NirBlog

The new versions of WhoisThisDomain and DNSDataView utilities allow you to type domain names which contain non-English characters (internationalized domain names).
when you type a domain with non-English characters, it automatically converted to its Ascii form (Which looks like xn--aaaaaa.com) before sending it to the Whois/DNS server.

However, be aware that I currently use the internal IDN support provided by Windows operating system, which was added starting from Windows XP with service pack 2,
so this new feature may not work on systems prior to XP/SP2.
You can check whether your Windows OS supports IDN by searching for normaliz.dll inside your system32 directory.
If this file exists, it means that your system has IDN support.

I originally planned  to start the first day of this new year with “Happy New Year” greeting for my users (Which I added in the title of this post) and a list  of new utilities that will be released in the incoming year.

However, because there are already many existing utilities that I have to update, the  planning and development process  of new utilities is much slower than before.

Currently, there are 2 new utilities that are in development process and other ideas for utilities that are still in ‘planned’ status and I still don’t know whether they are going to be created.

Here’s the list of the 2 new utilities and some of the ‘planned’ utilities:

1. WhatIsHang (In development): Sometimes, a Windows software hangs, the user interface doesn’t respond anymore, and you cannot find out what is cause for the problem (In fact, even my own utilities may hang in some circumstances).
   This new utility will try to detect the software that is currently hang, and it’ll display some information that may allow the user to understand what exactly cause the software to hang.
   

   WhatIsHang

   In the above example, I tried to open Notepad with a file on a network drive that cannot be accessed (z:\temp\temp.ini)  and Notepad stopped responding. The prototype of WhatIsHang detected that notepad doesn’t respond, and displayed the ‘z:\temp\temp.ini’ filename string that was found in the stack, which is really the cause of the problem.
   I’m also considering to create a similar utility for detecting application crash problems.

2. Password Security Scanner (In development): As you probably know, I already have some unique utilities that can extract passwords that are stored by the operating system and other applications. As opposed to all my other tools, this utility won’t display the passwords at all, but instead, it’ll display general information about the security of the password: Password Length, Password  Strength, Number of  numeric/lowercase/uppercase characters, and more…
   The idea behind this tool is to allow one person to check whether other people (family members, friends,  or employees) use passwords that are secured enough (and warn them if they are not), but without having the ethics  problem of watching the passwords of others.
   

   Password Security Scanner

3. Network statistics utility (planned): Many people requested to add more information into my CurrPorts utility, like number of sent/received packets,   total packets size, and so on. However, this information cannot be added without a using device driver. Also, CurrPorts is only designed to display TCP/UDP information, while there are other types of network packets that won’t be displayed by CurrPorts.The new  network statistics utility (If I’ll really create it) will capture every packet on your network adapter with WinPCap driver or with Microsoft Network Monitor Driver. it’ll detect the protocol, addresses, and ports of the packet, and  then it’ll be updated in the statistics table that will display the number of packets, data size, data speed, and other information for every protocol/network address.
4. Wireless networks statistics utility (planned): A utility that will capture all wireless raw packets while the wireless card is in ‘Monitor Mode’ and will display general statistics about the wireless activity in your area, including number of packets, packets size, packets encryption, and so on.
   The main problem with creating this utility is that ‘Monitor Mode’ is only supported starting from Windows 7/Vista (with Microsoft Network Monitor Driver), so if I develop it, many Windows XP users won’t be able to use it.  And… as far as I know, WinPCap driver cannot capture raw wireless packets under Windows, unless you use their AirPcap product, which is very expensive.
5. Simple Network Inventory Tool (planned):  a simple tool that will collect basic hardware/software information from multiple computer on your network, like disk size, memory, processor name, Windows service pack/version, IE version, Firefox version, and so on… and it’ll display it in a simple flat table to easily view and compare the software/hardware that you currently have on your computers.
6. Password Recovery from external drive (planned):   I  constantly  get requests from people that their old drive cannot boot anymore and they want to extract their passwords from it. Some of my password recovery tools can already do that, and others cannot.
   I’m considering to create one tool that will be able to extract most types of passwords from external drive, but… because Microsoft made a significant change in their password encryption starting from Windows 7, my current code cannot extract the passwords of Windows 7 from extenal drive, and upgrading my code to work with Windows 7 might be a long process.

BulletsPassView is a new utility that reveals the passwords stored behind the bullets on any version of Windows, starting from Windows 2000, and up to Windows 7/Vista/2008.

This utility is the successor of my old Asterisk Logger utility, which doesn’t work on Windows  7/Vista/2008 and has some other limitations.

BulletsPassView also has some other advantages over the old  Asterisk Logger tool:

• BulletsPassView doesn’t reveal the password inside the password text-box itself. The password is only displayed in the main window of BulletsPassView, while the password text-box continues to display bullets.
• BulletsPassView also reveals the passwords stored in the password text-box of Internet Explorer.

• BulletsPassView supports command-line options to save the current opened password boxes into text/html/csv/xml file.
• BulletsPassView is a unicode application, which insures that passwords with non-English characters will be extracted properly.

You can download the new BulletsPassView utility from here.

BulletsPassView

MyEventViewer utility has a new ‘Auto Refresh’ feature that allows you to watch newly created events at the moment they are created, without the need to refresh the events list.

You can activate the ‘Auto Refresh’ mode from ‘Auto Refresh’ option under the Options menu, as displayed in the following screenshot. You can choose to check for new events every 1, 3, 5, or 10 seconds.

Auto Refresh

You can find the latest version of MyEventViewer utility in this page.

A few months ago, I released a new version of both SmartSniff and SniffPass with support for using them with Microsoft Network Monitor 3.x

In the release details, I also specified that ‘Wifi Monitor Mode’ button was added for using ‘Monitor Mode’ under Windows Vista/7/2008, but without giving extensive explanation about how to use this feature. So in this blog post, I’ll add more details about this ‘Wifi Monitor Mode’ and how to use it on SmartSniff and SniffPass.

When a wireless network card enters into a ‘Monitor Mode’, it listens to specific channel that you choose and captures all the packets that are sent by wireless networks on your area in the specific channel that you selected.  If the wireless network that sent the packet is unsecured,   SmartSniff and SniffPass will be able to show you the packets data.

Before I start to explain you how to use this mode, here’s the system requirements for using  ‘Monitor Mode’:

1. Unfortunately, this mode is only supported on Windows Vista, Windows 7, and Windows Server 2008. Windows XP is not supported.
2. Both the network card and the device driver must support this mode. I currently don’t have a list network cards that support this mode under Windows. However, if you manage to get your card into monitor mode, it’ll be nice if you post your card model as comment to this Blog post.
   Also, be aware that according to Microsoft, some Wifi drivers may cause a system crash when entering into monitor mode.

Finally, here’s the instructions for using ‘Wifi Monitor Mode’ with SmartSniff and SniffPass:

1. First, download and install the latest version of Microsoft Network Monitor 3.x if it’s not already installed on your system.
2. Run SmartSniff if you want to capture general TCP data or SniffPass if  you only want to capture passwords. Be aware that SniffPass can only capture passwords that are not encrypted. Most Web sites and services of large companies use SSL to encrypt the passwords, and thus SniffPass cannot capture them.
3. Go to the ‘Capture Options’ window (F9), choose  ‘Network Monitor Driver 3.x’ as a capture method, and then click the ‘Wifi Monitor Mode’ button.
4. In the opened ‘Wifi Scanning Options’ window, choose the right wireless card (in most cases you should have only one) and then check the ‘Switch to Monitor Mode’ option.
5. You can now select to scan a single channel or to switch between multiple channels every x milliseconds.  After you selected the desired channels, click the Apply button.
   

   Wifi Scanning Options

6. The most important thing: Leave this window opened !
   When you close this window, the network card will exit from monitor mode and it’ll return back to its normal state.
7. In ‘Capture Options’ window of SmartSniff/SniffPass – select the right wireless card and then press the ‘Ok’ .
8. Finally, press F5 to start the capture. If you have any active unsecured networks in your area, you’ll be able to see the captured data.
9. After you finish, close the ‘Wifi Scanning Options’ window, so your wireless card will return back to normal.

The information in this article is provided for educational purposes only and for making people aware of the risks of using unsecured wireless networks.  it’s not intended to be used for any illegal activity.

The following new commands were added to the new version (2.45) of NirCmd. You can download the latest version of NirCmd from this Web page.

1. trayballoon: Allows you to easily displays a balloon with the desired text, title, and icon in the system tray of Windows.
   Example of using this command:
   nircmd.exe trayballoon “Hello” “This is the text that will be appear inside the balloon !” “shell32.dll,-154” 10000
2. sendkeypress: This command is a new alternative for the sendkey command. sendkeypress is much easier to use if you want to send multiple key press combinations.
   Example of using this command:
   nircmd.exe sendkeypress ctrl+shift+esc alt+tab
   (This command will send ctrl+shift+esc keys combination and then alt+tab keys combination)
3. clonefiletime: This command simply clones the file date/time information into one or more files.
4. setconsolemode – Set the console mode (only for nircmdc.exe) – full screen mode or console window mode.
5. setconsolecolor – Allows you to set the foreground and background color of the console window text.
6. consolewrite – Simply write text into the stdout.
7. debugwrite – Write text into the debug output.

SmartSniff is a TCP/IP sniffer utility that allows you to capture TCP/IP packets on  your network adapter, and view the captured data as sequence of conversations between clients and servers.  By making some changes in the ‘Advanced Options’ window, you can use  SmartSniff as alternative to CurrPorts utility, and only view the general TCP connections activity on your network adapter, without capturing the data.  SmartSniff shows some information that is not available in CurrPorts utility, including number of packets, total transferred data, and current data speed in KB/Sec.

Here’s how to configure SmartSniff to only show general TCP connections activity:

1. Open the ‘Advanced Options’ window (Ctrl+O).
2. Select the ‘Only Display TCP/IP statistics’ option, so SmartSniff won’t create a large capture file.
3. Select the ‘Retrieve process information’ option, so SmartSniff will display the process of every connection, like CurrPorts utility.
4. Select the ‘Display only active connections’, so SmartSniff will automatically remove all closed connections from the list.
5. Click the  ‘Ok’ button in the  ‘Advanced Options’ window. In the main window, Select the ‘Hide Lower Pane’ option under the Options menu. The lower pane is not needed when you don’t capture the TCP data.
6. Start capture (F5) and watch the  TCP connections activity.

From time to time I receive complaints from people who say that my VideoCacheView utility freezes (hangs) completely without even the ability the kill the process. Yesterday I finally found out what is exactly wrong, after this problem also occurred in my own system.

When a Java applet (and possibly some other components) is loaded into a Web page, it may create one or more pipe handles. These pipe handles caused VideoCacheView to hang while scanning the file handles to find the opened temporary .flv files.  So if one or more Web pages with  Java applets were opened when VideoCacheView scanned the .flv files, it switched into a ‘Freeze’ status until these Java Web pages were closed.

The new release of VideoCacheView (1.77) should solve this freeze problem. So if you experienced this problem in the past, you can try to download the new version and check if it solves the problem.

The new version of NirLauncher package (1.10.x) provides to ability to edit the software groups and shortcuts directly inside the NirLauncher application, which is much easier than editing the package file (.nlp) in a text editor.  However,  this feature is still in Beta, and there are some things that you cannot do with it. For example: you cannot change the order of software groups (tabs) and they’ll simply appear in the order that you added them.

Here’s some tips about how to use this edit feature:

• In order to enter into edit mode, go to the Options menu, and check the ‘Edit Mode’ menu item.
• After you switched to edit mode, some editing menu items under the ‘Launcher’ menu will be enabled.
• When you in edit mode, you can double-click on every software icon in order to edit the software information (.exe file, help file, description, and so on)
• In order to add new applications, simply select the desired software group, and then drag one or more .exe files from Explorer into the window of NirLauncher.  The .exe files must be located under the folder/subfolder of the package file, so the path of the .exe file will be relative.
• You can also use the other options under the Launcher menu to add/edit/remove software groups and to delete unwanted software shortcuts.
• Finally, after making your changes, you can use the ‘Save Package’ option in order to save the changes into the package file.
• Be aware that if you switch into another package when you in edit mode, your changes will be lost.

In addition to this editing feature, I also made some performances improvement, especially when loading a software group in the second time. For example: if you click the ‘All Utilities’ tab, and then click another tab, and then click the ‘All Utilities’ tab again. the second  ‘All Utilities’ loading process will be much faster.

Edit software information in NirLauncher

NirLauncher Edit Menu

RegFileExport is a new command-line utility for advanced users that allows you to easily extract keys and values from offline Registry file located on external hard-drive and export them into a standard .reg file of Windows.  RegFileExport doesn’t load the file into a Registry hive like RegEdit,  instead, it directly reads the Registry file and analyzes it.

RegFileExport may also be able to extract keys and values from the Registry file even if the Registry file is corrupted and cannot be loaded by Windows.

For more information about RegFileExport utility, click here.

RegFileExport