Archive for the ‘Utilities Update’ Category

As you probably already know, there are 14 new tools that I published in RSS feed and in the “What’s New” section of NirSoft homepage.

By looking in the statistics of nirsoft.net Web site, I found out there was one major Reddit Web page that published the links to all 14 tools a few days before I published them, created by people who managed to find all links from the  NirSoft Easter Egg challenge:

New tools from Nirsoft, hidden for Easter

Well done !

And here’s the links to all 14 NirSoft new tools:

AppCompatibilityView

AppAudioConfig

EdgeCookiesView

AppReadWriteCounter

ProcessTCPSummary

FileActivityWatch

AllThreadsView

OfflineRegistryFinder

LiveTcpUdpWatch

FileAccessErrorView

KeyboardStateView

HandleCountersView

OfflineRegistryView

AppNetworkCounter

At this moment there are 10+ completely new tools hidden in NirSoft Web site. There is no any link to these new tools in NirSoft or in any other Web site.
In order to find these new tools, you need to have some programming knowledge, understanding of Web technology, and other skills.
If you don’t have the ability to find the new tools, you don’t have to worry. All new tools will be published officially in Nirsoft Web site on 01/04/2018 (and this is not a joke of April Fools’ Day, the new tools are real)

First Stage – Finding the first tool.

Here’s the instructions for finding the first new tool hidden in NirSoft Web site:

In the .exe file of the following tools there is an hidden message:
USBDeview, NetworkUsageView, FileTypesMan, LastActivityView, WifiHistoryView, ControlMyMonitor, CSVFileView, TimeZonesView, UninstallView, DevManView, TaskSchedulerView, SoundVolumeView

You can download a zip file with .exe files of all these tools from here.

In order to decrypt the message, you have to XOR all bytes of every .exe file with 0x7f (127) and then search for a short message in English.
It’s recommended to start the search from the end of the file and then move backwards, because the message is stored in the second half of the file.
Also, when there are 32-bit and 64-bit versions of the same tool, it’s recommended to use the 32-bit executable file.

In all tools except of one, the message is a short quote that somewhat represents my own personal worldview.
Only in one tool you’ll find the real thing you’re looking for – a link to a Web page that contains a new tool !
Be aware that the hidden message only contains the html page of the URL, but you can easily find the actual URL because like all NirSoft tools –  it’s located
under https://www.nirsoft.net/utils

Second Stage – Finding all other tools

Inside the Web page of the first tool, there is a clue that can lead you to the next tool.
In order to find it, you need some understanding of Web technology (I mean – you have to look inside the HTML of this Web page).
If you find the second tool, then like in the first tool, the Web page of the second tool contains a clue that can lead you to the next new tool. Like in the first tool, the other clues contain only the html page, so you have to add the html page string to https://www.nirsoft.net/utils/

By looking for clues on every Web page of a new tool, you can eventually reach 10+ new NirSoft tools !

Be aware that the clues gradually become harder and more tricky and require different abilities (For example: Using NirSoft tools to decrypt encrypted information), so it’s possible that at some point you won’t be able to find the next tool. Also, in some of the clues there is an hint of  TV shows and movies (Just for fun…).

Share the links with others !

If you find the URL of one or more tools, you are welcomed to publish the links in any way you like  – Facebook, Twitter, Forums, Blog, YouTube, and so on
(except of publishing the links in comments to this Blog post… )

Maybe you’ll be the first one in the world who write about the new tools before anyone else !

ControlMyMonitor is a new tool that allows you view and modify the settings of your monitor (Also known as ‘VCP Features’), like brightness, contrast, sharpness, red/green/blue color balance, and more… You can modify the monitor settings from the GUI and from command-line. You can also export all settings of your monitor into a configuration file and then later load the same configuration back into your monitor.

ControlMyMonitor

You can download this new tool from this Web page.

InstalledPackagesView is a new tool for Windows that displays the list of all software packages installed on your system with Windows Installer, and lists the files, Registry keys, and .NET Assemblies associated with them. For every installed software, the following information is displayed: Display Name, Display Version, Install Date, Registry Time, Estimated Size, Install Location, Install Source, MSI Filename (In C:\Windows\Installer), and more…
You can watch the installed software packages information from your local system or from another system on external hard-drive.

InstalledPackagesView

You can download this new tool from this Web page

NetworkCountersWatch is a new tool for Windows that displays system counters for every network interface on your system. The system counters include the number of incoming/outgoing bytes, number of incoming/outgoing packets, number of broadcast packets, and more. You can also initialize all counters to zero at any time in order to watch the network counters for specific event. NetworkCountersWatch also calculates and displays the current download speed and upload speed on your network interface.

NetworkCountersWatch

 

You can download this new tool from this Web page.

RegistryChangesView is a new tool for Windows that allows you to take a snapshot of Windows Registry and later compare it with another Registry snapshots, with the current Registry or with Registry files stored in a shadow copy created by Windows. When comparing 2 Registry snapshots, you can see the exact changes made in the Registry between the 2 snapshots, and optionally export the Registry changes into a standard .reg file of RegEdit.

RegistryChangesView

You can download RegistryChangesView from this Web page.

NetworkUsageView is a new tool that extracts and displays the network usage information stored in the SRUDB.dat database of Windows 8 and Windows 10. The network usage data is collected every hour by Windows operating systems and includes the following information: The name and description of the service or application, the name and SID of the user, the network adapter, and the total number of bytes sent and received by the specified service/application.

NetworkUsageView

You can download this new tool from this Web page.

 

UninstallView is a new tool for Windows that collects information about all programs installed on your system and displays the details of the installed programs in one table. You can use it to get installed programs information for your local system, for remote computer on your network, and for external hard-drive plugged to your computer. It also allows you to easily uninstall a software on your local computer and remote computer (Including quiet uninstall if the installer supports it).

UninstallView is designed to replace the old MyUninstaller tool.

UninstallView

 

You can download the new UninstallView utility from this Web page.

DataProtectionDecryptor is a powerful tool for Windows that allows you to decrypt passwords and other information encrypted by the DPAPI (Data Protection API) system of Windows operating system. You can use this tool to decrypt DPAPI data on your current running system and to decrypt DPAPI data stored on external hard drive.
DPAPI is a decryption/encryption system used by Microsoft products as well as by 3-party products to decrypt and encrypt passwords and other secret information on Windows operating system. Here’s some examples for data encrypted with DPAPI: Passwords of Microsoft Outlook accounts (Stored in the Registry),  Passwords stored in the Credentials file of Windows (Login passwords of remote computers, Remote Desktop passwords and more…), wireless network keys, passwords and cookies of Chrome Web browser, and more…

DataProtectionDecryptor

DataProtectionDecryptor

You can read about using this DPAPI decryption tool in this Web page.

 

LoadedDllsView is a new tool for Windows that scans all running processes on your system and displays the list of all DLL files loaded by these processes and the number of processes that load each DLL in the list. When selecting a DLL file in the upper pane of LoadedDllsView, the lower pane displays the list of all processes that use the selected DLL file. It also allows you to filter the DLL list by DLL type (32-bit/64-bit) , by strings appear in the version resource of the DLL (Company name, product name, so on…), and by specifying wildcard for the DLL filename.

LoadedDllsView

LoadedDllsView

You can download LoadedDllsView from this Web page.