The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘NirSoft’ Category

Exporting Chrome History (with the “new” configuration and state file structure), and Epoch dates on various systems

Posted by jpluimers on 2025/05/02

Quite a while ago, Chrome moved from a structure based on “Current Session“, “Current Tabs“, “Last Session” and “Last Tabs” into “Session_#################” and “Tabs_#################” stored in a “Sessions” folder (and similar migrations for other state and configuration files).

The numbers in the “Session_*” and “Tabs_*” files are time stamps of those sessions, for instance one needs to figure out what the “13310808970819630” in “Session_13310808970819630” and “Session_13310808970819630” means.

Lot’s of web-pages with tips and tricks around the old structures are still around, often surfacing high in Google Search results.

I was interested in a particular trick to export Google Chrome browsing history and had a hard time figuring out the easiest solution.

Read the rest of this entry »

Posted in Apple, Batch-Files, Chrome, Chrome, Database Development, Development, Google, JavaScript/ECMAScript, Mac OS X / OS X / MacOS, NirSoft, Polyglot, Power User, Scripting, SQLite, Web Browsers, Windows, Windows 10, Windows 11 | Tagged: | Leave a Comment »

I switched from SysInternals’ TcpView to NirSoft’s CurrPorts (cports)

Posted by jpluimers on 2022/11/18

I was a long time user of SysInternalsTcpView, but a while back I switched to NirSoft‘s CurrPorts (cports).

The main reason is that TcpView does not support filtering, which in the long past was not a problem since few Windows applications keep TCP connection open.

But nowadays with so many network dependencies, especially when using cloud services like DropBox/OneDrive/GoogleDrive/backblaze, these clutter the view a lot.

NirSoft’s CurrPorts (actually the executable is called [Wayback/Archive] cports.exe) can filter for both inclusion/exclusion on the open ports list based on many parameters (search for the “Using Filters” section in the cports.exe documentation: it’s a little bit below the version history).

The filtering syntax is extensive, and for ease of use, the context menu of the open ports list allows adding include/exclude filters on various parameters. After doing that, you can inspect the filter list to get an idea of possibilities and syntax.

For me, the easiest way to install CurrPorts is through [Wayback/Archive] Chocolatey Software | CurrPorts 2.65.

I found CurrPorts when trying to figure out how to use filters in TcpView: [Wayback/Archive] tcpview filter by process – Google Search

–jeroen

Posted in Chocolatey, NirSoft, Power User, SysInternals, Windows | Leave a Comment »

Windows Defender: adding and removing exclusions from PowerShell (via Stack Overflow)

Posted by jpluimers on 2022/02/16

I use this small script to install or update [Wayback] Chocolatey package NirLauncher (which is the [Wayback] Nirsoft Launcher that has all the [Wayback] Nirsoft freeware tools in it).

powershell -Command Add-MpPreference -ExclusionPath "%TEMP%\chocolatey\NuGetScratch"
choco update --yes NirLauncher 
powershell -Command Remove-MpPreference -ExclusionPath "%TEMP%\chocolatey\NuGetScratch"

It works around the issue that many times NirLauncher is marked by anti-virus tools or/and listed on VirusTotal, which means you get an error like this:

NirLauncher not installed. An error occurred during installation:
 Operation did not complete successfully because the file contains a virus or potentially unwanted software.

followed by

Chocolatey upgraded 0/1 packages. 1 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

I wrote about this error before Need to research: Nirlauncher v1.23.42 to 1.23.43 upgrade through Chocolatey fails with “Operation did not complete successfully because the file contains a virus or potentially unwanted software.”, and this post is explaining how I got to the above workaround.

Context: I was running Windows Defender (now officially called Microsoft Defender, but most people still use the old name), which is a good baseline anti-virus tool that is included with Windows.

Finding out the location of the offending file

The offending location is not actually in the C:\ProgramData\chocolatey\logs\chocolatey.log file.

I did a small search to see if one could list Windows Defender messages, and there was [Wayback] Use PowerShell to See What Windows Defender Detected | Scripting Blog explaining the Get-MpThreatDetection available since around Windows 8.x.

This little command got what I wanted:

C:\temp>PowerShell Get-MpThreatDetection ^| Format-List ^| Out-String -Width 4096 | findstr /I "nir"
Resources                      : {file:_C:\Users\jeroenp\AppData\Local\Temp\chocolatey\NuGetScratch\a78a5776-0fdd-48c0-8313-9b0107f54cba\hy3odwgw.1dc\tools\nirsoft_package_1.23.44.zip}

A few tricks I used here:

Searching for [Wayback] “chocolatey\NuGetScratch” – Google Search, I found out %Temp%\chocolatey\NuGetScratch is the default value for [Wayback] chocolatey cacheLocation – Google Search. I run default settings, so that is good enough for me.

Adding / removing a recursive folder exclusion to Windows defender

I found [Wayback] Windows Defender – Add exclusion folder programmatically – Stack Overflow through [Wayback] “Windows Defender” exclusion from commandline – Google Search explaining these (thanks [Wayback] gavenkoa!):

Run in elevated shell (search cmd in Start menu and hit Ctrl+Shift+Enter).

powershell -Command Add-MpPreference -ExclusionPath "C:\tmp"
powershell -Command Add-MpPreference -ExclusionProcess "java.exe"
powershell -Command Add-MpPreference -ExclusionExtension ".java"

powershell -Command Remove-MpPreference -ExclusionExtension ".java"

This was a short step to these documentation pages (note to self: figure out the origin of the Mp prefix)

Windows Defender still marks individual tools

Of course Windows Defender still marks individual tools as “unsafe” (for instance C:\tools\NirLauncher\NirSoft\mailpv.exe). To alleviate that, you have to permanently add this directory to the exclusion list: C:\tools\NirLauncher.

–jeroen

Posted in CommandLine, Development, NirSoft, Power User, PowerShell, Software Development, Windows | Leave a Comment »

Chocolatey Software | NirLauncher

Posted by jpluimers on 2021/12/27

The cool thing about the Chocolatey NirLauncher install, is that it not just installs the launcher in the path, but all the NirSoft tools.

I wanted it in the path initially because I needed InsideClipboard to do some investigation (I wrote a similar tool ages ago, but could not readily find the source or executable, but InsideClipboard is better anyway).

This is cool, as I now can start any of the NirSoft tools from the cmd prompt, including [WayBack] NirLauncher itself, [WayBack] InsideClipboard and [WayBack] NirCmd (so I can now set the sound volume to 25% by running nircmd setsysvolume 16000)

To install:

choco install --yes NirLauncher

An older WayBack link notes a few important issues about anti-virus tools:

Read the rest of this entry »

Posted in Chocolatey, NirSoft, Power User, Windows, Windows 10 | Leave a Comment »

wget for nirsoft

Posted by jpluimers on 2017/08/11

Since they require a referer:

wget --referer=http://launcher.nirsoft.net/downloads/ -m -np http://download.nirsoft.net/nirsoft_package_1.20.10.zip
wget --referer=http://launcher.nirsoft.net/downloads/ -m -np http://download2.nirsoft.net/nirsoft_package_enc_1.20.10.zip

The latter has password nirsoft9876$

The filenames change over time (the 2016 archive of http://launcher.nirsoft.net/downloads/ shows http://download.nirsoft.net/nirsoft_package_1.20.5.zip and http://download2.nirsoft.net/nirsoft_package_enc_1.20.5.zip

Need to check out if I can automate this, as they seem to keep a SysInternals link http://download.nirsoft.net/sysinternals4.nlp

–jeroen

Posted in NirSoft, Power User, SysInternals, Windows | Leave a Comment »