"Random Ramblings"

So, to those who may not be aware, Microsoft got the legal right to ‘shutdown’ a botnet known as ‘Waledac’. First and foremost, I am most impressed (and surprised) that MS did this. Though I have not kept up to date with Microsoft security, last I remember, they tended towards denying problems. BackOrifice backdoor comes to mind. I have this memory that they said it wasn’t a problem, even with direct evidence shown to them, stating otherwise (think it was BO).

I’m also pretty impressed with Win 7 compared to their other .. ehm .. abominations ? Certainly some versions were such (CE, ME, NT ? Ok NT probably not so compared to the other two, but then there is 9x …). Regardless of this, there is some controversial discussions regarding this, from some ‘security experts’.

Never before did I think so many security experts were dense. That changed. Why ?

Here’s some quotes ( credits to BBC here: http://news.bbc.co.uk/2/hi/technology/8537771.stm ):

“This will not make the problem disappear. It is a temporary reprieve,” Amichai Shulman, chief technology officer for security vendor Imperva, told BBC News.

“In the short term other gangs will fill the void while the people behind Waledac regroup and start their operations all over again.”

Okay, so then, with that dense logic, we could also say, after a murderer is imprisoned:

“This will not make the problem disappear. It is a temporary reprieve. In the short term, other murderers will fill the void while the murderer waits his time in jail before starting his operation again.”

Yeah, real smart. So basically, you think it’s good to have a botnet – with malware infested computers in it – up and running. Even if it’s a small botnet (which from sounds of it, it isn’t …), that’s STILL some bandwidth wasted. That’s STILL a some mail servers logs being filled up … (and if you’re a ‘security expert’ then certainly you should realize these things, and actually be concerned? Okay, yes the computers will still be infected, but that’s not the point. Just because there is a problem in life, does not mean you should not try to address it as best as possible. It’s like denying an HIV patient treatment because they’re going to die eventually from it anyway. Yeah, real decent.

Would you SERIOUSLY like that botnet back up ? I mean, how dense can you really be ? Of course it’s ‘temporary’, and of course there is still a crap load of spam around. Does that mean it’s okay to have even more, or even have more botnets responsible for it – no matter how big or small they are ? At least, if you’re a ‘chief technology officer’ for a security vendor, you should actually think before you say such FUD. Even a previous host of mine (2IP) which lowered their firewall settings (for a server migration) resulting in a mass-defacement, would not say such a thing as that!

Security expert Jose Nazario of cybersecurity company Arbor Networks told the Wall Street Journal that the internet addresses Microsoft has brought down could be a small percentage of those used by hackers to control the network.

“The botnet will survive in many cases,” said Mr Nazario.

Another big ‘duh’ here. And another ridiculous comment. Considering the computers are still infected, of course it’ll survive in some ways. But that doesn’t mean it’s not a commendable move by Microsoft.

“If this did affect spam, we haven’t noticed,” Richard Cox, the chief information officer at anti-spam service Spamhaus told ComputerWorld.com.

“Waledac was not a high threat, it’s less than 1% of spam traffic.”

SpamHaus is good idea, I give you that. But still – if there is say 10000 spam messages a day (which is far less than the reality, I’m sure), then:

10000 * 0.01 = 100, which equates to:

Up to 100 servers receiving garbage mail, and that’s not even counting the ISPs’ bandwidth (although small, it can add up). Oh, and 100 email boxes filled with another pathetic email.

Then you consider what happens if it’s 1,000,000 which I’m sure there is more than that too:

1,000,000 * 0.01 = 10,000 spam messages. That’s still a lot of mail. Yes, small portion of it, but that’s really not the point.

Put another way: I think that while Microsoft has often done things wrong, they at least are trying in this case. And the fact of the matter is, some of the spam they ‘got rid of’ (note the quotes) was effecting their servers (i.e., hotmail) and they have every right to stop that junk …

So, rather than say it’s pointless and not any gain, why not think about the effects on mail server admins, daily users that get spam from that botnet, and in general the resource waste ?

So, I’ve been particularly bad with updating this blog. Admittedly, kind of lost interest, though not for a reason you’d think. Nevertheless, I figured I’d say at least something. Nothing really new – holidays were boring this time, but that happens to me at times.

The only interesting thing that is brief, is what boredom can actually discover! I guess that’s a given, but sometimes it’s not so thought of or relevant. I was very bored and by accident I found an Easter Egg in Google. If you don’t type any search terms, but instead just click on ‘I’m feeling lucky’, and see what you see. Of course, why I’m documenting this, is because I’m – again – bored! It’ll actually be over in some hours, so I’ll mention it: a timer to the new year.

That’s about it. Nothing new or exciting (well with the exception of the wicked concert I went to on the 10th of December. I did write a review but didn’t post it.).

But at least: no news can be good news … nothing bad happened, at least.

Okay, so anyone who knows me knows I’m a huge Metallica fan. I have a 55 or so t-shirt collection, limited edition items of all kinds, go to every concert in the area I can, have every official album, bootleg albums, 1200 or more show recordings. In addition, collected items from shows I went to (besides shirts) include a drumstick from a show, two guitar picks from another show. Oh and of course ringing ears after every show for a few days. Plus, can’t forget the time I scraped up my arm and leg after slipping on a great amount of beer on the stairway after the concert … Then there’s a clock, and another guitar pick, and so much more!

And as of the last week or two, I got something I never thought I would. Two things, actually.

So, what might they be ?

It so happens, that I now not only have all current members autograph in various forms, but I also have Jason Newsted and yes, the legendary, late Cliff Burton. Certificate of Authenticity ? Yes. Good condition ? Very good to mint!

So the only ones I would be missing is Ron (original bassist of a very short time) and Dave (who I have little to no interest in but that’s another story entirely).

I will soon be framing the new stuff, and hanging everything in my newly redone room. I also have a new display cabinet for several things of my choice (like my etched glasses).

So I’ll be posting pictures. Well, one of these days. But regardless, I now at least have something to be happy about!

So, those who know me fairly well, know that up until a few years back, maybe 4-5 at the most, I had a very limited range of emotions. I knew hate and anger, and depressed related emotions. That was pretty much it – nothing positive, basically. And I directed it at most of the world. No need to dwell on that in general, but writing is a good way to relieve anxiety/stress/everything – it’s therapy if you can tolerate it. I don’t do it enough, but when I do it is good, and I tend to write a lot at a time.

And I’m actually not even about to go into details of what I feel or for who or what, but I will say that it’s the full, as they say (despite my beliefs/feelings about the matter) healthy spectrum – positive and negative. Of course, to me, emotions are in general not something I enjoy. Even ones that some would kill to feel or have, even the one I find most difficult: love. I find it most difficult for several reasons, some of which I will not even discuss here. I rarely discuss it with people I should be, but maybe it’s time to change that ? Actually, I know it is – it’s just a matter of getting my reclusive self to actually do something.

What I will write about though, is emotions in general, my issue with them, and something I am trying to learn to deal with – as well as maybe (believe it or not) encourage people to not hide or deny / not discuss their own issues (which is something I did for far too long, and it’s partly my fault and it’s quite more difficult than it could have been or even should have been).

The problem with me, isn’t so much the specific emotions, though they’re certainly troubling to me. The main issue is: I started getting them all at once. Most people develop them overtime,so they learn to deal with them, respect them, and in general cope. Instead, I didn’t get most until my early 20s, which puts it at or around 22 years old – 5 and half years ago exactly (well, exactly as of tomorrow – 14 August). So, naturally, them being very new to me, they not only scare me, upset me, but they also infuriate me. It is as if I was directing my old hate and anger of years ago not at the world but instead: myself and what I feel. Definitely a dangerous situation. In some ways, it’s almost as dangerous as my previous state which I will admit included suicidal ideation – something I thankfully have not had for some years now (mostly thanks to a few friends and what they have done for me as well as many years of dedication and help from my mom).

And some of the ways I show it are also, quite dangerous. At least, dangerous for a healthy mind (which I admit is not that healthy to begin with, though a lot better now than before, and indirectly related to emotions, ironically). They include: hiding them and even more worse: denying and refusing to discuss them. Especially the one I mentioned above, the one I find most difficult – the one I find deadly. Ironically, it’s supposed to be a very good emotions: that is to say, love is not viewed as dangerous (obsessions for someone or something isn’t love in my view, so in general love is or is supposed to be quite good, happy and healthy – even if difficult at times). But I find it exactly the opposite: indeed, I find it quite negative (though not as much as I did a year ago). The real reason is, because I never had it as a kid, never learned to deal with it, and it hit me all at once with a bunch of other emotions.

Admittedly, it’s not the emotions that are so bad or dangerous. Instead – the bad part is they all hit me at once, without any time in between, and without any experience with any positive emotions. Naturally, that can devastate anyone and really screw with their head and their stress level, and in general their life. But the truth is this: because of that very fact, they are a huge part of the problem.

The very fact I’m able to write this though, not only confuses me, but also is quite a good thing. It surprises me, but it’s still a good thing (did I really just write that ? Dammit, I think I did!). The other thing that is different: most people can separate their emotions; for me, if I’m down or angry or in general unhappy, the fact a supposedly positive emotion is in me, does not help at all and in fact I don’t see it as positive at all. In fact, I see it as quite negative; it makes things worse! This is coming from someone who was once considered schizoid – that is to say, emotionally detached and cold, withdrawn and in general: lacks emotions or desire to have them or closeness with people. I guess I could say I’m a recluse, but not nearly as much as I used to be. And while I don’t like what I’m going through, I have to remind myself that if I didn’t have them, it would mean my dear friends I have, I wouldn’t have in my life and the truth is that I have had far too many good times and have far too many wonderful memories of them, and that would be far worse than having emotions. And the reason I have emotions, is my three closest friends (they know who they are).

The truth is though, I do need to do something about my situation, or I’ll be living in a fiery shack on Satan’s Lane the rest of my life – it doesn’t get better but only worse, if you don’t address issues. That’s how it is in this world; unfortunately, ignoring issues won’t make them go away.

So, if anyone does happen to see this, and feels like me, or has issues like I do, my advice is, especially if younger: address it as soon as possible. Get help with it, no matter what it takes. Write about it.. express yourself.. let music (or whatever helps you) relieve some pain. But whatever you do, do something. Else it’ll bite you in the ass. Very hard. And believe me, it’ll become as painful as dumping a pound of salt on a open wound from a big dog or shark. It’s much better to admit your problems and get help, then let them destroy you. And oh yes, they can literally debilitate anyone who does not deal with their problems.

And the more things you have going on, the more severe things will be – that is, even solving one issue will help you cope with everything else. May as well just slash yourself again at the same spot, and then pour more salt on the wound.

The only other thing is: why did I write this ? I honestly don’t know. Maybe it’s my way of venting (which is almost a hobby or past-time of mine, sadly). Or maybe it’s a realization that I have to do something, somehow, as hard as it may be. Whatever the reason, the truth is, emotions are what tells you or lets you know you are a living being. And again, I can’t believe I just wrote that…

Other than that – tomorrow is exactly 6 months from my birthday, so happy Half to me I guess!

Okay, so after my modification to shell32.dll, documented here, I set out to figure out how to fool Windows Resource Protection’s integrity check. And I can report success. It’s simple yet does take a bit of searching through the file system. But it should not be too hard if you’re comfortable with:

- Regedit
- Editing system files (this time just an xml like file)
- Looking at a log to determine what you need to change.

It goes like this:

Step one is to actually have changed the file (any system file that WRP checks integrity for).

There is another step before you do file and registry modifications, but I’ll get to that in a bit (it involves updating the backup of the system file with the new one – that is, after you’re sure your update is stable).

Then you must find out what the new checksum is and what the old one is. So, at a command window/prompt, type the following (I’ll be using shell32.dll as an example, replace with what ever you modified):


sfc /verifyfile=c:\windows\syswow64\shell32.dll


You will – if you did modify the file – a report that there was integrity violation found, and to check the log file. Generally speaking, the log file is located at ‘C:\Windows\Logs\CBS\CBS.log’. Open it in any text editor/viewer. Look for a line like this:


2009-07-28 08:39:44, Info CSI 00000006 [SR] Verifying 1 components
2009-07-28 08:39:44, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2009-07-28 08:39:44, Info CSI 00000008 Hashes for file member \??\C:\Windows\SysWOW64\shell32.dll do not match actual file [l:22{11}]"shell32.dll" :
Found: {l:32 b:JQL8k/boMagAJT4rfusP1DnUBVBqSlijc0HPppIeHgA=} Expected: {l:32 b:g3Z+Swu6CUyQ/t/SIpUgTgJyxaGIyyQaMINlVV4gidI=}
2009-07-28 08:39:44, Info CSI 00000009 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:22{11}]"shell32.dll" from store


The line we’re interested is the one with Found and Expected. We need those values. Note that {l:32 b: is the opening part and } is the opening and closing part and we do not need that. What we’re after is, for found:


JQL8k/boMagAJT4rfusP1DnUBVBqSlijc0HPppIeHgA=


and for expected:


g3Z+Swu6CUyQ/t/SIpUgTgJyxaGIyyQaMINlVV4gidI=


Now, the next part is going to %WinDir%\winsxs (where %WinDir% is of course the windows root directory, most likely c:\windows). WinSxS is the system that allows backups of dll files to be saved, as well as checksum saved to compare for integrity violation checks (ie SFC command). What we need to find under this directory is two things:

1) Remember that step I mentioned I’ll bring up in a bit ? That’s this one. We need to update (in my example the 32-bit version on a 64 bit system) ‘shell32.dll” in the backup store. The folder is it under is %windir%\winsxs\backup. In that folder, is many files. You need to find the file that has the correct version and architecture of the file you modified. In my case, it would be:


wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18005_none_d487e9bffbdbec3c_shell32.dll_0d29dca9


All you need to do is, take ownership of the file, change permissions (you may have to change directory ownership and permission as well, but easy enough – it may report an error changing any files permissions you didn’t take ownership of but if you cancel it it’ll still have changed the folder/directory’s permission which is all you need), and then remove, move or delete. Then, copy your hacked file over to that same folder (%windir%\winsxs\backup) with the name of the file you just moved/removed/deleted.

You should also copy the shell32.dll (the modified one) to another directory in winsxs, and with a very similar name – wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18005_none_d487e9bffbdbec3c – and this time the name can stay the same: ‘shell32.dll’.

And now is when the magic happens: modifying the hacked file’s hash entry in a .manifest file. :)) Also in winsxs, but this time in the subfolder ‘manifests’. Again, you have to find the file, but it’s the same kind of format as the updated file in the backup directory. So in my case we’re looking for:


wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18005_none_d487e9bffbdbec3c.manifest


Again, you’ll probably have to take ownership of the directory, the file and change permissions of both. Now open it in a text editor. And if you recall, you needed a ‘expected’ value of the hash of the modified file. Well, search this manifest file for exactly that.

It would look like…


g3Z+Swu6CUyQ/t/SIpUgTgJyxaGIyyQaMINlVV4gidI=


I’m sure you all can guess what to do by now, but if not, replace the value with the found value from earlier. Then save the file. Do the same for the same file in t he backup directory (there’s a backup of manifests too, which I almost forgot about until I tested my work for this file).

You might think that all is okay now, but not so. There is one other step. You see, Microsoft also has a value for the hash file itself. After searching a bit, I found it in the registry.

Run the sfc command again and open the log file again.

You’ll see a a few lines like:


2009-07-28 09:20:21, Info CSI 0000000e Manifest hash for component [ml:280{140},l:170{85}]"wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18005_none_d487e9bffbdbec3c" does not match expected value.
Expected:{l:32 b:0ad5b2d4b0a251fde67c8ea0e68c8509278c702e430f1af29cb203519fab7af3}
Found:{l:32 b:e8da919696663983b0db4a01b66ba0603f4efe93e26a75c967bdd76a141da72b}


Again, we’re after Expected and Found, and the same rules apply on opening of the tag. So expected value is:


0ad5b2d4b0a251fde67c8ea0e68c8509278c702e430f1af29cb203519fab7af3


Found:

e8da919696663983b0db4a01b66ba0603f4efe93e26a75c967bdd76a141da72b


And last step now. Open regedit (or your favourite registry editor) and go to:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\DerivedData\Components


Under it you’re looking for a key that again looks very similar to the file you modified, like so:


wow64_microsoft-windows-shell32_31bf3856ad364e35_6.0.6002.18005_none_d487e9bffbdbec3c


And under it ? You’ll find a certain key (as a REG_BINARY type) called ‘S256H’.

We need to modify the value to the ‘found’ value from earlier of the hash file. Export it to a file and follow the format and then import. No matter how you do it, once done and saved (no reboot required), you should get this from sfc command:


c:\Windows\System32>sfc /verifyfile=c:\windows\syswow64\shell32.dll

Windows Resource Protection did not find any integrity violations.


I know that I missed a couple things on the first draft of this, but I believe I corrected them before I published it, so hopefully I got everything in order. In any case, it’s just a matter of tricking Vista into believing that the old hash and the new hash are completely the same :)

- Cody

IMPORTANT Update on 15 August 2009:
1) I thought it might be good to actually post a link to my next hack: how to actually fool Windows Resource Protection from detecting this change. With that, Windows won’t have a clue you modified shell32.dll, and you can use the same procedure if you modify any other file. This has the benefit of not having to turn off WRP or never using it – it’s actually quite useful if you get a corrupt file. And with the hack, if your new file gets corrupted, it’ll actually restore it to your CHANGED one. I did this a few days after this post, but didn’t think to update this post. With this, I also removed some of the older thoughts on how to get around it – not only because one is a bad idea, quite very bad, but because the post I am linking to is quite simply a much better method. Note: I still haven’t had an update on shell32.dll, however I can say that no updates otherwise have failed. Everything is running perfectly stable, also.
2) I saw some typos or other things, including a letter ‘o’ in hex dump where it obviously should be a zero.
3) Why I didn’t put in the offset of the file to begin with I don’t know. However, thinking about it – I won’t put it in, either. And here’s why: if someone has a different version or they actually have a hacked version (even if it’s a resource moved/removed or changed), it is possible it’ll be a different size. In that case, the offset has the possibility of being different. So, it is best to search for the code (in hex) since then you’re sure you’re in the right spot – especially since the code I specify is only in the file one time.
4) I do actually use this at this time. It is stable. But it isn’t for everyone. It does involve some potentially risky tasks. And if you don’t take care of your system, it could be quite bad. Do proceed with that in mind. I think the most interesting part, for me, even, is the concept and procedure itself – not what it does (though, what it does is quite useful to me, I must admit).

The now updated post is what is below:

So, Microsoft thought it’d be a good idea to make Windows Vista’s default CD/DVD/BD burning option as ‘Live File System’. This allows one to close session and as I understand it, write to write-once discs even more than once. Okay, what’s the big deal then, that seems fine, right ? Well, no, not for everyone. The problem is 1) compatibility with earlier versions of Windows, and quite possibly other operating systems (read: not Windows); and 2) everytime you close the session, you lose valuable disc space.

Now, Microsoft decided to not only make it default, but also made the other option – called ‘Mastered’ – HIDDEN. You actually have to click on a button to show formatting options. Ok, so they put the option in at least. But the fact of the matter is, when you see Next and only a link, it’s almost like fine print. You sometimes just click Next without thinking about it. Then it’s too late and for some (like me) it’s a wasted disc. Sigh.

The other problem: there is no way to change the default. Or well, that’s what everyone says. I decided, and perhaps this makes me crazy (but hey – I lost too many dvds due to a horrible design decision), to see if I can find a way around it. And after about two weeks of fighting it, I realized what was giving me trouble. The trouble ? It’s related to a system modification but I’m on 64 bit Vista which has Windows on Windows 64 [WOW64] and I forgot it and was thinking of only 64-bit instructions (as opposed to 64 AND 32). Not to mention other stupid similar things.

Now, I must warn you that this involves modifying a system file, so if you feel uncomfortable with that (or like to blame others for making a mistake – no matter whose fault it is – while doing something that can be risky), do one of:

1) Test it in a Virtual Machine install (or similar).
2) Backup / System restore (system restore point is enough)
3) Don’t do it and just read it for background (or don’t read at all).

The file (or two files if you’re on 64-bit Vista) ? shell32.dll

On Vista 64 you have to modify the 32 bit version (under \Windows\SySWOW64) and 64 bit version (under \Windows\system32). On Vista 32, you only have to modify the 32 bit version (under \Windows\system32) since obviously there is no 64-bit version. So when I give instructions to do this, you need to adjust which location you’re doing this from. Also, don’t be a moron like me and forget that you have to do both places in 64-bit Vista and not modify only one. Reason being is, if you replace say 64-bit on the 32 bit version, your 32 bit version programs will have a bloody fit! (Ie fail to load properly, and for good reason: they can’t find what they need in shell32.dll as it’s completely different locations – because of size difference in file – and thus nothing will be found). It took me several days to realize what I was doing.
And that’s even when I saw the file size difference. Not sure what in the world I was thinking.

Also, there is one possible alternative to this solution; however, I came up with this one after the initial one did not work for me very well (basically, mastered option
does nothing in advance so I bypass the prepare disc dialog box, as opposed to changing which option is selected). I will mention it at the end of this post.

Note that I actually modified two areas of code, but in hindsight I believe only the first one is necessary. I may try it later. But for now I’m just pleased I figured this out.
I vowed I would never program under Windows (only Unix/Linux and others), but somehow I broke it due to this issue, and I have even wondered about continuing it, and re-learning assembly.

Like I said, unfortunately you must modify a system file; I looked in the file for registry entries related to this problem, but there is none that changes selection. However, I did realize that one registry entry that already exists (under Current Media which is a dynamic key and is under the drive the media is in in the HKEY_CURRENT_USER tree – ‘Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives’. Under Drives is one or more keys, one for each cd/dvd/blu ray drive you have. Find the correct one and if a disc is in it, there will be another key called ‘Current Media’. But the problem is: when you take out a disc, the key (Current Media) disappears and so the value is deleted. Thus, for it to work, you’d actually have to temporarily modify registry before burning. And if you can remember to do that, you might as well remember to just change it to Mastered. So, what do we do ? It’s actually very simple in theory:

We modify one instruction in shell32.dll, which makes the dword value (Blank Disc to be precise) as 0, instead of 1. It’ll always be 0. Whether it’s blank or not. In the case it’s been burnt, you’ll simply open the drive and the files will be there. In the case it is actually empty, you’re taken to the drive and anything you copy/paste there will be put in the temporary burn folder. Then to burn just right click in the directory and click on Burn to Disc. Yes, I tested this and it works fine for me. Hopefully for anyone who is interested in trying, it works for them too.

So, what instruction are we modifying ?
32-bit version looks like:


mov [ebp-220h], 1


It needs to be:


mov [ebp-220h], 0


Yes, you’ll need a hex editor – CFF Explorer is not only free and a resource editor, it’s also a hex editor AND it’s 64 bit compatible, which means you don’t have
to worry about it truncating 64 bit files – something that some editors will do unless you ‘expand’ it first. So I would recommend this one if you don’t have another one
that you know will work right (I can tell you that WinHex will not work on 64 bit for sure, and the free version has a limit on file size it can save anyway. And I believe I’ve even encountered some supposedly 64-bit compatible programs that don’t work right unless you expand. And even then it’s possible it won’t. (Or, I did something wrong – either way, CFF Explorer is a good option) So, if you have Vista 64, may be safe and just grab CFF Explorer.

In hex the above looks like:


C7 85 E0 FD FF FF 01 00 00 00


and the new bytes should be the same, except the 01 should be 00.

But, DON’T just search for those bytes and change the first match, because it’s quite possible there is more than one match of those exact bytes, and you could be changing something that should be not changed at all. Okay, in fairness – I probably shouldn’t even change what I’m writing about – however, it was a very interesting, fun learning exercise. And I’m fed up with losing dvds. Interestingly enough, in the beginning of this project, I actually tried various things and probably ended up wasting 10-15 CDs. However, very well worth it to me, not only because it got me back into assembly language, but also it was fun problem to solve. :)

But back to the subject. We actually need to find quite a bit more bytes, to make absolute sure we have the right place and bytes to change.

Search for the following (there should only be one match in the entire file – this is important!):


C7 85 E0 FD FF FF 01 00 00 00 6A 04 8D 85 E0 FD FF FF 50 6A 04 57 68 A8
34 8F 76 53 FF D6 8B 85 E4 FD FF FF 6A 04 89 85 D4 FD FF FF 8D 85 D4 FD
FF FF 50 6A 04 57 68 38 65 91 76 53 FF D6


(in CFF Explorer you will have to remove spaces to find the sequence but I’m leaving them separated for clarity).

What that code basically translates to:

Put the vararious data in registers (or variable if you prefer) and then call the Windows function RegSetValueExW (ie set Blank Disc to 1).

We want it 0. So change the 01 in C7 85 E0 FD FF FF 01 to 00. Now I also did another modification and while I don’t think it’s necessary, just in case it is I will give it to you.

Search for the byte sequence:


6A 04 8D 45 F8 50 6A 04 53 68 A8 34 8F 76 FF 75 D4 FF D6


And change it to:


6A 04 90 90 6A 00 6A 04 53 68 A8 34 8F 76 FF 75 04 FF D6


Save the file somewhere where you will remember which version (if running 64-bit Vista) it is. Then, if you run 32-bit Windows you can replace it (one way is booting into safe mode, right clicking on the file in system32 and click on Properties. Then Security -> Advanced -> Owners and then take ownership. Then you should be able to rename it (as a backup) or delete it if you really want to.

If you run 64-bit Windows, you’ll need to edit the 64-bit file too, and may as well replace both versions (same procedure except 64-bit is in system32 and 32-bit is in syswow64) at the same time.

Ok, for the 64 bit version we have, naturally, 64 bit instuctions, to worry about. New registers and stuff.

So in the 64-bit version we’re looking for this code (does same thing as 32 bit, but in 64-bit programming instead):


mov [rsp+40h], 1


But again – we have to make sure we’re at the right instance of this instruction. Find these bytes:


C7 44 24 40 01 00 00 00 EB 00 BF 04 00 00 00 48
8D 44 24 40 48 8D 15 C7 7A 3C 00 45 33 C0 48 8B
CB 44 8B CF 89 7C 24 28 44 89 44 24 20 FF 15 97
52 3C 00


Change the first occurrence of 01 to 00.

Second change (the one I don’t believe is necessary but haven’t tested without it).

Find the following bytes:


48 8D 44 24 38 48 8D 15 B2 80 25 00 45 8B
CE 45 33 C0 48 8B CB 44 89 74 24 28 44 89
44 24 20 FF 15 81 58 25 00


and change the

48 89 44 24 20


to

44 89 44 24 20


Now you can simply replace the files in the system directory.

A couple more things, however:

SFC, Windows tool to check system files integrity, WILL report issues. There actually shouldn’t be any issues (if I wrote this up right and you followed correctly), but I would guess it reports a violation due to different checksum. One option is to never run sfc. I have a better option though. A couple days after I wrote this, I set out to fool Windows Resource Protection (WRP) and it was far more simple than actually figuring out this change to shell32.dll. Read all about it here.

Something I said before that is a possibility, I did try. It is bad. It’ll not only corrupt the backup, if I remember right it also prevents WRP from working properly, on the file. And as I noted above, with the new(er) procedure, if you actually modify the file and it works, and then something happens to the modified version, you can actually have Windows restore the MODIFIED version. The bad suggestion was:

Or lastly, you can delete the file (I think) from the cache directories, which is under \windows\Winsxs in Vista. Not directly under it mind you, but in several sub directories.

Again: don’t do that. It’s not the same as dllcache in previous versions of Windows.

With respect to updates: I haven’t had a problem yet and everything is rock solid. But shell32.dll has not been modified yet, either, so I don’t know if Windows update will actually replace, or just patch (my fear is: replace) but only time will tell. I should know because I don’t for see myself buying Windows 7. Yes, it’s a lot better in every way than Vista but … money.

As for the other possible solution I mentioned:

DLL files have resources. If you get a resource editor (again CFF Explorer can do this), you can edit these resources. Inside uifile 48, you’ll see some duixml output.

Note that the formatting is very important. But: if you look carefully, you’ll see that udf (which is resource string 13593 which points to the text Live File System – the exact same text you’ll see when you use Windows Vista’s prepare disc dialog) has selected=”true”. It is possible that you may be able to rearrange it so that udf is changed to mastered, the resource string is changed to 13594 (for mastered text), or in other words: swap the order so that mastered is selected. One problem I had with this is: even when I tried that, it seems BOTH were selected, as if they both had selected=”true”. So, this, along with the stupidity of me writing 64 bit file to 32 bit file, made me think of the solution I gave above (far more fun to me anyway!).

If it does work however, when you fix that mistake, it would be probably easier and safer. Also less likely to be changed in an update, though again I don’t know how Microsoft handles updates on system files (I hope patching but who am I to say for sure ? – it’s an executable so quite possible it’s replaced).

Other than that, you might want to make sure the file is the exact same size, as I did. But that shouldn’t be a problem with my above solution.

For my fellow sticklers out there: yes, technically ‘mastered’ is not selected by default, despite the title of my entry; however, as far as I know, mastered option basically just prepares the burn directory, and gives you the option of Burn to disc, which is exactly what my solution does.

By the way: if for some reason the instructions do not exist, then, first and foremost (and obvious) do not edit the file. And secondly, you can use a disassembler (IDA Free come to mind as one possibility) to find the right area. What you’re looking for is that instruction (mov) I pasted in close proximity to the RegSetValueExW call, as well as it being the one related to ‘Blank Disc’ registry dword value.

One more thing: should you happen to want to use ‘Live File System’ and you have used this hack of mine, it’s still possible without modifying anything. Simply run this in a cmd prompt or even in the run dialog:

rundll32.exe c:\windows\system32\shell32.dll,PrepareDiscForBurnRunDll F:


where F: is your dvd drive. It’ll open up the window and you can do whatever you need :)

Until next time…

- Cody

How to: Enable Raid in Vista POST-Install

(Note: never tried in XP but I would imagine it would work in any version that has command prompt
in install dvd/cd if necessary – but vista at least has the drivers bulit in, so may be easier in
that respect, though not much easier; unless of course, you have no available drivers)

So the other day I bought a second 1TB drive (sata). At first it was going to go in to the server I
also bought parts for. Then I realized I listen to music ALL the time, and I wanted to store music on
the 2x1TB drives in a RAID 1 (mirorr) array. So that’d mean server would have to be up all the time and
it gets hot here, not to mention the electricity costs of running it 12+ hours a day every day in
addition to network equipment (24/7) and other computers (12+ hours a day). Then there’s the local network
bandwidth of streaming everything non stop for 12 hours (say) a day. It just didn’t make sense to have
my huge music collection (around 320GB if I remember right) on the server. Yes, I’m actually transferring
the files to a 500GB drive on the server for other reasons (“backup” as well as a few friends), but primary
use is for me, so it’s not going to be on the server.

But Windows is funny about raid: when you want raid enabled, you have to have it enabled when you
install windows clean. At the time I installed it, I didn’t even have one 1TB drive, let alone two. I didn’t
even consider RAID at the time. So, lovely. BSOD heaven came across me until I came up with a solution
to this horrible, horrible design (in Linux: just recompile the kernel and add raid support in kernel module
or statically in kernel and reboot into new kernel. Done – so much easier). Thing is, I also modified
Vista in various ways: I moved Programs Files (x86) and Program Files off of C:. And I moved Users
off of C, and to a certain extent even ProgramData. Not just a symbolic link/junction, but completely.
In my own way (though every way I’ve seen hacks the registry and mine is no exception). I like it this way,
and I had no intention of reinstalling Vista only to have to fix the flaws again (please, MS, for gods sake,
make it a customizable option to change directories/folders of said files!).

The other problem with enabling RAID with my system: I have only one SATA controller for the 6 SATA
devices. So, if I enable raid, it’s for ALL sata devices, and damn if Windows isn’t on a SATA Drive.
What this means is, when I enable raid, it is enabled on the boot drive. So BSOD instead of booting
like any normal OS should (when there is no array created, it’s silly it can’t boot …). The local
store did not have a raid controller, and I didn’t think of it while at the store, that just putting
non raid sata drives on that card/controller would have worked. But no matter, I came up with a more fun
solution:

I made use of my one IDE channel on the motherboard, as well as abused the Vista install DVD’s commmand
prompt. (Note: I tried installing drivers for my sata raid controller before I enabled raid, but it still
crapped out on me so I had no choice but to either reinstall [not gonna happen!] or find a hack/fix).

Since IDE doesn’t have raid on enabled, it won’t be a problem if I boot off of THAT drive while raid is
enabled (or so I suspected). So some of you can probably see where I’m going.

Another problem is, Vista is horrible with file permissions (don’t get me started on the horrible design
of vista file perm modes …); If I’m the admin, I should be able to at least _copy_ system files. But
Vista disagrees. It’s like it’s in perma lock mode. File locking is a good thing, don’t get me wrong.
But a file that can NEVER be touched in the OS by an ADMIN, is very wrong (and stupid – if there
has to be “protection”, then put a huge warning in and make it a change-able setting and be done
with it). But history shows that MS likes to put in things that make one thing they’re extra safe
when they’re not. For example, see how easy it is to delete an important or needed registry value (but
not important files). Or what about reading about User Account Control in Vista that prompts users to
eventually get fed up and just click accept no matter. Then when they really could have “used” it they
click accept and too late.UAC is another thing I changed defaults on and I didn’t want to bother doing again
(not that any of it is actually hard).

Anyway, I have quite a few IDE drives and spares included. So, I put a spare IDE drive in the box, and
I booted up into the install DVD, and then opened a command prompt (two ways to do that – one is under
repair your computer, another is a keyboard key combination that I can’t say for exact but I can
fumble around and figure it out quickly usually). And now the fun!

Since I wasn’t sure how to prevent robocopy (robust copy) from stopping or ignoring errors on certain
files (the few you can’t copy in the install dvd), I used xcopy. Ah, the memories of DOS days…

Something like this:


xcopy /h /s /c /k /y /b [source drive]:\ [destination drive]:\


And then I went to bed as it was way past my bedtime. Except I forgot one important thing and remembered in the morning:

Windows likes to hide files a lot more than Linux/Unix, as well as call them “system” files. And
I didn’t specify /h. D’oh. I get to copy them all over again.

So I do that and wait while my files copied over. Done after some time. Almost ready to go to next
step. But first, have to make it bootable:


bootrec.exe /FixMbr
bootrec.exe /FixBoot
bootrec.exe /RebuildBCD


If you get an error on one of those and it doesn’t say successful (can’t remember exact error or success
message), you will have to use ‘diskpart’ and in that program use ‘select’ on the disk and then partition
and then mark it active (see ‘help’ in diskpart; leaving it out because I can’t remember exact syntax,
plus you should know what it means before you do such a thing …).

Then run the bootrec commands again, which will recreate the boot record.

Now, take out dvd. Reboot, go into system setup (aka bios/cmos). Enable raid (or go wherever you have to
do do that). Also make sure you boot off the IDE drive (or the drive that isn’t on the raid controller).
Vista should load if you did everything correct (and I didn’t miss anything important :) ). It should
also install the raid drivers. Remember though: it’s only installed on the non – raid controller drive
install. You’ll have to get the driver there.

And since I wasn’t sure all files I needed to copy over, nor which registry entries to copy, I decided
to copy the ide install to the sata install. Plus, I just love waiting for files to copy, it seems,
lately … (but at least I had another box I could do things on while waiting for copy to finish).
Same xcopy command but switch the source and destination obviously (making sure Windows doesn’t
reorder the letters – windows has an odd [in my opinion] algorithm for determining the order and
could seriously cause trouble if you don’t get the letters right).

Only other difference is – remembering that I have only core files on my C drive, so programs and data
are on other drives – I only copied \Windows to the sata drive. Everything else, afterall, was already
there. You might even be able to get away with that if you have everything on the system drive, since it
should already be there anyway. So:


xcopy /h /s /c /k /y /b [source drive]:\Windows\ [destination drive]:\Windows\


You shouldn’t have to fix the MBR (master boot record) this time, as you previously booted off this drive.

Take DVD out. Reboot into Windows on your sata drive. Everything should work fine. Now you can create your
array. I’ll leave it as an excercise to the reader as to how to get the system to boot on an array – I’ve
never had a need for that, due to setup or lack of disks or whatever else, but I imagine it shouldn’t
be too hard.

Basically what this process is doing:

Get Windows to boot up so it can load the drivers. It’s quite simple, just time consuming (but very well
worth it if you really want RAID like I did and refused to reinstall).

I might add that some things can obviously change on some setups: xcopy could have additional options
(example: encryption on drive). Or whatever else. You’ll have to work it for your self, but this is
what I personally did.

Funny but it actually took me quite a few hours to sort out this plan (happens when you’re buggered
by a flawed setup …). But yet it’s so simple, as long as you have a drive off the channel. That’s the key:
If you enable RAID on the _system_ drive, windows will crap out on you (blue screen of death). If, however,
the raid is not enabled on th e system drive, but raid is enabled on other drives, it should load the proper
drivers. You can even check the drivers are loaded after the reboot:

Control Panel -> System -> Device Manager. Then – View -> Devices by connection. Lastly, expand:

- ACPI x64-based PC (or no x64 if 32 bit)
– Microsoft ACPI-Compliant System
– ATI PCI Express (3GIO) Filter driver (or whatever is specific to your board – hopefully obvious)

And under that you should see something like: AMD AHCI Compatible RAID Controller as well as
AMD PCI IDE Controller.

(I am clearly an AMD Fan …).

And now, I’m on a few drives as well as a RAID 1 array, happy as ever …

And I hope I don’t have to say this, but: still, despite mirroring drives, it’s still a good idea to backup
if you can, somehow.

And… that’s all folks…

Okay, so it’s not my birthday yet, but it’s a month away from today, the 14th of January. And I got an early birthday present. And what did I get ? I got a demo TAPE (Yes, tape, as in a cassette …) released by Metallica in 1983. Technically it’s not in my possession yet, but should be soon enough, and certainly before my birthday. I’m pretty excited about it. I bought it, then asked my mom if the price sounded reasonable (and it’s very reasonable) and then after she said “yes”, I said “okay, done” as it was already done. So Happy (early) Birthday to me!

In other news –

I got a refund on the guitar I had bought; there was a mistake with it, and after some thinking and talking with m my father – who happens to be a musician since 1958 or thereabouts – I went for the offered refund. Of course, I couldn’t resist spending the money I got and a bit more on two other things: I’m getting a drumhead signed by Lars Ulrich (drummer) and a pickguard signed by James Hetfield (rhythm guitar/vocalist) of Metallica, and I’m really excited about getting those in the mail as well. I’ll then have three of the four members of Metallica’s autograph.

I was also going to get a paper signed by Cliff Burton and the three other Metallica members at the time of this signing (80s of course, as Cliff was killed in 1986), but alas the bid amount went by one bid from $10 to $50 and then to $75 and finally over 100. All in 5 bids! Oh well – I will save money and one of these days I will (hope to) have all of the main members of Metallica: James, Lars and Rob already covered; would love to get Kirk’s and maybe past members too (especially Cliff).

I’m also getting a lot of concert recordings, and have been working on an Excel spreadsheet to list every show (better than a directory listing as I can add a lot more information if need be). So far I have over 300 concerts (had only 140 or so before).

I had more to write but after stopping to eat dinner I forgot what I was going to say, so that’s it for now!

We all have frustrations. I’ve had plenty, and the two weeks or so have been rather frustrating, compared to the last few months. It’s all come out to good, thankfully, but whew! Quite a lot of frustrations. Starting with CoderJunkie…

I’ve changed hosts, only to find out the problem I was having with the previous host – was, as I suspected – misinformation to me. The problem ? I could see other users files on my domain, despite them not being there. Of course, I’m not incredibly familiar with Apache, but to those who are, it’d be obvious: ModUser apache module. It was enabled on my domain, so coderjunkie.org/~someotheruser would point to someotheruser’s site, and I did not like that one bit. I also made the mistake of trying one host in haste without realizing it’s not what I needed. Sure, I got the money back (minus the domain I had ordered – it’s now .org, .com, and .net) but I still lost time and money. Then I finally came across current host (2ip.com). Spent more money there. But it took some work getting my files transfered – more than it should have! It’s all good now, but it was sure frustrating!

My photo gallery has been updated, and I had trouble with adding comments. After wasting a day and a halfs worth of searching, I found the answer is a security limitation on my new host. I’m all for it, just took a while to find the work around (adding information about each photo in the new gallery – see below for info). End result is either modify php.ini file OR just edit one file at a time. The kicker is I noticed I could edit one file at a time almost immediately, but I figured since I was getting an error otherwise, something had to be wrong. And I HATE errors and warnings. I even installed my gallery all over (having to hack my mysql database together again – didn’t realize how the albums/categories were kept track of at first). I even reinstalled it a second time, before I found the answer, this time manually. Then as I’m writing this, I find out my database and photos are gone. Thank god for backups… (and oddly enough, this time adding comments/descriptions works for many files at once now!). What did I add to my gallery ? Well, take a look: http://coderjunkie.org/photos/index.php?cat=2 – yep, that’s ALL my Metallica shirts, each and every one of them. I told you I had a lot!

What else is new…

I reinstalled my OS. Why ? I had to – I needed 64 bit OS as I now have 8 GB of RAM (and like it or not, folks, 32-bit OS’s are limited to 4GB. Take away memory for PCI devices and possibly video, and you have less than 4 gigs of RAM). Yes, you may think I’m crazy, but I’m loving it – absolutely every second of it! I hope to upgrade my computer soon as well (looking at quad core among other things …).

In regards to the guitar I bought, I should get it soon. I haven’t got it as their was a mistake and it was either shipped to wrong person or lost. But the guy is really cool, and he had another one. He’s getting it authenticated (just because – I trust him but it’s good to have it authenticated). He’s even putting it on a more expensive guitar (the signature on the pickguard of the guitar so he’s putting it on a Fender guitar!). So I’m pretty excited. For a while I was wondering about it, but it was dealt with last night so all is set. He also offered to refund me, but I wanted the guitar! (there was a time where I was considering getting the refund, believe it or not, so I could upgrade my computer – yep, that would be stupid and crazy, and so I didn’t do it).

I’m sure there are other things, but the above is the majority of my issues of the last few weeks (or however long it was). Just glad it’s over (or I hope so).

So… I had a good (and special!) Christmas – did you ?

Here’s what made my Christmas special/fun this year:

Got up around 9am or so. Had breakfast with my mom – cinnamon rolls. Then around 10 my brother showed up and we had a nice gift exchange. Each gift I gave (one to my brother, one to my mom) has a special significance, being -

The most important gift I gave my brother was a pair of Lars Ulrich signature drumsticks. The reason this is special is because of something that happened in 2004 and a comment he (my brother) made to my cousin a while back this year. In 2004, March 6 to be precise. It was late. I was out of energy. And we were in the pit/floor at a Metallica concert. Very first row.  I was out of energy as it was the end of the concert. Well, Lars comes over and throws a drumstick in our direction. Now, here’s the thing – my brother is strong and I’m not.  He also has a deathgrip. He also is faster than me (and I’m fast). So, like I was saying, Lars throws a drumstick in our direction. My brother is to the right – if I recall – and the drumstick goes right to him. He catches it. Interesting thing is that another person grabbed it – though after my brother (I did say he was fast, afterall) – and tried to take it. My brother told him that he got it, and he’s not letting go of it and this guy lets go. Then … my brother turns to the left and hands me the drumstick. Perhaps the nicest thing anyone has done for me, and a special thing from my brother. My mom was actually there, and it was a wonderful thing for her to see too. Anyway – he hands me the drumstick and I’m so excited. This is perhaps also the first time I’m able to touch anything from him (sad, yes, but true also – that’s my brain for you!).  Two other nice things about this. First, a long time (since childhood) neighbour/friend was there with us. He was trying to get the guard to pick up some guitarpicks from their side of the gate before the stage that didn’t make it. He was trying to get it for me as he knows how much I love Metallica (I got guitar picks at the next concert, also in 2004, by the way). That was special as well. Also, the guy that wanted the drumstick from my brother, he was at the next Metallica concert we were at – also at the floor, and also first row. The lucky bastard caught Godsmack’s drumstick. Then, as Lars of Metallica went off stage, he handed a drumstick to this guy. Two drumsticks, two bands, one night is pretty nice. My brother and I got guitar picks that night, though.  Sometime this year, my brother got a drum kit and started taking lessons. And he also told my cousin that I owed him a drumstick. He even told me that when I die he gets the drumstick *lol* which I’m fine with. But regardless, I got him a pair of drumsticks for the above reason(s). I also gave him a CD of: Metallica drum tabs, the two concerts I went to (him at one), and a couple Godsmack concerts (two of the three we went to when they opened up for Metallica in 2004).

Now for my mother… On her birthday this year, she was telling me that there was one thing she always wanted – and badly – from her grandmother, and it was actually designated to go to her. Problem is, with her family, everything seems to be gone, including this thing she wanted. And she found that they were gone on her birthday (ouch…).  So I thought immediately to find what she was after – depression era glassware for Christmas. I found some and she absolutely loved all of it and it meant so much to her.

What was I given ? Quite a lot!  And they have special significance as well:

When I was young, I had to read the first Narnia book in school. I – of course -  read them all. That was probably the first real fantasy story I was introduced to, and I absolutely loved them. So, my mom got me the Narnia books again (a box set), as well as the latest (second) Narnia (newer) movie  on DVD – Prince Caspian. Nice, sure, but there’s more. I got a really cool Metallica shirt (Creeping Death!!) to add to my 40+ unique Metallica t-shirt collection. I also got the DVD version of the Live Shit: Binge & Purge Box set that I had on VHS since the early 90s (93 I guess, when it came out – was $100 then – but that was before DVDS were popular [or out ? I don't know]).  It has some stuff I don’t remember on the VHS. Could be my memory (hey – that’s 15 years ago! No one can remember that far back… can they ?) but I didn’t remember it and it was nice to see even if I’ve seen it before. The box set has a three CD concert that took place in Mexico City. Then there’s two DVDS (three VHS’s in the vhs set). One is a concert in San Diego with a really cool and funny drum duel between Lars and James (YouTube has it as well, though I don’t know how or when it was duplicated for Youtube) and the other concert was in Seattle (was also really cool concert).  If I’m not mistaken (there’s that memory thing again …) the Seattle concert was for the …And Justice for All Tour, and the San Diego was for the Black Album’s tour (can’t honestly remember the names of the tours of those albums).

Okay, what else could I possibly get, you ask ? I got four Metallica vinyls (the recent reprints) – I collect them. Then I got some Harry Potter stuff – I did say I liked fantasy, and Harry Potter is a fun series as well. The books I got: two of Harry’s schoolbooks (one on Quidditch, the other was – Fantastic Beasts and Where to Find Them). I also got Tales of Beedle the Bard, which – as you may or may not know – was introduced/mentioned in Harry Potter and The Deathly Hallows.  It was a gift, actually, to Hermione Granger, from Dumbledore, if I recall correctly.

My brother got me two shirts while we went to see Metallica earlier in the month, and that ended up being my Christmas present from him. Was hoping to get a album of all my shirts.. maybe I can do that sometime soon. Regardless, one shirt was free, one was $32.

I also got (yes, there is more) a few more things (yes, only a few!) – My grandparents gave me $40. I’ll use that to start paying off my debt, what with my splurges.  Then, my aunt and uncle got me some chocolate cookies from what looks like a deli. And last, but certainly not least – my mother also got me a joystick that you plug into a TV, and it has a lot of old school games from the 80s – including 4 I used to play a lot on the Atari 2600 – Asteroids, Pong, Breakout and Adventure! That will be fun when I get around to it.

All in all, I have plenty to watch, read, and enjoy.

I also bought myself some stuff this month (yes.. I know.. I was naughty!) – The guitar which I have not got yet but should soon (and will definitely post pictures of when I get!) and I also bought these professionally designed Metallica dollars. They look like real United States of America 20 dollar bills, except each one (four) has a the face of one of the Metallica members – one bill per member – and the back has all four of them on it. If only I had one of Cliff… $5 for 80 USD isn’t bad, I’d say! Well, not that I can spend them (and I wouldn’t anyway – they’re a true collector’s item!).

Dinner was real nice as well – lots of great food and desserts. But the real fun was with my brother and mom, and the gifts I gave them.

And now it’s nearly time for bed. Good night and Merry Christmas!

So, after the other night in Inglewood, California (where the Los Angeles Forum is) I’m very sore. For one, like I wrote in the concert review post, I had to run, probably was a quarter of a mile. I’m out of shape, so that was tough. Necessary, but tough. Then the fall after the concert – catching myself after sliding down some stairs as well as the run, I have a scraped ankle, a bruised arm or two, and very sore muscles in my legs and arms. But it was worth it. And I’m excited about something else.

For the first time ever in a long time, if ever, even, I’ve made a splurge of the year. Will take some months to pay off, but that’s life.  Firstly, know that I’m a collector of all things Metallica and related. Right now I have a drumstick from after a concert (in the floor) in 2004 (which was something very special, how it happened, in and of itself), two guitar picks or so from another show on the floor (also in 2004), as well as a photo of Robert Trujuillo with his personal autograph and a message to me. The photo was obtained by a rare chance that my mom’s coworker’s brother who knew I liked Metallica, happened to be working on Rob’s house (he works on million dollar homes – stucco work and so on). I think it was in Venice Beach. Anyway, he mentioned it to Rob, and Rob was ultra cool. See, this person mentioned to Rob that when he worked on my house, I had been playing all crap music all the time (it’s true, it’s always on), but they both laughed. Anyway, Rob mentioned if I wanted his autograph, he’d be willing to (Thanks again, by the way, to those involved – not that I expect them to see this …). So I sent in a photo from a tour book I had, of just Rob, with my mom’s coworker’s brother. He signed it. Not just his name, but a message to me. I was so excited.

Those are the things I didn’t ‘buy’. Now, I also have over 40 Metallica shirts, and various other collectibles, including some out of print stuff, a vinyl / record box set, one of the Metallica Club Fan Cans (couldn’t afford the others at the time,  so only one – it’s a paint can full of Metallica goodies). As well as some statues, and a lot of other things. But today, I was searching eBay for some reason or another, and I found something I wouldn’t have ever expected seeing (lesson is you can find anything on eBay!).  For about 189 USD, I saw an electric guitar signed by Robert Trujillo. Seems too good to be true, but it’s authenticated by PSA/DNA. So knowing that this could not be so legit, I called a local store that would have sports and similar memorabilia goods for sale. Collectors store, basically. Asked them about PSA/DNA and they said it’s one of the best in the industry, and explained how it works and so on. Sounds good. So I bought the guitar. It’s in my area, so I expect it should be here pretty soon (within reason – it is the holiday season afterall), and then I can post some pictures of it maybe.

Crazy ? Perhaps that. Excited ? Definitely – I get something pretty nice to add to my collection. Now I just need to find space in my bedroom… maybe it’s time to even clean it up a bit.. hmm…

So last night I decided to go later. I was tired, and didn’t want to see the other bands in full (sort of not anyway). In fact, for a little bit – before reality hit me – I was considering not going at all. Silly me. Anyway, the night before, it was RAINING, and it took us a bit over an hour to get there. Last night, we were planning on getting there at around 8:30 pm (Metallica going on stage around 9). We scheduled to leave in plenty of time. Afterall, it wasn’t raining. Yet, it took us three hours almost, to get there (damn traffic jams). Ouch..

Then there were parking issues (why they designed an arena with less parking space than arena occupancy is beyond me ….). We found a place near by to park. And then jogged like I haven’t in years. And having asthma and being out of shape (as well as having feet problems) … was not fun. When we got to the street right across from the arena, we were told by some one (I guess official) that Metallica weren’t on stage yet and would be in another 10 minutes. Thank god they weren’t on at same time as previous night!  We finally get inside – hustling the whole way – and they’re still not on stage. Hurray! Get to our seats (not on floor this night, either – else would have been there earlier for sure).  Five minutes or so later, Ecstasy of Gold from The Good, the Bad, and the Ugly comes on. Yay! Metallica is on stage!

They started off with the That Was Just Your Life and then The End of the Line again. Then changed the setlist from the previous night – and quite a lot (as usual, they keep their shows entertaining and interesting/unique). They also played six new songs this night (of ten, though perhaps maybe the same six songs as last night – but that’s fine – the rest was different more or less).

When Broken, Beat & Scarred came on, I nearly cried. I was a bit overwhelmed from nearly missing the beginning, and knowing what the song is about – struggles in everyone’s life, and having plenty of struggles in my life  – it just got to me and I could barely hold myself together. But – that’s a sign the music really is from the heart to the heart.  And in fact, throughout my Metallica family membership, I’ve been helped a lot and truly felt their music (emotional and what not).  Just by their music. And there are plenty of songs that remind me of my life. Anyway, back to the concert:

Some highlights of the show:

1. The same pyrotechnics and strobe lights were there (very  nice effects), as well as the balls falling from above. And a correction is that there were a lot more – as I initially thought, there were probably closer to 100 beach balls of different sizes, all black with the Metallica logo on them! And this time, I saw the crew above getting ready to drop them, which was kind of neat as well.

2. Lars at the end of the show was teasing some people on the floor with drumsticks. Already having one from a concert in 2004, this was pretty funny (okay, would have been funny anyway, but…).

3. Rob was insane – as usual – on stage. I’ve seen him do this before, but he did it again:  he holds on to the bass with his hand (end of the bass), stretches both arms out in opposite directions, and spins around in circles. Then he goes back on and plays immediately.  Like I said, always insane on stage but very coo there and everywhere else I might add.

4. I noticed the lights above the stage were on “coffins” (as in, attached to moving, coffin shaped boxes positioning the lights wherever they needed to be). Kind of neat.

5. Though I usually pay attention to the band only, I sometimes watch others (there were far more people here this show by the way, especially on the floor) going crazy. And there was this guy – probably stoned as can be – who was body surfing and the people dropped him head first. Funny thing is, he did it again, and again head first to the ground. Someone’s gonna be mighty sore today!

6. Lars at the end of the show said they’d be back soon!

7. Something else that’s amusing to me, is how James this tour is having at the end of the show the lights turned on so he can watch everyone. He was saying what he saw – some sitting down, some standing, some going crazy, etc. But just another way to interact with the crowd.

8. James threw – as always – some guitar picks. But this time he threw them really far, and it even went to the level above the floor. While it was still away from me, it was neat to see (besides, I already have two from a show – also in 2004).

And I swear I saw some people – as I’ve seen before – leave a bit early, thinking Metallica was done, which is always amusing as well.

Setlist:

That Was Just Your Life
The End Of The Line
The Four Horsemen
Ride The Lightning
One
Broken, Beat And Scarred
Cyanide
Sad But True
Wherever I May Roam
All Nightmare Long
The Day That Never Comes
Master Of Puppets
Fight Fire With Fire
Nothing Else Matters
Enter Sandman
- – - – - – - -
Breadfan
Motorbreath
Seek and Destroy

And after the show I got a third shirt from these two nights. And then I had an accident – I fell down the stairs on the way down to the restroom. Fell three to four stairs before I caught myself (at home, I usually use the stairrail, but in public I don’t due to “germs” – stupid I know since I was in an arena with thousands of people, but that’s my brain for you …).  Some people were asking me if I was ok (they saw it), and I was, though annoyed at myself. Am I sore from the fall and the running earlier ? Yep. And I’m very tired too, from being up real late (for me) two nights in a row. But was it well worth it ? Hell yes. I had a hell of a night and I can’t wait to see them again live.

It’s been a cold night. Even inside the Los Angeles Forum. That is, until 9pm. That’s when things started to warm up.
More people show up – and for good reason: the lights go off, and _Ecstasy of Gold_ comes on the PA as loud and crisp as ever.
Everyone in the arena begins to cheer – Metallica is about to blast their ears off.

Ecstasy of Gold finishes and they start off with the heartbeat pump beginning of _That Was Just Your Life_. They’re on
fire, as is everyone else. They looked and sounded great, the entire night. Even with ear plugs (which I hate, but better safe than sorry).

Not only did they play SIX of TEN NEW SONGS, they played a lot of older material. They played cover songs too – perhaps the
most unusual thing is, they played not just Last Caress, but they played Green Hell as well! That was awesome.

Some other highlights:

1. The pyrotechnics were different from what I remember from the previous five concerts I’ve been to (and who knows how many videos
I’ve seen). There were the usual fireballs, sure. But there was something new (to me): on both sides of the stage, there were
four (eight total) streams of flames. They’d go off three or four times each, and each time the streams would be different colours.
Quite cool and well done.

2. At the end of the show, many (at least 10-15, possibly a lot more) beach balls of different sizes fell from above down on everyone
(with the classic Metallica logo on them). One even came our direction, though didn’t quite make it. Did I mention that this time
I wasn’t on the floor (where most of the balls went), but I was actually very close nonetheless: 3 rows back right above the floor.
Nice touch to the show.

3. As usual, there are people outside selling shirts cheaper than inside the gates. I got one inside (well worth the money). But
after the concert, I was handed a t-shirt, about ready to pay, and a security guard took this guys shirts (all of them) and stopped
him in his tracks. That is, except the shirt he just handed me. I got a free shirt. And it’s only good that the shirt size he had
in his hand was XL, else I’d not have the shirt or the right size. I did feel bad, but … free shirt! (Adds to my I think 40+ Metallica
t-shirt collection – yes, really).

4. There were plenty of people (who worked for the The Forum) who were selling water. But one guy was going around selling water but saying “Vodka”. While obviously it was water, it did make me laugh, as it should.

As for the crowd:

Lots of headbanging, as usual. I had the unfortunate experience of being near someone who was smoking marijuana and drinking beer. But
I wasn’t unprepared, it just sucks being near the smoke and beer (can’t stand the smell of either, and I happen to be asthmatic though
my asthma is not so bad these days, hence why I can go to concerts). But this guy was – though very friendly – a bit too “active” -
had a lot on his mind, and as I’ve realized, these kinds of folks can become very dramatic, something I can’t stand. But hey – it was
worth it, I saw Metallica live for the sixth time.

There was one point where I was feeling lightheaded, perhaps from the smoke or perhaps from the heat, but again – well worth it.
I’m tired from being up late (2am, real late for me), but it was worth it, and I’ll be doing the same tonight. Will report
tomorrow most likely.

And last, but not least:

Setlist
That Was Just Your Life
The End Of The Line
Creeping Death
Harvester Of Sorrow
One
Broken, Beat And Scarred
Cyanide
Sad But True
The Unforgiven
All Nightmare Long
The Day That Never Comes
Master Of Puppets
Damage, Inc.
Nothing Else Matters
Enter Sandman
- – - – - – - -
Last Caress
Green Hell
Seek and Destroy

Needless to say, I had one hell of a night – lots of new songs and a lot of great old songs, including the cover Green Hell! Oh, and in case you were wondering, The Sword and Machine Head opened up for Metallica, and they were pretty cool too (both bands I’ve never heard before – the best band so far that’s opened for Metallica that I’ve seen live would still be Godsmack).

So, been a long while since I’ve written anything. In fact, it’s been a long time since I’ve done anything useful at all. I guess you could say I was (am) in a burn-out, and forgot about my website entirely. But I have some things to report, and somehow remembered my blog, so figured I’d post these things here.

For starters, I had a wonderful Thanksgiving, one of the most important holidays in my opinion; too many people are ungrateful for things, and thank yous are underrated. I don’t like that.

Secondly, I am going to the two Metallica concerts this month, and looking forward to that.

But also, I’m trying to get back into programming. Only, this time, I’m trying a language I used to never want to learn: C++. I used to be very biased with operating systems. BSD was better than all, no questions asked. But I learned in time, this is not true; there are plenty of other nice operating systems out there, I just was too blind (or stupid – take your pick) to realize it at the time. Likewise, I was this way with programming languages – I was C all the way. But thanks to a friend at ImagicaMUD, I learned to be interested in OOP. Also thanks to them, I’d say, I grew to like Linux as well. And so I’m going for C++ and I’m quite enjoying the turning back to programming so far, even though I haven’t made anything yet. Will I continue ? We’ll see, but I hope to! Project idea is to make a text-based adventure game, much like a MUD, but perhaps smaller and at first no network capability. It would have a fantasy touch I’m sure, with different races, magic, and all those goodies, and depending on how it goes, I would add network capability (rather, multi-user possibility) and who knows what else. Will not post too many ideas for any while, but I will hopefully post some progress on the game idea.

Otherwise, there’s spending time with friends online and sleep. zZzZZzz…

Ok, so I realized I have some more fond memories. I was even having some pretty major nostalgia the last two nights about one thing I miss. I wrote about it on my About Me section on my site (at About Me), but I didn’t say much of it. Perhaps this also belongs in my new section on my site called Stories & Events, but I think it fits here as well. Anyway, back to the thing I was having nostalgia about. (Long post incoming)

It is ImagicaMUD. You can go ahead and check it out here, but it’s not really the same anymore. The player-base is dead, and the immortals and gods (game masters, myself included) are mostly gone too. Don’t get me wrong, some still do show up but it’s more or less just once in a while. But oh do I miss it. And for many reasons.

I was very lucky to be introduced to it and at the right time. See, back in 1998 I met a very kind person from Canada in a certain scene in the computer security underground. She befriended me and after a while she disappeared on a long vacation to Sweden. When she came back in 2001, I was no where to be found. But she searched me out and she got in touch with me (no one is truly anonymous if you leave any messages or hints). She told me I was missed – not just by her but also others, and so I decided to return (I left due to health and other things I’m sure). There were new people there. Some were gone completely. And some were mostly gone, that I knew from before. Others still were there as always. One of the persons I knew that was mostly gone, I have to thank for without him I’d not know one of my close friends – one from Australia. It was indirectly meeting her, but I met her and that’s all that matters. Then there was a new person from Sweden who befriended me.

He introduced me to ImagicaMUD, which I have to say was the best thing anyone has _ever_ done for me. I had so much fun, the majority of the people I met were wonderful and the experience both as a mortal and later an immortal and then still later a god, was incredible. And shortly after being introduced and convinced to play ImagicaMUD, I left the other scene as did my new friend Lalle (Lalle is the name he uses). It wasn’t the best environment anyway, a lot of not so nice people, and I had something new and better to do now anyway.  So you see, I met the right person at the right time, as, like I said – it was the best thing for me, ever.

To those who don’t know, a MUD Is a multi-user dungeon (or dimension). They’re mostly outdated nowadays due to graphical games, especially Massively Multiplayer Online Role-Playing Games, which are pretty much MUDs but all graphics instead of text (the only text is for messages and mail and such stuff). I’d say that this is one of the main reasons Imagica isn’t the same. Sad but true, as MUDs required more imagination and thinking. Not to say graphical games do not require thinking or imagination, but I feel – having played both kinds of games – that text required more imagination and thinking than graphics. And it was far more fun, at least for me.

ImagicaMUD was inspired by Tolkien, and was indeed a fantasy based role playing game. I cannot remember where the name originated, and the email I was told it in is long lost (all I can remember is a book was involved, and I do have an idea of what it was, but I’d have to ask again or do a bit of searching).  While there were no where near as many players as some of the games of today, it provided a lot of fun for those involved. And a smaller community isn’t necessarily a bad thing, either, in my opinion. In some ways I prefer it.

So I first logged into this MUD on 17 February 2002 (I have access to the server’s logs, so I checked to be sure). My first character was an Elven Battle mage. That is, warrior with some mage like spells/abilities. I don’t know why I chose that class, but I soon deleted it and recreated an Elven Arch Mage, which fit me much more, especially since I’ve always been into the world of magic, in games or otherwise.

My friend – Lalle – helped me begin and get a feel for it. Being somewhat of a command prompt person in operating computers, I did learn a lot on my own and relatively quickly. But he showed me around the world – where I could safely go at that time – and overall helped me in a lot of ways in Imagica. One day at an event in game – a marriage actually – I got a message from a goddess there, who was running the ceremony as well as tying the knot for this couple. Her name was Lunah. I’ve written about her in my Friends & Family section on my website. In real life her name is Emelie. Anyway, she was curious if it was indeed Lalle who helped me get started in the game. She knew of me but I didn’t really know anything about her. I did feel some charisma of some kind though. Was always something special and kind about her. Anyway, the reason she was asking me this, is that Lalle was in a clan of one of Lunah’s mortal characters (Disa). It was called Sentinels of Soraya. Lalle was given a promotion as that was one of the tasks for his current rank in the guild. That was the first time I spoke with Emelie, to who this day is my closest friend ever.

As it happens, another dear friend to this day, who is also a friend of Emelie’s (the three of us are the closest of friends), was in the wedding. It was one of her mortal characters. I later spoke with this other friend, both as her mortal (Shyla) and goddess – Shayla (real life Angi).

After a while, some months actually, they really got to know me, though I still didn’t know them so well. They got me involved in more in game events (it was an RP-based game afterall, so lots of fun events). In the beginning I didn’t do anything with others besides Lalle (who I still am in contact with) and a couple other long-lost friends from the MUD. So I didn’t participate in immortal/god/goddess run quests, events or anything else. Or I don’t remember doing so anyway.

But slowly I was becoming less shy of those in game, and unknowingly to me, in real life as well. And more open as well. This is when Disa (that’s Lunah) asked me to join an event in game. An event that lasted for more than one day. More like some months if I remember right. At this time I may not have even known that Disa was Lunah. Anyway, we got to know each other fairly well after that, and today we’re really close.

I got more into RP and even won some RP-weeks (two in a row), which is a week each year full of role playing events, quests and other such things. At some point a character of Lunah’s and mine met and the two were later married. The two were very happy, and very rich (I believe I had the most gold than any other character in game – I had around 2.3 – 2.5 million I believe). The MUD only lasted a year or two more before players started getting tired of it.

Not one year after I started playing, though, Lalle wanted to build a zone (that is, an additional area for the world) with me for Imagica. We never did finish that but I did start my own zone as well, and got noticed and eventually ascended to the realm of the immortals (i.e., a game master). My main task was to help Lunah shape the world. She was the master builder, and I was the assistant master builder. I also eventually helped her create houses for mortals. I was very happy with all this, and I eventually spoke with the founder / master coder of the MUD. He knew of me because I had helped him solve some bugs in the MUD after figuring out what was happening with the MUD not working right (in particular, it was possible to cheat during combat, making any class with a certain skill called “bash” to kill pretty much any monster that was not immune to bash, completely overpowered).

He found out I was into programming, and my language was the one the MUD was programmed in – C. He showed me some of the really cool things he was working on, and told me if I was interested in helping the MUD further by programming, to let him know.

I did. And I added so much code, thousands and thousands of lines. Lots of features (all sorts of things) and many bug fixes, including a very elusive one that had been there long before I knew of Imagica. Never did I expect I’d do that. But I did and was even told by the master coder – naming himself after Aragorn in Lord of the Rings (I did say it was Tolkien inspired) – that I was one of – if not the – best thing(s) that happened to his MUD, and that he trusted me with his “baby”. That meant the world to me, and helped with my esteem some as well, being that my esteem is not good and never has been.

I will never forget the people of Imagica, and I still have several friends from there – Lalle, Lunah, Shayla, Aragorn and a few others. They all mean the world to me, and I truly do miss those days. The good old days, as they say … And, those were definitely good days for me. As I’ve told Aragorn before, his MUD has helped me so much and I can never thank him enough for making Imagica. That’s how good the days were. I just wish those days were still here. But at least I have something to think about and remember.

I don’t think I knew what the “good old days” were to me before I wrote this, or what it means to anyone else, but I do know now what it means to me – ImagicaMUD!