Re: [BLACKBOX] Addendum: BlackBox.Exe & AppLocker under Windows 7

From: [at]} <Romiras>
Date: Thu, 10 May 2012 17:37:36 +0300


Try link 1 <http://www.spotnblog.com/solution-windows-7-sp1-failure-message-error_bad_exe_format0x800700c1/> and link 2 <http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/errorbadexeformat0x800700c1/749eee1e-9f6b-e011-8dfc-68b599b31bf5?msgId=2b1e19c4-ea5b-4a8e-b17d-e5352db11be7> .


2012/5/10 Treutwein Bernhard <Bernhard.Treutwein{([at]})nowhere.xy


        I was able to reproduce the error. I'm using a german Windows 7, so I'm in
        doubt if I was able to find the correct English ones, but I tried hard:
        
        Call gpedit.msc then go to
        
        Console Root->Local Computer Policy
->Computer Configuration
               ->Windows Settings
                    ->Security settings
                        ->Application Control Policies
                            ->Applocker
                               ->Executable Rules
        
        Right Click on Executable Rules and select "Create New Rule"
        
        In the Wizard on the "Before You Begin" page click Next
        select the radio button: "Allow" and click Next
        select the radio button: "File Hash" and click Next
        then browse to BlackBox.Exe
        and you get immediately a message box which says:
        
        that it "ist keine zulässige Win32-Anwendung. (Ausnahme von HRESULT:
        0x800700C1)" which I translate to
        "is not a valid Win32-Application (Exception of HRESULT: 0x800700C1)"
        
        I'm starting to dig into "Microsoft PE and COFF Specification"
        http://msdn.microsoft.com/en-us/windows/hardware/gg463119.aspx to find out,
        if there is a new flag or word necessary for forcing the loader or PE-Loader
        to recognize a valid Win32.
        
        Regards & thanks in advance for any hints
        --
          Bernhard
        
        
        ----
        To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to LISTSERV{([at]})nowhere.xy
        


---- To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to LISTSERV{([at]})nowhere.xy
Received on Thu May 10 2012 - 16:37:36 UTC

This archive was generated by hypermail 2.3.0 : Thu Sep 26 2013 - 06:30:03 UTC