(Just for my references)
Environment:
1. MacBook Pro 2019 Intel
2. MacOS: Ventura 13.0
3. Activity Monitor
Symptoms
When opening the Activity Monitor, the “Process name” column was too width, and it is very hard to see other columns.
Solution
1. Open terminal
2. Run command: rm -f ~/Library/Preferences/com.apple.ActivityMonitor.plist
(Just for my references)
Environment:
1. MacBook Pro 2019 Intel
2. MacOS: Ventura 13.0
3. Citrix Workspace: version 22.10.0.44(2210)
Symptoms
Citrix Workspace always automatically run and pop up the login window during every reboot. And there is no option on the GUI to disable it.
This is ridiculous because user won’t use it all the time.
Solution
1. Go to folder /Library/LaunchAgents: cd /Library/LaunchAgents
2. List the Citrix plist files: ls -l com.citrix.*
3. To be on the safe side, copy these plist files to a backup location: cp ./com.citrix.* ~/Downloads/citrix_backup
4. Delete 1 file: sudo rm -f com.citrix.ReceiverHelper.plist
5. Edit com.citrix.safariadapter.plist : sudo vi com.citrix.safariadapter.plist
6. Find the value “RunAtLoad”, change it to “false”
7. Reboot and the pop up window should be gone.
1. Windows 11 Pro 21H2
1. Create a hidden text file
2. Create an embedded hidden executable file
3. Run the hidden executable file
Below command create a normal text file
C:\temp>echo This is Normal Text. > normal.txt
C:\temp>type normal.txt
This is Normal Text.
Below command create hidden text using stream
C:\temp>echo This is hidden text. > normal.txt:hidden.txt
C:\temp>type normal.txt
This is Normal Text.
Type command cannot show the hidden text
C:\temp>type normal.txt:hidden.txt
The filename, directory name, or volume label syntax is incorrect.
Dir command won’t show the hidden file
C:\temp>dir
Volume in drive C has no label.
Volume Serial Number is 64AD-2FC5
Directory of C:\temp
10/18/2022 02:14 PM <DIR> .
10/18/2022 02:14 PM 23 normal.txt
1 File(s) 23 bytes
1 Dir(s) 56,873,701,376 bytes free
Use “dir /R” to show the hidden file
/R Display alternate data streams of the file.
C:\temp>dir /R
Volume in drive C has no label.
Volume Serial Number is 64AD-2FC5
Directory of C:\temp
10/18/2022 02:14 PM <DIR> .
10/18/2022 02:14 PM 23 normal.txt
23 normal.txt:hidden.txt:$DATA
1 File(s) 23 bytes
1 Dir(s) 56,873,701,376 bytes free
Use notepad to show the hidden text
C:\temp>notepad normal.txt:hidden.txt
Delete the normal.txt will delete the hidden file
C:\temp>dir /R
Volume in drive C has no label.
Volume Serial Number is 64AD-2FC5
Directory of C:\temp
10/18/2022 02:14 PM <DIR> .
10/18/2022 02:14 PM 23 normal.txt
23 normal.txt:hidden.txt:$DATA
1 File(s) 23 bytes
1 Dir(s) 56,873,533,440 bytes free
C:\temp>del normal.txt
C:\temp>dir /R
Volume in drive C has no label.
Volume Serial Number is 64AD-2FC5
Directory of C:\temp
10/18/2022 02:17 PM <DIR> .
0 File(s) 0 bytes
1 Dir(s) 56,873,533,440 bytes free
Create a normal text fle
C:\temp>echo This is Normal Text. > normal.txt
Find the location of the Calculator app
C:\temp>where calc.exe
C:\Windows\System32\calc.exe
Hide the Calculator App into the normal text file
C:\temp>type C:\Windows\System32\calc.exe > normal.txt:calc.exe
“dir” comman won’t show the embedded file
C:\temp>dir
Volume in drive C has no label.
Volume Serial Number is 64AD-2FC5
Directory of C:\temp
10/18/2022 02:21 PM <DIR> .
10/18/2022 02:23 PM 23 normal.txt
1 File(s) 23 bytes
1 Dir(s) 56,876,064,768 bytes free
Use “dir /R” to show the file
C:\temp>dir /R
Volume in drive C has no label.
Volume Serial Number is 64AD-2FC5
Directory of C:\temp
10/18/2022 02:21 PM <DIR> .
10/18/2022 02:23 PM 23 normal.txt
27,648 normal.txt:calc.exe:$DATA
1 File(s) 23 bytes
1 Dir(s) 56,877,633,536 bytes free
For old windows like XP, win 7, use “start” command.
C:\temp>start normal.txt:calc.exe
In Windows 10 and 11, using “start” command will pop up the “Look for app” window
The correct command to run the embedded file is “forfiles”
C:\temp>forfiles /P c:\Windows\System32 /m notepad.exe /c "c:\temp\normal.txt:calc.exe"
