works with Wireshark live capturing. If getting customers to install npcap is problematic, now imagine installing *Windows Admin Center*
comment in response to
post
Guess why the single most effective thing Microsoft could do is give pktmon a simple GUI + make usable as a replacement for npcap in Wireshark for live capturing? It's hard enough to get customers to install stuff on production machines, it would be so much easier if we didn't have to install npcap
comment in response to
post
I'm not sure I understand what you had in mind, you mentioned decryption, so I assumed you wanted to either log the messages before they're encrypted or after they're decryped, or find a way to dump the secrets required to decrypt them?
comment in response to
post
From what I've seen ProcMon literacy in sysadmins is a lot more common than Wireshark, but it's true that it's usually just a handful of people within an organization that know how to use those tools well
comment in response to
post
sysadmins use the sysinternals suite much more than Wireshark. As for WinDbg... erm, well let's just say it's a minority, even for developers.
comment in response to
post
You mean SSPI-level logging of EncryptMessage/DecryptMessage? I'd like that too for RDP, but it's made trickier by the fact that too much is happening inside lsass.exe for CredSSP. Do you have a technique to decrypt Kerberos-encrypted traffic in CredSSP or WinRM in Wireshark using dumped secrets?
comment in response to
post
Windows now ships with pktmon built-in, but it's a command-line tool that's a bit cumbersome to guide customers to use themselves as opposed to the Wireshark GUI. It would help so much if we could have a pktmon GUI for capturing, and if Wireshark could use pktmon for live capturing instead of npcap
comment in response to
post
I was in a customer call this morning and I guided them to install and use Wireshark to confirm a few things in Kerberos. The feedback I frequently have some sysadmins is they're not using Wireshark much even if they know it's there, they're relying a lot more on logs and other ways to debug things
comment in response to
post
Either way, what will you do? Try to find a place that can rent a decent bike for a week, or go bike shopping tomorrow?
comment in response to
post
🙁 is it truly lost, or is it lost in the sense that it's stuck somewhere that will take forever to get it back? either way, that's quite bad, and I doubt it's the inexpensive bike kind
comment in response to
post
By the way, the same installer when used interactively with the GUI setup calls PowerShell in the same way, but it doesn't seem to hang. I've tried running the .exe installer from PowerShell for a silent installation through PSRemoting and in an interactive terminal, both hang in similar ways
comment in response to
post
comment in response to
post
Here are the dumps, including the parent powershell.exe process: wormhole.app/Ppk7dN#QS3XS...
comment in response to
post
I'm pretty sure it's not stuck on a prompt, I can run the exact same commands, launching powershell.exe with the exact same parameters and it just works without blocking. What could be the cause of the hang, and why is there a conhost.exe subprocess to powershell.exe?
comment in response to
post
@DHowett.mas.to.ap.brid.gy the innosetup-based WAC V2 repeatedly launches powershell.exe subprocesses to run cmdlets and wait for it to finish with an exit code. Most of them hang - they have conhost.exe subprocesses, and if I kill them, it keeps going until the setup "completes"
comment in response to
post
How can WAC V2 be *this* broken? The installer detects Windows Server 2025 as a "desktop" OS and unconditionally launches WindowsAdminCenterLauncher.exe. The installer gets stuck waiting for that process. I have two WAC processes, one of which crashes. Uninstalling leaves most files in place.
comment in response to
post
I guess it's getting stuck on the untrusted publisher prompt because the previous "Import-WACBuildSignerCertificate" failed in a very odd manner - the Get-AuthenticodeSignature cmdlet could not be loaded. This is a fresh Windows Server 2025 VM. The WAC V2 installer is a real pain so far
comment in response to
post
So I copied the WAC PowerShell module which is extracted by the installer, launched powershell.exe in the same way, and tried importing the module to run the command, only to hit... an untrusted publisher prompt. I accepted it manually, and now the installer goes further before getting stuck again
comment in response to
post
I've tried the most basic silent installation options, the WAC V2 installer appears to be stuck running "Register-WACConfigurationEventLogSource -ExitWithErrorCode" in Windows PowerShell. I tried running the exact same command manually, it completes quickly, so I'm not sure what's wrong
comment in response to
post
Think about it: no port conflicts, named pipes can use non-conflicting *names* instead. You could skip the need for certificates on a local named pipe. The localhost web would feel a lot more native and integrated within desktop apps. Just plug and play, zero config