Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

explorer.exe fails to initialize (0xc00000ba)


  • Please log in to reply

#31
cso

cso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
perms.txt:
SteelWerX Extended Configuration Access Control Lists Beta 2
Written by Bobbi Flekman 2006 (C)
*******************************************************************************
File: C:\WINDOWS\explorer.exe

DACL Information:
Revision:	   2
Number of ACEs: 5
Bytes in use:   136
Bytes free:	 0

Controlflags ************************************
  SE_DACL_PRESENT		  SE_DACL_AUTO_INHERITED   
  SE_SELF_RELATIVE		 

ACE # (Type): 0 (ACCESS_ALLOWED_ACE_TYPE)
		Size: 24
User: Users (LINBURN-01\Users)
 SID: S-1-5-32-545
Flags ************************************
  INHERITED_ACE			  
Mask  ************************************
  FILE_READ_DATA		   FILE_READ_EA			 FILE_EXECUTE			 
  FILE_READ_ATTRIBUTES	 READ_CONTROL			 SYNCHRONIZE			  
  STANDARD_RIGHTS_READ	 STANDARD_RIGHTS_WRITE	STANDARD_RIGHTS_EXECUTE  

ACE # (Type): 1 (ACCESS_ALLOWED_ACE_TYPE)
		Size: 24
User: Power Users (LINBURN-01\Power Users)
 SID: S-1-5-32-547
Flags ************************************
  INHERITED_ACE			  
Mask  ************************************
  FILE_READ_DATA		   FILE_WRITE_DATA		  FILE_APPEND_DATA		 
  FILE_READ_EA			 FILE_WRITE_EA			FILE_EXECUTE			 
  FILE_READ_ATTRIBUTES	 FILE_WRITE_ATTRIBUTES	DELETE				   
  READ_CONTROL			 SYNCHRONIZE			  STANDARD_RIGHTS_READ	 
  STANDARD_RIGHTS_WRITE	STANDARD_RIGHTS_EXECUTE  

ACE # (Type): 2 (ACCESS_ALLOWED_ACE_TYPE)
		Size: 24
User: Administrators (LINBURN-01\Administrators)
 SID: S-1-5-32-544
Flags ************************************
  INHERITED_ACE			  
Mask  ************************************
  FILE_READ_DATA		   FILE_WRITE_DATA		  FILE_APPEND_DATA		 
  FILE_READ_EA			 FILE_WRITE_EA			FILE_EXECUTE			 
  FILE_DELETE_CHILD		FILE_READ_ATTRIBUTES	 FILE_WRITE_ATTRIBUTES	
  DELETE				   READ_CONTROL			 WRITE_DAC				
  WRITE_OWNER			  STANDARD_RIGHTS_REQUIRED SYNCHRONIZE			  
  STANDARD_RIGHTS_READ	 STANDARD_RIGHTS_WRITE	STANDARD_RIGHTS_EXECUTE  

ACE # (Type): 3 (ACCESS_ALLOWED_ACE_TYPE)
		Size: 20
User: SYSTEM (NT AUTHORITY\SYSTEM)
 SID: S-1-5-18
Flags ************************************
  INHERITED_ACE			  
Mask  ************************************
  FILE_READ_DATA		   FILE_WRITE_DATA		  FILE_APPEND_DATA		 
  FILE_READ_EA			 FILE_WRITE_EA			FILE_EXECUTE			 
  FILE_DELETE_CHILD		FILE_READ_ATTRIBUTES	 FILE_WRITE_ATTRIBUTES	
  DELETE				   READ_CONTROL			 WRITE_DAC				
  WRITE_OWNER			  STANDARD_RIGHTS_REQUIRED SYNCHRONIZE			  
  STANDARD_RIGHTS_READ	 STANDARD_RIGHTS_WRITE	STANDARD_RIGHTS_EXECUTE  

ACE # (Type): 4 (ACCESS_ALLOWED_ACE_TYPE)
		Size: 36
User: S-1-5-21-1292428093-1957994488-725345543-1003 (\S-1-5-21-1292428093-1957994488-725345543-1003)
 SID: S-1-5-21-1292428093-1957994488-725345543-1003
Flags ************************************
  INHERITED_ACE			  
Mask  ************************************
  FILE_READ_DATA		   FILE_WRITE_DATA		  FILE_APPEND_DATA		 
  FILE_READ_EA			 FILE_WRITE_EA			FILE_EXECUTE			 
  FILE_DELETE_CHILD		FILE_READ_ATTRIBUTES	 FILE_WRITE_ATTRIBUTES	
  DELETE				   READ_CONTROL			 WRITE_DAC				
  WRITE_OWNER			  STANDARD_RIGHTS_REQUIRED SYNCHRONIZE			  
  STANDARD_RIGHTS_READ	 STANDARD_RIGHTS_WRITE	STANDARD_RIGHTS_EXECUTE  


No Auditing set

Owner: S-1-5-21-1292428093-1957994488-725345543-1003 (\S-1-5-21-1292428093-1957994488-725345543-1003)
As for the btw (by the way) comment I meant that although a files.txt was successfully created by the 'dir %Systemdrive%\explorer.* ...' command from a previous post it generated a 'file not found' message as it did so.

Cheers!
  • 0

Advertisements


#32
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Thanks. The account you are working under is has Administrator rights I assume?

I'm asking someone to look at the output, so a definite answer could take a bit.

Regards,
  • 0

#33
cso

cso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Yes, the account has admin privs.
Thanks for your help.
  • 0

#34
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Hi cso,

Another test. Can you find C:\WINDOWS\explorer.exe
and rename it to sesame.exe ?
Then doubleclick it and let us know what happens.

In the same folder you will see a file called explorer (the extension is .scf but hidden)
Doubleclick that file as well and let us know what happens.

Thanks,
  • 0

#35
cso

cso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello,
c:\windows\sesame.exe starts an explorer on My Documents.
c:\windows\explorer.scf starts an explorer on C:.
Cheers
  • 0

#36
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts

Hello,
c:\windows\sesame.exe starts an explorer on My Documents.
c:\windows\explorer.scf starts an explorer on C:.
Cheers


Thanks.
And if you rename explorer.exe (now sesame.exe) to explorer.com
What happens then if you doubleclick it?

This is a nice puzzle, now that your computer is in working order again. :whistling:
  • 0

#37
cso

cso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
(explorer.exe is back; I assume from dllcache)
The .com opens an explorer on My Documents.
Hmm, I thought .coms had to be tiny model (<64k)?
  • 0

#38
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Not anymore as far as I know.

I'm no programmer, but you can rename most exe files to .com without suffering any consequences.
As, unfortunately a lot of malware writers have found out, if you do not specify the extension the .com file will get executed first.
  • 0

#39
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Explanation from a programmer:

The difference between .COM and .EXE is that a .COM file is a direct memory layout. When started it will occupy the memory in exactly the same order as the binary contents of the file. Because this hinders intelligent things like swapping memory to disc and using direct access to hard discs and other stuff, the .EXE file format was created. Fortunately Windows does not look at the name to execute programs, but at the internal layout of it, so renaming an .EXE to .COM will always work.


He also asked if you have done anything with the user-accounts on the computer?
The export from SWXCACLS (which is his work) looks as if a useraccount has been deleted or some other strange things have happened to it, because the computer doesn't seem to have a name for a useraccount that matches the SID.

Regards,
  • 0

#40
cso

cso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello again,
I'm about the fourth main user of this machine in the last three years and at some point it has been a shared resource. I created the account I use on it when I started here about a year ago. It is badly in need of scrapping but there is quite a lot of 'historic' software and data on it that I've been slowly reconciling, backup-up and ensuring I can reinstall or recreate elsewhere. This whole incident has reinforced for me how important it is to do that. Do I need NewSID or somesuch?
Thanks.
  • 0

Advertisements


#41
cso

cso

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
PS
Is that the same Bobbi Flekman who was in This is Spinal Tap?
Cheers
  • 0

#42
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,945 posts
Hmmm. I'd have to ask.

Maybe he'll be kind enough to join this thread. :whistling:
  • 0

#43
Bobbi Flekman

Bobbi Flekman

    The Computer Whisperer

  • Expert
  • 3,761 posts
  • MVP

PS
Is that the same Bobbi Flekman who was in This is Spinal Tap?
Cheers

Yep... That's where I stole my name from. :whistling: I didn't want to take the real well known names like Nigel Tufnel, and Bruno (the driver) was a little too obscure for my taste.

You don't need NewSID for this. It might even create additional problems because internally a SID is all you are to a computer. When strange things happen, you can claim ownership of the file/folder with an account belonging to the Administrator's group and change permissions.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP