EricZimmerman
commented
9 years ago you can use my appcompat code if you can drop in the RegBinary bytes.
Open exp0se opened 9 years ago
EricZimmerman
commented
9 years ago you can use my appcompat code if you can drop in the RegBinary bytes.
ghost
commented
7 years ago Pull request #163 was just added to get the output of ShimCacheParser.exe. It might be what you are looking for.
This route was chosen because Mandiant keeps the tool updated for newer OS versions. It should be easier to maintain that way.
EricZimmerman
commented
7 years ago except maniant doesnt keep it up to date =(
ghost
commented
7 years ago Is there another tool you know of that supports Windows 10 anniversary edition?
On Jul 28, 2017 4:15 PM, "Eric" notifications@github.com wrote:
except maniant doesnt keep it up to date =(
mandiant/ShimCacheParser#14 https://github.com/mandiant/ShimCacheParser/issues/14
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318763629, or mute the thread https://github.com/notifications/unsubscribe-auth/AHnyt5cMiJw4UkJ-8U27xudvq1dEXZwgks5sSk9hgaJpZM4Fu7W4 .
EricZimmerman
commented
7 years ago Yes. Mine. Has since before creators was released
On Jul 28, 2017 7:24 PM, "Daniel" notifications@github.com wrote:
Is there another tool you know of that supports Windows 10 anniversary edition?
On Jul 28, 2017 4:15 PM, "Eric" notifications@github.com wrote:
except maniant doesnt keep it up to date =(
mandiant/ShimCacheParser#14 https://github.com/mandiant/ShimCacheParser/issues/14
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318763629, or mute the thread https://github.com/notifications/unsubscribe-auth/AHnyt5cMiJw4UkJ- 8U27xudvq1dEXZwgks5sSk9hgaJpZM4Fu7W4 .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318783843, or mute the thread https://github.com/notifications/unsubscribe-auth/AEEVJgI4VZtxfDjmfo09VznOFc3GR2Xiks5sSm3GgaJpZM4Fu7W4 .
ghost
commented
7 years ago Cool I'll check it out more and possibly redo the pull request.
Sorry for not doing more research first.
Thanks!
On Jul 28, 2017 7:07 PM, "Eric" notifications@github.com wrote:
Yes. Mine. Has since before creators was released
On Jul 28, 2017 7:24 PM, "Daniel" notifications@github.com wrote:
Is there another tool you know of that supports Windows 10 anniversary edition?
On Jul 28, 2017 4:15 PM, "Eric" notifications@github.com wrote:
except maniant doesnt keep it up to date =(
mandiant/ShimCacheParser#14 https://github.com/mandiant/ShimCacheParser/issues/14
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318763629, or mute the thread https://github.com/notifications/unsubscribe-auth/AHnyt5cMiJw4UkJ- 8U27xudvq1dEXZwgks5sSk9hgaJpZM4Fu7W4 .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318783843, or mute the thread https://github.com/notifications/unsubscribe-auth/ AEEVJgI4VZtxfDjmfo09VznOFc3GR2Xiks5sSm3GgaJpZM4Fu7W4 .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318788170, or mute the thread https://github.com/notifications/unsubscribe-auth/AHnytwiRly3IvfYNKeWUI32zkmlU3nEQks5sSnfCgaJpZM4Fu7W4 .
ghost
commented
7 years ago Pull request #164 adds a new module Get-AppCompatCache that uses Eric's tool to get this data.
Thanks Eric!
Hey, i found this module ( https://github.com/davidhowell-tx/PS-ShimCacheParser ) for parsing AppCompatCache that have Kansa module. It works on windows 7, but unfortunately not on newer versions, but it shouldn't be hard to implement. Can we consider merging it into upstream?