Notice: The latest version of NirLauncher package is now available at http://launcher.nirsoft.net/
Many people ask me to add 'Auto Update' feature that will automatically update the latest version of all NirSoft utilities and the NirLauncher itself. So I'll eventually add this feature in one way or another, but the first step is to create an official download page of NirLauncher package that will be updated with the latest utilities every week or every 2 weeks. I hope that the official download page will be available in the incoming weeks.
For now, there is a new Beta download of NirLauncher package, with the following changes:
- Fixed the missing icons problem in Windows 7/x64.
- Added packages menu to choose a package. A package can also be selected from accelerator keys (Ctrl+1 for the first package, Ctrl+2 for the second package, and so on...)
- Added status bar information.
- Fixed the crash problems that occurred in some utilities on Windows 7/Vista, when running NirLauncher as administrator. This problem occurred only because the executable of NirLauncher contains the word 'launch'. You can read more about this problem in this post.
Here's a small summary of the problem and the way that I solved it:
- When any executable contains the word 'launch' (in my case, NirLauncher.exe), Windows Vista/7 automatically shim the application, which means that apphelp.dll and AcLayers.DLL are loaded into the process and replace the pointers to Windows API functions inside the export table.
- When NirLauncher run a utility, the utility is also shimmed, probably because child applications automatically get the same treatment like the parent application. However, if the utility requires elevation (To run as admin) while NirLauncher was executed without admin rights, the launched utility is not shimmed.
- Some of NirSoft utilities - 'Network Password Recovery', LSASecretsView, and LSASecretsDump use some code injection technique in order to extract the system data. These utilities use the API function addresses returned by GetProcAddress function to execute the desired code in a system process. But... when an application is shimmed, GetProcAddress function returns the addresses of the shim layer instead of the real kernel addresses. These wrong addresses caused the system process to crash immediately and restart the system after a minute.
- The easiest solution for this problem is to change the executable name of NirLauncher to something else, but this kind of solution is really ridiculous. Also, I cannot assure that Windows won't shim my application from any other reason.
- I also tried to add into the executable of NirLauncher and the other utilities a manifest which contains compatibility information. This manifest is a small XML which says to Windows OS: "This application is compatible with Windows Vista and Windows 7, so don't shim it".
Unfortunately, this solution simply didn't work.
- The problem was finally solved by making changes in the problematic utilities (NetPass, LSASecretsView, and LSASecretsDump), so these utilities will work properly even when they are shimmed. When these utilities detect that they are shimmed, LdrGetProcedureAddress (in ntdll.dll) function is used to get the real address of GetProcAddress function inside the Windows kernel, and in this way, my utilities bypass the shim layer and get the real kernel addresses.
Update (December 1st, 2009): Fixed also the Shim issue in MessenPass and WirelessKeyView.
Zip File Information: (to verify that the downloaded file is Ok)
File Size: 6,908,394
Number of files in the Zip: 247