TCP Pings in PingInfoView Tool

October 14th, 2019

The new version of PingInfoView (2.00) allows you to use TCP ping at the specified port number, instead of the default ICMP ping.
In order to use the new TCP ping feature, simply specify the host name or IP address with TCP  port number, for example: 10.0.0.10:21 , 192.168.0.50:80, www.nirsoft.net:443
If you don’t specify a port number , PingInfoView  will send ICMP pings, like in the previous versions.

You can download the new version of PingInfoView from this Web page.

 

 

 

 

GetNir is a new command-line tool that allows you to easily extract the needed data from NirSoft tools and any other tool that generates output in tab-delimited or comma-delimited format.
GetNir is a console application, it’s executed inside Command-Prompt window and the requested data is sent to stdout.
GetNir receives the tab-delimited or comma-delimited data from stdin, and because most of NirSoft tools allow you to send data in tab-delimited or comma-delimited format (csv) to stdout, the combination of GetNir and other NirSoft tools works very well.

 

 

Here’s some examples for what you can do with combination of GetNir and other NirSoft tools:

 

Get the current brightness of your monitor, using ControlMyMonitor tool ControlMyMonitor.exe /stab “” | GetNir “Current Value” “VCPCode=10”
Get current sound volume (in percent) of Speakers device, from SoundVolumeView tool SoundVolumeView.exe /stab “” | GetNir “Volume Percent” “Name=Speakers && Type=Device”
Get current application sound volume of VLC media player (in percent) , from SoundVolumeView tool SoundVolumeView.exe /stab “” | GetNir “Volume Percent” “‘Process Path’ LIKE *vlc.exe”
Get name and device name of the default audio render device from SoundVolumeView tool SoundVolumeView.exe /stab “” | GetNir “Name,DeviceName” “Default=Render”
Get the process ID and process name of the processes that listen to TCP ports 135-139, using CurrPorts tool: cports.exe /stab “” | GetNir &quotProcess ID,Process Path&quot “LocalPort >= 135 && LocalPort <= 139 && State=Listening”
Get the serial number of plugged USB device (only if the serial number is available), using the USBDeview tool: USBDeview.exe /stab “” | GetNir “Serial Number” “Connected=Yes”
Get the drive letter of plugged USB Mass Storage device, using the USBDeview tool: USBDeview.exe /stab “” | GetNir “Drive Letter” “Connected=Yes AND ‘Device Type’=’Mass Storage'”
Get the current version of Google Chrome from the installed applications list generated by UninstallView UninstallView.exe /stab “” | GetNir “Display Version” “‘Registry Name’=’Google Chrome'”
Get the install location of Adobe Reader from the installed applications list generated by UninstallView: UninstallView.exe /stab “” | GetNir “Install Location” “‘Display Name’ Like ‘Adobe Reader*'”
Get the current download bandwidth of Firefox Web browser, using AppNetworkCounter (Requires to run the command-prompt window as Administrator) AppNetworkCounter.exe /CaptureTime 5000 /scomma “” | GetNir “ReceiveSpeed” “ApplicationName=firefox.exe”
Get the process name and path of application that uses the most download bandwidth (in the last 5 seconds).
AppNetworkCounter sorts the output so the application with the most “Received Bytes” will be in the first line and then GetNir displays the application name and path only of the first line (/TopLines 1)
AppNetworkCounter.exe /CaptureTime 5000 /Sort “~Received Bytes” /scomma “” | GetNir “ApplicationName,ApplicationPath” “” /TopLines 1
Get the email address of ‘Nir Sofer’ from the address book of Outlook, using OutlookAddressBookView tool OutlookAddressBookView.exe /stab “” | GetNir “EmailAddress” “DisplayName=’Nir Sofer'”
Get the email address of ‘Nir Sofer’ (SMTP Record) from the AutoComplete file of Microsoft Outlook, using the NK2Edit tool nk2edit.exe /AddExportHeaderLine 1 /scomma “” | GetNir “Email/Exchange String” “DisplayName=’Nir Sofer'”
Get the name of the person who has the support@nirsoft.net email address from the AutoComplete file of Microsoft Outlook, using the NK2Edit tool nk2edit.exe /AddExportHeaderLine 1 /scomma “” | GetNir “DisplayName” “Email/ExchangeString=’support@nirsoft.net’ || SMTPAddress=’support@nirsoft.net'”
Get current CPU usage of Explorer.exe from the task manager of Windows, using SysExporter tool: sysexp.exe /Title “Windows Task Manager” /class SysListView32 /Visible Yes /stab “” | GetNir “CPU” “‘Image Name’=Explorer.exe”
Get RSSI value of the MyNet wireless access point, using WifiInfoView tool: WifiInfoView.exe /stab “” | GetNir “RSSI” “SSID=MyNet”
Get the SSID, MAC Address, and RSSI of the access point you are connected at this moment WifiInfoView.exe /stab “” | GetNir “SSID,MACAddress,RSSI” “Connected=Yes”
Get the cookies of youtube.com stored in Chrome Web browser, using the ChromeCookiesView tool ChromeCookiesView.exe /stab “” | GetNir “Name, Value” “‘Host Name’ LIKE *youtube.com”
Get the number of established TCP connections of every firefox.exe process, using ProcessTCPSummary tool ProcessTCPSummary.exe /stab “” | GetNir “Process ID,TCP Established” “‘Process Name’ = firefox.exe”
Get the name of your active display adapters, using DevManView tool (Requires to run the command-prompt window as Administrator) DevManView.exe /AddExportHeaderLine 1 /stab “” | GetNir “DeviceName” “DeviceTypeCode=Display And Connected=Yes”
Get the drive letter and name of active CD-ROM/DVD devices, using DevManView tool (Requires to run the command-prompt window as Administrator) DevManView.exe /AddExportHeaderLine 1 /stab “” | GetNir “DriveLetter,DeviceName” “DeviceTypeCode=CDROM And Connected=Yes”
Get the window title of Chrome Web browser, using GUIPropView GUIPropView.exe /stab “” | GetNir “Title” “Visible=Yes && ProcessFilename Like *chrome.exe”
Scan your local network and get name, MAC address, and manufacturer name of the device in IP address 192.168.0.36, using Wireless Network Watcher: WNetWatcher.exe /stab “” | GetNir “DeviceName,MACAddress,NetworkAdapterCompany” “IPAddress=192.168.0.36”
Get your current wireless network connection speed, using WirelessConnectionInfo tool: WirelessConnectionInfo.exe /stab “” | GetNir “Value” “Description=’Receiving rate'”
Get the process name and path of the application with most active disk-write activity in the last 5 seconds. The output is first sorted by AppReadWriteCounter so
the application with the largest “Write Bytes” is in the first line, and then GetNir takes only the first line (/TopLines 1)
AppReadWriteCounter.exe /CaptureTime 5000 /sort “~Write Bytes” /scomma “” | GetNir “ApplicationName,ApplicationPath” “” /TopLines 1
Get the next 3 tasks (Task Name and Next Run Time) that the Task Scheduler of Windows going to run. TaskSchedulerView.exe /sort “Next Run” /stab “” | GetNir “TaskName,NextRun” “NextRun != ”” /TopLines 3
Get the tasks that are currently running and their description, using TaskSchedulerView TaskSchedulerView.exe /stab “” | GetNir “TaskName,Description” “Status=Running”
Get the command-line that is used to open .mp4 files on your system, using the FileTypesMan tool. (Requires to run the command-prompt window as Administrator) FileTypesMan.exe /SelectedExt .mp4 /AddExportHeaderLine 1 /scomma “” | GetNir “Command-Line” “Name=Open”

You can download GetNir from this Web page.

On August 26 2004, exactly 15 years ago, I purchased the nirsoft.net domain.
NirSoft Web site was actually  established around 2 – 3 years earlier, but it was hosted in some free hosting services and it was very hard
to keep the Web site alive, because all these free hosting services suspended NirSoft Web site after some time, saying that it had too much traffic…

Today, there are still a few tools on nirsoft.net that were originally released on 2001-2003 (Before nirsoft.net domain was purchased) – NirCmd, IECookiesView, Mail PassView, Dialupass, and maybe a few others.
If you want to see the NirSoft homepage from 15 years ago, you can take a look at the web.archive.org Web site, there is a copy of NirSoft homepage from September 2004:

nirsoft.net from Septermber 2004

For the 15th birthday of nirsoft.net domain – you get a small surprise: A Web page with new Pre-release tools.
These tools are still in development stage , and they still don’t have separated Web page, unique icons, help file, translations, and so on.
If you choose to download and try to use them  – do it very carefully !

You can find the Pre-release Web page in the following link:

NirSoft Pre-release Tools

As you probably already know, there are 14 new tools that I published in RSS feed and in the “What’s New” section of NirSoft homepage.

By looking in the statistics of nirsoft.net Web site, I found out there was one major Reddit Web page that published the links to all 14 tools a few days before I published them, created by people who managed to find all links from the  NirSoft Easter Egg challenge:

New tools from Nirsoft, hidden for Easter

Well done !

And here’s the links to all 14 NirSoft new tools:

AppCompatibilityView

AppAudioConfig

EdgeCookiesView

AppReadWriteCounter

ProcessTCPSummary

FileActivityWatch

AllThreadsView

OfflineRegistryFinder

LiveTcpUdpWatch

FileAccessErrorView

KeyboardStateView

HandleCountersView

OfflineRegistryView

AppNetworkCounter

At this moment there are 10+ completely new tools hidden in NirSoft Web site. There is no any link to these new tools in NirSoft or in any other Web site.
In order to find these new tools, you need to have some programming knowledge, understanding of Web technology, and other skills.
If you don’t have the ability to find the new tools, you don’t have to worry. All new tools will be published officially in Nirsoft Web site on 01/04/2018 (and this is not a joke of April Fools’ Day, the new tools are real)

First Stage – Finding the first tool.

Here’s the instructions for finding the first new tool hidden in NirSoft Web site:

In the .exe file of the following tools there is an hidden message:
USBDeview, NetworkUsageView, FileTypesMan, LastActivityView, WifiHistoryView, ControlMyMonitor, CSVFileView, TimeZonesView, UninstallView, DevManView, TaskSchedulerView, SoundVolumeView

You can download a zip file with .exe files of all these tools from here.

In order to decrypt the message, you have to XOR all bytes of every .exe file with 0x7f (127) and then search for a short message in English.
It’s recommended to start the search from the end of the file and then move backwards, because the message is stored in the second half of the file.
Also, when there are 32-bit and 64-bit versions of the same tool, it’s recommended to use the 32-bit executable file.

In all tools except of one, the message is a short quote that somewhat represents my own personal worldview.
Only in one tool you’ll find the real thing you’re looking for – a link to a Web page that contains a new tool !
Be aware that the hidden message only contains the html page of the URL, but you can easily find the actual URL because like all NirSoft tools –  it’s located
under https://www.nirsoft.net/utils

Second Stage – Finding all other tools

Inside the Web page of the first tool, there is a clue that can lead you to the next tool.
In order to find it, you need some understanding of Web technology (I mean – you have to look inside the HTML of this Web page).
If you find the second tool, then like in the first tool, the Web page of the second tool contains a clue that can lead you to the next new tool. Like in the first tool, the other clues contain only the html page, so you have to add the html page string to https://www.nirsoft.net/utils/

By looking for clues on every Web page of a new tool, you can eventually reach 10+ new NirSoft tools !

Be aware that the clues gradually become harder and more tricky and require different abilities (For example: Using NirSoft tools to decrypt encrypted information), so it’s possible that at some point you won’t be able to find the next tool. Also, in some of the clues there is an hint of  TV shows and movies (Just for fun…).

Share the links with others !

If you find the URL of one or more tools, you are welcomed to publish the links in any way you like  – Facebook, Twitter, Forums, Blog, YouTube, and so on
(except of publishing the links in comments to this Blog post… )

Maybe you’ll be the first one in the world who write about the new tools before anyone else !

A few months ago I had an idea to add ‘Easter Eggs’ into a few tools and then publish the information about how to activate them before Easter holiday.
I didn’t want to spend too much time on it or to bloat the size of the .exe file, so I made something very simple – painting the main window of the tool
in multiple colors when pressing a specific combination of keys.

Currently there are 15 tools that have this ‘Easter Egg’ feature, the idea is the same in all of them, but in every tool the colors effect is a little different.

How to activate

In order to activate the ‘Easter Egg’ follow the instructions below:

  • Hold down the Ctrl and Shift key while the tool is in focus.
  • Type the following sequence of letters: C L R
  • In some tools you should type the following sequence of letters instead: C O L O R S
  • Pressing the same key combination again will switch the tool back to normal colors.

Warning: If you have shortcut keys on your system with combination of Ctrl+Shift and one of the specified letters (C O L O R S), you should turn them off
before trying the Easter Egg key combination… Otherwise, you’ll activate these shortcut keys instead of NirSoft Easter Egg.
Also, before trying the Easter Egg key combination, you should check if any menu item uses Ctrl+Shift and one of the specified letters as shortcut key and
if you find it, it means that the Easter Egg key combination is not available on this tool.

Here’s some examples for NirSoft tools after activating the Easter Egg:

After playing with painting NirSoft tools in colors, I had a new idea for another kind of ‘Easter Eggs’, much more serious than some colors in a window.
In the next few days you’ll see the result of this new idea, I’ll publish all information about it in this Blog when it’s ready.
You can find a first hint inside one of the above screenshots…

ControlMyMonitor is a new tool that allows you view and modify the settings of your monitor (Also known as ‘VCP Features’), like brightness, contrast, sharpness, red/green/blue color balance, and more… You can modify the monitor settings from the GUI and from command-line. You can also export all settings of your monitor into a configuration file and then later load the same configuration back into your monitor.

ControlMyMonitor

You can download this new tool from this Web page.

InstalledPackagesView is a new tool for Windows that displays the list of all software packages installed on your system with Windows Installer, and lists the files, Registry keys, and .NET Assemblies associated with them. For every installed software, the following information is displayed: Display Name, Display Version, Install Date, Registry Time, Estimated Size, Install Location, Install Source, MSI Filename (In C:\Windows\Installer), and more…
You can watch the installed software packages information from your local system or from another system on external hard-drive.

InstalledPackagesView

You can download this new tool from this Web page

NetworkCountersWatch is a new tool for Windows that displays system counters for every network interface on your system. The system counters include the number of incoming/outgoing bytes, number of incoming/outgoing packets, number of broadcast packets, and more. You can also initialize all counters to zero at any time in order to watch the network counters for specific event. NetworkCountersWatch also calculates and displays the current download speed and upload speed on your network interface.

NetworkCountersWatch

 

You can download this new tool from this Web page.

RegistryChangesView is a new tool for Windows that allows you to take a snapshot of Windows Registry and later compare it with another Registry snapshots, with the current Registry or with Registry files stored in a shadow copy created by Windows. When comparing 2 Registry snapshots, you can see the exact changes made in the Registry between the 2 snapshots, and optionally export the Registry changes into a standard .reg file of RegEdit.

RegistryChangesView

You can download RegistryChangesView from this Web page.