Hive The Server Room

	Main Index Search Register Login Who's Online FAQ Links
	Main Index Search Register Login Who's Online FAQ Links

	2 Online, 0 Active		You are not logged in

This is a historical archiveThe forum is read-only. Private information has been removed. It is not possible to login.

	The Server Room

All posts Subject: GDI Scanner Please login to post

WizardX
(Wizard Master)
09-25-04 00:19
No 533036
User Picture GDI Scanner

GDI Scan for JPEG Virus

gdiscan.exe was written for Windows 2000 and higher. It scans the drive containing the Windows %system% directory and Looks for vulnerable versions of gdiplus.dll, sxs.dll, wsxs.dll, mso.dll.

The scan starts upon execution. It will signal completion of scan in text box with "Done."

Vulnerable versions of the .dll files are listed in RED.

The path where a vulnerable .dll file is found is important. Remember that dlls are loaded in the following order (note: this is a VAST simplification):

The directory from which the application loaded.
The (application's) current directory.
Windows 95/98: The Windows system directory (default: C:\Windows\system)
Windows NT+: The 32-bit Windows system directory (default: C:\WinNT\System32)
Windows NT+: The 16-bit Windows system directory (default: C:\WinNT\System)
The Windows directory (default: C:\WinNT or C:\Windows)
The directories that are listed in the PATH environment variable

GUI Version http://images.dshield.org/images/gdiscan.exe
(MD5: 91ff45c6158e77eb57fbf6fbe38f05d1)

Command Line Version http://images.dshield.org/images/gdiclscan.exe
(MD5: dd1e0eb5a9b5f33da90bbf503ed28eda)

FAQ
Ignore files in directories like Windows\$NtUniinstallKBxxxxx\ and Windows\WinSxS. These are old versions left behind for uninstall purposes
There are no command line options for the gui version.
the only parameter for the command line option is the log filename (usage: gdiclscan.exe logfile). It will exit with a return code of 1 if it can not open the log file. The command line version will not overwrite the log file.

According to this scanner there is gdiplus.dll and GDIPlus.dll files vulnerable version in Norton SystemWorks 2003.

	https://the-hive.archive.erowid.org	the-hive@erowid.org



Powered by Non Sustainable Resources(TM) V. 2.06, Copyright 2023, the Creativity Concubines Industries. All rights reserved.
Links Erowid Rhodium


		WizardX (Wizard Master) 09-25-04 00:19 No 533036				GDI Scanner
						GDI Scan for JPEG Virus gdiscan.exe was written for Windows 2000 and higher. It scans the drive containing the Windows %system% directory and Looks for vulnerable versions of gdiplus.dll, sxs.dll, wsxs.dll, mso.dll. The scan starts upon execution. It will signal completion of scan in text box with "Done." Vulnerable versions of the .dll files are listed in RED. The path where a vulnerable .dll file is found is important. Remember that dlls are loaded in the following order (note: this is a VAST simplification): The directory from which the application loaded. The (application's) current directory. Windows 95/98: The Windows system directory (default: C:\Windows\system) Windows NT+: The 32-bit Windows system directory (default: C:\WinNT\System32) Windows NT+: The 16-bit Windows system directory (default: C:\WinNT\System) The Windows directory (default: C:\WinNT or C:\Windows) The directories that are listed in the PATH environment variable GUI Version http://images.dshield.org/images/gdiscan.exe (MD5: 91ff45c6158e77eb57fbf6fbe38f05d1) Command Line Version http://images.dshield.org/images/gdiclscan.exe (MD5: dd1e0eb5a9b5f33da90bbf503ed28eda) FAQ Ignore files in directories like Windows\$NtUniinstallKBxxxxx\ and Windows\WinSxS. These are old versions left behind for uninstall purposes There are no command line options for the gui version. the only parameter for the command line option is the log filename (usage: gdiclscan.exe logfile). It will exit with a return code of 1 if it can not open the log file. The command line version will not overwrite the log file. According to this scanner there is gdiplus.dll and GDIPlus.dll files vulnerable version in Norton SystemWorks 2003.

	All posts		End of thread