Didier Stevens

Tuesday 17 July 2007

UserAssist V2.3.0

Filed under: My Software,Reverse Engineering — Didier Stevens @ 6:05

I’m releasing version 2.3.0 of my UserAssist tool with these new features:

  • saved CSV files have a header.
  • entries are highlighted in red when they match a user-specified search term (which can be a regular expression). This is my answer to the persons asking for a search feature. As I didn’t want to bother with a Find Next function, I decided to implement a highlight feature.
  • the Save command also supports HTML.
  • support for the IE7 UserAssist GUID key {0D6D4F41-2994-4BA0-8FEF-620E43CD2812}
  • registry hive files (usually called NTUSER.DAT files) can be loaded directly with the tool. The tool will load the DAT file temporarily in the registry, read the UserAssistkeys and unload the file. This feature is experimental, because I didn’t write the code yet for all the exceptions (invalid NTUSER.DAT file, no access rights to the file, no rights to load the file, failure to unload the file, …).

Other requests, like a command-line option, will be investigated.I’m also researching special values of the count property, for example when a program is removed from the start menu list.

The software is hosted on my site now, as Microsoft will phase-out the User Samples section of the gotDotNet site.

Thanks to Ovie and Bret of the CyberSpeak podcast for talking about my UserAssist tool on their show. The announced interview is recorded :-)

6 Comments »

  1. […] UserAssist V2.3.0 – Didier has updated his UserAssist tool with some cool new features. Check out UserAssist here I’m releasing version 2.3.0 of my UserAssist tool with these new features: […]

    Pingback by www.andrewhay.ca » Suggested Blog Reading - Tuesday July 17th, 2007 — Wednesday 18 July 2007 @ 12:11

  2. Didier,

    very cool stuff!

    Quick question…are you seeing any entries under the IE7 UserAssist key?

    Harlan

    Comment by keydet89 — Wednesday 18 July 2007 @ 21:23

  3. No, not yet. But I’ve only looked at one of my PCs with IE7, and I use FF on that PC…

    Comment by Didier Stevens — Thursday 19 July 2007 @ 11:06

  4. Hello, just a question … I have export the file ntuser.dat but how can i convert it to .reg ? When i convert it that “Windows REgistry Recovery” (MITEC Software) UserAssist can’t open it !
    Cordially !

    Comment by Ypso — Friday 10 August 2007 @ 20:49

  5. Use Regedit for exporting. I show it in the movie of this post: http://didierstevens.wordpress.com/2006/09/18/a-windows-live-cd-plugin-for-my-userassist-utility/

    And I also explain it in my (IN)SECURE Magazine Issue 10 article (page 72): http://www.net-security.org/dl/insecure/INSECURE-Mag-10.pdf

    Comment by Didier Stevens — Monday 13 August 2007 @ 20:28

  6. Ok Thanks !

    Comment by Ypso — Friday 17 August 2007 @ 19:53


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 239 other followers

%d bloggers like this: