Nov 252014
 

What’s ResourceDigger?

Wrote a utility (long back) for displaying resources from binary files, recently did some modifications as well. We know visual studio does provide a similar functionality but this one’s better with respect to viewing resources. You can view as many resource files as you like (haven’t put a limit). You can drag and drop folders or binaries into the application to get them loaded. Loads up any binary as long LoadLibrary succeeds. Quite useful for a quick view of resources in a binary file, will add editing of resources in the next version of this tool. Hope this helps.

Here is a screenshot of how the tool looks…

ResourceDigger: Application Screenshot

How to use ResourceDigger

Easy to use. Just drag and drop a folder or a bunch of executables. Or…
To load an executable press Ctrl + L or Load Exe toolbar button

ResourceDigger: Load Executable

To load a folder press Ctrl +D, or Scan Folder toolbar button. Select “Load Sub Directories” if you want to recurse into sub-directories.

ResourceDigger: Load a folder of resources

What features are supported in ResourceDigger

Some of the features supported by the application…

  • Viewing animated gifs, normal gifs, pngs, jpegs, bmps, HTML files, manifest files.
  • Display group icons, cursors with detailed description of each of them… See screenshot…
    ResourceDigger: Icon Group Display
  • Friendly display of accelerator table, a good way to know all the shortcuts provided by an application…
    ResourceDigger: Accelerator Resource
  • Friendly display of string table…
    ResourceDigger: String table resource
  • Displays resources in all available languages
    ResourceDigger: Multi Languages Resource
    ResourceDigger: Multi Language Dialog Resource
  • Animated view of AVI file. With a toolbar to control frames in the AVI file.
    ResourceDigger: Version Resource
  • Version display… (there are few issues, I’m working on them)
    image
  • Clear view of registry resources…
    ResourceDigger: Registry Resource
  • Toolbar resource view…
    ResourceDigger: Toolbar Resource
  • Menu resource display…
    ResourceDigger: Menu Resource
  • Hex display of custom resources…
    ResourceDigger: Hex display of unknown resources

Known Issues

  • Hangs up if you give a folder with a humungous list of binaries.
  • This is not multithreaded so just be patient until resources finish loading.

Tips

Press ‘*’ on a particular node to expand all its child nodes.

Download Link (rename from .Jpg to .exe)

Do let me know your suggestions…

Oct 212014
 

What’s Fsutil?

Fsutil is a Windows command line utility to help manage FAT and NTFS file systems. Common uses of this command is to…

  • Manage 8dot3name filenames, remove all short names in a folder.
  • View disk details
  • Query file system parameters
  • Dismounting volumes
  • Turning on last access time stamp on NTFS volumes
  • Figuring out file links
  • etc

I’ll be showing you few sample commands using Fsutil.

How to manage 8dot3name filenames using Fsutil?
Query 8dot3name filename status…

C:\>Fsutil 8dot3name query
The registry state is: 1 (Disable 8dot3 name creation on all volumes).

Scan registry to figure impact if 8dot3name filenames were removed from a directory

C:\>Fsutil 8dot3name scan /s c:\users\username\documents
Scanning registry…
<snip>

Enable or Disable 8dot3name file creation

C:\>Fsutil 8dot3name set
usage : set [0 through 3] | [<Volume Path> 1 | 0]

When a volume is not specified the operation updates the registry value:

0 – Enable 8dot3 name creation on all volumes on the system
1 – Disable 8dot3 name creation on all volumes on the system
2 – Set 8dot3 name creation on a per volume basis
3 – Disable 8dot3 name creation on all volumes except the
system volume

When a volume is specified the operation updates the individual
volume’s on disk flag.  This operation is only meaningful
if the registry value is set to 2.

0 – Enable 8dot3 name creation on this volume
1 – Disable 8dot3 name creation on this volume

This operation takes effect immediately (no reboot required).

Sample commands:
“Fsutil 8dot3name set 1”      – disable 8dot3 name creation on all volumes
“Fsutil 8dot3name set C: 1”   – disable 8dot3 name creation on c:

Strip a folder of 8dot3name file names

C:\>Fsutil 8dot3name strip
Usage : Fsutil 8dot3name strip </t> </s> </f> </l log file> </v> DirectoryPath

This command permanently removes 8dot3 file names from your volume. It will
list the registry keys pointing to the stripped 8dot3names but will not modify
the affected registry keys. Stripping will not be performed on files with full
path names longer than the maximum path length of 260 characters.

***WARNING***
If there are affected registry keys and you decide to use the override
switch /f, it is recommended that you backup your volume as it may lead to
unexpected application failures, including the inability to uninstall.

/t – Test mode – specifies that all operations should be performed
except the actual stripping of the file names.
/s – Recurse mode – specifies that this operation should also be
applied to subdirectories.
/f – Force mode – specifies that the directory should be stripped even
if there are registry conflicts.
/v – Verbose mode – specifies that all information logged should also
be printed out to the console.
/l – Specifies a log file to write to.  This must be followed by a path to the
log file.  If this option is not specified the log file will be:
“%temp%\8dot3_removal_log@(GMT YYYY-MM-DD HH-MM-SS).log”

Sample command:
Fsutil 8dot3name strip /l mylogfile.log /s D:\MyData

Modifying filesystem behavior using Fsutil

Queries or sets NTFS volume behavior, which includes:

  • The last access time stamp on NTFS volumes
  • How often quota events are written to the system log
  • The internal cache levels of NTFS paged pool and NTFS non-paged pool memory
  • The amount of disk space reserved for the master file table (MFT) Zone
  • The silent deletion of data when the system encounters corruption on an NTFS volume.
Disable8dot3 file system behavior using Fsutil

Sample commands…

C:\>Fsutil behavior set Disable8dot3 1
The registry state is now: 1 (Disable 8dot3 name creation on all volumes).

C:\>Fsutil behavior set Disable8dot3 0
The registry state is now: 0 (Enable 8dot3 name creation on all volumes).

Disable or Enable LastAccess timestamps on files using Fsutil

Sample commands…

C:\>Fsutil behavior set DisableLastAccess 1
DisableLastAccess = 1

You should now see LastAccess timestamp enabled on your files

C:\>Fsutil behavior set DisableLastAccess 0
DisableLastAccess = 0

LastAccess timestamp is now disabled for your files.

Sample SymlinkEvaluation command using Fsutil

C:\>Fsutil behavior set SymlinkEvaluation L2L:1 L2R:0
– Will enable local to local symbolic links and disable local to
remote symbolic links. It will not change the state of remote to
remote links or remote to local links.
– This operation takes effect immediately (no reboot required)

Using Fsutil to manage volumes

C:\>Fsutil volume
—- VOLUME Commands Supported —-

diskfree            Query the free space of a volume
dismount            Dismount a volume
querycluster        Query which file is using a particular cluster
filelayout          Query all the information available about the file
allocationreport    Allocated clusters report

How to view free disk space using Fsutil

C:\>Fsutil volume diskfree
Usage : Fsutil volume diskfree <volume pathname>
Eg : Fsutil volume diskfree C:

File usage on clusters using Fsutil

To find the file(s) that are using the clusters, specified by the logical cluster numbers 200 and 0x1000, on drive C, type:

C:\>Fsutil volume querycluster C: 200 0x10000
Cluster 0x0000000000010000 used by —-D \Users\nthomas\AppData\Local\Microsoft\Windows\INetCache\IE\Microsoft.VisualStudio.Data.Tools.Package.resourcesT8HR0EQA.HTM::$DATA
Cluster 0x00000000000000c8 used by —-D \Windows\WinSxS\ia64_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_2a4c9d845558f4b7\msvcr90d.dll::$DATA

Using Fsutil to manage files

Usage…

fsutil file [createnew] <FileName> <Length>
fsutil file [findbysid] <UserName> <Directory>
fsutil file [queryallocranges] offset=<Offset> length=<Length> <FileName>
fsutil file [quaeryfileid] <FileName>
fsutil file [queryfilenamebyid] <Volume> <Fileid>
fsutil file [setshortname] <FileName> <ShortName>
fsutil file [setvaliddata] <FileName> <DataLength>
fsutil file [setzerodata] offset=<Offset> length=<Length> <FileName>

More on Fsutil can found on TechNet: http://technet.microsoft.com/en-us/library/cc753059.aspx

Oct 042013
 

You’re not going to believe that you have a screen capture tool built into your operating system. LOL yes, its called PSR.exe. PSR stands for Problem Steps Recorder. The ideal usage of this tool is as follows…

  • Capture repro steps (screenshots) for a bug and to send it your customer
  • Capture screenshots for a particular scenario and send it your colleague
  • Capture screenshots on how to use a tool and send to your parents Smile

Its one easy tool to use. I guess its been there since XP. To run this tool go to the “Run” dialog via (Window Key + R). Type in PSR as shown below…

image

LOL, that’s it? Yep Open-mouthed smile.

Press enter, you’ll see the following dialog pop up…

image

Now all you need to do is to click “Start Record”. Once you do that this is how the dialog will look like…

image

Please note that every time you ‘click’, a screenshot is taken, otherwise no screenshots are taken. Once you are done just say “stop record”, you’ll see the following dialog popup, this dialog will have details of all the actions you did along with screenshots. Every screenshot is titled with a detailed description of what you did.

image

You can review your actions (Review the recorded steps as a slide show ) in slideshow, you can review your actions in “Text” format (click on “Review the additional details”). Note that every step is labeled with a number, for e.g. “Step 1”.

The other feature is that you can add comments to your screenshots via “Add Comment” button while recording.

PSR also provides a settings dialog where can you can turn off Screen capture. Once screen capture is off in your output you’ll just see text as shown below…

Recording Session: ‎10/‎4/‎2013 4:30:50 PM - 4:31:00 PM

Recorded Steps: 8, Missed Steps: 0, Other Errors: 0

Step 1: User left click on "File (menu item)" in "Untitled - Notepad"
UI Elements: File, Application, Untitled - Notepad, Notepad

The best part is yet to come. When you save, it saves all these details in a zip file. Send it to your customer, your team mates or your parents/family. Once you unzip the file, you’ll get just an “mht” file.

image

Just double click and run, should ideally open up in IE. This is how it looks for me…

image

Your customer or colleague can view screenshots as a slideshow or they can scroll down and view screenshots. I’m using PSR these days. Thought I’ll share this with you folks as well.