Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
DataProtectionDecryptor is a powerful tool for Windows that allows you to decrypt passwords and other information encrypted by the DPAPI (Data Protection API) system of Windows operating system. You can use this tool to decrypt DPAPI data on your current running system and to decrypt DPAPI data stored on external hard drive.
About DPAPI
DPAPI is a decryption/encryption system used by Microsoft products as well as by 3-party products to decrypt and encrypt passwords and other secret information on Windows operating system. DPAPI decrypted data always begins with the following sequence of bytes, so you can easily detect it:
01 00 00 00 D0 8C 9D DF 01 15 D1 11 8C 7A 00 C0 4F C2 97 EB
Here's some examples for passwords and other data encrypted with DPAPI:
Passwords of Microsoft Outlook accounts, stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles or HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles or HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles (Depending on version of Outlook)
Credentials files of Windows (e.g: C:\Users\[User Profile]\AppData\Roaming\Microsoft\Credentials , C:\Users\[User Profile]\AppData\Local\Microsoft\Credentials)
Wireless network keys (Stored inside XML files under C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces)
Passwords in some versions of Internet Explorer, stored in the following Registry key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
Passwords stored in the passwords file of Chrome Web browser ('Login Data' file in the profile of Chrome)
Encrypted cookies in Chrome Web browser ('Cookies' file in the profile of Chrome)
My explanation:
2-3 years ago there was big problems with NirSoft's password recovery tools - Google blocked them as malware. You can see that in chagelogs, e.g.:
Removed the command-line options that export the passwords to a file from the official version. A version of this tool with full command-line support will be posted on separated Web page.
After that, Nir Sofer changed DL links of these tools from http://www.nirsoft.net/utils/program.zip (like all NirSoft progs) to http://www.nirsoft.net/toolsdownload/program.zip. Also, you can download them only from program's page, only when you on that program's page and only with web-browser (same with NirLauncher). Some protection from Google-bot?
Nothing mysterious, actually.
@billon
Thanks for your much enlightening explanation about downloads of Nirsoft security-related tools.
There is some logic, after all, behind the apparent erratic behavior of DL launched indirectly from third-party sites (such as TPFC),
as opposed to straight from the developer's site.
Hey I'm a moderator over at PortableFreeware.com. We love your software and have a whole lot of entries written up highlighting your great work.
Recently we've had some users point out how some of our links have died. Some discussion suggests that this might be for some entries and not others, and one user noted it might be a shift connected to security programs.
https://www.portablefreeware.com/forums/viewtopic.php?p=85743#p85743
Could you shine some light on this?
Thanks
nir wrote:The last message of billon is the right answer.
I moved all password-recovery downloads to toolsdownload directory in order to isolate them from the other programs. Also, downloading files from toolsdownload works only when there is HTTP referer inside the HTTP request.
My! An answer from Nir, that's a case for celebration...
(NirSoft's developer is known to be scoring rather modestly in his ratio of actual responses # / mail inquiries # .)
Teasing aside, Nir Sofer is THE unrivalled prolific developer of outstanding software tools we all freely enjoy, of course.
Further preaching to the choir, no doubt, but worth recalling all the same :
NirSoft tools benefits
Most utilities are written in C++, which make them fast, small and effective.
Nirsoft single utilities are usually less than 100KB, while many software companies
create bloated installation packages measuring in tens of MBytes,
All utilities are portable and mostly don't require any installation.
All utilities refrain from writing anything to the Registry or to the user's profile folder.
This means they can be used from a USB Flash drive, without leaving traces.
Most utilities can be used from command-line, without displaying any user interface.
No need to register or disclose your email in order to download from NirSoft.
All utilities are completely freeware, without any catch.
UninstallView is a tool for Windows that collects information about all programs installed on your system and displays the details of the installed programs in one table. You can use it to get installed programs information for your local system, for remote computer on your network, and for external hard-drive plugged to your computer. It also allows you to easily uninstall a software on your local computer and remote computer (Including quiet uninstall if the installer supports it).
MyUninstaller vs UninstallView
MyUninstaller is a very old tool originally developed in 2003 and it's now considered as outdated. UninstallView replaces the old MyUninstaller tool.
NetworkUsageView extracts and displays the network usage information stored in the SRUDB.dat database of Windows 8 and Windows 10. The network usage data is collected every hour by Windows operating systems and includes the following information: The name and description of the service or application, the name and SID of the user, the network adapter, and the total number of bytes sent and received by the specified service/application.
System Requirements
This tools works on Windows 8 and Windows 10. Previous versions of Windows are not supported because the operating system doesn't collect the network usage information.
RegistryChangesView is a tool for Windows that allows you to take a snapshot of Windows Registry and later compare it with another Registry snapshots, with the current Registry or with Registry files stored in a shadow copy created by Windows. When comparing 2 Registry snapshots, you can see the exact changes made in the Registry between the 2 snapshots, and optionally export the Registry changes into a standard .reg file of RegEdit.
Examples for useful things you can do with this tool
You can create a Registry snapshot before installing a new software and then after the installation is completed, compare this Registry snapshot with the current Registry and see all Registry changes made by the installer (Be aware that you'll also see some changes made by Windows or other programs in the same time). If there are Registry changes that you don't like, you can generate a .reg file to revert back the changes.
If you make a change in Windows configuration from the GUI of Windows and you want to see how to make this change in the Registry, simply create a Registry snapshot before making the config change and then after the configuration change, compare this Registry snapshot with the current Registry and optionally generate a .reg file that makes this configuration change.
If there is unwanted change in the Registry of your system but you don't have any previous snapshot, you can compare the current Registry with a shadow copy created by Windows and try to locate the unwanted Registry changes.
You can also use this tool as a simple way to backup the Registry. The snapshot created by RegistryChangesView simply contains Registry hive files with the same name as the original one (ntuser.dat, SYSTEM, SOFTWARE, and so on...)