Windows Live Messenger Shows Contacts as Offline When They Are Really Online and You Cannot Send Offline Instant Messages to those Contacts

November 7, 2010

Recently I discovered a strange phenomenon under Windows Live Messenger 2011 (and it apparently also affects Windows Live Messenger 2010 as well). Some of your contacts will always be shown as being in “Offline” status when they are actually online (they show up as Online in other Messenger clients). You can receive instant messages from them, and messages sent to them from other clients also show up in the instant message windows of Windows Live Messenger 2011. When you attempt to send them an offline instant message, it reports: “The following message could not be delivered to all recipients”, and fails to send it it.

My wife is usually logged into a Windows Live Messenger instance through her cell phone carrier, and I often use Windows Live Messenger to send messages to her cell phone. For the past week or so my copy of Windows Live has shown her as Offline and failed to send her offline instant messages, which I initially thought to be a problem with her cell phone carrier’s system. When I started receiving messages from her which I could not reply to, I opened up Windows Live Web Messenger and verified that she was actually online the whole time. Web Messenger could also send her instant messages, which oddly enough would show up in the Windows Live Messenger 2011 instant message window.

I suspect that it is most likely a problem between the Windows Live servers and different versions of the Messenger protocol.

In the case of my wife’s account, I think her cell phone carrier’s software is using the old Messenger protocol, and it is somehow not being properly linked to the Windows Live servers (and ultimately clients) using the new protocol. Windows Live Web Messenger probably uses the old protocol.

The only solution seems to be to use a client which uses the older Messenger protocol.

You can use Windows Live Web Messenger which has no problems. The online version of Windows Live Messenger which is integrated into Windows Hotmail doesn’t work as it seems to (at least on my system). You can install Windows Messenger alongside MSN/Windows Live Messenger. It is lacking a lot of features and doesn’t always work well…but it is handy for situations where MSN/Windows Live Messenger is not working. You can download Windows Messenger 5.1.0701 here. To install it under Windows Vista or Windows 7 you will need to use a workaround or disable UAC to get the messenger.msi file to install correctly.

How to Remove a Network Driver that Locks Up Device Manager When You Attempt to Uninstall It

August 20, 2010

A typical fix for networking issues in Windows XP is to uninstall the device in Device Manager and then have Windows reinstall it by selecting “Scan for Hardware Changes”. Under Windows Vista and Windows 7 the network troubleshooter will do this automatically if you choose to reset the network driver. I don’t know the exact reasoning, but I suspect it is because of the interaction with the NDIS miniport driver.

Sometimes there is a problem with the drivers and they simply will not uninstall. When you try to uninstall or disable the device, Device Manager will stop responding until the end of time (or until you end the task). You can re-open Device Manager and try as many times as you like, but the same thing will happen every time. Afterwards Windows will usually also hang during the shut down process and never complete it.

The broken driver most likely has an outstanding IRP request which it never completes or cancels.

When I was doing contractor work one of my clients was specifically having this problem with the Intel wireless drivers on a lot of their systems. The driver could not be updated or reinstalled with Intel’s installer either, as it would also stop responding.

The solution is to disable the driver’s service entry so that Windows does not load it at all, and it will no longer have any open IRP requests which prevent it from being removed.

The first step is to obtain the name of the driver’s service entry. You can do this easily if you open the device’s properties in Device Manager and select the “Details” tab (other tabs may cause Device Manager to stop responding if you click them, but Details will work). Select “Service” from the drop down list in the middle of the Details property page. If you can’t access the Details tab in Device Manager, you can also use the command: ‘sc query type= driver group= NDIS’ to display all of the network drivers on your system along with their service name and obtain it from there.

Once that’s done open the system Registry Editor (regedit.exe) and navigate to: ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services’. Expand the ‘Services’ tree and look for a subkey underneath it with the driver service name we located in the step above. Select the driver service subkey and there will be a DWORD entry inside it named “Start”. Double click the “Start” entry and set it’s value to the number ‘4’ (decimal). Setting the value to 4 disables the service on startup.

After you reboot the system, the device should appear in Device Manager with a bang and you should have no problem uninstalling it.

Adding Custom Entries to the Windows Components Wizard in Windows XP

June 3, 2010

About the Windows Component Wizard

The Windows Component Wizard can be accessed from inside the “Add or Remove Programs” control panel (appwiz.cpl) in Windows XP. On the left hand side of the control panel (in the grey band) is a button to “Add/Remove Windows Components”, which will launch the Windows Components Wizard.

The wizard provides and manages a list Windows components and component groups which can be selected for installation or removal. Each item can be checked or uncheck to control it’s installation status. Once the user has selected the configuration they want, they can click the “Next” button and the wizard will perform all of the chosen installation or removal tasks.

About the Sysoc.inf File

All of the entries which are displayed in the Wizard are contained in the file “sysoc.inf” which is stored under the %WinDir%\INF directory (The INF directory may be hidden on some systems, but you can quickly open it by typing “INF” in the Run box).

Many people who tweak XP will recognize this file, as it has hidden components which are not listed in the Wizard (like Windows Messenger) which can be made visible by editing the entries in this file (and then removed using the wizard).

The file can also be used by the System Stand-Alone Component Manager (SYSOCMGR.EXE) tool which is included with Windows 2000 or higher for the unattended addition or removal of Windows components.

The Sysoc.inf Entries

If you open up the file you will see a bunch of INF code. INF is an installation scripting language which looks much more complicated than it actually is. If you’d like to learn about INF files, MSDN has some good documentation here.

Inside the file will be a [Version] section which we don’t have to worry about. The section we want to look at is [Components]. Those are the entries which form the root listing of the Components Wizard.

Each entry will have the following format:

[Component]=[DLL Name],[DLL Entry Point],[INF File],[hide],[Number]

Component is the internal name which is used to reference the component in the INF files. I’m not 100% sure what the  DLL name and entry point are for (probably setup procedures). The INF file is a separate INF which contains the component details and installation script. The hide entry is used to hide the item in the Wizard, or is left empty when the item is visible. I don’t know what the last number is for either, it usually is 7. All of the values are required except ‘hide’.

For example, in the line for Windows Messenger:


‘msmsgs’ is the internal name which is used to refer to the component within the INF files. msgrocm.dll and OcEntry are the DLL file and entry point. The next item is the INF file (msmsgs.inf) which contains the component’s information and installation code. The hide entry means it will not show up in the Component Wizard. Finally, there is the number 7.

The Component INF Entries

If you open up one of the component INF files which is referenced in sysoc.inf, you will see INF code which describes the component or group, and the code which is used to install or remove the component.

The first section that is unique is [OptionalComponents]. This section contains all of the internal component names, with the first being the top level option, and all of it’s child components after. I believe this defines the items in a group, but have not confirmed it yet.

The component name used in the sysoc.inf line will be the name of the section which contains the component information. For example, the Windows Messenger line listed above specifies the component name as ‘msmsgs’, That means the messenger component’s information will be found under the [msmsgs] section in the msmsgs.inf file.

Under the component’s section will be several directives. The following directives control what is displayed under the Component Wizard:

OptionDesc Display name of the component.
Tip Description of the component.
Uninstall The INF section used to uninstall component.
InstallType Number (Don’t know what it means)
IconIndex Index of icon within a Windows DLL (shell32.dll?)
Modes Comma separated numbers (don’t know)
SizeApproximation Approximate size (in bytes) of installation.
Parent Name of parent group.

The remaining section lines are standard INF directives which are used for the component’s installation process.

After you look at a couple of the component INF’s you should get a decent idea of how they work. Now we move on to:

Adding Your Own Entries

In order to add your own components you will first need to add a new entry under the [Components] section of sysoc.inf.

WARNING: If you edit the sysoc.inf file incorrectly, it will cause the Windows Components Wizard to crash or close unexpectedly. Make sure you backup the sysoc.inf file (or any others) before you modify them.

You can add your entry anywhere under the [Components] section. Make sure your component name is unique. For the DLL name and entry point you can use “ocgen.dll” and “OcEntry”. Some of the others can cause crashes, but I have used OcEntry many times and have had no problems. It may even be a dummy function call, many other items in sysoc.inf use it. Enter the name of your component’s INF file. You can include your component section within an existing INF file, or create a new one. You can leave the next value empty, or put in “hide” if you want it to be hidden. For the final value put 7.

Here’s an example of a custom component sysoc entry to install the Visual Basic 1.0 runtime library:


After that you will need to create your component’s section in the specified INF file and set it’s options. If you are creating a new INF file for your component you will need to also have the [Versions] section with the Signature=”$WINDOWS NT$” directive as a minimum. You should be able to test it in the wizard at this point to see how it looks. The final steps will be to write the installation code and make sure it all works.

For our example component, here’s the INF:

Signature = $WINDOWS NT$


OptionDesc = %CAPTION%
Tip = %INFO%
Uninstall = vbrun10_uninstall
IconIndex = 34
Modes = 0,1,2,3
SizeApproximation = 151552
CopyFiles = vbrun10_copyfiles



CAPTION = "Visual Basic 1.0 Runtime"
INFO = "Allows you to run Visual Basic 1.0 applications."

Bypassing the Annoying Policy Settings on My Workstation

June 3, 2010

A lot of people in IT complain about Windows being unstable and insecure, but they probably aren’t running the system in a correct and secure fashion. I found a perfect example of this while I was working for a major PC manufacturer not too long ago. I had a workstation that was locked down with the absolute worst policy settings. Obviously some admin just went nuts with the policy editor, while having no clue about actual Windows security.

First off, the ‘Run’ menu was disabled. I hate when people do this because I honestly use the Run box for launching everything in Windows…even Word. Let me tell you now…disabling the ‘Run’ menu does nothing for security at all. You have to secure the system by properly restricting a user’s access so that their commands can’t do anything harmful. Disabling the box they use to launch the commands provides no security at all. There’s a million other ways to get the system to execute commands.

Getting around it on my workstation was as easy as launching CMD.EXE from a shortcut and using the ‘start’ command (which works almost exactly like the Run box).

Even if CMD.EXE had been unavailable, I could have easily written a short VBScript that passes the contents of an InputBox to the Windows Script Host’s Run command.

The second useless policy was the one that wouldn’t let me open my C: or C:\Windows folder by double-clicking them from Explorer. Yes you read right, the admin didn’t secure the disk/file/folder permissions, he just set the policy which prevents people from opening them directly under the “My Computer” icon.

So I could still use commands like “explorer /root,C:\”, which would cause Explorer to happily display the hard disk contents in a new window (more info on Explorer’s command line options is available here). Of course I could also freely manipulate the files from CMD.EXE or any application’s open dialog as well.

The only setting which was an actual hurdle was the policy setting which prevented me from running the system registry editor. There was no clever built-in hack that I could use to bypass this setting. I was still able to easily get around it however. I simply downloaded a third party registry editor which didn’t acknowledge the policy setting.

In fact, there are many available stand-alone Windows applications which can replace the Windows functionality that the above policies had disabled. If you browse a site like Shell Extension City, you’ll find software that would adequately bypass all of them.

I guess the point of this post is to show how easy it is to get around on Windows when it’s not secured properly. Windows policies can be very powerful when used correctly…but they should never be the first and only line of defense on your systems!

Workaround for Missing Summary Tab in Vista File Properties: Virtual PC & Windows XP

March 19, 2010


In Windows 2000, XP and Server 2003 if you open the properties of any files stored on an NTFS volume, there is a summary tab which allows you to enter some basic information about the file.

The property page would provide the following fields: Title, Subject, Author, Category, Keywords, Comments, Source, and Revision Number. Each of the fields would accept a text value which could be used to describe and “tag” the file.

The columns can be added to the details view in Explorer, which allowed for easy viewing and sorting based on the information. The Windows Search service also indexes the information so it can be used in searches.

The Changes in Vista:

In Windows Vista and newer versions of Windows, the Summary tab has been removed from the file properties, and you cannot edit the properties with Explorer. The Details view columns also no longer work with the Summary information.

Vista supports tagging files as long as the tags are stored internally within the file itself. You can tag files like MP3, JPG, and DOC through the Details pane and properties dialog because the tags are written into the file itself. File formats which do not support internal tags cannot be tagged.

Previously, the summary content and many other pieces of metadata were stored in NTFS alternate data streams.

About Alternate Data Streams:

NTFS supports a feature called alternate data streams (ADS). Alternate data streams allow data to be attached to a file, but stored in a separate “fork” on the file system. This allows you to store data such as comments along with a file, without modifying the file itself.

For example, when you download an executable file, Windows creates a stream named “Zone.Identifier” with content like:


When you open the executable file, Windows checks for the stream and pops up the downloaded program warning dialog when it is present.

The problem is that other file systems do not support ADS, and many applications are not ADS aware. If you set the summary information on a file and send it to someone over the internet, the alternate streams will not be copied. The same thing will happen when it’s copied to a flash drive, camera, or music player, which usually use the FAT file system.

In order to avoid the issue of the metadata being lost, Microsoft decided that they would drop support for tagging through ADS.

Use Windows XP as a Workaround:

If you have existing summary information it will still be present on the file system.

The workaround is to use Windows XP to set the information on the files. XP can access the properties of files on network shares and set the Summary information.

Using Virtual PC:

If you don’t have a spare system running XP, you can use Virtual PC. You can download and install Virtual PC 2007 from Microsoft for free. You will need a Windows XP installation disc or ISO image and a product key to install on Virtual PC.

Once you have Virtual PC installed, you need to setup a new virtual machine. Most of the default options VPC selects for Windows XP should be fine, but you’ll probably want to set the virtual hard disk file’s size to be lower (VPC selects a large size by default, but XP should easily fit in under 5GB). Start the virtual machine and insert the XP disc (or select CD->Capture ISO Image from the menu if you have an ISO), it should boot the CD and allow you to install XP.

Once XP is installed, it can share your network adapter and connect to your network. The VPC additions allow for shared folders between the host and virtual system, but you will not be able to set the summary information over them. You must connect over Windows file sharing.

Sharing The Files Between Systems:

Share the files on your Vista system. You may have to enable file sharing through the Network and Sharing center first. You will also need to make sure the XP user has sufficient privileges to write to the share. To simplify the login/permissions process, give your XP user the same user name and password as your Vista user account.

You can do this from an elevated command prompt using the net command:

net share <share name>=”<path>” /GRANT:”<user name>”,FULL

Then to map it from your XP machine, you could use:

net use <drive>: \\<computer name>\<share name>

net use <drive>: \\<IP address>\<share name>

For example, I could share my pictures with this command:

net share pix=”C:\Users\Me\Pictures” /GRANT:”XP User”,FULL

and then map it as x: in My Computer on the VPC using:

net use x: \\VISTAPC\pix

Additional Details:

Viewing the Summary Stream Names:

There are many third party tools for working with ADS. Windows Vista also has added support for ADS in some of it’s tools like ‘dir’.

If we set the Summary information for a file (test.txt) we can use “dir /r” on Vista to see all of it’s attached data streams:

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

S:\Software>dir *.txt /r
Volume in drive S is Software
Volume Serial Number is 0000-0000

Directory of S:\Software

03/19/2010 03:16 AM 0 Test.txt
120 Test.txt:♣DocumentSummaryInformation:$DAT
220 Test.txt:♣SummaryInformation:$DATA
0 Test.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb
1 File(s) 0 bytes
0 Dir(s) 483,427,966,976 bytes free


We can try to view the contents of an ADS stream using MORE: (This doesn’t always work very well)

S:\>more < "Test.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}"