The win8 dnsapi.dll, ms domains & hosts file thing...

Discussion in 'Windows 8' started by pjoter, Nov 2, 2014.

  1. pjoter

    pjoter MDL Novice

    Nov 2, 2014
    49
    29
    0
    #1 pjoter, Nov 2, 2014
    Last edited by a moderator: Apr 20, 2017
  2. MrMagic

    MrMagic MDL Guru

    Feb 13, 2012
    5,706
    3,711
    180
    Interesting, but why would you want to block all MS domains ?
     
  3. pjoter

    pjoter MDL Novice

    Nov 2, 2014
    49
    29
    0
    Because I'm a hipster who only likes his Windows unplugged, yeah man!
     
  4. MrMagic

    MrMagic MDL Guru

    Feb 13, 2012
    5,706
    3,711
    180
    If it's unplugged, you have no worries about it connecting to MS domains anyway :biggrin3:
     
  5. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    7,401
    23,064
    240
    You mean unplagued :D
     
  6. CODYQX4

    CODYQX4 MDL Developer

    Sep 4, 2009
    4,801
    44,951
    150
    Can't a firewall block all this (obviously not Windows Firewall)?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. pjoter

    pjoter MDL Novice

    Nov 2, 2014
    49
    29
    0
    Unicode? I can't believe unicode derailed my L33T hacking, doh...

    Well that's it, thanks, and even in Win 10 TP, now take that telemetry!
     
  8. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,029
    60
    I agree with cody as I really don't wanna hack the dnsapi lol

    I'll look more into this as I upgraded my reversing software a little bit.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,078
    60
    #13 Mr Jinje, Nov 3, 2014
    Last edited by a moderator: Apr 20, 2017
  10. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,029
    60
    I'll make the one for Windows 10 however we are just editing out the sites related to microsoft and not the windows update ones.

    The Windows update ones are vital to the OS functioning properly.

    Do we want to implement this on the script by having a pre-modified one that is not editing by the script?

    We will need to stop the wmi service along with the network service then start those back up.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,078
    60
    Are you kidding me, if we don't trust Microsoft with our telemetry data, why would we trust them to 'update' our software all willy nilly each month. This is for the paranoid among us, those of us who remove windows updates capabilities from our wim's.

    Does this actually need to be part of the telemetry thing ? I thought we agreed that once telemetry is disabled it becomes a moot point since no telemetry connections will be attempted, therefore no need to mess with DNSAPI.dll (from a telemetry stand-point). EDIT: But that could be an optional item for the app to do.
     
  12. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,029
    60
    That's why we have two options in the script so that we can have a full disable option and a lite disable option. Now that I have a bit of time we can take the time to update it a little :p
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. CODYQX4

    CODYQX4 MDL Developer

    Sep 4, 2009
    4,801
    44,951
    150
    Just an idea, if for whatever reason we needed to block these and hosts is no-go and we don't want to hack DLLs.

    Could a local proxy or DNS server force them to localhost? I mean all I see is domains, and it reverts the hosts, but it doesn't store IP info so if I ran my own local DNS (or OpenDNS), I could make all MS IPs go to Google for s**ts and grins right?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,029
    60
    If you truly wanted to be a dick since the host file is processed before the hard coded lines you could redirect the microsoft.com dns to another one in the host file.

    Then the hard coded IPs would go to the address you pointed out in the host file.

    You could type it in the following manner:

    microsoft.com google.com
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,078
    60
    Yes, but that requires a second machine / device on the network under your control. This would allow you to plug your laptop into any unsecure network (in theory) and allow hosts to blacklist.
     
  16. Smorgan

    Smorgan Glitcher

    Mar 25, 2010
    1,854
    1,029
    60
    Well what about positioning that in the router via port forwarding?

    Just a thought.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...