Direction Change

NTCore started as something very small and mainly for commercial reasons. I needed a name that could be used to work with companies and other developers. It even started as a team. Again, for commercial reasons. However, through the years it became more and more clear to me that I wanted NTCore to become more personal and less commercial. NTCore is going to be the page where I release my articles and my software, and I hope that you’ll find this material useful for you and/or your company.

Daniel Pistelli

CFF Explorer Script

I’m implementing the LUA as scripting language in the CFF Explorer. It’s working very well and I managed to make it support unicode. Actually, it converts unicode down to utf8, but what’s important is that it keeps the characters as they are. The only thing to remember is that the code itself when handling strings is actually working with utf8 ones. That said, it doesn’t matter how the script is saved as a file on disk: it can be ascii, utf8 or unicode.

I’m not only adding functions for handling Portable Executables, but also a few to communicate with the user. Something similar to VBS with message box, input box, open file, save file, open folder etc.

Here’s a little example of how I implemented the message box function:

if MsgBox(“Continue?”, “My Script”, MB_YESNO | MB_ICONQUESTION) == IDYES then
   MsgBox(“Final Message Box”)

The syntax of the message box can be:

MsgBox(Caption, Title)
MsgBox(Caption, Title, Type)

Of course, it will take some other time to write all the functions, but it won’t be too long. What I’m still thinking about is how modify a file multiple times or just one time. E.g.:

AddResource(“filename”, “resname”, ..)

but also:

filehandle = OpenFile(“filename”)
AddResource(filehandle, “resname”, ..)

So that a single file must not necessary be opened for every operation. On the other hand, it would be also very nice to modify a file with just one line of script. So, I’m looking for a way to implement both systems.

Extensions Bug

Today I fixed a major bug in the extension support. I’m sorry, but I guess you have to update your Explorer Suite if you downloaded it yesterday. Sometimes, the old version of the CFF Explorer crashes. It depends on the name of the extension you’re loading. I’m sorry, but I forgot to write a “break;” in the loop which alphabetically orders the extensions.

Explorer Suite II: Coming Soon

I know, there’s been a bit of delay, but the Explorer Suite II will soon be available. The reason there’s been so much delay is the amount of things I’ve added to the suite. Including the PE Detective and the Signature Explorer. Also, the Task Explorer has now a windows enumerating utility. But, of course, most of the news affect the CFF Explorer. Finally, support for plugins has been added. An SDK and a wizard for Visual Studio 2005 to create extensions has also been provided. A little demo plugin to use upx from the CFF Explorer is included. The Resource Viewer is now a Resource Editor with support for Vista’s PNG icons. There are many other new things, but I don’t want to say too much yet. I just wanted to say that the project is still very active and that the next version will be very satisfying, I think.

Windows Vista x64

Today, I released my new article about Windows Vista and the x64 platform.

Here’s the article’s index:

x64 Section
x64 Assembly
C/C++ Programming
Inline Assembly
Windows On Windows
File System And Registry Redirection
Interprocess Communication
Portable Executable
Exception Handling
.NET Framework
Vista Section
Microsoft Visual Studio
User Account Control
Compatibility Verification
Obtaining Admin Rights
Disable It
Address Space Layout Randomization
Driver Signing
Patch Guard
Registry Filtering
Power Management
.NET Framework 3.0
Windows Presentation Foundation
Windows Communication Foundation
Windows Workflow Foundation

I hope you enjoy the article and don’t dislike the idea of such a general overview about two really extensive subjects like x64 and Windows Vista. I noticed during the writing that I had to put a lot of images in the article and that this might be problem for slow connections. I’m sorry for that, but it’s the direct consequence of not subdividing this paper in more articles.