Friday, February 21, 2014

How PowerShell helps me make $100+ a month

Just like Gold and other precious medals, Bitcoin and Litecoin are obtained through a process called mining. Mining for litecoins however does not require any ground to be moved.

The best one line description to explain what a litecoin mining is:
"It's kind of like rounding up the world's greatest minds and making them do Sudokus for nickels."

Litecoin mining is simply configuring you computer to solve algorithmic equations, the beefier the computer's CPU or GPU is the more Kh/s you will receive from that device. As of today, not many people even bother mining with a CPU because a top of the line CPU will only give you around 10 Kh/s where my AMD R9 280X will output about 725 Kh/s. With that being said I was able to pay of my new GPU in about 3 months of mining.

However there are some costs and risks to mining;
  • Mining Hardware is pretty expensive.
  • Mining is like slowly earning a stock in litecoin(LTC).
  • The market could crash any day.
  • Everything earned can be lost
  • Hardware failure can occur

The Script

Below is the little script or function I wrote that configures my miner to specific settings. This could easily all fit on a few lines however I like to use the back-tick(`) with this script to make it really easy to find the configuration item that I'd like to adjust.

function GOLD_Digger {
    Matthew A. Kerfoot
    Mines Litecoins from ltcrabbit at ~750KH/s
    Mines litecoins from `
    full link is needed to create first`    account.
               [string]$FilePath = "C:\Users\Matthew\Desktop\`
CGMiner-LTCRabbit-V1\CGMiner LTCRabbit V1\cgminer-3.7.2-windows\",
               [string]$miner_path = "C:\Users\Matthew\Desktop\`


Set-Location $FilePath
.\cgminer.exe -o stratum+tcp:// `
              -u mkerfoot.worker2 `
              -p password `
              -w 384 `
              -I 13 `
              -g 2 `
        --gpu-powertune 13 `
        --temp-hysteresis 3 `
        --lookup-gap 2 `
        --shares 0 `
        --thread-concurrency 8191 `
        --gpu-engine 1050 `
        --gpu-memclock 1500 `
        --queue 0 `
        --expiry 1 `
        --scan-time 1 `
        --temp-cutoff 87 `
        --temp-overheat 80 `
        --temp-target 70 `
        --api-port 4028 `
    --no-submit-stale `
    --auto-fan `
    --api-listen `
    --api-network `
    --no-pool-disable `
    --scrypt `
--config "$miner_path"
} GOLD_Digger

Monday, January 27, 2014

svchost is utilizing 100% of the CPU

The other night I ran into an issue I haven't seen for a little while, having seen this in the past and knowing what I did to resolved the issue, I decided I'd make a little write up to help anyone else that might run into this problem.This my friends, is what you call a memory leak.

What is a Memory leak exactly?
Microsoft describes it as: "RPCSS makes synchronous calls to track object identifiers (OIDs) for clients as part of the Distributed Component Object Model (DCOM) pinging mechanism. During this process, RPCSS acquires a handle and memory, which are not released if these clients are not pumping window messages efficiently. This causes a handle and memory resource leak in the Svchost.exe process."

Do Not Ever end a svchost service without first knowing which services are attached. Svchost.exe is short for "service host", this is not a virus; In fact it's a required system component. You'll usually find multiple copies of svchost.exe running. Svchost.exe is a program that is designed to run other programs and "hosts" many of the system services in all Microsoft Operating Systems up to Windows 8.1(latest released O\S). 

First things first
Since there are multiple copies of svchost running on every Windows O\S you must first find out the PID of the specific svchost.exe that is using all of the computers CPU or memory. To do this hold down [CTRL]+[SHIFT] and [ESC] at the same time to open the 'Task Manager' and click on the 'Details' tab if using Window 8 or newer or 'Processes' if using an older O/S.

To show the 'PID' within the task manager you must first right click on any tab and then left click on 'Select Columns'. This will open the 'Select Properties Page Columns' where you must check the checkbox next to 'PID (Process Identifier)'.

Notice the PID (Process Identifier) of the svchost.exe process that is consuming all of the resources. In this case PID 484 is utilizing the most resources.

To see all the running copies of svchost.exe
From within an Administrative CMD prompt type "tasklist.exe /SVC | more". The /SVC switch will display the services hosted within each process.

Notice the services within PID 484:(one of these services are the culprit)
AeLookupSvc, AppInfo, BITS, Browser, CertPropSvc, IKEEXT, iphlpsvc, LanManServer, ProfSvc, Schedule, SENS, SessionEnv, ShellHWDetection, Themes, Winmgmt, or Wuauserv. Right now there are 16 services running under PID 484, now we must separate these 16 services into their own PID. This will show us the service that is causing all this trouble.

Note: Winmgmt and wuauserv are pretty common culprits. I would start with these services.

Now that we've narrowed the list of possible culprits we can start separating the services into their own PID's by running the following command in an Administrative CMD prompt:

 sc config servicename type= own

for instance:
sc config Winmgmt type= own

This will break the Power Service out of PID 484 group into it's own PID. Just continue to do this until you find the service that is going crazy and restart that service if applicable.

Note: Most commonly this is due to a bug of some sort with the Windows Update Service or wuapp for short.

Tuesday, January 21, 2014

PowerShell Remoting: Invoke-Command

PowerShell remoting allows you to run commands on local and remote computers.

PowerShell Remoting was first introduced with PowerShell v2 which can be installed on any Windows Operating System XP or newer.

     Common problems:
    • Not running an elevated PowerShell prompt.
    • Must be an Administrator to user WinRM.
    • PowerShell Execution is not set
    • PSRemoting is not enabled.
    • The remote computer is not on.
    • Not a member of the domain or a trusted domain.
    • A network adapter is set to public(http & https are blocked by windows firewall) 

First Things First:Don't forget to enable PSRemoting and set a proper execution policy on the computer to want to remotely access.

PS C:\> Set-ExecutionPolicy RemoteSigned -Force
PS C:\> Enable-PSRemoting -Force

To run a command against the local machine:
PS C:\ > Invoke-Command -ScriptBlock{ Hostname } -ComputerName .
PS C:\ >

To run a command against local and remote computers:
Invoke-command -ScriptBlock { Hostname ; Get-Counter '\Processor(_Total)\% Processor Time' } -ComputerName localhost, remoteserver1, remoteserver2

To run a command against a list of computernames:
Invoke-command -ScriptBlock { Hostname ; Get-Counter '\Processor(_Total)\% Processor Time' } -ComputerName (Get-Content $env:USERPROFILE\Desktop\ServerList.txt)

To run a script against remote computers:
Invoke-command -ComputerName localhost, remoteserv1, remoteserver2 -FilePath C:\Scripts\report.ps1 

To run a script against remote computers with alternative credentials:
Invoke-Command -Scriptblock { Hostname ; Get-Counter '\Processor(_Total)\% Processor Time' } -ComputerName SRV-PSWA -Credential kerfoot\matthew

A slightly different remoting method is with the use of Enter-PSSession which will open an interactive session with the remote computer of your choosing.
PS C:\Users\mkerfoot> Enter-PSSession -ComputerName SRV-PSWA
[ SRV-PSWA ] PS C:\ >Get-WmiObject Win32_LogicalDisk | Format-Table -Autosize

DeviceID DriveType ProviderName     FreeSpace          Size VolumeName       
-------- --------- ------------     ---------          ---- ----------       
C:               3               352527327232  479554695168 SSD RAID 0       
E:               3              1079370080256 2000395694080 Kerfoot's Backups
F:               3               499943936000  500109930496 HDD RAID 0       
Z:               5                          0    3406368768 G71-MGD3005      

To exit the remote session type Exit-PSSession or Exit for short.
[ SRV-PSWA ] PS C:\ > Exit-PSSession
PS C:\ >