Who… What… Where…

There are a number of threads in the Microsoft Windows Update Newsgroup and around other well known sites regarding the infamous SVCHOST Issue!

The main issue that people are reporting is the high CPU usage from the process SVCHOST.exe, generally fluctuating between 20 and 85 percent CPU usage, in some cases using all of the CPU cycles and leaving the computer un-usable.

The cause of this is the Automatic Update service during its detection process; this is where the client PC either checks in to the local WSUS server or accesses the Windows Update site and determines which MS updates are required from the update catalogue.

All of this information is very good… I hear you say, however where is the fix!

Ok, after much web crawling and some testing, below is the method I have used for my clients which has proved sucessfull:

1. Firstly stop the Automatic Update service either through services.msc or with the command line net stop “Automatic Updates”. This will ensure the update process is as quick as possible.
2. Next apply the first of two patches; an update to the Windows Update Agent, the current version is 2.0, this patch updates it to version 3.0 which is pushed out via WSUS v3.0:
   • Windows Update Agent 3.0 – x86
   • Windows Update Agent 3.0 – x64
   • Windows Update Agent 3.0 – ia64
3. Apply the hotfix for this issue, originally stated in KB916089 and then superseded by KB927891 which provides an update for the Msi31.dll (exact name depends on operating version) with basically a more efficient detection algorithm in place:
   • Hotfix KB927891 – x86
   • Hotfix KB927891 – x64
4. Finally reboot the client PC and start the Automatic Update service if it is not set to start automatically.

This article describes how to create a service on either Windows NT, 2000 or XP (untested on Vista). The service can run any application required and can be configured as any other service on the system can.

This information has been extracted from the Microsoft article KB137890, and requires two programs that can be found in the Windows NT resource kit (or here)

• SRVANY.EXE – Allows any application to run as a service
• INSTSRV.EXE – Creates the system service

Create the service

Use the INSTSRV.EXE application to create the system service, it requires two parameters; the first is the name of the service you want to create, the second is always the path to the SRVANY.EXE application.

INSTSRV.EXE Notepad c:\SRVANY.EXE

Set the application as a service

Next edit the registry and enter the path to the application that is required to run as a service. The location is the registry depends on the name of the service that was defined above; in this case Notepad

Run regedit.exe

Navigate to HKLM\SYSTEM\CurrentControlSet\Services\Notepad

Create a new key called Parameters

Under the new key create a new string value called Application and set its value to the path of the application c:\WINDOWS\NOTEPAD.EXE

Once created this service can be managed through the services mmc to set its startup type, recovery response etc.

To make this process easier, the following code can be placed into a batch file and run (with the correct parameters) to create the service and congfiure the registry. It assumes that INSTSRV.EXE is already in a search path and that SRVANY.EXE is located in the root of the C drive.

@echo off

rem #################################
rem ## This batch file created a new system service ##
rem ## ensure the correct parameters are used       ##
rem #################################

rem Parameter 1 should be the name of the service
rem Parameter 2 should be the path to the executable

echo Creating Service
INSTSRV.EXE %1 c:\SRVANY.EXE

echo Creating Registry Keys
reg add “HKLM\SYSTEM\CurrentControlSet\Services\%1\Parameters”
reg add “HKLM\SYSTEM\CurrentControlSet\Services\%1\Parameters” /v Application /d %2

For a simple introduction to the mail() function see the PHP_Advanced article. This article describes some of the more advanced features that can be achieved through the mail function.

Assign Names to email addresses

When receiving an email you will notice that the To field often contains a name rather than the email address it was send to.

<HTML>
<BODY>
<?PHP
mail(‘bob@email.com’, ‘Test email’,
‘This is a test email’,
“To: Bob Jones <bob@email.com>\n” .
“From: Jane Jones <jane@email.com>\n” .
“cc: Another Person <another@email.com>\n” .
“Bcc: Yet Another <more@email.com\n>”);
?>
</BODY>
</HTML>

HTML Emails

The next stage is sending HTML email messages, this allows for standard HTML tags to be used when composing the message content. When sending a message in HTML it must be declared that is it HTML in the header of the email, this is done through both the Content-type: and MIME-Version headers’:

<HTML>
<BODY>
<?PHP
mail(‘bob@email.com’, ‘Test email’,
‘<html><body><b>Hello! World</b> \n <i>this is a test email</i></body></html>’,
“MIME-Version: 1.0\n” .
“Content-type: text/html; charset=iso-8859-1″);
?>
</BODY>
</HTML>

The MIME-Version (Mulitpurpose Internet Mail Extensions) header indicates that the email follows the internet standards, following that the Content-type header can declare the format being used; text/html; followed by the character set being used charset=iso-8859-1

Mixed Format Emails

Although the majority of email clients support HTML email messages, there are some that don’t. The mixed format ensures that the email clients that do support it see the HTML formatted message, where as the ones that don’t see a plain text version.

The technique involved is to actually send two versions of the message and rely on the email client to read and understand Content-Type: multipart/alternative; header which will make the client only display the supported version.

*** PHP code not fully completed yet ***

Emailing Attachments

Emailing file Attachments work in the same way that mixed format email messages do. The header Content-Type: multipart/mixed; is used and the message split into two parts; one the message and the other the file attachment(s).

This is more complicated than previous email examples, all the steps required are explained below. The examples assume that the email details including the file to be emailed have been submitted to the PHP page from another page.

$to = $_POST['to'];
$from = $_POST['from'];
$subject = $_POST['subject'];
$message = $_POST['message'];

Attributes of the file attachment

The first stage is to extract the required attributed from the file that has been passed. The file details in PHP are stored in an array named $_FILES which are extracted to variables.

// example: /tmp/phpfile12345 – tmp file name and loc where uploaded
$file_loc = $_FILES['fileatt']['tmp_name'];
// example: text/text – will vary depending on file type
$file_type = $_FILES['fileatt']['type'];
// example: mywork.txt – always the name of the file
$file_name = $_FILES['fileatt']['name'];

Extract data from file attachment

The data within the file is required to be placed into a variable then used Base64 encoding to convert (possible) binary data into text. The is_uploaded_file function is used to ensure that the file was in fact uploaded by an http get command, this helps to ensure no malicious activity.

if (is_uploaded_file($file_loc)) {
// Read the file in ‘rb’ read binary
$file = fopen($file_loc,’rb’);
$filedata = fread( $file (comma) filesize ($file_loc));
// Base64 encode the file data
$filedata = chunk_split(base64_encode($filedata));

The data is now in a format that is ready to be emailed, the next stage is producing the standard mail parameters.

Producing mail function

The basic mail parameters are set in the same manor, the diffrences come in the header and message parameters

The header parameter contains the MIME version, the Content-Type: multipart/mixed; declares that there will be an attachment, finally the boundary string (containing random text) is used as a marker to split the message into the two sections.

“\nMIME-Version: 1.0\n” .
“Content-Type: multipart/mixed;\n” .
” boundary=\”==Multipart_Boundary_x45985365x\”";

The message section starts with a declaration which MIME compatible email clients will not show, next is the Multipart Boundary string denoting the beginning of the first section. Following this the usual header information is declared, following by the desired message text.

“This is a multi-part message in MIME format. you should not see this\n\n” .
“–==Multipart_Boundary_x45985365x\n” .
“Content-Type: text/plain; charset=\”iso-8859-1\”\n” .
“Content-Transfer-Encoding: 7bit\n\n” .
“This is the message contents, there should be a file attached to this message”

After the text of the message, the next part is the message attachment which follows the same format as above.

“–==Multipart_Boundary_x45985365x\n” .
“Content-Type: {$file_type};\n” .
” name=\”{$file_} \n” .
“Content-Disposition: attachment;\n” .
” filename=\”{$file_name}\”\n” .
“Content-Transfer-Encoding: base64\n\n” .
$filedata . “\n\n” .
“–==Multipart_Boundary_x45985365x–\n”;

Then message should always have the message boundary string followed by – to signify the end.

To see the fully working source code, please see here

For more information on different MIME types see here
Many thanks to the tutorials where this information came from, W3Schools & PHP & sitepoint

The Dropbear SSH server and client supports industry standard SSH1 and SSH2 protocols and is available for various Linux distributions. Version 0.45 compiled for Debian PPC can be found here, this is what I have used as the SSH server for my Buffalo TeraStation.

The first step is to copy the files to the TeraStation, then extract them using the tar command

root@HD-HTGL113:/# cd /

root@HD-HTGL113:/# tar -xzf /mnt/array1/share/dropbear.tgz

The next step is optional, however in the interest of security recommended! This is to generate a new SSL public and private key for the server to use. Before we can do this the old keys need to be deleted

root@HD-HTGL113:/# rm /etc/dropbear/dropbear_rsa_host_key

root@HD-HTGL113:/# rm /etc/dropbear/dropbear_dss_host_key

root@HD-HTGL113:/# dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key

root@HD-HTGL113:/# dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key

The final step is to reboot the TeraStation, during startup the Dropbear SSH daemon will start. A recommended free SSH client to use is PuTTy

Cygwin is a Windows program that emulates a Linux like environment for your Windows PC, it is easy to install and provides modular approach to adding tools to the environment. The key to Cygwin working is the cygwin1.dll that gets installed, it provides a Linux API emulation layer for the applications that are specifically compiled for the Cygwin environment.

For more in-depth information into how the Cygwin application works see Cygwin

This article some key setup tips and how to configure what I find one the the most useful aspects; the SSH server with Cygwin.

Cygwin Tools in Windows Command Prompt

All of the default tools provided with Cygwin are very useful, however I did find my self trying to use Windows tools whilst in Cygwin and Linux tools whilst in Windows!

To solve this simply add the Cygwin bin folder (C:\cygwin\bin) into your Windows Path environment variable and there you go. From a command prompt you can use both the dir or ls commands depending on your mood.

Right Click on My Computer then select Properties

Choose Advanced then Environment Variables

Under System variables edit the variable Path and add the Cygwin bin folder,
i.e. ;c:\cygwin\bin

Setting-up SSH Access

When accessing you Windows PC remotely, it only supports full GUI access or unencrypted Telnet traffic. With Cygwin you can install the OpenSSH server which is an open source SSH connectivity tool supporting various well known featured including both SSH1 and SSH2 protocols.

The implementation below explains how to setup OpenSSH through Cygwin which will run a service on your Windows PC called CYGWIN sshd

Re-requisites required

When authenticating to your PC via SSH it will use the existing Windows user accounts to authenticate, the user account that you want to use must have a password set.
Ensure that Cygwin is installed along with the package called openssh

Add Environment Variables

Right Click on My Computer then select Properties

Choose Advanced then Environment Variables

Under System variables click New with the name of CYGWIN and a value of ntsec

Under System variables edit the variable Path and add the Cygwin bin folder, i.e. ;c:\cygwin\bin NB do not do this part again if you have already in the previous post.

SSH Host config

Open a Cgywin console and run command

ssh-host-config

When prompted, answer the following:

Privilege Separation answer yes

Create local user sshd answer yes

Install SSHD as a service answer yes

CYGWIN= answer ntsec

NB: The ntesc answer tells Cygwin to authenticate using the local Windows accounts

Start the SSH service to allow connections

The Windows service will default to start automatically every-time Windows starts, to start the service manually run one of the two commands

net start sshd
or
cygrunsrv –start sshd

Synchronise local Windows user information with Cygwin

Run the two commands from within Cygwin

mkpasswd –local > /etc/passwd

mkpasswd –group > /etc/group

Testing SSH Works

Use a SSH client such as PuTTy and then connect to localhost on port 22 (SSH Port)
Alternatively use the Cygwin SSH client:

cygwin# SSH user@localhost

NB: The port used by OpenSSH can be changed in the file c:\cygwin\ssh-host-config under port_number. After changing the port number you must re-start the CYGWIN sshd serivce for changes to come into effect.