Unchecky has been acquired by Reason Software Company

I’m happy to announce that Unchecky has been acquired by Reason Software Company Inc., the company behind Should I remove it? and herdProtect, and has been integrated into the new Reason security product, Reason Core Security.

The Reason Company has a vision similar to Unchecky, which aims to protect users from potentially unwanted programs and offers. Reason Core Security is a comprehensive anti-malware security suite, designed to keep the users safe from malware, as well as to prevent accidental installations of unwanted programs.

For existing Unchecky users, nothing will change: if you don’t need the power of Reason Core Security, you can continue to use Unchecky, which is not abandoned – it will continue to be developed as a standalone program as well as a Reason Core Security component.

I would like to thank everybody who supported Unchecky during its development, and I’m sure that it will become a part of a great product, which will provide a comprehensive solution to the problem of malware and potentially unwanted programs.

Posted in Software, Updates at April 14th, 2015. 17 Comments.

QuickAddressCopy (an OllyDbg v1.10 plugin)

This tiny plugin allows you to copy the address of the selected item/command/byte with the Ctrl+X keyboard shortcut.

Note that the plugin works only for OllyDbg v1.10. For OllyDbg v2, you can achieve the same with:
Options -> Edit shortcuts… (“Copy address” in “Dump: Edit”)

zip quick_address_copy.zip (1.6 kB)

Posted in Releases, Software at March 17th, 2015. No Comments.

Portablizer (an OllyDbg plugin)

This plugin makes your copy of OllyDbg portable, which means that you can copy the OllyDbg folder to another location without having to fix ollydbg.ini manually.
OllyDbg v1.10 and OllyDbg v2 are supported.

OllyDbg v1.10

Usage:

  1. Copy portablizer.dll to the plugins folder.
  2. Apply the ollydbg-patch.exe patch on ollydbg.exe.
    The patch is needed because by default, OllyDbg loads the plugins at a later stage.
  3. Run OllyDbg from the correct folder, then close it.
  4. Make sure that the entries of ollydbg.ini contain relative paths (the [History] section).

Limitations:

  1. The plugin DLL file must be named portablizer.dll.
OllyDbg v2

Usage:

  1. Copy portablizer_odbg2.dll to the plugins folder.
  2. Run OllyDbg from the correct folder, then close it.
  3. Make sure that the entries of ollydbg.ini contain relative paths (the [History] section).
Download

zip portablizer.zip (63.01 kB)

Posted in Releases, Software at March 17th, 2015. No Comments.

7+ Taskbar Tweaking Library

7+ Taskbar Tweaking Library is a library for manipulating the taskbar of Windows 7 and above. It’s inspired by the 7+ Taskbar Tweaker program, and it allows you, as a programmer, to manipulate the Windows taskbar, which is virtually impossible to do with the documented Windows API.

You can take a quick look at the provided API here. For a more extensive look, refer to the examples which are provided together with the library.

In general, the library allows you to:

  • Get extensive information about the taskbar items and groups on all taskbars.
  • Reorder taskbar items, and reorder buttons within groups.
  • Set per-AppId settings.

For example, if you’d like to have the taskbar button of your program to never show labels, you can easily do it with the library:

Download

You can get 7+ Taskbar Tweaking Library here:

rar TTLib.rar (155.67 kB)

Please note that the library is free for non-commercial use only. If you’re interested in using the library for a commercial application, please contact me.

Posted in Programming at October 31st, 2014. 10 Comments.

7+ Taskbar Tweaker for Windows 10: early alpha version

Windows 10 Technical Preview was recently released by Microsoft, and as you might have noticed, 7+ Taskbar Tweaker doesn’t run on it. A while ago I wrote a blog post, which answers some of the questions about 7+ Taskbar Tweaker and Windows 10.

I’m happy to announce that the very first alpha version of 7+ Taskbar Tweaker for Windows 10 (Technical Preview) is ready for some testing. Those of you who have donated for the porting effort can get the alpha version here.

Please note that this version is not complete. While several options work well, others don’t work as expected, and some don’t work at all. Most of these issues are known, and will be fixed in future alpha versions.

Alpha version changelog

  • v4.5.9.2 (November 7): fixes many bugs.
  • v4.5.9.3 (November 14): fixes several bugs, and includes 7+ Taskbar Tweaker beta changes (including the “disable_taskbar_transparency” advanced option).
  • v4.5.9.4 (November 28): adds support for Windows 10 Build 9879 (and drops support for previous Windows 10 builds).
  • v4.5.9.5 (February 21): updated for build 9926.
  • v4.5.9.6 (February 21): bugfixes.
  • v4.5.9.7 (March 27): updated for build 10041.
  • v4.5.9.8 (March 28): bugfixes.
  • v4.5.9.9 (May 8): updated for build 10074.
  • v4.5.9.10 (May 15): Korean translation.
Posted in Software, Updates at October 24th, 2014. 74 Comments.

Unchecky v0.3

Introducing Unchecky v0.3!

The new version of Unchecky provides you with more visual feedback:

  • A tray icon is visible as long as the Unchecky service is running.
  • When an offer is rejected, a notification message is shown (see screenshot below).

unchecky_0.3_notification_icon

Also, Unchecky v0.3 has an activity log, which was the most requested feature on UserEcho. You can see which installers were handled by Unchecky, how many offers were rejected, and how many warnings were displayed:

unchecky_0.3_activity_log

As you can see from the above screenshot, there are also social network buttons, which allow you to tell your friends and family about Unchecky. Please use them! We have great plans about Unchecky, and we need your help to spread the word.

Posted in Software, Updates at October 7th, 2014. 12 Comments.

7+ Taskbar Tweaker and Windows 10

Windows 10 Technical Preview was just released by Microsoft several days ago, and I’ve already received many questions about 7+ Taskbar Tweaker support for it. I’d like to answer some of those.

Q: I tried to run 7+ Taskbar Tweaker on Windows 10 Preview and I get a messagebox that says it’s only for win7/8. Do you reckon it would work if you disable the windows check inside 7+ TT?

A: No, that won’t work. What you’ll get instead is a different error message box, or, if you’re less lucky, an explorer crash.

Q: If 7+ Taskbar Tweaker works fine on Win 8.1, I guess it’s a small adjustment to make it work in Win 10, isn’t it?

A: That’s kind of correct, depending on what you’re considering as a “small adjustment”. But that’s not something that can be done in a couple of minutes. Or hours. While that’s obviously less work than writing 7+ Taskbar Tweaker from scratch, it requires careful tuning for the memory layout of the new explorer, and the fact that it looks/behaves just like explorer from Windows 8.1 doesn’t help here.

Q: Can donations, as in the case Windows 8.1, accelerate the situation?

A: Yes, it will help. You can donate here.
Include the w10p (Windows 10 Porting) word in the donation comments to specify that your donation is targeted for the porting.

Below is a progress bar of the donations, with the goal set as the estimated time the porting is going to take, with an average wage.


As with the Windows 8.1 Update 1 porting progress, all donors will get access to early alpha versions during the porting process.
Also, the top three donors will get mentioned in the changelog.

Thanks in advance for your help! If things go well, I’ll try to allocate time for it next week.

Update (October 24): The first alpha version is available! More details here.

Posted in Software, Updates at October 4th, 2014. 5 Comments.

7+ Taskbar Tweaker is five years old today!

Exactly five years ago, 7 Taskbar Tweaker v1.0 was released (changelog).
Here’s how it looked:

And here’s where it all started.

Happy birthday!

Posted in Software, Updates at September 30th, 2014. 18 Comments.

Multiline Ultimate Assembler v2.3

Multiline Ultimate Assembler v2.3 is out.

x64_dbg support

Starting from version 2.3, the Multiline Ultimate Assembler plugin supports the x64_dbg debugger in addition to OllyDbg and Immunity Debugger.

x64_dbg is a relatively new project, and thus not all features could be implemented for it. For example, the option to disassemble external code is not available, as the debugger doesn’t expose this information.

Despite of the limitations, x64_dbg evolves quickly, and is already usable for many tasks. It can be extremely useful for 64-bit targets, as the more mature OllyDbg can only handle 32-bit executables at the moment.

Multiline comments

It’s possible to use the COMMENT directive to define a comment which consists of multiple lines, using the MASM syntax:

COMMENT delimiter [text]
[text]
[text] delimiter [text]

Other changes

In addition to the above, v2.3 adds drag and drop support to the editor, and fixes a couple of minor bugs.

P.S. The text editor component, RAEdit, was originally written in 32-bit x86 assembly. If you’re wondering how it was ported to 64-bit, refer to the post C as a portable assembly: porting RAEdit to 64-bit.

Posted in Software, Updates at September 4th, 2014. No Comments.

C as a portable assembly: porting RAEdit to 64-bit

In the Multiline Ultimate Assembler plugin for OllyDbg, I use an editor component called RAEdit, written by KetilO in 32-bit x86 assembly. It’s a great component, lightweight and simple to use.

Recently, I’ve been working on a port of Multiline Ultimate Assembler for the x64_dbg debugger. After porting the 32-bit version of the plugin, I realized that there’s a problem porting it to 64-bit: the RAEdit component is written in 32-bit x86 assembly. While it’s somewhat similar to 64-bit x86 assembly, there’s no way to automatically port an assembly codebase from 32-bit to 64-bit. I had a couple of options:

  • Finding an alternative editor component.
  • Using a hack, e.g. running the editor window as a separate 32-bit process.
  • Porting RAEdit to 64-bit.

I looked for an alternative, but didn’t find a decent one. Also, I didn’t like the second option, so I’ve decided to port RAEdit. But how do I port an assembly codebase from 32-bit to 64-bit? I’m not familiar with MASM syntax, which the codebase uses. Perhaps it was possible to port the codebase to 64-bit MASM using macros and such. But I came up with a more creative idea: to port it to C first! After all, C is considered by some as a portable assembly.

The code uses MASM macros such as .if/.while extensively, which can be easily translated to C. Most assembly commands can be translated to C as well. I had to manually change some of the exotic stuff (such as usage of the CARRY flag), but most of the code was ready for automatic translation.

Then, I wrote a script which uses regular expression search/replace to translate every line of assembly to C. The initial result can be seen here. After some tweaking, I could get the code to compile. Due to the fact that there’s no type correctness in assembly, GCC displayed more than 1,000 warnings, most of which complain about incompatibility of types. I was actually surprised that it was able to compile.

Obviously, the code didn’t work right away. I had to fix a couple of things manually, but after some tweaking, it actually worked! And after some more tweaks for 64-bit portability (mainly adjusting pointer vs integer types and pointer size constants), the compiled 64-bit library worked as well!

It’s interesting to compare manually written assembly code with code generated by a compiler. Mostly, the original code is slimmer and looks more optimized. For example, assembly vs C of the SkipSpace function (clickable):

So there we have it, originally written in 32-bit x86 assembly, the library can now be (theoretically) compiled on every platform. It would be interesting to check whether it works on ARM/Windows RT, too. The main repository of the C port can be found here: https://github.com/RaMMicHaeL/RAEditC

Posted in Programming at August 20th, 2014. 3 Comments.