Coming to an end…

Today I uploaded the .NET Generic Unpacker for x64. It may turn useful sometime…

Yesterday I wrote the disassembler for the CFF Explorer. Very slowly the new release is coming to an end. Truth is I’m tired of working on it, but I can’t release it berfore everything is ready. I’m sure there never have been (and never are going to be again) that many updates in a new release of the CFF Explorer as in this version.

Direction Change

NTCore started as something very small and mainly for commercial reasons. I needed a name that could be used to work with companies and other developers. It even started as a team. Again, for commercial reasons. However, through the years it became more and more clear to me that I wanted NTCore to become more personal and less commercial. NTCore is going to be the page where I release my articles and my software, and I hope that you’ll find this material useful for you and/or your company.

Daniel Pistelli

CFF Explorer Script

I’m implementing the LUA as scripting language in the CFF Explorer. It’s working very well and I managed to make it support unicode. Actually, it converts unicode down to utf8, but what’s important is that it keeps the characters as they are. The only thing to remember is that the code itself when handling strings is actually working with utf8 ones. That said, it doesn’t matter how the script is saved as a file on disk: it can be ascii, utf8 or unicode.

I’m not only adding functions for handling Portable Executables, but also a few to communicate with the user. Something similar to VBS with message box, input box, open file, save file, open folder etc.

Here’s a little example of how I implemented the message box function:

if MsgBox(“Continue?”, “My Script”, MB_YESNO | MB_ICONQUESTION) == IDYES then
   MsgBox(“Final Message Box”)
end

The syntax of the message box can be:

MsgBox(Caption)
or
MsgBox(Caption, Title)
or
MsgBox(Caption, Title, Type)

Of course, it will take some other time to write all the functions, but it won’t be too long. What I’m still thinking about is how modify a file multiple times or just one time. E.g.:

AddResource(“filename”, “resname”, ..)

but also:

filehandle = OpenFile(“filename”)
AddResource(filehandle, “resname”, ..)
CloseFile(filehandle)

So that a single file must not necessary be opened for every operation. On the other hand, it would be also very nice to modify a file with just one line of script. So, I’m looking for a way to implement both systems.

Extensions Bug

Today I fixed a major bug in the extension support. I’m sorry, but I guess you have to update your Explorer Suite if you downloaded it yesterday. Sometimes, the old version of the CFF Explorer crashes. It depends on the name of the extension you’re loading. I’m sorry, but I forgot to write a “break;” in the loop which alphabetically orders the extensions.

Explorer Suite II: Coming Soon

I know, there’s been a bit of delay, but the Explorer Suite II will soon be available. The reason there’s been so much delay is the amount of things I’ve added to the suite. Including the PE Detective and the Signature Explorer. Also, the Task Explorer has now a windows enumerating utility. But, of course, most of the news affect the CFF Explorer. Finally, support for plugins has been added. An SDK and a wizard for Visual Studio 2005 to create extensions has also been provided. A little demo plugin to use upx from the CFF Explorer is included. The Resource Viewer is now a Resource Editor with support for Vista’s PNG icons. There are many other new things, but I don’t want to say too much yet. I just wanted to say that the project is still very active and that the next version will be very satisfying, I think.