Os2 Subsystem reinstall

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

As part of a hardening project I removed these registry keys:
HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\Optional
HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\Os2
HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\Posix
I did not delete any of the system32 subsystem files.
After doing so I come to find out that a documented DOS application is an Os2
application that runs in a DOS-like window.
Now I need to reinstall the Os2 subsystem portion. I have re-entered the
registry keys, restored the original computer settings with setup
security.inf, and deleted
any registry keys added as part of hardening but the application still does
not function. I get the DOS window with c:\winnt\system32\Os2.exe in the
Title Bar,
a cursor blinking in the upper left corner of the window, and that's all.
This is the same result as with the hardened configuration, so I am stumped
about what else to do.
Any suggestions would be greatly appreciated.
 
Did you create them as Reg_Expand_Sz strings?

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| As part of a hardening project I removed these registry keys:
| HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\Optional
| HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\Os2
| HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\Posix
| I did not delete any of the system32 subsystem files.
| After doing so I come to find out that a documented DOS application is an
Os2
| application that runs in a DOS-like window.
| Now I need to reinstall the Os2 subsystem portion. I have re-entered the
| registry keys, restored the original computer settings with setup
| security.inf, and deleted
| any registry keys added as part of hardening but the application still
does
| not function. I get the DOS window with c:\winnt\system32\Os2.exe in the
| Title Bar,
| a cursor blinking in the upper left corner of the window, and that's all.
| This is the same result as with the hardened configuration, so I am
stumped
| about what else to do.
| Any suggestions would be greatly appreciated.
 
Yes..
Here are the keys and values (comma delimited format). The optional key
viewed in HEX shows Os2 and Posix separated by CrLf.
Name,Type,Value,Last Time Written,Path
optional,REG_MULTI_SZ,Os2...!,,SYSTEM\CurrentControlSet\Control\Session
Manager\SubSystem
Os2,REG_EXPAND_SZ,%SystemRoot%\system32\os2ss.exe,,SYSTEM\CurrentControlSet\Control\Session Manager\SubSystem
posix,REG_EXPAND_SZ,%SystemRoot%\system32\psxss.exe,,SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems
 
In said:
Yes..
Here are the keys and values (comma delimited format). The
optional key viewed in HEX shows Os2 and Posix separated by CrLf.
Name,Type,Value,Last Time Written,Path
optional,REG_MULTI_SZ,Os2...!,,SYSTEM\CurrentControlSet\Control\Ses
sion Manager\SubSystems
Os2,REG_EXPAND_SZ,%SystemRoot%\system32\os2ss.exe,,SYSTEM\CurrentCo
ntrolSet\Control\Session Manager\SubSystems
posix,REG_EXPAND_SZ,%SystemRoot%\system32\psxss.exe,,SYSTEM\Current
ControlSet\Control\Session Manager\SubSystems

Dave Patrick said:
Did you create them as Reg_Expand_Sz strings?

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| As part of a hardening project I removed these registry keys:
| HKLM\System\CurrentControlSet\Control\Session
| Manager\SubSystems\Optional
| HKLM\System\CurrentControlSet\Control\Session
| Manager\SubSystems\Os2
| HKLM\System\CurrentControlSet\Control\Session
| Manager\SubSystems\Posix I did not delete any of the system32
| subsystem files. After doing so I come to find out that a
| documented DOS application is an
Os2
| application that runs in a DOS-like window.
| Now I need to reinstall the Os2 subsystem portion. I have
| re-entered the registry keys, restored the original computer
| settings with setup security.inf, and deleted
| any registry keys added as part of hardening but the
| application still
does
| not function. I get the DOS window with
| c:\winnt\system32\Os2.exe in the Title Bar,
| a cursor blinking in the upper left corner of the window, and
| that's all. This is the same result as with the hardened
| configuration, so I am
stumped
| about what else to do.
| Any suggestions would be greatly appreciated.
Click to expand...
Click to expand...

I'll guess you REG_MULTI_SZ is not correct.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
\SubSystems
Debug REG_EXPAND_SZ
Kmode REG_EXPAND_SZ %SystemRoot%\system32\win32k.sys
Optional REG_MULTI_SZ Os2\0Posix\0\0
Os2 REG_EXPAND_SZ %SystemRoot%\system32\os2ss.exe
Posix REG_EXPAND_SZ %SystemRoot%\system32\psxss.exe
Required REG_MULTI_SZ Debug\0Windows\0\0
(W2K)

There are Nul terminators for each string and one to end the data

Hex:
4F0073003200000050006F0073006900780000000000
 
That was it.
Thanks for your assistance.
Ted.

Mark V said:
In said:
Yes..
Here are the keys and values (comma delimited format). The
optional key viewed in HEX shows Os2 and Posix separated by CrLf.
Name,Type,Value,Last Time Written,Path
optional,REG_MULTI_SZ,Os2...!,,SYSTEM\CurrentControlSet\Control\Ses
sion Manager\SubSystems
Os2,REG_EXPAND_SZ,%SystemRoot%\system32\os2ss.exe,,SYSTEM\CurrentCo
ntrolSet\Control\Session Manager\SubSystems
posix,REG_EXPAND_SZ,%SystemRoot%\system32\psxss.exe,,SYSTEM\Current
ControlSet\Control\Session Manager\SubSystems

Dave Patrick said:
Did you create them as Reg_Expand_Sz strings?

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| As part of a hardening project I removed these registry keys:
| HKLM\System\CurrentControlSet\Control\Session
| Manager\SubSystems\Optional
| HKLM\System\CurrentControlSet\Control\Session
| Manager\SubSystems\Os2
| HKLM\System\CurrentControlSet\Control\Session
| Manager\SubSystems\Posix I did not delete any of the system32
| subsystem files. After doing so I come to find out that a
| documented DOS application is an
Os2
| application that runs in a DOS-like window.
| Now I need to reinstall the Os2 subsystem portion. I have
| re-entered the registry keys, restored the original computer
| settings with setup security.inf, and deleted
| any registry keys added as part of hardening but the
| application still
does
| not function. I get the DOS window with
| c:\winnt\system32\Os2.exe in the Title Bar,
| a cursor blinking in the upper left corner of the window, and
| that's all. This is the same result as with the hardened
| configuration, so I am
stumped
| about what else to do.
| Any suggestions would be greatly appreciated.
Click to expand...
Click to expand...

I'll guess you REG_MULTI_SZ is not correct.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
\SubSystems
Debug REG_EXPAND_SZ
Kmode REG_EXPAND_SZ %SystemRoot%\system32\win32k.sys
Optional REG_MULTI_SZ Os2\0Posix\0\0
Os2 REG_EXPAND_SZ %SystemRoot%\system32\os2ss.exe
Posix REG_EXPAND_SZ %SystemRoot%\system32\psxss.exe
Required REG_MULTI_SZ Debug\0Windows\0\0
(W2K)

There are Nul terminators for each string and one to end the data

Hex:
4F0073003200000050006F0073006900780000000000
Click to expand...
 
Back
Top