Linux HowTo: blue screen of death MEMORY_CORRUPTION_ONE_BIT

Original Source Link

I get bsod at least once a day on my new PC and i ran a mini dump and it says MEMORY_CORRUPTION_ONE_BIT. I don’t know exactly whats causing this to happen i got my PC about 2 weeks ago please help me.

this is a desktop that was already built before i bought it, it has 32gb of ram and an i9 9900k

This is what the mini dump file says about why i got the BSOD

MEMORY_MANAGEMENT (1a)
# Any other values for parameter 1 must be individually examined.
Arguments:
Arg1: 0000000000041792, A corrupt PTE has been detected. Parameter 2 contains the address of
the PTE. Parameters 3/4 contain the low/high parts of the PTE.
Arg2: ffffbc80b7bdc240
Arg3: 0000000000000002
Arg4: 0000000000000000

Debugging Details:

KEY_VALUES_STRING: 1

PROCESSES_ANALYSIS: 1

SERVICE_ANALYSIS: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 400

BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202

DUMP_TYPE: 2

BUGCHECK_P1: 41792

BUGCHECK_P2: ffffbc80b7bdc240

BUGCHECK_P3: 2

BUGCHECK_P4: 0

MEMORY_CORRUPTOR: ONE_BIT

BUGCHECK_STR: 0x1a_41792

CPU_COUNT: 10

CPU_MHZ: e10

CPU_VENDOR: GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 9e

CPU_STEPPING: d

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

PROCESS_NAME: firefox.exe

CURRENT_IRQL: 2

ANALYSIS_SESSION_HOST: DESKTOP-OBF6H0I

ANALYSIS_SESSION_TIME: 01-31-2020 21:17:43.0041

ANALYSIS_VERSION: 10.0.18362.1 amd64fre

STACK_TEXT:
ffffbd074fa1ee28 fffff8070fa252ee : 000000000000001a 0000000000041792 ffffbc80b7bdc240 0000000000000002 : nt!KeBugCheckEx
ffffbd074fa1ee30 fffff8070f8ac9e7 : 0000000000000000 ffffbc80b7bdc240 0000000000000000 0000000000000000 : nt!MiDeleteVa+0x176b0e
ffffbd074fa1ef40 fffff8070f8acea1 : ffffbd074fa1f390 ffffbcde405bdee0 0000000000000000 0a00000322de5867 : nt!MiWalkPageTablesRecursively+0x1e7
ffffbd074fa1f000 fffff8070f8acea1 : ffffbd074fa1f390 ffffbcde6f202de8 0000000000000000 0a000007ffbae867 : nt!MiWalkPageTablesRecursively+0x6a1
ffffbd074fa1f0c0 fffff8070f8acea1 : ffffbd074fa1f390 ffffbcde6f379010 ffffbcde00000000 0a0000046c7ad867 : nt!MiWalkPageTablesRecursively+0x6a1
ffffbd074fa1f180 fffff8070f8ac62c : ffffbd074fa1f390 1a000007ffbae867 0000000000000000 ffffac8e6b3546c0 : nt!MiWalkPageTablesRecursively+0x6a1
ffffbd074fa1f240 fffff8070f8aaa98 : ffffbd074fa1f390 ffff9c8000000002 0000000000000001 fffff80700000000 : nt!MiWalkPageTables+0x36c
ffffbd074fa1f340 fffff8070f8b8bf0 : ffffffffffffffff ffffac8e6b354438 0000000000000001 0000000000000000 : nt!MiDeletePagablePteRange+0x268
ffffbd074fa1f6e0 fffff8070fdc7a5d : 0000016f00000000 0000000016f7b140 ffffac8e72d92440 0000000000000000 : nt!MiDeleteVad+0x860
ffffbd074fa1f8a0 fffff8070fdc7853 : ffffac8e72d92440 0000000000000000 0000016f7b140000 0000000000000000 : nt!MiUnmapVad+0x49
ffffbd074fa1f8d0 fffff8070fdc76e9 : ffffac8e6b3540c0 0000000000000008 ffffac8e4f0aabc0 0000000000000000 : nt!MiUnmapViewOfSection+0x133
ffffbd074fa1f9b0 fffff8070f9d2d15 : ffffac8e7037b080 0000016f7b140000 0000016f7b7a72f0 ffffac8e6b3540c0 : nt!NtUnmapViewOfSectionEx+0x99
ffffbd074fa1fa00 00007ffc007bf974 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : nt!KiSystemServiceCopyEnd+0x25
0000005d59ffd9d8 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0x00007ffc`007bf974

THREAD_SHA1_HASH_MOD_FUNC: cd17d96308226c0911d4c2e72141f4a08060b33a

THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 68d7355f1c7999b99638818b39e5354b1f1c76bd

THREAD_SHA1_HASH_MOD: fe34192f63d13620a8987d294372ee74d699cfee

SYMBOL_NAME: ONE_BIT

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: hardware

IMAGE_NAME: memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP: 0

STACK_COMMAND: .thread ; .cxr ; kb

FAILURE_BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT

BUCKET_ID: MEMORY_CORRUPTION_ONE_BIT

PRIMARY_PROBLEM_CLASS: MEMORY_CORRUPTION_ONE_BIT

TARGET_TIME: 2020-02-01T04:36:42.000Z

OSBUILD: 18362

OSSERVICEPACK: 592

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK: 784

PRODUCT_TYPE: 1

OSPLATFORM_TYPE: x64

OSNAME: Windows 10

OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS Personal

OS_LOCALE:

USER_LCID: 0

OSBUILD_TIMESTAMP: 1972-08-21 17:24:00

BUILDDATESTAMP_STR: 190318-1202

BUILDLAB_STR: 19h1_release

BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202

ANALYSIS_SESSION_ELAPSED_TIME: 121e

ANALYSIS_SOURCE: KM

FAILURE_ID_HASH_STRING: km:memory_corruption_one_bit

FAILURE_ID_HASH: {e3faf315-c3d0-81db-819a-6c43d23c63a7}

Followup: MachineOwner

BUGCHECK_STR: 0x1a_41792

https://forums.tomshardware.com/threads/memory-corruption-one-bit-large-bsod.2828014/

The error code 41792 indicates a corrupted page table entry.

This means something isn’t right with your HDD/SSD. You need to verify everything related to your disk drives.

First: Check your SATA cables. Possibly a SATA cable is incorrectly connected. Or an M.2 drive is not inserted correctly.

If all checks out, verify your SMART integrity with an app like Crystaldiskinfo. Update your SATA or chipset drivers as well.

Tagged :

Linux HowTo: How to connect on windows 10 through smb to external server shared folder

Original Source Link

I am trying to connect to external ip address through smb on windows 10 without any success.

\server-ip:portshareDirectoryName

So far I did try the following ports: 139,445 but without any success.

I know this is not firewall/antivirus issue, even when firewall is disabled problem still persists.

When I try to connect to the same external server on LINUX or MAC this problem does not appear. Everything works like it should.

Command on mac/linux:

smb://server-ip:port/shareDirectoryName

Have you got any error messages?
Please try to ping the external server both with the IP address and the FQDN firstly.

There is no need to assign the port.
Just input ” \server name or IP address” to have a test in Windows Explorer.

My Window 10 Pro would not let me access my old NAS drive, although I could enter the drives administrative setup. Here is the work-around I used. While in the admin setup I created a SMB share, folder named DATA. I went back to Windows Desktop and clicked on This PC icon. In the file explorer window I right clicked on “This PC” and choose “add a network location.” That started “add a network location wizard.” Follow the prompts and enter the address in the input box in this manner: \198.192.1.116DATA (the address is the one assigned to the NAS drive by DHCP) That’s it. You can give it a name so you know it’s your NAS. It shows up under This PC in file explorer. You can even map to it with the same procedure. BTW, it would probably be prudent to assign the NAS a static address in your router so it doesn’t change. That would break the path and the map.

Tagged : / / /

Linux HowTo: Kali Linux Live CD Blackscreen/Not Booting

Original Source Link

I am pretty new to Kali Linux (or Linux in general) so probably I won’t understand ALL of the technical terms, but I will give my best.

As introduction in my problem, I wanted to create a Live CD with Kali Linux for my Laptop (exact information on version etc. will be given later, as well as the chronological order of the things I did).

After burning the ISO Image of Kali, I restarted my Laptop, and wanted to boot Kali Linux as a “Live Session”, but everything I have seen was a Blackscreen, with no console, and no mouse pointer.

The Laptop did not react to anything, so I took out the disk, and started my PC new and booted with my primary operating system. After that I tried different things (which I will list too), but nothing of it helped me.

My System:

Laptop Model: ASUS R510LB-XX037H
OS: Windows 8.1 64-Bit
Architecture: 64-Bit
Processor: Intel Core i74500U CPU @ 1.80 Ghz 2.40 Ghz
RAM: 8.00 GB (7.89 Usable)
Graphics: Intel HD Graphics, nVidia GEFORCE 740M

(If more Information is necessary I will give it)

The Linux:

Kali Linux
64 bit (because my System is 64x Based)
Version: 2016.1
Boot Media: Disk (DVD-RW), 4.7 GB Storage

=> So basically the first thing here (Kali Linux 64 bit ISO)

The Things I did (in chronological order)

  • Downloaded Linux Kali 64 bit 2016.1 ISO
  • Saved on Desktop
  • Took a brand new CD and put it in
  • Right Clicked the ISO and burned the Image (With the Burning Option given by the System)
  • Opened Charm Bar => Settings => Change PC Settings => Update/Recovery => Recovery => Advanced Start
  • Selected the Option for opening the UEFI Settings
  • Boot => Changed The Boot-Order, DVD will be booted first before main OS
  • Restarted the PC
  • Red Window saying “Secure Boot Violation” and some text, so I entered UEFI again and disabled “Secure Boot”
  • Restarted PC again
  • Blackscreen
  • [after 20 min] manually restarted the PC (simple power-off)
  • Burned ISO-Image again on fresh Disk
  • Restart
  • Blackscreen again
  • power-off, boot with Windows again
  • and so I came here

I really don’t know what I can do more, under Windows everything works fine (related to Hardware).

How can I resolve this issue?

Try CBBurnerXP. It has an option to burn ISO files. If that doesn’t work, try Universal USB Installer, YUMI Multiboot usb or LinuxLive USB Creator. Live linux will work faster when booted via USB than from CD.

It sometimes happens that there are errors in the download process. You need to verify that the ISO file is the exact same by generating and comparing a MD5 or SHA1 hash.

In this case the SHA1Sum is posted on the downloads page of the link you provided.

You can find this link to the Microsoft File Checksum Integrity Verifier by searching for “SHA1Sum Windows” Link

After using your choice of SHA1Sum generator to verify that the downloaded ISO file’s SHA1Sum is the same, you can then check to see if the image is being burned to disk correctly. You should use the ‘verify’ option when burning the disk. But what if you’ve already done that? How do you compare the ISO to the burned disk? It’s easy with Ubuntu.

The following is from: https://help.ubuntu.com/community/HowToMD5SUM

First mount the CD, if not already mounted:

sudo mount /dev/hda /cdrom

Then use the supplied md5sum file on the CD:

cd /cdrom
md5sum -c md5sum.txt | grep -vi 'OK$'

See also the “Check the CD” section.

Tagged : / / /

Linux HowTo: Chrome Error Message: You are using an unsupported command-line flag: –extensions-on-chrome-urls. Stability and security will suffer

Original Source Link

Every time I open chrome I am getting the following error message:

You are using an unsupported command-line flag: --extensions-on-chrome-urls. Stability and security will suffer.

Any ideas? I’ve tried a uninstall/reinstall of the browser Image here of error.

To disable the option of extensions-on-chrome-urls, enter chrome://flags/
and enter urls in the search field. You will see this entry:

enter image description here

Disable this option and the warning will disappear.

Tagged :

Linux HowTo: Caps Lock is bugged

Original Source Link

I have HyperX Alloy Core RGB keyboard (HX-KB5ME2-US). Sometimes when I turn off caps lock, LED on keyboard is still on. After another press, LED is on, and caps lock is on.
Why is this happening? Is that bug in keyboards firmware or in windows driver? Thanks

Seems to be an existing problem on this keyboard that exists in its firmware. Users here complain about the same thing, but HyperX support has said they will replace the board if you send it in and they can replicate the problem. This comment offers some solutions if you don’t want to send it back and are willing to get a bit technical.

Tagged :

Linux HowTo: Find a file with parts of name in an arbitrary order

Original Source Link

I’ve got a file hidden somewhere, it’s either named file.foo.bar.txt or file.bar.foo.txt, but I’m not sure which it is.

Right now, I’m just running find file*foo*txt because I know the file will be in the list, but I have to sort through the list to find the actual file.

Mostly out of curiosity (the list is short and realistically I can find the file), is there a way to find file.(foo&bar).txt such that the file will be found, regardless of which is the actual file?

The command find file*foo*txt doesn’t really use find.

It’s your shell who expands file*foo*txt before find even runs. Then find gets possibly many arguments as its starting points; and no tests, no actions. The default action of -print is assumed.

This is like printf '%sn' file*foo*txt. Both printf and your find only print what the shell supplies; except if there is no match. Or except if the shell returns a directory name (possibly among other names); in such case printf will just print it, while find will print it plus paths to every file in the directory, recursively.

Your task can be done with find (not the shell) actually performing some matching. Use several -name tests. The default behavior is to join tests with -a (logical AND). This fits cases where you want the filename to match several patterns at once.

find . -type f -name 'file.*' -name '*.txt' -name '*.foo.*' -name '*.bar.*'

Notes:

  • These patterns are not regular expressions. * here is a wildcard but . is literal. I used . because you wrote “file.foo.bar.txt or file.bar.foo.txt“.
  • find is recursive. Use -maxdepth 1 or (if your find doesn’t support it) read this: Limit POSIX find to specific depth.
  • Note the patterns are quoted. This is to protect them from being expanded by the shell (compare this question).

If you want literally file.foo.bar.txt or file.bar.foo.txt then use -o (logical OR):

find . -type f ( -name file.foo.bar.txt -o -name file.bar.foo.txt )

Note you often need parentheses with -o. Without them -type f -name … -o -name … would not do what we want.

And there is -regex. It’s a match on the whole path and there are several flavors.

The default operation in find is and, so for a loose match you can just use

find .  -name 'file*foo*txt' -name 'file*bar*txt'

but for a rigid match you can resort to a regular expression:

find . -regextype posix-extended -regex '.*/file.(foo.bar|bar.foo).txt'

You need to remember the regex has to match the full path, hence the .*/ at the beginning.

Tagged : /

Linux HowTo: how to make windows 10’s explorer focus existing window when opening the same folder

Original Source Link

There is a scenario: suppose I have two open explorer windows, window 1 showing the folder C:/data and window 2 showing the folder C:/.

What I want is that when I double-click (open) the folder data from within the window 1 (C:/), the window 2 (C:/data) get focused instead of opening the folder data in window 1.

I found a similar question here : so thread but it is dated from 2018 and not aiming Windows 10. I wonder if things are different in my case.

Thanks in advance,

I have written a powershell script SwitchOrOpenFolder.ps1 that could do the job in combination with a simple registry hack in HKEY_CLASSES_ROOTFolder.

Note □ always make a backup copy of the Windows registry before creating, editing, or modifying any keys or values. ■

  1. Add SwitchOrOpen option to context menu for drives and folders and associate it with silent run of the D:PShelltestsSwitchOrOpenFolder.ps1 script (change the path to fit your circumstances). This step should result to the following:
reg query "HKEY_CLASSES_ROOTFoldershellSwitchOrOpencommand"
HKEY_CLASSES_ROOTFoldershellSwitchOrOpencommand
    (Default)    REG_SZ    mshta.exe vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -NoProfile -ExecutionPolicy Bypass -File """"D:PShelltestsSwitchOrOpenFolder.ps1"""" -Path """"%V"""""",0:close")
  1. Make the SwitchOrOpen verb a default option in context menu for drives and folders (optional: maps this option to a mouse double-click or keyboard Enter); result should be as follows:
reg query "HKEY_CLASSES_ROOTFoldershell" -ve
HKEY_CLASSES_ROOTFoldershell
    (Default)    REG_SZ    SwitchOrOpen
  1. Use the following SwitchOrOpenFolder.ps1 script:
param ( [Parameter(Mandatory)] [string]$Path )
if ( '"' -eq $Path.Substring($Path.Length-1) ) {
    $Path = $Path.Substring(0, $Path.Length-1) + ''
}
$type = 'Microsoft.PowerShell.Commands.AddType.AutoGeneratedTypes.WindowAPI' -as [type]
if ( $null -eq  $type ) {
    $sig = @'
    [DllImport("user32.dll")] public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);
    [DllImport("user32.dll")] public static extern int SetForegroundWindow(IntPtr hwnd);
    [DllImport("user32.dll")] public static extern IntPtr GetForegroundWindow();
'@
    $type = Add-Type -MemberDefinition $sig -Name WindowAPI -PassThru
}
$FileExplorer = (New-Object -ComObject 'Shell.Application').Windows() |
    Where-Object Name -EQ 'File Explorer'
$windows = $FileExplorer |
    Where-Object { ( $Path -eq $_.Document.Folder.Self.Path ) } |
        Select-Object -First 1
if ( $null -eq $windows ) {
    $windows = $FileExplorer |
        Where-Object { ( $type::GetForegroundWindow() -eq $_.HWND ) }
    if ( $null -eq $windows ) {
        C:WINDOWSexplorer.exe /e,$Path
    } else {
        $windows.Navigate($Path)
    }
    return
}
$hwnd = $windows.HWND
if ( -32000 -in $windows.Left, $windows.Top ) {
    $null = $type::ShowWindowAsync($hwnd, 4) # ShowNoActivate
}
$null = $type::SetForegroundWindow($hwnd) 

Addendum. The following Windows 10 registry file SwitchOrOpen.reg represents both above steps 1 and 2:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOTFoldershell]
@="SwitchOrOpen"

[HKEY_CLASSES_ROOTFoldershellSwitchOrOpen]

[HKEY_CLASSES_ROOTFoldershellSwitchOrOpencommand]
@="mshta.exe vbscript:Execute("CreateObject(""WScript.Shell"").Run ""powershell -NoProfile -ExecutionPolicy Bypass -File """"D:\PShell\tests\SwitchOrOpenFolder.ps1"""" -Path """"%V"""""",0:close")"

Tagged : / /

Linux HowTo: Is it possible to change the position of the Remote Desktop Connection client bar?

Original Source Link

Is it possible to change the position of the Remote Desktop Connection client bar? It’s really annoying that I can only seem to drag it in the top area of the window.

Can I move the bar so it appears on the right-hand side of the window?

It is now possible to remove it all together. In the Remote Desktop Connection windows, under the Display tab, uncheck the “Display the connection bar when I use the full screen.”

If you can’t see the bar – You can get out of Remote desktop ..and go back to local computer using Ctrl + Alt + Break

No

But you can have it minimise if you click the pin icon, to see it again bring your mouse up to the top of the screen.

Here is a list of all the options you have for a remote desktop connection, they all seem to focus on visual output coming from the remote machine, and security nothing about the client bar.

Unfortunately not. For info, there is a complete list of the available customisations here:

http://go.microsoft.com/fwlink/?LinkId=139899

As microsoft’s links have a habit of going dead, the page title is:

“RDP Settings for Remote Desktop Services in Windows Server 2008 R2”

If you hover to the left of the pin, you will get a cursor which shows you that you can resize the bar. And if you click on your computer’s name, you can drag it left or right. That allows me to put it just left of the minimize button on full screen windows.

If only Microsoft would give us a way of remembering where we put it and saving that for our next session.

As of 2020, it is now possible to move the bar. On the extreme left there is the “pin” icon. If you click that, you can drag the bar where you want.

If you just leave it there, it’ll vanish after a moment, but reappear if you move your mouse to the top of the screen.

While it’s visible, if you click on the “pin” icon again, it’ll stay put but in the new place.

Tagged :

Linux HowTo: “Some settings are managed by your organization” while not on domain?

Original Source Link

So, I installed Windows 10 Pro 64-bit yesterday and have been configuring it since. Somewhere along the way a setting got triggered somehow which results in a message “Some settings are managed by your organization.” I would like to know how to correct this.

I am not part of a domain, this is a home computer and there is one user account, mine, with administrator privileges.

Figure 1
Figure 2

This message is misleading, at least in the Windows Update dialog.

This is based on that in the privacy settings under “Settings” -> “Privacy” -> “Feedback & diagnostics” -> “Diagnostics and usage data” it is set to “Basic”. Change it to “Enhanced” or higher, the message disappears.

I have a German Windows 10 Professional version, so can not say exactly whether the menu names are correct. However, this must be increased.

This can also indicate that local Group Policy settings have been set. (You might want to run a malware scan if you’re certain you didn’t purposefully adjust these settings. It is also conceivable that anti-virus programs or system maintenance tools might have done this.)

To inspect and adjust your machine’s local Group Policy, press Win+R, type gpedit.msc, and press Enter. In the left pane, expand Administrative Templates under Computer Configuration. Settings for Windows Update are in the folder called Windows Update under Windows Components. The settings for user profiles are in User Profiles under System in Administrative Templates.

After you select a folder that contains policy settings, you can double-click the policies in the main pane to enable, disable, and configure them. Setting policies to Not Configured will enable the normal UI (e.g. in Control Panel) in most cases. Once finished adjusting the policies, close the Local Group Policy Editor and type gpupdate in the Run dialog. Restart or re-log if necessary.

Read about the Local Group Policy Editor on TechNet.

If you have a Home edition of Windows, the Registry representation of the Windows Update Group Policy settings is at SOFTWAREPoliciesMicrosoftWindowsWindowsUpdate. Most settings are under HKEY_LOCAL_MACHINE, but there are some in HKEY_CURRENT_USER. There can also be an AU subkey. Removing the values reverses the Group Policy settings.

Since none of the answers in this thread worked for me, here is what did work: O&O ShutUp10. It’s a free piece of software that gives direct control over your security/privacy policies. So for example, if your Windows Update functionality is locked, it will look something like this:

screenshot

Green/On means the setting is disabled. So just switch those to the Off position to revert control back into your hands.

There’s another similar piece of software called Spybot Anti-Beacon, but it’s interface is a bit less intuitive.

I originally found this answer here: TenForums

I hope, my answer isn’t too late, but i noticed the following:

Some software out there is able to control these settings instead. In my case, those behavior is caused by the so called BitDefender-Profiles. See screenshots below.

managed 'by organization'...
managed ‘by organization’…

profiles off...
BitDefender profiles turned off…

I have spent many hours, days, even weeks on this issue. The best solution I have found is to reset your Local Group Policy Editor to its Default by resetting all its settings to Not Configured. See Reset Group Policy Editor

After dis-joining from the domain (which led me to search for this exact question), messing with the privacy settings (down from Full to Basic, then back up to Full), increasing intensity of resetting group policies to “not configured” (all the way to everything, as in Avner Falk’s answer) and uninstalling AVG Cloud, (and re-boots in between each step), what finally worked was removing the Lenovo Update software.

Thanks everyone. I’m sure the registry will get re-tattooed when I re-join this pig to the domain.

I also was pleased to discover O&O Shutup10. Useful in other situations.

A workaround is to bypass Windows Update & download/install the update directly.

For Windows 10, you can get the latest version here: https://www.microsoft.com/en-gb/software-download/windows10

Tagged :