Page 19 of 27

Re: New at NirSoft

Posted: Thu Mar 09, 2017 6:53 am
by billon
DataProtectionDecryptor

http://www.nirsoft.net/utils/dpapi_data_decryptor.html
DataProtectionDecryptor is a powerful tool for Windows that allows you to decrypt passwords and other information encrypted by the DPAPI (Data Protection API) system of Windows operating system. You can use this tool to decrypt DPAPI data on your current running system and to decrypt DPAPI data stored on external hard drive.

About DPAPI

DPAPI is a decryption/encryption system used by Microsoft products as well as by 3-party products to decrypt and encrypt passwords and other secret information on Windows operating system. DPAPI decrypted data always begins with the following sequence of bytes, so you can easily detect it:
01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB

Here's some examples for passwords and other data encrypted with DPAPI:
  • Passwords of Microsoft Outlook accounts, stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles or HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles or HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles (Depending on version of Outlook)
  • Credentials files of Windows (e.g: C:\Users\[User Profile]\AppData\Roaming\Microsoft\Credentials , C:\Users\[User Profile]\AppData\Local\Microsoft\Credentials)
  • Wireless network keys (Stored inside XML files under C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces)
  • Passwords in some versions of Internet Explorer, stored in the following Registry key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
  • Passwords stored in the passwords file of Chrome Web browser ('Login Data' file in the profile of Chrome)
  • Encrypted cookies in Chrome Web browser ('Cookies' file in the profile of Chrome)
Image

DataProtectionDecryptor

Posted: Thu Mar 09, 2017 6:55 am
by billon

Re: New at NirSoft

Posted: Thu Mar 09, 2017 7:16 am
by billon
@__philippe:

My explanation:
2-3 years ago there was big problems with NirSoft's password recovery tools - Google blocked them as malware. You can see that in chagelogs, e.g.:
Removed the command-line options that export the passwords to a file from the official version. A version of this tool with full command-line support will be posted on separated Web page.
After that, Nir Sofer changed DL links of these tools from http://www.nirsoft.net/utils/program.zip (like all NirSoft progs) to http://www.nirsoft.net/toolsdownload/program.zip. Also, you can download them only from program's page, only when you on that program's page and only with web-browser (same with NirLauncher). Some protection from Google-bot?
Nothing mysterious, actually.

New at Nirsoft - download hiccups

Posted: Thu Mar 09, 2017 11:28 am
by __philippe
@billon
Thanks for your much enlightening explanation about downloads of Nirsoft security-related tools. 8)

There is some logic, after all, behind the apparent erratic behavior of DL launched indirectly from third-party sites (such as TPFC),
as opposed to straight from the developer's site.

To recap billon's finding:

Re: New at NirSoft

Posted: Fri Mar 10, 2017 3:49 pm
by webfork
Just sent him a note.

Code: Select all

Hey I'm a moderator over at PortableFreeware.com.  We love your software and have a whole lot of entries written up highlighting your great work.

Recently we've had some users point out how some of our links have died.  Some discussion suggests that this might be for some entries and not others, and one user noted it might be a shift connected to security programs.

https://www.portablefreeware.com/forums/viewtopic.php?p=85743#p85743

Could you shine some light on this?

Thanks

Re: New at NirSoft

Posted: Mon Mar 20, 2017 6:26 pm
by webfork
billon wrote:My explanation
Congratulations:
nir wrote:The last message of billon is the right answer.

I moved all password-recovery downloads to toolsdownload directory in order to isolate them from the other programs. Also, downloading files from toolsdownload works only when there is HTTP referer inside the HTTP request.

Nir.

Re: New at NirSoft

Posted: Tue Mar 21, 2017 2:31 am
by __philippe
My! An answer from Nir, that's a case for celebration...;-)
(NirSoft's developer is known to be scoring rather modestly in his ratio of actual responses # / mail inquiries # .)

Teasing aside, Nir Sofer is THE unrivalled prolific developer of outstanding software tools we all freely enjoy, of course.

Further preaching to the choir, no doubt, but worth recalling all the same :

NirSoft tools benefits
  • Most utilities are written in C++, which make them fast, small and effective.
  • Nirsoft single utilities are usually less than 100KB, while many software companies
    create bloated installation packages measuring in tens of MBytes,
  • All utilities are portable and mostly don't require any installation.
  • All utilities refrain from writing anything to the Registry or to the user's profile folder.
    This means they can be used from a USB Flash drive, without leaving traces.
  • Most utilities can be used from command-line, without displaying any user interface.
  • No need to register or disclose your email in order to download from NirSoft.
  • All utilities are completely freeware, without any catch.

Re: New at NirSoft

Posted: Mon May 01, 2017 1:08 am
by billon
UninstallView

http://www.nirsoft.net/utils/uninstall_view.html
UninstallView is a tool for Windows that collects information about all programs installed on your system and displays the details of the installed programs in one table. You can use it to get installed programs information for your local system, for remote computer on your network, and for external hard-drive plugged to your computer. It also allows you to easily uninstall a software on your local computer and remote computer (Including quiet uninstall if the installer supports it).

MyUninstaller vs UninstallView

MyUninstaller is a very old tool originally developed in 2003 and it's now considered as outdated. UninstallView replaces the old MyUninstaller tool.
* MyUninstaller

Image

UninstallView

Posted: Mon May 01, 2017 1:10 am
by billon

Re: UninstallView

Posted: Mon May 01, 2017 2:06 am
by smaragdus
@billon
Done.

Re: New at NirSoft

Posted: Tue Jun 27, 2017 4:59 pm
by billon
NetworkUsageView

http://www.nirsoft.net/utils/network_usage_view.html
NetworkUsageView extracts and displays the network usage information stored in the SRUDB.dat database of Windows 8 and Windows 10. The network usage data is collected every hour by Windows operating systems and includes the following information: The name and description of the service or application, the name and SID of the user, the network adapter, and the total number of bytes sent and received by the specified service/application.

System Requirements

This tools works on Windows 8 and Windows 10. Previous versions of Windows are not supported because the operating system doesn't collect the network usage information.
Image

NetworkUsageView

Posted: Tue Jun 27, 2017 5:17 pm
by billon

Re: NetworkUsageView

Posted: Tue Jun 27, 2017 6:53 pm
by webfork
Thanks for doing that. Made a minor edit and voted.

Re: New at NirSoft

Posted: Tue Jul 11, 2017 11:20 pm
by billon
RegistryChangesView

http://www.nirsoft.net/utils/registry_changes_view.html
RegistryChangesView is a tool for Windows that allows you to take a snapshot of Windows Registry and later compare it with another Registry snapshots, with the current Registry or with Registry files stored in a shadow copy created by Windows. When comparing 2 Registry snapshots, you can see the exact changes made in the Registry between the 2 snapshots, and optionally export the Registry changes into a standard .reg file of RegEdit.

Examples for useful things you can do with this tool
  • You can create a Registry snapshot before installing a new software and then after the installation is completed, compare this Registry snapshot with the current Registry and see all Registry changes made by the installer (Be aware that you'll also see some changes made by Windows or other programs in the same time). If there are Registry changes that you don't like, you can generate a .reg file to revert back the changes.
  • If you make a change in Windows configuration from the GUI of Windows and you want to see how to make this change in the Registry, simply create a Registry snapshot before making the config change and then after the configuration change, compare this Registry snapshot with the current Registry and optionally generate a .reg file that makes this configuration change.
  • If there is unwanted change in the Registry of your system but you don't have any previous snapshot, you can compare the current Registry with a shadow copy created by Windows and try to locate the unwanted Registry changes.
  • You can also use this tool as a simple way to backup the Registry. The snapshot created by RegistryChangesView simply contains Registry hive files with the same name as the original one (ntuser.dat, SYSTEM, SOFTWARE, and so on...)
Image

RegistryChangesView

Posted: Tue Jul 11, 2017 11:23 pm
by billon