Three days ago I got sick (not unusual for me) and had to stay in bed. Unfortunately, I easily get bored by just staying in bed. Ok, I watch some movies, I read, but then I feel the urge to do something. On the other hand, I wasn’t in the mood of working on the CFF Explorer or finishing my new article. So, I decided to work on something more relaxing (even though it turned out to be more stressful than I thought).

The result of these three days is Vista4Experts, which is, in my opinion, is kind of a treat for people like us (meaning experts), who don’t want security center notifications, User Account Control dialogs, automatic Windows Defender scannings, automatic update installations (which cause you to reboot your system if you don’t react quickly enough). People who want MSDN (or google) set as default search engine in the Internet Explorer search bar, who want the start menu power button to shut down the system instead of hibernating it, etc. These and many more fixes are included in Vista4Experts. All of these changes can be discarded, enabled or reversed. Vista4Experts is the first expert utility of its kind and works on every platform.

I realize, of course, that many fixes in Vista4Experts lower Windows Vista’s default security, but that’s the difference between users who feel enough confident to decide what’s best for their system and users who don’t. Many of Windows Vista’s security features are extremely annoying to many developers and other IT experts.

I even think it’s bad that Microsoft didn’t provide a permanent way to disable the driver signature verification and making it possible only for signed drivers to run on x64 (that if the user isn’t in the mood of pressing F8 on every boot). A way of replying to my criticism is to say that many hardware manufacturers would force the user to disable the driver verification in order to use their drivers, but that’s non-sense! No serious manufacturer would do that. This is my system and I want to run any driver that I want to! I’m pretty sure I won’t involuntarily execute a rootkit, don’t worry about me Microsoft…

Let’s take for example TrueCrypt. It’s a top quality free software and, of course, works through a file system driver. Why should the author/company pay 500$ (or less) for a 1-year certificate to sign their driver? Ok, it’s not a problem for TrueCrypt, since this product was famous long time before Vista came along. Its community surely will cover all the expenses, I suppose. But what about a new project which may start now. Should the developer invest 500$ for something which might not even cover his expenses? Oh, sure, 500$ isn’t that much, and he can do pay this amount without selling computer, but the questions are: is it right? Will he?
And myself, the user, why shouldn’t I be able to run his driver if I absolutely want to? That, of course, without being bothered by the terrible F8 or by installing a test certificate?

We keep going in the direction where the user has less and less control over his own system. It’s unfair and disappointing.

Coming to an end…

Today I uploaded the .NET Generic Unpacker for x64. It may turn useful sometime…

Yesterday I wrote the disassembler for the CFF Explorer. Very slowly the new release is coming to an end. Truth is I’m tired of working on it, but I can’t release it berfore everything is ready. I’m sure there never have been (and never are going to be again) that many updates in a new release of the CFF Explorer as in this version.

Direction Change

NTCore started as something very small and mainly for commercial reasons. I needed a name that could be used to work with companies and other developers. It even started as a team. Again, for commercial reasons. However, through the years it became more and more clear to me that I wanted NTCore to become more personal and less commercial. NTCore is going to be the page where I release my articles and my software, and I hope that you’ll find this material useful for you and/or your company.

Daniel Pistelli

CFF Explorer Script

I’m implementing the LUA as scripting language in the CFF Explorer. It’s working very well and I managed to make it support unicode. Actually, it converts unicode down to utf8, but what’s important is that it keeps the characters as they are. The only thing to remember is that the code itself when handling strings is actually working with utf8 ones. That said, it doesn’t matter how the script is saved as a file on disk: it can be ascii, utf8 or unicode.

I’m not only adding functions for handling Portable Executables, but also a few to communicate with the user. Something similar to VBS with message box, input box, open file, save file, open folder etc.

Here’s a little example of how I implemented the message box function:

if MsgBox(“Continue?”, “My Script”, MB_YESNO | MB_ICONQUESTION) == IDYES then
   MsgBox(“Final Message Box”)

The syntax of the message box can be:

MsgBox(Caption, Title)
MsgBox(Caption, Title, Type)

Of course, it will take some other time to write all the functions, but it won’t be too long. What I’m still thinking about is how modify a file multiple times or just one time. E.g.:

AddResource(“filename”, “resname”, ..)

but also:

filehandle = OpenFile(“filename”)
AddResource(filehandle, “resname”, ..)

So that a single file must not necessary be opened for every operation. On the other hand, it would be also very nice to modify a file with just one line of script. So, I’m looking for a way to implement both systems.

Extensions Bug

Today I fixed a major bug in the extension support. I’m sorry, but I guess you have to update your Explorer Suite if you downloaded it yesterday. Sometimes, the old version of the CFF Explorer crashes. It depends on the name of the extension you’re loading. I’m sorry, but I forgot to write a “break;” in the loop which alphabetically orders the extensions.