From 2ce5df3c8f6e4015405311aca55243260b8fdb89 Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Mon, 25 Sep 2023 15:35:35 +0200 Subject: [PATCH 1/3] Simplify VM-Remove-From-Right-Click-Menu Give `type` a default value as it is `file` in most of the cases to simplify the code. --- packages/common.vm/common.vm.nuspec | 2 +- packages/common.vm/tools/vm.common/vm.common.psm1 | 12 ++++++------ packages/die.vm/die.vm.nuspec | 4 ++-- packages/die.vm/tools/chocolateyinstall.ps1 | 2 +- packages/die.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/explorersuite.vm/explorersuite.vm.nuspec | 4 ++-- .../explorersuite.vm/tools/chocolateyinstall.ps1 | 2 +- .../explorersuite.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/file.vm/file.vm.nuspec | 4 ++-- packages/file.vm/tools/chocolateyinstall.ps1 | 2 +- packages/file.vm/tools/chocolateyuninstall.ps1 | 2 +- packages/hashmyfiles.vm/hashmyfiles.vm.nuspec | 4 ++-- packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 | 4 ++-- .../hashmyfiles.vm/tools/chocolateyuninstall.ps1 | 4 ++-- packages/hxd.vm/hxd.vm.nuspec | 4 ++-- packages/hxd.vm/tools/chocolateyinstall.ps1 | 2 +- packages/hxd.vm/tools/chocolateyuninstall.ps1 | 2 +- 17 files changed, 29 insertions(+), 29 deletions(-) diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 16a91bf55..2c9aade53 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230904 + 0.0.0.20230925 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index eced15120..a2c1d8ba1 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -694,11 +694,11 @@ function VM-Add-To-Right-Click-Menu { [string] $menuLabel, # value displayed in right-click menu [Parameter(Mandatory=$true, Position=2)] [string] $command, - [Parameter(Mandatory=$true, Position=3)] + [Parameter(Mandatory=$false, Position=3)] + [string] $menuIcon, + [Parameter(Mandatory=$false)] [ValidateSet("file", "directory")] - [string] $type, - [Parameter(Mandatory=$false, Position=4)] - [string] $menuIcon + [string] $type="file" ) try { # Determine if file or directory should show item in right-click menu @@ -738,9 +738,9 @@ function VM-Remove-From-Right-Click-Menu { ( [Parameter(Mandatory=$true, Position=0)] [String] $menuKey, # name of registry key - [Parameter(Mandatory=$true, Position=1)] + [Parameter(Mandatory=$false)] [ValidateSet("file", "directory")] - [string] $type + [string] $type="file" ) try { # Determine if file or directory should show item in right-click menu diff --git a/packages/die.vm/die.vm.nuspec b/packages/die.vm/die.vm.nuspec index 5bcf50981..5c7175f2c 100644 --- a/packages/die.vm/die.vm.nuspec +++ b/packages/die.vm/die.vm.nuspec @@ -2,11 +2,11 @@ die.vm - 3.07.20230523 + 3.07.20230925 Hellsp@wn, horsicq Detect It Easy, or abbreviated "DIE" is a program for determining types of files. - + diff --git a/packages/die.vm/tools/chocolateyinstall.ps1 b/packages/die.vm/tools/chocolateyinstall.ps1 index 241322292..90723fd49 100644 --- a/packages/die.vm/tools/chocolateyinstall.ps1 +++ b/packages/die.vm/tools/chocolateyinstall.ps1 @@ -11,7 +11,7 @@ try { $zipSha256_64 = '3450169643be76484ac4bd5e1473f6f4745d9825c8a07255a3925a4a6e8bad7e' $executablePath = (VM-Install-From-Zip $toolName $category $zipUrl -zipSha256 $zipSha256 -zipUrl_64 $zipUrl_64 -zipSha256_64 $zipSha256_64)[-1] - VM-Add-To-Right-Click-Menu $toolName "detect it easy (DIE)" "`"$executablePath`" `"%1`"" "file" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName "detect it easy (DIE)" "`"$executablePath`" `"%1`"" "$executablePath" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/die.vm/tools/chocolateyuninstall.ps1 b/packages/die.vm/tools/chocolateyuninstall.ps1 index eb06df9ef..6030b3492 100644 --- a/packages/die.vm/tools/chocolateyuninstall.ps1 +++ b/packages/die.vm/tools/chocolateyuninstall.ps1 @@ -5,4 +5,4 @@ $toolName = 'die' $category = 'Utilities' VM-Uninstall $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" +VM-Remove-From-Right-Click-Menu $toolName diff --git a/packages/explorersuite.vm/explorersuite.vm.nuspec b/packages/explorersuite.vm/explorersuite.vm.nuspec index 8f45c40bf..a31783c94 100644 --- a/packages/explorersuite.vm/explorersuite.vm.nuspec +++ b/packages/explorersuite.vm/explorersuite.vm.nuspec @@ -2,11 +2,11 @@ explorersuite.vm - 0.0.0.20230523 + 0.0.0.20230925 Erik Pistelli A suite of tools including CFF Explorer and a process viewer. - + diff --git a/packages/explorersuite.vm/tools/chocolateyinstall.ps1 b/packages/explorersuite.vm/tools/chocolateyinstall.ps1 index 184b07a60..aa53ce53d 100644 --- a/packages/explorersuite.vm/tools/chocolateyinstall.ps1 +++ b/packages/explorersuite.vm/tools/chocolateyinstall.ps1 @@ -31,7 +31,7 @@ try { # "Open with CFF Explorer" is added to the registry for several extensions, # add it for all extension with same key to avoid duplication. # Use same label and no icon to make it look the same for all extensions. - VM-Add-To-Right-Click-Menu 'Open with CFF Explorer' 'Open with CFF Explorer' "`"$cffExplorerExecutablePath`" %1" "file" + VM-Add-To-Right-Click-Menu 'Open with CFF Explorer' 'Open with CFF Explorer' "`"$cffExplorerExecutablePath`" %1" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 b/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 index 4e01b7402..d27127a3b 100644 --- a/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 +++ b/packages/explorersuite.vm/tools/chocolateyuninstall.ps1 @@ -7,6 +7,6 @@ foreach ($subtoolName in $subtoolNames) { VM-Remove-Tool-Shortcut $subtoolName $category } -VM-Remove-From-Right-Click-Menu 'CFF explorer' "file" +VM-Remove-From-Right-Click-Menu 'CFF explorer' VM-Uninstall-With-Uninstaller "Explorer Suite IV" "EXE" "/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-" diff --git a/packages/file.vm/file.vm.nuspec b/packages/file.vm/file.vm.nuspec index ed3317c9c..edcc1c917 100644 --- a/packages/file.vm/file.vm.nuspec +++ b/packages/file.vm/file.vm.nuspec @@ -2,11 +2,11 @@ file.vm - 0.0.0.20170108 + 0.0.0.20230925 A Windows port of the Linux `file` utility for checking header magics Nolen Scaiffe - + diff --git a/packages/file.vm/tools/chocolateyinstall.ps1 b/packages/file.vm/tools/chocolateyinstall.ps1 index 8687bca84..8d21ed280 100644 --- a/packages/file.vm/tools/chocolateyinstall.ps1 +++ b/packages/file.vm/tools/chocolateyinstall.ps1 @@ -13,7 +13,7 @@ try { $scriptPath = Join-Path $executableDir "leave_file_open.bat" [IO.File]::WriteAllLines($scriptPath, $("`"$executablePath`" %1", "PAUSE")) - VM-Add-To-Right-Click-Menu $toolName "file type" "`"$scriptPath`" `"%1`"" "file" + VM-Add-To-Right-Click-Menu $toolName "file type" "`"$scriptPath`" `"%1`"" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/file.vm/tools/chocolateyuninstall.ps1 b/packages/file.vm/tools/chocolateyuninstall.ps1 index 28509ccd8..20ecaf21b 100644 --- a/packages/file.vm/tools/chocolateyuninstall.ps1 +++ b/packages/file.vm/tools/chocolateyuninstall.ps1 @@ -5,4 +5,4 @@ $toolName = 'file' $category = 'Utilities' VM-Uninstall $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" +VM-Remove-From-Right-Click-Menu $toolName diff --git a/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec b/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec index 9e27aab0c..ca26a9ee6 100644 --- a/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec +++ b/packages/hashmyfiles.vm/hashmyfiles.vm.nuspec @@ -2,11 +2,11 @@ hashmyfiles.vm - 0.0.0.20230524 + 0.0.0.20230925 HashMyFiles is small utility that allows you to calculate the MD5 and SHA1 hashes of one or more files in your system. You can easily copy the MD5/SHA1 hashes list into the clipboard, or save them into text/html/xml file. Nir Sofer - + diff --git a/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 b/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 index b86edf750..dcf2be6e4 100644 --- a/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 +++ b/packages/hashmyfiles.vm/tools/chocolateyinstall.ps1 @@ -9,8 +9,8 @@ try { $zipUrl_64 = "https://www.nirsoft.net/utils/hashmyfiles-x64.zip" $executablePath = (VM-Install-From-Zip $toolName $category $zipUrl -zipUrl_64 $zipUrl_64)[-1] - VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "file" "$executablePath" - VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "directory" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName "HashMyFiles" "`"$executablePath`" /file `"%1`"" "$executablePath" -type "directory" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 b/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 index 0520dd23a..c6ba4f8dc 100644 --- a/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 +++ b/packages/hashmyfiles.vm/tools/chocolateyuninstall.ps1 @@ -5,5 +5,5 @@ $toolName = 'hashmyfiles' $category = 'Utilities' VM-Uninstall $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" -VM-Remove-From-Right-Click-Menu $toolName "directory" \ No newline at end of file +VM-Remove-From-Right-Click-Menu $toolName +VM-Remove-From-Right-Click-Menu $toolName -type "directory" diff --git a/packages/hxd.vm/hxd.vm.nuspec b/packages/hxd.vm/hxd.vm.nuspec index 1ff947409..b52c701eb 100644 --- a/packages/hxd.vm/hxd.vm.nuspec +++ b/packages/hxd.vm/hxd.vm.nuspec @@ -2,11 +2,11 @@ hxd.vm - 2.5.0.20230524 + 2.5.0.20230925 Maël Hörz Freeware hex editor - + diff --git a/packages/hxd.vm/tools/chocolateyinstall.ps1 b/packages/hxd.vm/tools/chocolateyinstall.ps1 index 0a6615f76..ea8b50a59 100644 --- a/packages/hxd.vm/tools/chocolateyinstall.ps1 +++ b/packages/hxd.vm/tools/chocolateyinstall.ps1 @@ -13,7 +13,7 @@ try { Install-BinFile -Name $toolName -Path $executablePath - VM-Add-To-Right-Click-Menu $toolName $toolName "`"$executablePath`" `"%1`"" "file" "$executablePath" + VM-Add-To-Right-Click-Menu $toolName $toolName "`"$executablePath`" `"%1`"" "$executablePath" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/hxd.vm/tools/chocolateyuninstall.ps1 b/packages/hxd.vm/tools/chocolateyuninstall.ps1 index 3e5de4ab8..67282eab3 100644 --- a/packages/hxd.vm/tools/chocolateyuninstall.ps1 +++ b/packages/hxd.vm/tools/chocolateyuninstall.ps1 @@ -5,5 +5,5 @@ $toolName = 'HxD' $category = 'Hex Editors' VM-Remove-Tool-Shortcut $toolName $category -VM-Remove-From-Right-Click-Menu $toolName "file" +VM-Remove-From-Right-Click-Menu $toolName Uninstall-BinFile -Name $toolName From b142829c5482d0d2c579bdd0a446b897d8c1777f Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 26 Sep 2023 17:26:36 +0200 Subject: [PATCH 2/3] Add unzip "infected" to right click menu Add 7z unzip with password "infected" option to the right menu for the most common extensions. --- packages/7zip-15-05.vm/7zip-15-05.vm.nuspec | 6 ++-- .../7zip-15-05.vm/tools/chocolateyinstall.ps1 | 13 +++++-- .../tools/chocolateyuninstall.ps1 | 7 +++- packages/common.vm/common.vm.nuspec | 2 +- .../common.vm/tools/vm.common/vm.common.psm1 | 34 +++++++++++++------ 5 files changed, 43 insertions(+), 19 deletions(-) diff --git a/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec b/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec index 1929cc48e..5ea1943ca 100644 --- a/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec +++ b/packages/7zip-15-05.vm/7zip-15-05.vm.nuspec @@ -2,11 +2,11 @@ 7zip-15-05.vm - 15.05 + 15.05.0.20230926 Igor Pavlov 7-Zip file archiver. This version is able to extract NSIS scripts. - + - \ No newline at end of file + diff --git a/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 b/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 index 27bccaec8..50c9f4942 100644 --- a/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 +++ b/packages/7zip-15-05.vm/tools/chocolateyinstall.ps1 @@ -31,8 +31,15 @@ try { Install-ChocolateyShortcut -shortcutFilePath $shortcut -targetPath $executablePath VM-Assert-Path $shortcut - $executablePath = Join-Path $toolDir "7z.exe" -Resolve - Install-BinFile -Name $toolName -Path $executablePath + $7zExecutablePath = Join-Path $toolDir "7z.exe" -Resolve + Install-BinFile -Name $toolName -Path $7zExecutablePath + + # Add 7z unzip with password "infected" to the right menu for the most common extensions. + # 7z can unzip other file extensions like .docx but these don't likely use the infected password. + $extensions = @(".7z", ".bzip2", ".gzip", ".tar", ".wim", ".xz", ".txz", ".zip", ".rar") + foreach ($extension in $extensions) { + VM-Add-To-Right-Click-Menu $toolName 'unzip "infected"' "`"$7zExecutablePath`" e -pinfected `"%1`"" "$executablePath" -extension $extension + } } catch { VM-Write-Log-Exception $_ -} \ No newline at end of file +} diff --git a/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 b/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 index 20451faeb..55903ee60 100644 --- a/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 +++ b/packages/7zip-15-05.vm/tools/chocolateyuninstall.ps1 @@ -11,4 +11,9 @@ VM-Remove-Tool-Shortcut $toolName $category Uninstall-BinFile -Name $toolName # Manually silently uninstall -VM-Uninstall-With-Uninstaller "7-Zip 15.05*" "EXE" "/S" \ No newline at end of file +VM-Uninstall-With-Uninstaller "7-Zip 15.05*" "EXE" "/S" + +$extensions = @(".7z", ".bzip2", ".gzip", ".tar", ".wim", ".xz", ".txz", ".zip", ".rar") +foreach ($extension in $extensions) { + VM-Remove-From-Right-Click-Menu $toolName -extension $extension +} diff --git a/packages/common.vm/common.vm.nuspec b/packages/common.vm/common.vm.nuspec index 2c9aade53..b47c7b0aa 100755 --- a/packages/common.vm/common.vm.nuspec +++ b/packages/common.vm/common.vm.nuspec @@ -2,7 +2,7 @@ common.vm - 0.0.0.20230925 + 0.0.0.20230926 Common libraries for VM-packages Mandiant diff --git a/packages/common.vm/tools/vm.common/vm.common.psm1 b/packages/common.vm/tools/vm.common/vm.common.psm1 index a2c1d8ba1..704463d9c 100755 --- a/packages/common.vm/tools/vm.common/vm.common.psm1 +++ b/packages/common.vm/tools/vm.common/vm.common.psm1 @@ -698,14 +698,20 @@ function VM-Add-To-Right-Click-Menu { [string] $menuIcon, [Parameter(Mandatory=$false)] [ValidateSet("file", "directory")] - [string] $type="file" + [string] $type="file", + [Parameter(Mandatory=$false)] + [string] $extension ) try { - # Determine if file or directory should show item in right-click menu - if ($type -eq "file") { - $key = "*" + if ($extension) { + $key = "SystemFileAssociations\$extension" } else { - $key = "directory" + # Determine if file or directory should show item in right-click menu + if ($type -eq "file") { + $key = "*" + } else { + $key = "directory" + } } $key_path = "HKCR:\$key\shell\$menuKey" @@ -716,7 +722,7 @@ function VM-Add-To-Right-Click-Menu { # Add right-click menu display name if (-NOT (Test-Path -LiteralPath $key_path)) { - New-Item -Path $key_path | Out-Null + New-Item -Path $key_path -Force | Out-Null } Set-ItemProperty -LiteralPath $key_path -Name '(Default)' -Value "$menuLabel" -Type String if ($menuIcon) { @@ -740,14 +746,20 @@ function VM-Remove-From-Right-Click-Menu { [String] $menuKey, # name of registry key [Parameter(Mandatory=$false)] [ValidateSet("file", "directory")] - [string] $type="file" + [string] $type="file", + [Parameter(Mandatory=$false)] + [string] $extension ) try { - # Determine if file or directory should show item in right-click menu - if ($type -eq "file") { - $key = "*" + if ($extension) { + $key = "SystemFileAssociations\$extension" } else { - $key = "directory" + # Determine if file or directory should show item in right-click menu + if ($type -eq "file") { + $key = "*" + } else { + $key = "directory" + } } $key_path = "HKCR:\$key\shell\$menuKey" From d5e61b6521514404ba335d02d26feeadc1eb2a8e Mon Sep 17 00:00:00 2001 From: Ana Maria Martinez Gomez Date: Tue, 26 Sep 2023 18:24:05 +0200 Subject: [PATCH 3/3] Add "Open with IDA" to right click menu Add "Open with IDA" and "Open with IDA (x64)" to the right click menu. The command executes a Powershell script that looks for the latest IDA Pro version and uses it to open the file. If no IDA Pro version is found, it opens the file with IDA free. --- packages/idafree.vm/idafree.vm.nuspec | 4 ++-- packages/idafree.vm/tools/chocolateyinstall.ps1 | 11 +++++++++++ packages/idafree.vm/tools/chocolateyuninstall.ps1 | 5 ++++- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/packages/idafree.vm/idafree.vm.nuspec b/packages/idafree.vm/idafree.vm.nuspec index 20a4fa94b..2fe2045cb 100644 --- a/packages/idafree.vm/idafree.vm.nuspec +++ b/packages/idafree.vm/idafree.vm.nuspec @@ -2,11 +2,11 @@ idafree.vm - 7.6.20230418 + 7.6.20230926 hex-rays Free version of IDA, a powerful Interactive DisAssembler and debugger - + diff --git a/packages/idafree.vm/tools/chocolateyinstall.ps1 b/packages/idafree.vm/tools/chocolateyinstall.ps1 index 562a20db3..6fdddc67f 100644 --- a/packages/idafree.vm/tools/chocolateyinstall.ps1 +++ b/packages/idafree.vm/tools/chocolateyinstall.ps1 @@ -29,6 +29,17 @@ try { if (Test-Path $desktopShortcut) { Remove-Item $desktopShortcut -Force -ea 0 } + + $menuIcon = Join-Path $toolDir "ida.ico" -Resolve + # Run a Powershell script to open with last IDA Pro version which is likely installed after the IDA free package. + # It takes slightly longer than using an static path but it works after installing IDA Pro and every time you update it. + # The "-WindowStyle hidden" still shows the Powershell Window briefly: https://github.com/PowerShell/PowerShell/issues/3028 + # We could use the run-hidden wrapper, which won't display the Window but is likely slightly slower. + $script = "`$idaExecutable = Get-Item '$Env:programfiles\IDA Pro *\ida.exe' | Select-Object -Last 1; if (!`$idaExecutable) { `$idaExecutable = '$executablePath' }; & `$idaExecutable '%1'" + VM-Add-To-Right-Click-Menu $toolName 'Open with IDA' "powershell.exe -WindowStyle hidden `"$script`"" "$menuIcon" + # Repeat for x64 + $script = "`$idaExecutable = Get-Item '$Env:programfiles\IDA Pro *\ida64.exe' | Select-Object -Last 1; if (!`$idaExecutable) { `$idaExecutable = '$executablePath' }; & `$idaExecutable '%1'" + VM-Add-To-Right-Click-Menu $toolName-64 'Open with IDA (x64)' "powershell.exe -WindowStyle hidden `"$script`"" "$executablePath" } catch { VM-Write-Log-Exception $_ } diff --git a/packages/idafree.vm/tools/chocolateyuninstall.ps1 b/packages/idafree.vm/tools/chocolateyuninstall.ps1 index 34663e3b8..0604d7fa7 100644 --- a/packages/idafree.vm/tools/chocolateyuninstall.ps1 +++ b/packages/idafree.vm/tools/chocolateyuninstall.ps1 @@ -11,4 +11,7 @@ VM-Remove-Tool-Shortcut $toolName $category Uninstall-BinFile -Name $toolName # Manually silently uninstall -VM-Uninstall-With-Uninstaller "IDA Freeware*?7.6" "EXE" "--mode unattended" \ No newline at end of file +VM-Uninstall-With-Uninstaller "IDA Freeware*?7.6" "EXE" "--mode unattended" + +VM-Remove-From-Right-Click-Menu $toolName +VM-Remove-From-Right-Click-Menu $toolName-64