Didier Stevens

Wednesday 27 April 2011


Filed under: My Software — Didier Stevens @ 16:12

When the suspender DLL is loaded inside a process, it will wait for 60 seconds and then suspend all the threads of the host process. If you want another delay, just change the name of the file by appending the number of seconds to sleep. For example, suspender10.dll will wait for 10 seconds before suspending the process.

To resume the process, you can use Process Explorer.

I’ve used this DLL to analyze malware and to disable some unwanted programs without killing them.

And from now on, I’ll try to release 32-bit and 64-bit versions of my tools.


Suspender_V0_0_0_3.zip (https)

MD5: C87FCAB2586C6154B58FB0F95FBB1FBE

SHA256: 56D0C641569E99AC31C7590DE513025E21166747565B73C5EBE34346616FFB2F

Tuesday 19 April 2011

Signed Spreadsheet with cmd.dll & regedit.dll

Filed under: Hacking,My Software — Didier Stevens @ 14:05

Remember my Excel with cmd.dll & regedit.dll?

Paul Craig has a signed version of my spreadsheet on his iKAT site. Download ikat3.zip and look for officekat.xls.

These signed macros are handy when you’re working in a restricted environment that requires Office macros to be signed.

Wednesday 6 April 2011


Filed under: Hardware — Didier Stevens @ 8:34

When Phidget came out with this new IR temperature sensor, a lightbulb went off. This sensor measures temperature without contact. Point it to the chair in front of your computer, and it will measure your body temperature. Or the temperature of your chair, if you’re not sitting in front of your computer.

And that’s the idea: I wrote a program that locks your Windows workstation when you leave your chair (e.g. when the temperature drops).

In this screenshot, LockIfNotHot is configured to lock the workstation when the temperature drops below 25┬░C during 3 seconds and there is no user input during 2 seconds.

Once the workstation is locked, you need to provide your Windows account password to unlock it.


LockIfNotHot_V0_0_1.zip (https)

MD5: 188BE76E0A5BCCA26A8736F8F0C4061C

SHA256: CA915265D3B224DF3AA95E5C59B7C0E7EDF239DF50FC1C03F2C991A8B1800AD2

Blog at WordPress.com.