4 more free console tools added

Discussion in 'DCS Freeware' started by Wayne - DiamondCS, Feb 19, 2006.

Thread Status:
Not open for further replies.
  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Now up to 25 free tools ...
    http://www.diamondcs.com.au/downloads/consoletools.zip

    ErrorDesc - If you've ever been frustrated by unhelpful error numbers like "Error #82 occurred" this tool can help. You simply give it the error number and it will query the operating system for a description about that error number. It also queries an internal database of over a thousand NTStatus error codes.

    BIOSDump - An MS-DOS-based tool that allows you to view BIOS (and extensions which it scans for) and also save as files.

    MemDump - Also an MS-DOS-based tool, this allows you to view memory from 0000:0000 to FFFF:FFFF. For example, "memdump F000:FFF5, 8" will show your BIOS date - BIOS itself can be found at F000:0000.

    Htm2Txt - You can easily save web pages as text from your web browser but I needed to do this with a lot of files, so I put this tool together to allow for large-scale batch conversions. Most people won't get any use out of this tool but seeing as I had to write it anyway I've thrown it into the collection for those who may need it.


    The console tools haven't been officially released yet as we're still testing and adding to the collection, so they can be considered betas and feedback is welcome
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Of course it is a false positive but interresting, when I download with Internet explorer NOD32 gives me this
    And when I download it with Firefox it gives me an error :
    Any ideas?
     

    Attached Files:

    • wild.png
      wild.png
      File size:
      40.4 KB
      Views:
      896
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    You know you can trust the files, so don't worry.
     
  4. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Yes I know DiamondCS can be trusted, I am not worried at all :)
    Just a bit curious why it happens.
     
    Last edited: Feb 20, 2006
  5. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    My guess is that NOD is probably scanning inside the ZIP and detecting that one or more files is packed with an executable compressor that it isn't aware of (hence the loose generic detection rather than any specific names). I'll alert Happy Bytes to have a look for me, as all our programs are compressed in the same way, but you've already come to the correct conclusion in that the files are perfectly safe and incorrect generic detections from anti-virus scanners are not uncommon. :)
     
  6. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Thanks for your reply and explanation, Wayne.
     
  7. Happy Bytes

    Happy Bytes Guest

    False Positive or better not really a false positive, but the heuristic thinks this looks suspicious. It looks indeed suspicious (from the view of asm opcodes and how they take place) but the file is completely free of malware.
    Will be fixed with one of the next updates.
     
  8. Happy Bytes

    Happy Bytes Guest

    Ok, sorry guys, i was pretty much busy.

    So...

    First comment: Wayne please replace the file openports.exe in this ZIP file with a valid PE32 executable. The file what you provide there is damaged.
    In technical details the RVA of the last section is messed up - this results in a damaged Win32 Application because the Loader refuses to load such damaged section. This also was the problem with the heuristic: The file looks "like" a dead-infected fileinfector victim. However it isn't infected.

    The original openports.exe, which you can download manual doesn't have this problem since it's a proper win32 executable.

    Mike
     
  9. GUI_Tex

    GUI_Tex Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    189
    how do you run them from batch files?

    I'm trying to get cmdline.exe to work.. I put a pause command but it still closes itself...

    Code:
    start "" "C:\files\consoletools\cmdline.exe" /?
    pause
     
  10. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    It's a valid PE exe alright - the program runs doesn't it? :)
    I'll message you more details soon

    Cheers,
    Wayne
     
  11. Happy Bytes

    Happy Bytes Guest

    No the program doesn't run. 500.000 tries - 500.000 crashes. Windows XP, Windows 2000. (Even Dr. Watson catches this one)
     
  12. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Ahh! Ok, yep that version is definately corrupted. If it isn't alerting on any of the other tools then that's fine, I'll just rebuild openports.exe and reupload. Cheers!
    ps. i've cleared my inbox *sigh* :)
     
Thread Status:
Not open for further replies.