Honeypots mailing list archives

RE: Honeyd for win32

From: "Justin Coffi" <jcoffi () hotmail com>
Date: Tue, 1 Apr 2003 16:42:52 -0800

Windows 2000 and Windows XP includes the Application Compatibility tool,
apcompat.exe, which is a tool that lies to programs that perform
compliance checking in Windows 2000. It does not make the program
compatible with Windows 2000 if it was written to directly access
hardware or use virtual device drivers (VXDs)which are not supported by
Windows NT or Windows 2000. For more information on apcompat, see:
Microsoft Knowledgebase Article Q251062 Description of the Application
Compatibility Tool. 

If HoneyD will not run well except under Windows NT try this on your 2k
box:

Click Start 
Click Run 
Type cmd 
cd %systemroot%\AppPatch 
regsvr32 slayerui.dll 

When you press Enter, a successful installation generates the message: 
DllRegisterServer in c:\winnt\appatch\slayerui.dll succeeded 

To disable compatibility mode: 

Click Start 
Click Run 
Type cmd 
cd %systemroot%\AppPatch 
regsvr32 /u slayerui.dll



-----Original Message-----
From: Pat Garlick [mailto:patlg1 () netzero net] 
Sent: Tuesday, April 01, 2003 10:55 AM
To: honeypots () securityfocus com
Subject: Re: Honeyd for win32

In-Reply-To: <002901c2f7ed$ba714350$6401a8c0@coffee>

Michael:

Per your answer to my help with honeyd on Win2000 box.  Another user 
suggested that I:... In the nmap.prints file try removing the entry 
for "Windows NT 4 SP3".  I've run into this problem on some other
versions 
of honeyd.

I did this and when I run Honeyd.exe a screen flashes briefly and that
is 
it.  Is this all there is to the install of honeyd on Windows 2000?  I
did 
read the honeyd.html page and understand there are switches that can be 
used to configure different things.  Where I configure it....i'm sorry,
i 
do not know??  This is all new to me.

Additionally,  I would like to know: once honeyd is actually running on 
the Windows 2000 box........will it indicate a process is running in any

of the system files........or modules?  If so, what will it be named?  
this would be an indication to me as well that honeyd is actually 
installed and running on this box.

thanks for your help. i need to get this up and running sooooooooooooon,
pat

Current thread:

Re: Honeyd for win32 Michael A. Davis (Mar 31)
- <Possible follow-ups>
- Re: Honeyd for win32 Pat Garlick (Apr 01)
  - RE: Honeyd for win32 Justin Coffi (Apr 01)
- Re: Honeyd for win32 Pat Garlick (Apr 04)