AWS Lift and Shift: “I’m just a Microserf”
May 9, 2016


Everyone has heard my stories of “Back in my day _____.”  Graybeard Karate has been teaching himself some python-fu to round out his security toolkit.  While creating brute-forcers and crackers for his red-teaming activities he thought about distributing executables to Windows like in the old days of Internet scumbaggery.  Naturally he ran into good ole py2exe, that little library that allows you to compile a python script into an .exe.  Note the paragraph below from its online docs:

5.2.2. Running the redistributable C runtime installer

If you don’t have rights to redistribute MSVCR90.dll, then your users may install it on their machine by running the Microsoft Visual C++ 2008 Redistributable Package (vcredist_x86.exe). It is important not to use the SP1 version of this installer, which contains the wrong version of MSVCR90.dll.

Either you can instruct your users to download and run this themselves, or you could create an installer for your application (see step 6 below), that includes vcredist_x86.exe (which is itself redistributable by anyone), and then run that as part of your application installation.

The installer puts a copy of the DLLs in the directory C:\WINDOWS\WinSxS (XP), inside subdirectories with mangled names. The manifest file is in the ‘Manifests’ subdirectory, again this will have a mangled filename. You can still discern the text ‘Microsoft.VC90.CRT’ and ‘9.0.21022.8’ within the mangled file and directory names, to find the files. It is possible to take a copy of these files and remove the filename mangling, to embed them in your application as described in 5.2.1.

(Fox, 2016)

To summarize, you can now develop software for Windows with its Free Visual Studio Express Edition 2010/2013.  However if you distribute an executable to a machine without your required DLLs you cannot distribute the DLLs with your application.  This method of software delivery needs a licensed edition of Microsoft’s Software Development Suite or to use a Microsoft Redistributable.  (Microsoft, 2016)

In the first quarter of this year, Consultant Karadi had to install various programs into Windows systems being Lifted-and-Shifted into Amazon Web Services (AWS).  (AWS, 2016) Part of the process involved using Racemi to create images of physical hardware to virtual machines (P2V).  Once migrated into AWS the systems had to be “Amazonified.”  My wonderful Consultant Lead tasked me with scripting the process so that we would one day have a completely automated migration process.

Before I continue, the readers may want to know what a “Lift-and-Shift” is.  Get ready for some politics.  Man, woman and child hear the Carnival Barker peddle, “Come to the cloud, save  millions and reaches the masses!  Sign on the dotted line.”  What they do not hear, is that to go from Blockbuster Video to Netflix is more than just moving servers into the cloud.  So they sign on the dotted lines and then the Engineers must put the “consult” in Consulting.  We move their entire Datacenter, DC, into the cloud using virtualization technology.  Just wait until they get the bill!

This solution has now taken all of the old, manual and stubby-penciled processes and migrated them to a remote datacenter managed by external engineers who know nothing about your workloads.   Furthermore, you have no hardware access for resource profiling.  How do we manage, monitor, maintain, and migrate this new virtual DC?  This is the Lift-and-Shift Phase I.  Back to the migration.

During the install of the toolsets on Virtual Machines in AWS, I had to run a variety of executables to remove or upgrade the underlying operating systems and applications.  Consultant Lead asked me to use PowerShell to script this process so that we could eventually run it during the AWS migration process.  Although bureaucratic issues removed me from the project before completion I remember something that stuck out in these installs, the Microsoft Visual C++ Redistributable.  The stupid installers from these enterprise software distributors sent me to Microsoft to download these files.  “WHAT?!” said the Security Architect in me, “What is this application doing installing binaries from the <GASP> Interwebs!!!”

Now I know why.  The developers did not want to spend [READ:waste] money licensing Enterprise Visual Studio to allow redistribution of DLLs with their applications.  “What is a DLL?,” you ask?  A Dynamic Link Library is reusable code for a variety of functions that are utilized by many applications on Windows.  They allow the Operating System to only need one copy of them for the use of many applications.

So Microsoft has an Operating System, to use it you have to buy it.  You used to have to pay them to program for it.  Now you can program for free, but to sell your programs you have to pay them.  Why not allow people to distribute your digitally signed DLLs for free Microsoft?  Or will I always be just a Microserf?


Amazon Web Services (2016)  “Dow Jones Case Study” Retrieved May 9, 2016 from

Microsoft. (2016).  Supplemental Software License Terms.  Retrieved May 9, 2016 from

Fox, Mike. py2exe (2011). Retrieved May 9, 2016 from