MBot

Please see the file NEWS for a detailed list of changes. Note: all versions are functionally equivalent, i.e. each version can handle all executable formats, so you only need the file that runs on your host OS. Security/VirusTotal links are listed in the pinned issue #437 Asset / File Description / Host OS upx-4.0.0-amd64_linux.tar.xz UPX - Linux version upx-4.0.0-arm64_linux.tar.xz UPX - Linux version upx-4.0.0-armeb_linux.tar.xz UPX - Linux version upx-4.0.0-arm_linux.tar.xz UPX - Linux version upx-4.0.0-dos.zip UPX - DOS version upx-4.0.0-i386_linux.tar.xz UPX - Linux version upx-4.0.0-mipsel_linux.tar.xz UPX - Linux version upx-4.0.0-mips_linux.tar.xz UPX - Linux version upx-4.0.0-powerpc64le_linux.tar.xz UPX - Linux version upx-4.0.0-powerpc_linux.tar.xz UPX - Linux version upx-4.0.0-src.tar.xz UPX - source code tarball upx-4.0.0-win32.zip UPX - X86 Win32 version upx-4.0.0-win64.zip UPX - X64 Win64 version Download

Release 0.5.4 Download

submodules: Bump outdated Download

please refer to the Changelog WARNING: The release will be live within an hour! Download

v1.15.2784 (Windows 10) and v1.15.2785 (Windows 11) are servicing updates to Windows Terminal Stable v1.15. It is highly recommended that you install this version if you're using Windows 11 22H2 (October Update). As a reminder, Terminal 1.12 was the last version of Windows Terminal that supports Windows 19H1 or 19H2. Those versions of Windows went out of support in May, so you really may want to consider upgrading. Preinstallation Kit infoA preinstallation kit is available for system integrators and OEMs interested in prepackaging Windows Terminal with a Windows image. More information is available in the DISM documentation on preinstallation. Users who do not intend to preinstall Windows Terminal should continue using the msixbundle distribution. Why are there so many packages? How do I choose? This version of Windows Terminal is distributed in two bundles, one of which works on Windows 10-11 and the other of which only works on Windows 11. The Windows 11 version is much smaller because we no longer need to work around a platform issue related to our dependencies. If you intend on using Terminal as an unpackaged application--that is, extracting the msix file--we recommend that you use the Win10 bundle. You will need the Visual C++ runtime redistributable. In addition, if you install the packaged version on either Windows 10 or Windows 11, it now depends on the Visual C++ Universal Runtime Package. Despite these distributions having different version numbers, they are built from the same code and there is no functional difference between them. If you install the Windows 10 version on Windows 11, it will probably automatically upgrade itself to the Windows 11 version. This servicing release supersedes the v1.15.2712.0 release (not uploaded to GitHub) and contains the following bug fixes and changes: Changes Terminal will now detect the title of a LNK or EXE as the default terminal (backport from 1.16) (#13570) Bug Fixes Stability and Security Windows Terminal once again works on Windows N (no media) SKUs OSC 9;9 will now reject malformed paths (#14093) OSC 8 URIs will be limited to 2MB in length, following iTerm2 (and only 1024 bytes will be displayed in the tooltip) (#14198) We've fixed some lag and deadlocking that would happen when you close a tab (#14041) We will no longer leak OpenConsole processes when they're running a Visual Studio Developer Shell (#14160) An application calling system() on its main thread will no longer deadlock itself and Terminal (when Terminal is set as default) (#14195) We've fixed a potential race condition causing a crash on tab close (#13882) Accessibility The WPF control now supports accessibility notifications (#14097) The Settings UI title/breadcrumb bar is now readable by screen readers (#14180) Usability You can now duplicate unfocused tabs (#13964) (thanks @JerBast!) The Open in Terminal shell extension should appear more reliably on the Desktop context menu (#14048) (#14211) "Export Text" will no longer suggest illegal filenames (#13693) (thanks @EliaSchiavon!) Alt+Space will now open the system menu in the Settings UI and Command Palette (#14221) intenseTextStyle is now included properly in the JSON schema (whoops) (#14210) (thanks @neersighted!) Download

v1.15.2712.0 Download

please refer to the Changelog Download

See https://frida.re/news/ for details. Download

See https://frida.re/news/ for details. Download

This is the second stable release of the Windows Package Manager 1.3. This release is just for the sake of transparency for Windows Package Manager users. This ensures that the GitHub release is aligned with any changes related to AppInstaller. The changes associated with this release only affect AppInstaller. No additional features or bug fixes related to winget were included. Experimental features are disabled in this release. Download

Here on this day of September 2022, we've quashed a number of bugs in the 1.16 preview release and added some new features to boot. Enjoy! Changes Terminal now understands the sizes of characters newly-added in Unicode 15.0 (#14001) We've added support for fractional font sizes (surprise! on a point release!) (#14013) (#14040) If you're using the new text rendering engine plus the Terminus TTF font, you can now select a font size that perfectly matches a bitmap strike . . . and it works! Bug Fixes New Rendering Engine Bitmap fonts should look much better now (#14014) As a side effect, we are now intentionally ignoring the typographic line gap. We have found that monospaced terminal fonts have a line gap of zero, and the ones that don't should. See above. Some bitmap fonts require fractional point sizes . . . so now you can see them in their full glory! On devices that don't support Shader Model 4.0 but do support DirectX 10, we will no longer try to use the glyph atlas (#13994) ... and if we did, we would no longer tell you about the error 10,000 times (#13995) (thanks to @Its-Nevmo and @noinkling for testing!) No longer should there be streaks of cursor left all over the left side of the screen (#14038) If you were to specify \e#3, we might have crashed before, but now we will not (#13966) You can once again use shaders for experimental.pixelShaderPath that are not technically perfect (ones that compile wit warnings) (#13998) (thanks @mrange!) Some text (especially that which requires fake italics) should now look less like a RaNsOm nOtE (#14039) It might still look a little bit like a ransom note, sorry. Just less so. Reliability Tabs should no longer take up to infinity seconds to close (#14041) If you see any instances of OpenConsole.exe hanging around after you close a tab (or a whole Terminal), please let us know! The "Open in Terminal ..." context menu item should now show up and disappear more reliably (#14048) Download

This one almost speaks for itself. Dang. Welcome to Terminal: Really Long Release Notes Edition! Features Themes: Terminal now has support for themes! (#12992) (#13049) (#13178) (#13348) (#13465) (#13689) (#13702) (#13871) To celebrate this, we've changed the default theme to Windows Dark. If you are not happy about that, you can change it back to light or anything you like (#13743) New Text Rendering Engine The new text rendering engine is now enabled by default in Preview builds (#13752) We've added support for the experimental.pixelShaderPath and experimental.retroTerminalEffect settings... (#13885) ... with a further optimization: shaders that do not use the time component will not trigger a redraw every frame! (#13903) It now supports... experimental.rendering.software (#13886) intenseTextStyle bold (#13458) underline/overline/hyperlink lines (#13587) Glyphs that have not been used in some time will be aged out and replaced (#13458) (#13607) (#13784) (#13477) Performance over RDP to a machine that has no GPU has been improved (#13816) (at the cost of some fidelity) experimental.rendering.software will enable this fallback mode as a last resort for compatibility Glyphs that do not fit in a cell will be scaled up or down as appropriate (#13549), including "Powerline" glyphs (#13650) We've added a setting in the Rendering section, and promoted useAtlasEngine out of the experimental. compartment (#13939) Fonts whose cell sizes were borderline are now rounded instead of clamped to the next pixel size up (#13833) We've made some other correctness and compatibility fixes, far too minute to name (#13956) (#13496) (#13906) (#13530) (#13608) Somewhat as a side effect of all this, you may notice that you're seeing an inverted cursor where you had not previously seen one! This release marks the triumphant return of the "adjust brightness of indistinguishable colors" feature... (#13343) ...and it's brought friends: you can now enable it for all color pairs (#13512) You can enable it with the profile setting adjustIndistinguishableColors (enum never, indexed, always; default never) We've redesigned the color schemes page (#13269) and made updates all over the settings UI (#13179) (#13390) (#13378) (#13377) (#13391) New in this release: color scheme previews, and an easy-access "Set as default color scheme" button! You can now configure Terminal to hide when it loses focus (#13478) (thanks @davidegiacometti!) You can now close all panes other than the focused one with the closeOtherPanes action! (#13547) (thanks @JerBast!) There's a new option that lets you configure where new tabs appear: next to the current one, or at the end (#13421) (#13602) (#13469) (thanks @serd2011!) JSON setting newTabPosition (enum afterLastTab (default), afterCurrentTab) Tab and Shift+Tab now navigate between hyperlinks in Mark Mode. You can open the selected link with Ctrl+Enter. (#13405) (#13494) You can now expandSelectionToWord, which will... well, you know. (#13765) We will now try to detect the title when Terminal is launched by default from an LNK file (#13570) For the old conhost fans in the room, you can now set experimental.enableColorSelection (global, bool, default false) to add 31 new actions that will highlight search results in the colors of the rainbow (#13429) This conhost feature used to be hidden behind a registry key. If you know about it, I think I'm supposed to say you're "one of the real ones?" Changes Interaction When in mark mode, its built in key bindings Ctrl+A and the modified arrow keys will take precedence over your key bindings (#13659) We've polished how existing selections interact with mark mode (#13893) @AdamSotak has added quick access buttons for the source code and filing feedback to the About dialog (#13510) (thanks!) When your pane is in a light color scheme, the bell flash will now be dark (#13707) (thanks @Fyrebright!) Inverted cursors (which you might find lying around) will now be slightly modulated to account for accidental color overlaps (#13748) (thanks @alabuzhev!) When you Select All, we'll scroll to the top of the screen (#13656) Multi-line paste will no longer strip newlines if there are other newlines in the content (#13698) (thanks @serd2011!) This is to aid in the pasting (after confirmation, of course!) of multi-line commands. UI @dansmor7 figured out that we don't need to draw our caption buttons ourselves; now they look great on all versions of Windows! (#13341) (thanks!) Console Compatibility We will now discard empty command histories before discarding LRU non-empty ones (#13869) (thanks @serd2011!) ReadConsoleOutput will no longer return nonsense if you wrote nonsense to the text buffer (API BREAKING CHANGE) (#13321) VT Support We now support DECBKM (Backarrow Key Mode) (#13894) (thanks @j4james!) The slow march to soft font support in Terminal continues . . . (#13362) (thanks @j4james!) Bug Fixes Interaction Terminal will now use the tab's active title for Export Text (#13915) (thanks @serd2011!) The Emoji picker, PinYin IME or any other IME will no longer drift off the bottom of the screen (oops) (#13785) The settings UI will now disable "Always show tabs" when "Hide the title bar" is enabled (#13694) (thanks @leejy12!) We'll no longer helpfully offer to put things like \\ and : in your filenames for Export Text (oops) (#13693) (thanks @EliaSchiavon!) We've fixed command line argument parsing when there was a one-letter argument followed by a ; (#13706) (thanks @serd2011!) In the command palette, the 'go back' button will finally returns to the previously selected action (#13504) (thanks @JerBast!) UI No longer is there a 1-pixel gap under inactive tabs (#13897) Accessibility The Command Palette has become much chattier, announcing (to a screen reader) the name of the selected item (#13519) Asking for INT_MAX characters via UIA will no longer wig us out or try to send you multiple gigabytes of null bytes (#13779) However, it remains impolite to ask for INT_MAX characters via ITextPattern::GetText. Performance Terminal is now 1.2 megabytes smaller on disk (uncompressed) thanks to not using RTTI (#13947) (thanks RTTI!) Updating the jumplist used to happen on every launch. Now it will only happen if you've actually changed your settings (#13692) Reliability Fixed a number of crashes, not all of which were common or user-impacting: Attempted a fix for the SignalTextChanged crash (#13876) Attempted another fix, this time for the _refreshSizeUnderLock crash (#13857) Fixed a crash in _WritePseudoWindowCallback (#13777) Fixed a crash on exit with the command palette open (#13778) Fixed a race condition in UpdatePatternLocations (#13859) Fixed two race conditions around pseudo window visibility (#13832) Fixed a crash in NVDA, caused by us considering a specific text range invalid (#13907) Fixed a ControlCore race condition on connection close (#13882) Fixed a crash on settings reload (#13644) Fixed a crash when showTabsInTitlebar:false (#13561) Fixed crash on save in rejuv'd Color Schemes page (#13902) Terminal should now more reliably appear in the context menu We've stopped conhost from buying the farm when it got --headless without --signal (#13950) With additional thanks to our documentation and code health contributors @jsoref and @LitoMore. Download

This release migrates some awesome features, changes and bug fixes from Terminal 1.15 Preview into the stable channel! Terminal now supports "Mark Mode", a keyboard-first text selection and navigation mode. The name is an homage to the traditional Windows Console Host! It is bound by default to Ctrl+Shift+M Please see the following release notes for additional details: Windows Terminal Preview v1.15.228 Windows Terminal Preview v1.15.200 Windows Terminal Preview v1.15.186 Note that the new text rendering engine and scrollbar mark feature is not included in this Stable build. Yet. IMPORTANT This version was made available to the Dev External flighting ring (Windows Insiders) first, and will be released to general availability one or two weeks later depending on its reliability. As a reminder, Terminal 1.12 was the last version of Windows Terminal that supports Windows 19H1 or 19H2. That version of windows is going out of support soon, so you may want to consider upgrading. Preinstallation Kit infoA preinstallation kit is available for system integrators and OEMs interested in prepackaging Windows Terminal with a Windows image. More information is available in the DISM documentation on preinstallation. Users who do not intend to preinstall Windows Terminal should continue using the msixbundle distribution. Why are there so many packages? How do I choose? This version of Windows Terminal is distributed in two bundles, one of which works on Windows 10-11 and the other of which only works on Windows 11. The Windows 11 version is much smaller because we no longer need to work around a platform issue related to our dependencies. If you intend on using Terminal as an unpackaged application--that is, extracting the msix file--we recommend that you use the Win10 bundle. You will need the Visual C++ runtime redistributable. In addition, if you install the packaged version on either Windows 10 or Windows 11, it now depends on the Visual C++ Universal Runtime Package. Despite these distributions having different version numbers, they are built from the same code and there is no functional difference between them. If you install the Windows 10 version on Windows 11, it will probably automatically upgrade itself to the Windows 11 version. It turns out that it is impossible to have two bundles with the same version number, so it has to be this way. In addition to the above, we've backported the following changes and bugfixes from Windows Terminal Preview 1.16: Changes Interaction When in mark mode, its built in key bindings Ctrl+A and the modified arrow keys will take precedence over your key bindings (#13659) We've polished how existing selections interact with mark mode (#13893) UI @dansmor7 figured out that we don't need to draw our caption buttons ourselves; now they look great on all versions of Windows! (#13341) (thanks!) Bug Fixes Interaction Terminal will now use the tab's active title for Export Text (#13915) (thanks @serd2011!) The Emoji picker, PinYin IME or any other IME will no longer drift off the bottom of the screen (oops) (#13785) Accessibility The Command Palette has become much chattier, announcing (to a screen reader) the name of the selected item (#13519) Asking for INT_MAX characters via UIA will no longer wig us out or try to send you multiple gigabytes of null bytes (#13779) However, it remains impolite to ask for INT_MAX characters via ITextPattern::GetText. Performance Terminal is now 1.2 megabytes smaller on disk (uncompressed) thanks to not using RTTI (#13947) (thanks RTTI!) Reliability Fixed a number of crashes (smaller number than that in Preview), not all of which were common or user-impacting: Attempted a fix for the SignalTextChanged crash (#13876) Attempted another fix, this time for the _refreshSizeUnderLock crash (#13857) Fixed a crash in _WritePseudoWindowCallback (#13777) Fixed a crash on exit with the command palette open (#13778) Fixed a race condition in UpdatePatternLocations (#13859) Fixed two race conditions around pseudo window visibility (#13832) Fixed a crash in NVDA, caused by us considering a specific text range invalid (#13907) Terminal should now more reliably appear in the context menu With additional thanks to our documentation and code health contributors @jsoref and @LitoMore. Download

New Features add --large-file argument to process larger files Python package now contains the signature files to identify library functions Other Updates updated IDA Pro integration and annotation scripts Download

Please see the file CHANGELOG for a detailed list of changes. Asset / File Description / Host OS die_sourcecode_3.06.tar.gz Source code tarball Detect_It_Easy-3.06-x86_64.AppImage Portable version for Linux How to run die_3.06_Debian_9.13_amd64.deb Installer for Debian 9 die_3.06_Debian_10_amd64.deb Installer for Debian 10 die_3.06_Debian_11_amd64.deb Installer for Debian 11 die_3.06_Ubuntu_14.04_amd64.deb Installer for Ubuntu 14.04 die_3.06_Ubuntu_16.04_amd64.deb Installer for Ubuntu 16.04 die_3.06_Ubuntu_18.04_amd64.deb Installer for Ubuntu 18.04 die_3.06_Ubuntu_20.04_amd64.deb Installer for Ubuntu 20.04 die_3.06_Ubuntu_22.04_amd64.deb Installer for Ubuntu 22.04 die_3.06_portable_Ubuntu_20.04_amd64.tar.gz Portable version for Ubuntu 20.04 detect-it-easy-3.06-1-x86_64.pkg.tar.zst Installer for Arch Linux die_mac_3.06.pkg Installer for macOS die_mac_qt6_3.06.pkg Installer for macOS Qt6 M1 processor die_mac_portable_3.06.zip Portable version for macOS die_win32_portable_3.06.zip Portable version for x86 Win32 (Win7-Win11) die_win64_portable_3.06.zip Portable version for x64 Win64 (Win7-Win11) die_winxp_portable_3.06.zip Portable version for Windows XP (WinXP-Win11) Experimental versions - There may be bugs in the GUI Asset / File Description / Host OS die_win64_qt6_portable_3.06.zip Portable version for x64 Win64 Qt6 (Win10-Win11) Download

This is another servicing release for the Preview channel of Windows Terminal! We fixed that Alt+Tab issue! Note People in the Beta channel of the Windows Insider program will receive 1.15 as a Stable channel update while we test out coming features for the next version of Windows. It is roughly equivalent to the build included here, but it does not include the experimental text rendering engine. It contains the following other things as well: Bug Fixes Usability We've restored the ability for Alt+Tab to restore the Terminal after it was minimized with the taskbar icon (#13624) Terminal will no longer replace colored backgrounds with blank spaces on first launch (#13665) We will once again display underlines, hyperlinks, and more to the end of the line instead of getting tired and stopping early (#13661) Sessions handed off from the Windows Console will no longer stick around with an ominous and annoying "process exited with code ..." message, unless you explicitly configure them to. To accomplish this, we've changed the default value of closeOnExit to a new value, automatic. Automatic close-on-exit determines whether to close based on whether the process exited gracefully and whether the process was spawned by Terminal. (#13560) (#13649) Select All and Mark Mode will now trigger scrolling to make sure that one of the selection endpoints is visible. (#13660) SendInput with high unicode characters will no longer fail (#13667) Text input in Japanese, Vietnamese, Korean and Chinese should be more reasonably switch between alphanumeric modes (#13678) (#13677) Reliability We've upgraded to XAML 2.7.3 to fix a crash in closing the Settings page (#13761) The "Open Terminal Here" context menu item should show up more reliably (and crash less) (reverted PR #13206) We've solved--or at least, reduced the incidence of--one source of deadlocks in rendering (#13758) We'll try much harder to defibrillate a Terminal session that can't talk to the "primary" Terminal session to improve reliability (#13604) We will now listen to signals the OS sends us telling us that it's taking us down for an update. It's not going to help us stop it form happening, but it puts us in a better position to handle it later (#13614) Performance We're preparing to fix an issue with jump list generation that results in a slower-than-expected launch (but we aren't there yet) (#13688) There is now only one tab color picker in the world, and all users terminal tabs now have to share it (to improve performance) (#13736 Download

This servicing release of Windows Terminal v1.14 originally became available in the Release Preview channel on August 17th Preinstallation Kit infoA preinstallation kit is available for system integrators and OEMs interested in prepackaging Windows Terminal with a Windows image. More information is available in the DISM documentation on preinstallation. Users who do not intend to preinstall Windows Terminal should continue using the msixbundle distribution. Why are there so many packages? How do I choose? This version of Windows Terminal is distributed in two bundles, one of which works on Windows 10-11 and the other of which only works on Windows 11. The Windows 11 version is much smaller because we no longer need to work around a platform issue related to our dependencies. If you intend on using Terminal as an unpackaged application--that is, extracting the msix file--we recommend that you use the Win10 bundle. You will need the Visual C++ runtime redistributable. In addition, if you install the packaged version on either Windows 10 or Windows 11, it now depends on the Visual C++ Universal Runtime Package. Despite these distributions having different version numbers, they are built from the same code and there is no functional difference between them. If you install the Windows 10 verison on Windows 11, it will probably automatically upgrade itself to the Windows 11 version. It turns out that it is impossible to have two bundles with the same version number, so it has to be this way. It contains the following fixes: We've upgraded to XAML 2.7.3 to fix a crash in closing the Settings page (#13761) The "Open Terminal Here" context menu item should show up more reliably (and crash less) (reverted PR #13206) We've solved--or at least, reduced the incidence of--one source of deadlocks in rendering (#13758) Terminal will no longer replace colored backgrounds with blank spaces on first launch (#13665) We will once again display underlines, hyperlinks, and more to the end of the line instead of getting tired and stopping early (#13661) SendInput with high unicode characters will no longer fail (#13667) We've restored the ability for Alt+Tab to restore the Terminal after it was minimized with the taskbar icon (#13624) Download

Some rules contained invalid metadata fields that caused an error when rendering rule hits. We've updated all rules and enhanced the rule linter to catch such issues. New Rules (1) anti-analysis/obfuscation/obfuscated-with-vs-obfuscation jakub.jozwiak@mandiant.com Bug Fixes linter: use pydantic to validate rule metadata #1141 @mike-hunhoff build binaries using PyInstaller no longer overwrites functions in version.py #1136 @mr-tz Raw diffs capa v4.0.0...v4.0.1 capa-rules v4.0.0...v4.0.1 Download

Version 4 adds support for analyzing .NET executables. capa will autodetect .NET modules, or you can explicitly invoke the new feature extractor via --format dotnet. We've also extended the rule syntax for .NET features including namespace and class. Additionally, new instruction scope and operand features enable users to create more explicit rules. These features are not backwards compatible. We removed the previously used /x32 and /x64 flavors of number and operand features. We updated 49 existing rules and added 22 new rules leveraging these new features and characteristics to detect capabilities seen in .NET malware. More breaking changes include updates to the JSON results document, freeze file format schema (now format version v2), and the internal handling of addresses. Thanks for all the support, especially to @htnhan, @jtothej, @sara-rn, @anushkavirgaonkar, and @_re_fox! Deprecation warning: v4.0 will be the last capa version to support the SMDA backend. New Features add new scope "instruction" for matching mnemonics and operands #767 @williballenthin add new feature "operand[{0, 1, 2}].number" for matching instruction operand immediate values #767 @williballenthin add new feature "operand[{0, 1, 2}].offset" for matching instruction operand offsets #767 @williballenthin extract additional offset/number features in certain circumstances #320 @williballenthin add detection and basic feature extraction for dotnet #987 @mr-tz, @mike-hunhoff, @williballenthin add file string extraction for dotnet files #1012 @mike-hunhoff add file function-name extraction for dotnet files #1015 @mike-hunhoff add unmanaged call characteristic for dotnet files #1023 @mike-hunhoff add mixed mode characteristic feature extraction for dotnet files #1024 @mike-hunhoff emit class and namespace features for dotnet files #1030 @mike-hunhoff render: support Addresses that aren't simple integers, like .NET token+offset #981 @williballenthin document rule tags and branches #1006 @williballenthin, @mr-tz Breaking Changes instruction scope and operand feature are new and are not backwards compatible with older versions of capa Python 3.7 is now the minimum supported Python version #866 @williballenthin remove /x32 and /x64 flavors of number and operand features #932 @williballenthin the tool now accepts multiple paths to rules, and JSON doc updated accordingly @williballenthin extractors must use handles to identify functions/basic blocks/instructions #981 @williballenthin the freeze file format schema was updated, including format version bump to v2 #986 @williballenthin Deprecation notice: as described in #937, we plan to remove the SMDA backend for v5. If you rely on this backend, please reach out so we can discuss extending the support for SMDA or transitioning your workflow to use vivisect. New Rules (30) data-manipulation/encryption/aes/manually-build-aes-constants huynh.t.nhan@gmail.com nursery/get-process-image-filename michael.hunhoff@mandiant.com compiler/v/compiled-with-v jakub.jozwiak@mandiant.com compiler/zig/compiled-with-zig jakub.jozwiak@mandiant.com anti-analysis/packer/huan/packed-with-huan jakub.jozwiak@mandiant.com internal/limitation/file/internal-dotnet-file-limitation william.ballenthin@mandiant.com nursery/get-os-information-via-kuser_shared_data @mr-tz load-code/pe/resolve-function-by-parsing-PE-exports @sara-rn anti-analysis/packer/huan/packed-with-huan jakub.jozwiak@mandiant.com nursery/execute-dotnet-assembly anushka.virgaonkar@mandiant.com nursery/invoke-dotnet-assembly-method anushka.virgaonkar@mandiant.com collection/screenshot/capture-screenshot-via-keybd-event @_re_fox collection/browser/gather-chrome-based-browser-login-information @_re_fox nursery/power-down-monitor michael.hunhoff@mandiant.com nursery/hash-data-using-aphash @_re_fox nursery/hash-data-using-jshash @_re_fox host-interaction/file-system/files/list/enumerate-files-on-windows moritz.raabe@mandiant.com anushka.virgaonkar@mandiant.com nursery/check-clipboard-data anushka.virgaonkar@mandiant.com nursery/clear-clipboard-data anushka.virgaonkar@mandiant.com nursery/compile-dotnet-assembly anushka.virgaonkar@mandiant.com nursery/create-process-via-wmi anushka.virgaonkar@mandiant.com nursery/display-service-notification-message-box anushka.virgaonkar@mandiant.com nursery/find-process-by-name anushka.virgaonkar@mandiant.com nursery/generate-random-numbers-in-dotnet anushka.virgaonkar@mandiant.com nursery/send-keystrokes anushka.virgaonkar@mandiant.com nursery/send-request-in-dotnet anushka.virgaonakr@mandiant.com nursery/terminate-process-by-name-in-dotnet anushka.virgaonkar@mandiant.com nursery/hash-data-using-rshash @_re_fox persistence/authentication-process/act-as-credential-manager-dll jakub.jozwiak@mandiant.com persistence/authentication-process/act-as-password-filter-dll jakub.jozwiak@mandiant.com Bug Fixes improve handling _ prefix compile/link artifact #924 @mike-hunhoff better detect OS in ELF samples #988 @williballenthin display number feature zero in vverbose #1097 @mike-hunhoff capa explorer IDA Pro plugin improve file format extraction #918 @mike-hunhoff remove decorators added by IDA to ELF imports #919 @mike-hunhoff bug fixes for Address abstraction #1091 @mike-hunhoff Raw diffs capa v3.2.0...v4.0.0 capa-rules v3.2.0...v4.0.0 Download

Bump version number. Download

Bump version to 5.6.0. Download

This is the second development build after the Windows Package Manager 1.3 build for Windows 10 (1809+) and Windows 11. Experimental features are enabled in this release. The experimental support for installing from a zip file (except portable packages) is included in this release. This build will be released to Windows Insider Dev builds, and Windows Package Manager Insiders. Run winget features to see which experimental features are enabled or disabled. Add the following to your settings (winget settings) file to enable support for testing .zip manifests: "experimentalFeatures": {"zipInstall": true} Note: The Windows Package Manager Community Repository does not accept zip applications. They will not be accepted until after 1.4 is Generally Available and has been rolled out to the majority of Windows systems via the automatic upgrade from the Microsoft Store. Users may test with local manifests. We've also made progress towards native PowerShell cmdlets. These will work with PowerShell 6 and PowerShell 7. We're still working on the hurdles associated with PowerShell 5.1. We're planning to have a downloadable module for import in a future release. Join the PowerShell discussions if you're interested. Features Add Microsoft.WinGet.Client PowerShell Module files #2314 winget find should be a synonym of winget search #1299 Add aliases for installation and uninstallation #2303 Add winget remove as an alias command for winget uninstall #1978 Make "Update" an alias for "Upgrade" #1026 Command aliases #380 Bugs winget 1.4.2011-preview can't install MSI-based applications #2365 What's Changed Add InstallationMetadata to manifests for future deep installation detection by @yao-msft in #2350 Expand WinMD discovery by @jontab in #2348 Move to using sqlite3_errmsg to extract a contextual error for SQLite failures by @JohnMcPMS in #2352 Add in-process and out-of-process E2E tests by @AmelBawa-msft in #2315 Implement FolderFileWatcher by @msftrubengu in #2336 Update CsWinRTWindowsMetadata value by @AmelBawa-msft in #2357 Remove correlation blocker for remote->local in some cases by @JohnMcPMS in #2362 Update documentation with 1.3 settings by @ryfu-msft in #2363 Add Microsoft.WinGet.Client PowerShell Module files by @jontab in #2314 Fix file overwrite warning displayed on clean first install by @ryfu-msft in #2375 Logging improvements by @JohnMcPMS in #2378 Add SYSTEM to explicit ACLs by @JohnMcPMS in #2370 Remove tests that no longer serve a purpose by @JohnMcPMS in #2379 Check for symlink creation privilege for portable install by @ryfu-msft in #2369 Server certificate pinning for Store source by @JohnMcPMS in #2347 Remove scope filter from being applied to portables by @ryfu-msft in #2383 Validate SignatureSha256 for MSIX packages during the manifest validation by @AmelBawa-msft in #2384 Enable MSI testing in CI/CD pipeline by @JohnMcPMS in #2386 Standardize 'Show' labels to manifest fields by @Trenly in #2311 fix ms-windows-store link not rendered in md by @iamCristYe in #2403 Add command aliases by @Trenly in #2390 Add support for RequireExplicitUpgrade manifest element by @lechacon in #1795 Add the ability to specify "scope or unknown" via COM by @JohnMcPMS in #2402 New Contributors @iamCristYe made their first contribution in #2403 Full Changelog: release-v1.3.1872...release-v1.4.2161-preview Download

Official GNU Binutils 2.39 release Download

ILSpy 8 is based on .NET 6.0 compared to .NET Framework 4.7.2 for the previous generations of ILSpy. All artifacts except the self-contained distribution are built framework-dependent, which means .NET 6.0 must be installed prior to starting ILSpy. New Language Features C# 11: ref fields C# 10: record structs C# 10: Support DefaultInterpolatedStringHandler Updated pattern detection for Roslyn 4.3.0 Output attributes on lambda expressions Contributions Allow user to provide ID when generating a PDB (see #2678 by @andrewcrawley) Assume conventionally named unresolved method references are properties or events (see #2677 by @fowl2) Add EnableWindowsTargeting propery to csprojs targeting net6.0-windows (see #2752 by @clin1234) Reduce allocations in TransformArrayInitializers (see #2731 by @ElektroKill) Fix allowed language versions in ilspycmd (see #2703 by @superstrom) Fix crash target framework detection with C++/CLI (see #2698 by kant2002) Enhancements #2684: Iteratively unhide compiler-generated code, if it is referenced by user-code Use Unsafe.SizeOf when taking the size of a managed type #2718: Move XAML files that have an x:Class declaration next to their C# counterparts when using WholeProjectDecompiler Bug fixes #2691: Do not use AssemblyDefintion.GetAssemblyName(). This fails in culture-invariant mode (ilspycmd) when trying to work with satellite assemblies, because System.Reflection.AssemblyName tries to retrieve CultureInfo of the assembly culture #2733: Ignore bad metadata when trying to resolve ResolutionScope #2741: CallBuilder produces invalid invocation target when disambiguating calls to protected methods And many other fixes, for a full list click here. Download

This release represents our fourth Windows Package Manager 1.3 release candidate build for Windows 10 (1809+), and Windows 11. This release addresses several bugs related to installing a portable package such as incorrectly displaying a file overwrite warning message, failing to create a symlink if developer mode is not enabled or not running in admin, and not preserving scope when upgrading. Experimental features have been disabled in this release. We will follow this release with another Pre-release "developer" build at GitHub so users can continue with experimental features available. Note: The Windows Package Manager Community Repository does not accept portable applications. They will not be accepted until after 1.3 is Generally Available and has been rolled out to the majority of Windows systems via the automatic upgrade from the Microsoft Store. Users may test with local manifests. Features Support for installation of portable/standalone apps #182 Add a notes/info field to manifests. #607 Add an optional URL to Expected Return Codes #1889 Manifest Field for User Manual / Documentation #1984 Add alternative version number field to manifest to make correlation with entries in Add/Remove programs more reliable #980 Setting for always using verbose logs #1940 winget --info should print the system architecture #1925 An even better progress bar #2055 Bugs Remove scope filter from being applied to portables #2383 Check for symlink creation privilege for portable install #2369 Fix file overwrite warning displayed on clean first install #2375 Mitigate crash that can occur when installed version is null #2278 Searching for dotnet package #2218 Allow winget to install MS Store packages without account just like the MS Store #1585 --include-unknown not functioning as expected #1939 Includes a fix for an App Installer bug that was causing crashes due to null pointer reads What's Changed Remove scope filter from being applied to portables by @ryfu-msft in #2383 Check for symlink creation privilege for portable install by @ryfu-msft in #2369 Fix file overwrite warning displayed on clean first install by @ryfu-msft in #2375 Mitigate crash that can occur when installed version is null by @JohnMcPMS in #2278 Improve ARP matching heuristic by @lechacon in #2179 Improve error handling in correlation test script by @lechacon in #2206 Display ReturnResponseUrl if present by @ryfu-msft in #2210 Display InstallationNotes after a successful install by @ryfu-msft in #2211 Display documentations in show command by @ryfu-msft in #2212 Add missing localization error handling for root level localization info by @JohnMcPMS in #2220 Use AppsAndFeaturesEntries DisplayVersion info for installed package version mapping by @yao-msft in #2213 Indent documentations in 'show' command by @Trenly in #2234 Portable Support as Stable Feature by @ryfu-msft in #2233 Delete unneeded test code from libraries pulled as subtrees by @lechacon in #2232 Add simple stats to correlation result processing script by @lechacon in #2229 Treat manifest localization validation error as warning for non full validation(manifest reading) by @yao-msft in #2144 Fixed builds on VS 2022 version 17.2. by @jedieaston in #2156 Implementation for Portable Uninstall and Upgrade by @ryfu-msft in #2140 Load index from validated msix for unpackaged context by @yao-msft in #2139 Doc for ARP version mapping change by @yao-msft in #2162 Fix list/upgrade table for packages with multiple ARP entries. by @jedieaston in #2137 Setting for Logging Level by @Trenly in #1945 Improve --include-unknown message by @felipecrs in #1946 Added system architecture to winget --info. by @jedieaston in #1937 Fix: Only include unknown packages which exist in source by @Trenly in #1972 Allow PackageFamilyName to be declared with non msix installers by @yao-msft in #1944 Addition of initial 1.2 schema with 'Portable' installerType by @ryfu-msft in #1930 Make build pipeline task fail on unit tests failure by @yao-msft in #1975 Remove duplicated message about unknown versions by @felipecrs in #1982 Expose simple applicable installer check in Com api by @yao-msft in #1974 Fix pipeline build: ensure project target version matches the AppInstaller package by @yao-msft in #1990 Add uninstall functionality to Com api by @yao-msft in #1909 Remove duplicated message when no upgrades by @felipecrs in #1986 Anonymize Com caller value by @yao-msft in #1998 Fixed issues preventing compilation on VS 2022 17.1. by @jedieaston in #2000 Rename source auto update group policy by @lechacon in #1995 Function that will accept source agreement by @Jeff-Jerousek in #2020 Portable apps specification by @denelon in #2012 Add policy definition for ms-appinstaller to ADMX by @lechacon in #2038 Change to official DNS by @JohnMcPMS in #2026 Make upgrade help inform of list ability by @Trenly in #2034 Mitigate crash occuring in CompositeSource by @JohnMcPMS in #2043 Use AppsAndFeatures name and publisher by @JohnMcPMS in #2042 Apply latest loc patch by @lechacon in #2045 Add support for InProc Com invocation by @yao-msft in #2035 Display fine-grained blocks in progress bars by @chausner in #2046 Support for 1.2 Schema Additions by @ryfu-msft in #2028 Update portable spec with symlink solution design by @ryfu-msft in #2075 Add nuget publish pipeline for in-proc Com binaries by @yao-msft in #2077 Add support for in-proc Com state separation by @yao-msft in #2068 Add heuristics for matching packages to ARP after installing by @lechacon in #2044 Optimize images by @Trenly in #2082 Add a system for testing correlation E2E by @JohnMcPMS in #2071 Make In-proc Com nuget package better support .net framework 4.* by @yao-msft in #2083 Build pipeline updates and improvements by @yao-msft in #2085 Fix issue with correlation chaining from the SQLite index by @JohnMcPMS in #2087 Fix exceptions breaking out of the multi-package install loop by @JohnMcPMS in #2089 Update README by @denelon in #2113 fix passing null parameters to Find-WinGetPackage by @bftblomster in #2092 Allow winget to install MS Store packages without account by @zachcwillson in #2095 Require selection argument on install/show/search/uninstall by @JohnMcPMS in #2125 Remove ARP matching for single ARP change, and consider publisher+name for matching by @lechacon in #2119 Implementation for Portable install flow by @ryfu-msft in #2078 Fix packageId and sourceId match check for portable install by @ryfu-msft in #2138 Act on elevation requirements in majority cases by @JohnMcPMS in #2126 Add Package Dependencies to index. by @hackean-msft in #1667 Update windows-package-manager-release-roadmap.md by @opsetech in #1770 Bug fix: PackageTrackingCatalog and SQLiteIndexUpdate by @hackean-msft in #1780 Update TSG with more information about a known issue by @ashpatil-msft in #1785 Added argument to control whether to upgrade packages if they have "unknown" versions by @jedieaston in #1765 First drafted client cmdlets from Hackathon 221 by @denelon in #1760 Fix some build warnings by @lechacon in #1794 Fix Typo in upgrade.md by @floh96 in #1822 Add support for UnsupportedOSArchitectures manifest element by @lechacon in #1807 Added check for maximum size of downloaded file names by @jedieaston in #1842 Fix DLL load error in WinGetUtil by @lechacon in #1844 Update localization strings by @JohnMcPMS in #1845 Add comments for localization by @lechacon in #1847 Moved "Installing Dependencies" message to only print if there are dependencies to install. by @jedieaston in #1851 Adds experiment to know if PATH is common issue. by @Lewiscowles1986 in #1841 Check FS feature flags instead of checking for NTFS by @sredna in #1859 Add titles to 1.1 schema for ExpectedReturnCode and UnsupportedOSArchitecture by @ryfu-msft in #1862 Split pipeline build job into x86 and x64 by @lechacon in #1852 Allow upgrades in packages that register a different installer type by @lechacon in #1796 Add a default user agent to REST source calls by @JohnMcPMS in #1839 Add upgrade functionality in Com api by @yao-msft in #1853 Print the upgrade table during upgrade --all by @jedieaston in #1866 Add support for markets by @lechacon in #1806 [ImgBot] Optimize images by @vedantmgoyal2009 in #1871 Fix crash that can occur when failure pointers are null by @JohnMcPMS in #1880 Added extra check for valid arguments in upgrade. by @jedieaston in #1874 Add InstallerErrorCode to COM interface by @JohnMcPMS in #1926 Update gif animation for winget install wingetcreate by @ryfu-msft in #1931 Bump version to 1.3 by @JohnMcPMS in #1933 Full Changelog: release-v1.2.10271...release-v1.3.2091 Download