UltraEdit is my text editor on Windows. I developed a couple of simple scripts that I’m going to release.
The first one is SubstituteEachLine.js.
I run this script when I need to transform each line into another form. Take this example where I want to create a Python dictionary with these words:
I start my script and type this template (%% is the placeholder for each original line in the document):
The script replaces each line in the document like this:
I also often use this in a command-line environment with a limited shell. For example, to rename a bunch of files in “DOS”, I put the list of filenames in a text document and then run my script: “ren %% %%.old”. As shown in this example, you can use the placeholder (%%) more than once in the template. But you can’t escape the placeholder string.
PS: you can also use regex search and replace to do this, but there are cases were I prefer my script.
This update to my Prefetch File 010 Template adds Sections A through D.
There is extra error handling in this new version.
virustotal-search and virustotal-submit have their own page now: VirusTotal Tools.
In 2009 I added a command to my Disitool to inject data “into” an Authenticode signature without invalidating it.
This year I reported on some installer programs using this padding trick.
With MS13-098, Microsoft releases a patch to prevent this signature padding trick. This change in behavior will become active June 10th 2014.
But you can already activate it now by setting reg_sz key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck to “1”.
Here is the effect illustrated with my AnalyzePESig tool:
But beware of a potential issue with this regkey. Setting it to “0” will not revert to the old behavior (tested in VM with Windows XP SP3).
I had to deleted the key (actually, I renamed it) and reboot to revert to the old behavior. I informed Microsoft.
This is an important update to virustotal-search.py.
Rereading the VT API, I noticed I missed the fact that the search query accepts up to 4 search terms.
This new version submits 4 hashes at a time, making it up to 4 times faster than previous versions.