3.3.0.8 Alpha

 - Added escaping of line breaks and non-printable characters. Format: \x1F, where 1F is the ASCII code of the character in Hex.
 - Added remembering of the last opened folder in various tools.
 - Fixed file modification time during assembly.
 - Added build date to the log header.
 - Workaround for problems in Windows that prevent HijackThis from running.

src/HiJackThis-update-test.txt

@@ -1 +1 @@
-3.3.0.7
+3.3.0.8

src/HiJackThis-update.txt

@@ -1 +1 @@
-3.3.0.7
+3.3.0.8

src/_2_Make_UPX_Sign.cmd

@@ -337,6 +337,9 @@ if not defined signed if exist "%SignScript_2%" (
   if errorlevel 1 (echo Failed to Sign! & echo. & pause)
 )
 
+:: Restore modify time
+copy /b "%cd%\%AppName%"+,, "%cd%\%AppName%"
+
 :: Ensure it is correctly signed
 :: DISABLED: for some reason Sysinternals SigCheck causing freeze when piped
 ::if "%OSBitness%"=="x32" (

src/_ChangeLog_en.txt

@@ -11,6 +11,13 @@ Version history:
 |||||       1. HiJackThis: changelog         |||||
 ==================================================
 
+[3.3.0.8 Alpha] - Nov 27, 2023
+ - Added escaping of line breaks and non-printable characters. Format: \x1F, where 1F is the ASCII code of the character in Hex.
+ - Added remembering of the last opened folder in various tools.
+ - Fixed file modification time during assembly.
+ - Added build date to the log header.
+ - Workaround for problems in Windows that prevent HijackThis from running.
+
 [3.3.0.7 Alpha] - Nov 09, 2023
  - Fixed broken checkboxes of lists after the latest update.
 

src/_ChangeLog_ru.txt

@@ -11,7 +11,14 @@
 |||||       1. HiJackThis: список изменений         |||||
 =========================================================
 
-[3.3.0.7 Alpha]
+[3.3.0.8 Alpha] - 27.11.2023
+ - Добавлено экранирование переносов строк и непечатаемых символов. Формат: \x1F, где 1F - код ASCII символа в Hex.
+ - Добавлено запоминание последней открытой папки в различных инструментах.
+ - Исправлено время модификации файла при сборке.
+ - Добавлена дата сборки в заголовок лога.
+ - Обход проблем в Windows, препятстсвующих запуску HijackThis.
+
+[3.3.0.7 Alpha] - 09.11.2023
  - Исправлены нерабочие галочки списков после последнего обновления.
 
 [3.3.0.6 Alpha] - 02.11.2023

src/_HijackThis.vbp

@@ -73,6 +73,7 @@ Module=modAccount; modAccount.bas
 Class=clsDataChecker; clsDataChecker.cls
 Class=clsCollectionEx; clsCollectionEx.cls
 Module=modInit; modInit.bas
+Module=modPeParser; modPeParser.bas
 ResFile32="RESOURCE.res"
 IconForm="frmMain"
 Startup="Sub Main"
@@ -86,7 +87,7 @@ Description="Creates a report of non-standard parameters of registry and file sy
 CompatibleMode="0"
 MajorVer=3
 MinorVer=3
-RevisionVer=7
+RevisionVer=8
 AutoIncrementVer=0
 ServerSupportFiles=0
 VersionCompanyName="Alex Dragokas & Trend Micro Inc."

src/database/DriverMapped.txt

@@ -17,4 +17,6 @@
 %SystemRoot%\System32\Drivers\DUMP_FTOIIS.SYS
 %SystemRoot%\System32\Drivers\dump_dumpstorport.sys
 %SystemRoot%\System32\Drivers\dump_stornvme.sys
-%SystemRoot%\System32\Drivers\dump_iaStorVD.sys
+%SystemRoot%\System32\Drivers\dump_iaStorVD.sys
+%SystemRoot%\System32\Drivers\dump_iaStor.sys
+%SystemRoot%\System32\Drivers\dump_nvstor.sys

src/database/TasksWhite.csv

@@ -5,6 +5,7 @@ OSver;Dir\Name;RunObj;Args;Note
 11; \Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask; {8702A841-D5CA-47C3-812D-9CEDC304C200}; %SystemRoot%\system32\IntelligentPwdlessTask.dll
 11; \Microsoft\Windows\SoftwareProtectionPlatform\SvcTrigger; {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC},logon; %SystemRoot%\System32\sppcext.dll
 11; \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted; %SystemRoot%\system32\usoclient.exe; StartOobeAppsScan
+11; \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work; %SystemRoot%\system32\usoclient.exe; StartWork
 11; \Microsoft\Windows\WlanSvc\MoProfileManagement; {085EDA12-CF4A-4944-8222-8ADCADE137CB}; %SystemRoot%\System32\WlanMediaManager.dll
 10; \Microsoft\Office\Office Automatic Updates 2.0; %ProgramFiles%\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe; /frequentupdate SCHEDULEDTASK displaylevel=False
 10; \Microsoft\Office\Office Automatic Updates; %ProgramFiles%\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe; /update SCHEDULEDTASK displaylevel=False

src/frmADSspy.frm

@@ -510,11 +510,13 @@ Private Sub cmdSave_Click()
 End Sub
 
 Private Sub cmdScanFolder_Click()
+    Static LastLocation As String
     Dim sPath$, sNTFSDrives$(), i&
     'Select a folder to scan:
     'sPath = BrowseForFolder(Translate(194))
-    sPath = OpenFolderDialog(Translate(194), Desktop, Me.hWnd)
+    sPath = OpenFolderDialog(Translate(194), IIf(FolderExists(LastLocation), LastLocation, Desktop), Me.hWnd)
     If sPath <> vbNullString Then
+        LastLocation = GetParentDir(sPath)
         sNTFSDrives = Split(GetNTFSDrives(), "|")
         For i = 0 To UBound(sNTFSDrives)
             If InStr(1, sPath, sNTFSDrives(i), vbTextCompare) = 1 Then

src/frmCheckDigiSign.frm

@@ -815,17 +815,25 @@ Private Sub cmdSelectFile_Click()
     Dim aFile() As String
     Dim i As Long
     Dim sExt As String
+    Static LastLocation As String
     sExt = "*.exe;*.msi;*.dll;*.sys;*.ocx"
     'PE; All files
-    For i = 1 To OpenFileDialog_Multi(aFile, Translate(122), Desktop, "PE (" & sExt & ")|" & sExt & "|" & Translate(1003) & " (*.*)|*.*", Me.hWnd)
+    For i = 1 To OpenFileDialog_Multi(aFile, Translate(122), IIf(FolderExists(LastLocation), LastLocation, Desktop), "PE (" & sExt & ")|" & sExt & "|" & Translate(1003) & " (*.*)|*.*", Me.hWnd)
+        If i = 1 Then
+            LastLocation = GetParentDir(aFile(i))
+        End If
         txtPaths.Text = txtPaths.Text & IIf(Len(txtPaths.Text) = 0, vbNullString, vbCrLf) & aFile(i)
     Next
 End Sub
 
 Private Sub cmdSelectFolder_Click()
     Dim aFolder() As String
+    Static LastLocation As String
     Dim i As Long
-    For i = 1 To OpenFolderDialog_Multi(aFolder, , Desktop, Me.hWnd)
+    For i = 1 To OpenFolderDialog_Multi(aFolder, , IIf(FolderExists(LastLocation), LastLocation, Desktop), Me.hWnd)
+        If i = 1 Then
+            LastLocation = GetParentDir(aFolder(i))
+        End If
         txtPaths.Text = txtPaths.Text & IIf(Len(txtPaths.Text) = 0, vbNullString, vbCrLf) & aFolder(i)
     Next
 End Sub

src/frmMain.frm

@@ -2396,14 +2396,8 @@ Public Sub Test()
     'DownloadAndUpdateSelf "https://dragokas.com/tools/HiJackThis.zip", False
     '// TODO
     'UnpackZIP = make recursive
-
-    'LoadDatabase
-
-
-
-
-
 
+    'LoadDatabase
 
     chkHelp(4).Visible = False
     cmdFixing.Visible = False
@@ -2570,9 +2564,9 @@ Private Sub FormStart_Stage1()
     If (Not DisableSubclassing) And (Not bAutoLogSilent) Then
         SubClassScroll True
     End If
-          
-    AppVerPlusName = g_AppName & " " & IIf(bIsAlpha, "(Alpha version) ", IIf(bIsBeta, "(Beta version) ", vbNullString)) & _
-        "by Alex Dragokas v." & AppVerString
+
+    AppVerPlusName = g_AppName & " " & "by Alex Dragokas, build " & GetOwnCompilationDate() & " " & _
+        IIf(bIsAlpha, "Alpha", IIf(bIsBeta, "Beta", "Stable")) & " v." & AppVerString
 
     If Not bPolymorph Then
         SetWindowTitleText Me.hWnd, AppVerPlusName
@@ -3026,7 +3020,7 @@ Private Sub FormStart_Stage2()
         mnuToolsShortcutsFixer_Click
         Unload Me: Exit Sub
     End If
-
+    
     FormStart_Stage3
 
     If HasCommandLineKey("Area:None") Then

src/frmUnlockFile.frm

@@ -4,71 +4,85 @@ Begin VB.Form frmUnlockFile
    Caption         =   "Files Unlocker"
    ClientHeight    =   3240
    ClientLeft      =   120
-   ClientTop       =   456
-   ClientWidth     =   8448
+   ClientTop       =   450
+   ClientWidth     =   8445
    Icon            =   "frmUnlockFile.frx":0000
    KeyPreview      =   -1  'True
    LinkTopic       =   "Form1"
    ScaleHeight     =   3240
-   ScaleWidth      =   8448
+   ScaleWidth      =   8445
    Begin VBCCR17.CommandButtonW cmdAddFile 
-      Caption         =   "Add File(s)..."
       Height          =   492
       Left            =   6720
       TabIndex        =   6
       Top             =   600
       Width           =   1572
+      _ExtentX        =   0
+      _ExtentY        =   0
+      Caption         =   "Add File(s)..."
    End
    Begin VBCCR17.CommandButtonW cmdAddFolder 
-      Caption         =   "Add Folder(s)..."
       Height          =   492
       Left            =   6720
       TabIndex        =   5
       Top             =   1200
       Width           =   1572
+      _ExtentX        =   0
+      _ExtentY        =   0
+      Caption         =   "Add Folder(s)..."
    End
    Begin VBCCR17.CommandButtonW cmdJump 
-      Caption         =   "Open in Explorer"
       Height          =   456
       Left            =   6720
       TabIndex        =   4
       Top             =   1920
       Width           =   1572
+      _ExtentX        =   0
+      _ExtentY        =   0
+      Caption         =   "Open in Explorer"
    End
    Begin VBCCR17.CommandButtonW cmdGo 
-      BackColor       =   &H00C0FFC0&
-      Caption         =   "Go"
       Height          =   495
       Left            =   3960
       TabIndex        =   3
       Top             =   2520
       Width           =   1575
+      _ExtentX        =   0
+      _ExtentY        =   0
+      BackColor       =   12648384
+      Caption         =   "Go"
    End
    Begin VBCCR17.CheckBoxW chkRecur 
-      Caption         =   "Recursively (process files and all subfolders)"
       Height          =   495
       Left            =   240
       TabIndex        =   2
       Top             =   2520
-      Value           =   1  'Checked
       Width           =   3615
+      _ExtentX        =   0
+      _ExtentY        =   0
+      Value           =   1
+      Caption         =   "Recursively (process files and all subfolders)"
    End
    Begin VBCCR17.TextBoxW txtInput 
       Height          =   1815
       Left            =   240
-      MultiLine       =   -1  'True
-      ScrollBars      =   3  'Both
       TabIndex        =   1
       Top             =   600
       Width           =   6372
+      _ExtentX        =   0
+      _ExtentY        =   0
+      MultiLine       =   -1  'True
+      ScrollBars      =   3
    End
    Begin VBCCR17.LabelW lblWhatToDo 
-      Caption         =   "Enter file(s) and folder(s) to unlock and reset access:"
       Height          =   252
       Left            =   240
       TabIndex        =   0
       Top             =   240
       Width           =   6132
+      _ExtentX        =   0
+      _ExtentY        =   0
+      Caption         =   "Enter file(s) and folder(s) to unlock and reset access:"
    End
 End
 Attribute VB_Name = "frmUnlockFile"
@@ -88,16 +102,24 @@ Private sList As clsStringBuilder
 
 Private Sub cmdAddFile_Click()
     Dim aFile() As String
+    Static LastLocation As String
     Dim i As Long
-    For i = 1 To OpenFileDialog_Multi(aFile, Translate(1003), Desktop, Translate(1003) & " (*.*)|*.*", Me.hwnd)
+    For i = 1 To OpenFileDialog_Multi(aFile, Translate(1003), IIf(FolderExists(LastLocation), LastLocation, Desktop), Translate(1003) & " (*.*)|*.*", Me.hWnd)
+        If i = 1 Then
+            LastLocation = GetParentDir(aFile(i))
+        End If
         txtInput.Text = txtInput.Text & IIf(Len(txtInput.Text) = 0, "", vbCrLf) & aFile(i)
     Next
 End Sub
 
 Private Sub cmdAddFolder_Click()
     Dim aFolder() As String
+    Static LastLocation As String
     Dim i As Long
-    For i = 1 To OpenFolderDialog_Multi(aFolder, , Desktop, Me.hwnd)
+    For i = 1 To OpenFolderDialog_Multi(aFolder, , IIf(FolderExists(LastLocation), LastLocation, Desktop), Me.hWnd)
+        If i = 1 Then
+            LastLocation = GetParentDir(aFolder(i))
+        End If
         txtInput.Text = txtInput.Text & IIf(Len(txtInput.Text) = 0, "", vbCrLf) & aFolder(i)
     Next
 End Sub
@@ -301,7 +323,7 @@ Private Sub Form_Load()
     SetAllFontCharset Me, g_FontName, g_FontSize, g_bFontBold
     ReloadLanguage True
     LoadWindowPos Me, SETTINGS_SECTION_FILEUNLOCKER
-    SubClassTextbox Me.txtInput.hwnd, True
+    SubClassTextbox Me.txtInput.hWnd, True
 End Sub
 
 Private Sub Form_QueryUnload(Cancel As Integer, UnloadMode As Integer)
@@ -312,7 +334,7 @@ Private Sub Form_QueryUnload(Cancel As Integer, UnloadMode As Integer)
         Cancel = True
         Me.Hide
     Else
-        SubClassTextbox Me.txtInput.hwnd, False
+        SubClassTextbox Me.txtInput.hWnd, False
     End If
 End Sub
 

src/modFile.bas

@@ -444,7 +444,7 @@ End Function
 'End Sub
 
 
-Function FileLenW(Optional Path As String, Optional hFileHandle As Long) As Currency ', Optional DoNotUseCache As Boolean
+Public Function FileLenW(Optional Path As String, Optional hFileHandle As Long) As Currency ', Optional DoNotUseCache As Boolean
     On Error GoTo ErrorHandler
 
     AppendErrorLogCustom "FileLenW - Begin", "Path: " & Path, "Handle: " & hFileHandle

src/modGlobals.bas

@@ -1689,7 +1689,7 @@ Public Type MY_PROC_ENTRY
     pid         As Long
     Threads     As Long
     Priority    As Long
-    SessionID   As Long
+    SessionId   As Long
     CreationTime As Date
 End Type
 
@@ -1868,7 +1868,7 @@ Public Type SYSTEM_PROCESS_INFORMATION
     ProcessID               As Long
     InheritedFromProcessId  As Long
     HandleCount             As Long
-    SessionID               As Long
+    SessionId               As Long
     pPageDirectoryBase      As Long '_PTR
     VirtualMemoryCounters   As VM_COUNTERS
     PrivatePageCount        As Long