NirBlog

RegFileExport is a new command-line utility for advanced users that allows you to easily extract keys and values from offline Registry file located on external hard-drive and export them into a standard .reg file of Windows.  RegFileExport doesn't load the file into a Registry hive like RegEdit,  instead, it directly reads the Registry file and analyzes it.

RegFileExport may also be able to extract keys and values from the Registry file even if the Registry file is corrupted and cannot be loaded by Windows.

For more information about RegFileExport utility, click here.

RegFileExport

Here's a list of utilities updates made in the last week:

• IPNetInfo and WhosIP: Both of these utilities were fixed to work with the changes made in ARIN WHOIS server.
• Mail PassView: Added 'Secured' column, which displays whether the mail server works in a secured connection, and 'Server Port' column, which displays the TCP port number on the server, if the server use non-standard port.
• WhatInStartup,  MyEventViewer, SpecialFoldersView, and others - Fixed a problem with the xml encoding that appeared in all my Unicode executable files.
• SniffPass: Added x64 build of SniffPass, which allows you to work with Microsoft Network Monitor Driver 3.x on 64-bit version of Windows.
• OutlookAttachView:  Added support for embedded message attachments (attachments of another message). These attachments are saved as .msg files that can be opened by Outlook.
• SmartSniff: Added 'Automatically Scroll Down in Live Mode' option, which allows you to automatically scroll down to the bottom of the TCP/IP streams list while capturing the network packets.
• NK2Edit: Added 'NK2 Control Center' which allows companies to watch the status and the location of Outlook AutoComplete files (NK2) in all computers.

URLStringGrabber is a new utility that scans all opened windows of Internet Explorer and grabs the URLs stored in them, including clickable links, images, script files, CSS files, RSS feeds, and flash (.swf) files.

The URLs list is displayed in table, and you can easily export some of the URLs or the entire URLs list into text, csv, html, or xml file. You can also copy the URLs list into the clipboard and paste them into Excel or other spreadsheet application.

For more information about this new utility, click here.

URLStringGrabber

The new version of RouterPassView utility provide a new feature that allows to grab L2TP/PPTP/PPPOE/DDNS passwords from the Web interface of your router. This feature only works with Internet Explorer, as well as it only works for routers that stores the real password inside the password field.

In order to use this feature, follow the instructions below:

1. Login into your router Web interface with Internet Explorer, and go to the password page that you wish to recover. This password page may look like this one:
   

   Router Password Page

   As you can see in the above screenshot, the password field is filled with bullets, but if this password field really contains the password, RouterPassView will be able to extract it and display it on the main window.

2. Go to the File menu, and choose 'Grab Password From IE Window' or simply press Ctrl+G
3. If the router Web page store the password in the password field, RouterPassView will display the hidden password:
   

   Router Password

   Be aware that some routers deliberately store wrong password in this field, and in for these routers, RouterPassView won't be able to recover your real password.

Starting from the new version of Firefox (3.6.4), all  flash objects displayed on a Web site are now loaded inside a separated process (plugin-container.exe), instead of the Firefox process itself. This change is welcomed, because when there is a crash inside a flash object (video, game, advertising, or anything else), it won't take down Firefox.

This change also caused VideoCacheView to stop working with the temporary flash video files created by Firefox, because VideoCacheView failed to detect the new process. But... This problem is already fixed on version 1.71 of VideoCacheView. So if you got the new version of Firefox (3.6.4), you should also get the latest version of VideoCacheView.

Firefox plugin-container.exe in Process Explorer

Around 8 years ago, I released a utility named 'FileDate Changer', which allowed the users to modify the date and time of every file in Windows operating system.  However, this utility has not been updated for very long time and it doesn't fit the current NirSoft standards.

A new utility named BulkFileChanger is a replacement for my old 'FileDate Changer' utility. BulkFileChanger also provides more features than the old tool, including the ability to change the date or time separately (For example, you can set the file time as 09:12:15, but without changing the existing date), add or subtract seconds/minutes/hours/days from the existing file time, change file attributes, and the ability to add files by path and wildcard.

It's possible that more useful features, like renaming multiple files, will be added in the future versions of BulkFileChanger.

BulkFileChanger

A few years ago, I released a small tool known as "NK2View" that allows the users to view the content of MS-Outlook AutoComplete file (the file with .nk2 extension) , which contains hundreds of  names and emails that the user send them one or more messages.

After releasing NK2View, I received many requests to add delete/edit features into NK2View and thus I added 'Delete' and 'Add From Address Book' options into this tool. However, these editing features were very limited and also didn't work well in some NK2 files.  The limitations and problems with Nk2View led me to create a completely new tool that can fully edit  any NK2 file.

NK2Edit is the new NK2 editing tool that can edit any field in the NK2 file (Including the display name, the email address, the MS-Exchange address, the drop-down name, and more), delete unwanted records, add new records from the address book or by typing any email address/MS-Exchange address you need,  easily merge 2 or more NK2 files by using Copy & Paste, fix NK2 files that cannot be loaded by Outlook, and more...

As oppose to my previous NK2View utility, which made the changes  simply by removing and injecting bytes on the existing NK2 file, NK2Edit reads the entire NK2 file into memory, analyzes all records and fields, and then when you choose to save the file, it writes all records into the file, including all the changes that you made.  Writing the entire content into the file decreases the risk of getting a corrupted NK2 file and ensures that the NK2 file will be saved as healthy file that can be used by Outlook.

NK2Edit Main Window

NK2Edit also provides some unique features for advanced users, including the "Raw Text Edit Mode" which allows you to view and edit the records of NK2 file as a text file that looks like the .ini files of Windows.  NK2Edit also allows you to write simple scripts that add, remove or modify records in the NK2 file.

Raw Text Edit Mode

Nk2Edit License

As you may notice, the license conditions for using NK2Edit are different from other NirSoft utilities.  NK2Edit is completely free for personal use at your home, like all other NirSoft utilities. However, if you need to constantly use NK2Edit in your business/company, then you have the purchase commercial license.  The reason for this license change is the lesson I learned from my NK2View utility.  I found out that .NK2 file editing is highly needed by many companies and some of them requested my help and support for using NK2View.   So I found myself in a  ridiculous situation where I have to waste my time on supporting profitable companies, but without getting any payment from it, because NK2View is freeware and companies usually don't send donations.

This "Free for personal use" license  is the best solution for my new NK2Edit utility, because it still provide a great and completely free product for all NirSoft users at home, but requires a payment for commercial companies that may need more support and features for using this tool in corporate environment. Hopefully, the income that I get NK2Edit licenses will also allow me to spend more time on development of my other freeware tools.

It's also important to mention that there is no any change in the license of all other utilities of NirSoft, and you can freely use them in your business organization.

For more information about NK2Edit utility, click here.

Edit record window of NK2Edit

The new versions of SmartSniff and SniffPass utilities allows you to capture network traffic with the version 3.x of Microsoft Network Monitor driver. This feature is especially useful for the users of Windows Vista, Windows 7, and Windows Server 2008, because the old version of Microsoft Network Monitor doesn't support these operating systems.

Also, Microsoft Network Monitor 3 provide a new feature for Windows Vista/7/2008 users - it allows you to switch your Wifi adapter to 'Monitor Mode' (Only if the adapter supports this mode), which means that it can capture the traffic from other wireless networks around your location.

When using this 'Monitor Mode' with SmartSniff, it won't be able to capture the traffic from most of the wireless networks, simply because they are encrypted with WEP/WPA. However,  if there are some unencrypted wireless networks in your area,  SmartSniff will be able to capture and show the content of the transferred TCP/UDP packets.

SmartSniff with Network Monitor 3 driver

Another important feature added into the new version of  SmartSniff/SniffPass is the 'Promiscuous Mode' check box for WinPCap driver capture mode. In previous versions, these utilities always turned on the  'Promiscuous Mode', but with many Wifi adapters, the capturing doesn't work at all when using them in Promiscuous Mode.  Starting from these new version of SmartSniff/SniffPass, the Promiscuous Mode is turned off by default, and you can turn it on in the 'Capture Options' window when you need it.

NetRouteView is a new utility that can be used as alternative to the standard route utility (Route.exe) of Windows operating system. It displays the list of all routes on your current network, including the destination, mask, gateway, interface IP address, metric value, type, protocol, age (in seconds), interface name, and the MAC address.

It also allows you to modify, delete, and add new routes to your network adapters.

For more information about this new utility, click here.

NetRouteView

OperaPassView is a new password recovery utility that decrypts the content of the Opera Web browser password file (wand.dat) and displays the list of all Web site passwords stored in this file. You can easily select one or more passwords in the OperaPassView window, and then copy the passwords list to the clipboard and save it into text/html/csv/xml file.

Currently, OperaPassView cannot decrypt the passwords if they encrypted with the master password. I'll possibly add support for master password in future versions.

For more information about OperaPassView, click here.

OperaPassView