InfoSec News

In my work, I connect to routers switches, firewalls and other network gear daily. Since laptops no longer come with serial ports (who exactly decided that this was a good idea?), this means that I use USB to serial port adapters. In fact, I've got a nice collection of these things in the laptop bag - some work better than others for various functions (some do a better job at serial packet capture for instance), but the one thing most of them have in common is that when you plug them in, they'll pick some random serial port to use.



So if I'm working on a router or switch, I plug a dongle in, and then have to fire up windows device manager to go hunting and find out which serial port it got assigned. This is an exercise of several mouse clicks. While I've gotten pretty quick at this over the years, frankly I'm tired of it.



My thought was - there's got to be a way to do this from the command line with WMIC. WMIC gives you a unique access to the internals of Microsoft Windows, is available for or is native to all modern Windows Platforms, and is usually very simple to figure out. Not today though, after 20 minutes of effort, one script prints the first COM port, the other catches the physical COM ports but not the USB ones. So, in the best sysadmin tradition, after 20 minutes, Ive (temporarily) given up on WMIC for this and decided to try a different approach.



This 1 line script will echo the serial ports on your machine, and what they are assigned to. It uses the Microsoft REGDUMP command (this used to be part of the Windows Resource Kit, now part of the Microsoft Logo Tools available from http://download.microsoft.com). It's a simple show me the reg keys script.



COMLIST.CMD



@echo off

regdump -r HKEY_LOCAL_MACHINEHARDWAREDEVICEMAPSERIALCOMM | find =
So, a test run with 2 dongles plugged in on my laptop looks like:



C:comlist

DeviceAgereModem5=(REG_SZ)COM3

DeviceProlificSerial0=(REG_SZ)COM8

DeviceProlificSerial1=(REG_SZ)COM11




It ain't pretty, but it finds what I need.



The downside of the approach I took here is that you need REGDUMP. If I'm using a customer's computer (this is sometimes the case), I need to fall back on the go look in device manager approach. If anyone out there is having better luck using WMIC for this than I have, by all means post your (better than mine)solution to the comments section !



So what can else do we find in the Microsoft Logo Testing kit?



First of all, our two friends REGDUMP and REGDIFF

RegDump - Dumps specific registry keys, or the entire registry

RegDiff - Compares the two files before and after an operation to give you differences (I generally use REGDIFF against two REGDUMP files, hence the name)

Restart Manager - Allows you to stop most processes in Windows (except for critical system processes) by injecting a shutdown message using the rmshutdown api more info on this tool here http://msdn.microsoft.com/en-us/library/aa373524%28v=vs.85%29.aspx

RollBack a set of tools to assist in rolling back an application install (to test the error recovery within an application install MSI file)

ThreadHijacker - Allows you to crash a process by pausing a process thread, inject binary data into its address space, then resuming it. Again, this is used to measure the robustness of applications.


=============== Rob VandenBrink Metafore =============== (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 


Internet Storm Center Infocon Status