Gimmick of the day (or week, month, year, …)

Click one of the green buttons to select and display your gimmick, or the red button to reset your selection and hide the gimmick.

Dirids

Purpose

The setup scripts DIRID.INF and LDID.INF create the file DIRID.INI or LDID.INI respectively on the user’s desktop with all known Dirids and the pathnames they resolve to, then opens it in Windows’^® text editor NotePad.exe.

Operation

Right-click the downloaded setup script DIRID.INF or LDID.INF respectively to display its context menu and click Install to run it.

MSDM Product Key Reader

Purpose

The Windows^® application MSDM Product Key Reader.exe displays the device-specific individual product key embedded by (big) OEMs in the MSDM table of the ACPI BIOS.
This product key is used for automatic selection of the product edition and the activation of Windows 8 and Windows 8.1 during their installation, and can since version 1511 alias Threshold 2 be used for (manual) product activation of Windows 10 too.

Background Information

The MSDM table of the ACPI BIOS is specified in a white paper available from Microsoft Software Licensing Tables (SLIC and MSDM) on MSDN.

Implementation and Build Details

MSDM Product Key Reader.exe is a pure Win32 application, written in ANSI C, built without the MSVCRT libraries, with the Platform SDK for Windows Server 2003 R2, for use on Windows Server 2003 and newer versions of Windows NT as well as Windows PE 2.0 and newer versions.

Source and Build Instructions

Optionally perform the following two simple steps to build MSDM Product Key Reader.exe from the source.

Note: MSDM Product Key Reader.exe is a pure Win32 application and builds without the MSVCRT libraries.

Create the text file GIMMICK.C with the following content:

// Copyright © 2012-2018, Stefan Kanthak <‍stefan‍.‍kanthak‍@‍nexgo‍.‍de‍>

#define STRICT
#undef UNICODE
#define WIN32_LEAN_AND_MEAN

#include <windows.h>

typedef	struct	_msdm		// 'Microsoft Data Management' table
{
	DWORD	Signature;	// "MSDM" = 0x4D44534D = 'MDSM'
	DWORD	Length;		// size of entire MSDM table: 0x00000055
	BYTE	Revision;
	BYTE	Checksum;	// checksum of entire MSDM table
	CHAR	OEMId[6];	// OEM identification
	CHAR	OEMTableId[8];
	DWORD	OEMRevision;
	CHAR	CreatorId[4];	// creator identification
	DWORD	CreatorRevision;

	DWORD	Version;	// 0x00000001
	DWORD	Reserved;	// 0x00000000
	DWORD	DataType;	// 0x00000001
	DWORD	DataReserved;	// 0x00000000
	DWORD	DataLength;	// 0x0000001D
	CHAR	Data[29];	// product key: "23467-89BCD-FGHJK-MNPQR-TVWXY"
} MSDM;

VOID	WINAPI	WinMainCRTStartup(VOID)
{
	MSDM	msdm;
	BYTE	bCheckSum;
	DWORD	dwCheckSum;

	// see <https://msdn.microsoft.com/en-us/library/ms724379.aspx>

	if (GetSystemFirmwareTable('ACPI', 'MDSM', NULL, sizeof(msdm)) == 0)
		MessageBoxExA(HWND_DESKTOP,
		              "No \'MSDM\' table found!",
		              "\'MSDM\' table reader",
		              MB_OK | MB_ICONQUESTION,
		              MAKELANGID(LANG_ENGLISH, SUBLANG_NEUTRAL));
	else
		if (GetSystemFirmwareTable('ACPI', 'MDSM', &msdm, sizeof(msdm)) > sizeof(msdm))
			MessageBoxExA(HWND_DESKTOP,
			              "Error reading \'MSDM\' table!",
			              "\'MSDM\' table reader",
			              MB_OK | MB_ICONERROR,
			              MAKELANGID(LANG_ENGLISH, SUBLANG_NEUTRAL));
		else
		{
			for (bCheckSum = 0, dwCheckSum = msdm.Length;
			     dwCheckSum > 0L;
			     bCheckSum += ((BYTE *) &msdm)[--dwCheckSum])
				continue;

			if ((bCheckSum != 0)
			 || (msdm.Version != 1L)
			 || (msdm.Reserved != 0L)
			 || (msdm.DataType != 1L)
			 || (msdm.DataReserved != 0L)
			 || (msdm.DataLength != sizeof(msdm.Data)))
				MessageBoxExA(HWND_DESKTOP,
				              "Invalid or unknown \'MSDM\' table found!",
				              "\'MSDM\' table reader",
				              MB_OK | MB_ICONWARNING,
				              MAKELANGID(LANG_ENGLISH, SUBLANG_NEUTRAL));
			else
			{
				msdm.Data[sizeof(msdm.Data)] = '\0';

				MessageBoxExA(HWND_DESKTOP,
				              msdm.Data,
				              "\'MSDM\' table reader",
				              MB_OK | MB_ICONINFORMATION,
				              MAKELANGID(LANG_ENGLISH, SUBLANG_NEUTRAL));
			}
		}

	ExitProcess(GetLastError());
}

Run the following three command lines to compile the source file GIMMICK.C created in step 1., link the compiled object file GIMMICK.OBJ and cleanup afterwards:

CL.EXE /c /GA /GF /GS- /O1 /Os /TcGIMMICK.C /W4 /Zl
LINK.EXE /LINK /DYNAMICBASE /ENTRY:WinMainCRTStartup /FIXED:NO /NODEFAULTLIB /NXCOMPAT /OSVERSION:5.2 /OUT:"MSDM Product Key Reader.exe" /RELEASE /SUBSYSTEM:WINDOWS /SWAPRUN:CD,NET GIMMICK.OBJ KERNEL32.LIB USER32.LIB
Erase GIMMICK.OBJ

Meltdown and Spectre Update Check Utility

Purpose

The Windows^® application BTI_RDCL.EXE displays the status of the mitigations for the vulnerabilities CVE-2017-5715 alias Branch Target Injection and CVE-2017-5754 alias Rogue Data Cache Load, better known by their nicknames Meltdown and Spectre.
The mitigations are installed by one of the security updates 4056888, 4056890, 4056891, 4056892, 4056893, 4056894, 4056895, 4056896, 4056897, 4056898 and 4056899, or the subsequent updates 4057142, 4057144, 4075199, 4075200, 4057400, 4057401, 4057402, 4073290, 4073291, 4073576 and 4073578.

Note: the status of the mitigations for the vulnerability CVE-2017-5753 alias Bounds Check Bypass can’t be shown: every piece of machine code which is susceptible to this vulnerability needs to be fixed individually!

Background Information

The MSKB articles 4072698, 4072699, 4073065, 4073119, 4073225, 4073229, 4073237, 4073707, 4073757, 4078130 and 4078407 provide information about the updates.

The MSKB articles 4090007, 4091663, 4091664, 4091666 and 4093836 provide information about the microcode updates distributed through the Microsoft Update Catalog.

Operation

[Screenshot of BTI_RDCL.EXE without security update for 'Meltdown' (CVE-2017-5754) and 'Spectre' (CVE-2017-5715, CVE-2017-5753)]

Without security update installed, BTI_RDCL.EXE displays two message boxes like that shown on the right.

With security update installed, BTI_RDCL.EXE displays two message boxes like those shown below.

[Screenshot of BTI_RDCL.EXE with active mitigation for 'Meltdown' (CVE-2017-5754)]

Implementation and Build Details

BTI_RDCL.EXE is a pure Win32 application, written in ANSI C, built without the MSVCRT libraries, ~~with the Platform SDK for Windows Server 2003 R2~~ Microsoft Visual C++ Compiler 2010 SP1 from update 2519277, for use on Windows ~~2000~~ XP and newer versions of Windows NT as well as Windows PE.

Authenticity and Integrity

BTI_RDCL.EXE is digitally signed using an X.509 certificate issued by WEB.DE TrustCenter E-Mail Certification Authority.

Serial number of the certificate: 73780985; 0x0465CEF9
Fingerprint of the certificate: MD5: 33 33 6e 1d 26 18 a7 c2 be 87 11 68 05 2c 70 09; SHA-1: 8c 5b 75 21 40 41 77 ac 54 13 13 02 06 6b b0 69 10 2e 83 0e

Download and install the CA and root X.509 certificates of WEB.DE to validate and verify the digital signature.

Note: due to its counter signature alias timestamp the digital signature remains valid past the X.509 certificates expiration date!

Makefile and Build Instructions

Optionally perform the following four simple steps to build BTI_RDCL.EXE from the source and sign it with your own X.509 certificate.

Download the makefile BTI_RDCL.MAK and save it in an arbitrary, preferable empty directory.
Download the Meltdown icon and save it as MELTDOWN.ICO in the directory used in step 1.
Download the Spectre icon and save it as SPECTRE.ICO in the directory used in step 1.
Run the following command line to build BTI_RDCL.EXE:
```
NMAKE.EXE /R /F BTI_RDCL.MAK
```

Contact

Notes: I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see a full (real) name as sender, not a nickname!
Emails in weird formats and without a proper sender name are likely to be discarded.
I abhor top posts and expect inline quotes in replies.

Me, myself & IT