Merge ShimCacheParser into upstream #127
Labels
Comments
|
you can use my appcompat code if you can drop in the RegBinary bytes. |
|
Pull request #163 was just added to get the output of ShimCacheParser.exe. It might be what you are looking for. This route was chosen because Mandiant keeps the tool updated for newer OS versions. It should be easier to maintain that way. |
|
except maniant doesnt keep it up to date =( |
|
Is there another tool you know of that supports Windows 10 anniversary
edition?
…On Jul 28, 2017 4:15 PM, "Eric" ***@***.***> wrote:
except maniant doesnt keep it up to date =(
mandiant/ShimCacheParser#14
<mandiant/ShimCacheParser#14>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#127 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AHnyt5cMiJw4UkJ-8U27xudvq1dEXZwgks5sSk9hgaJpZM4Fu7W4>
.
|
|
Yes. Mine. Has since before creators was released
…On Jul 28, 2017 7:24 PM, "Daniel" ***@***.***> wrote:
Is there another tool you know of that supports Windows 10 anniversary
edition?
On Jul 28, 2017 4:15 PM, "Eric" ***@***.***> wrote:
> except maniant doesnt keep it up to date =(
>
> mandiant/ShimCacheParser#14
> <mandiant/ShimCacheParser#14>
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <#127 (comment)>,
or mute
> the thread
> <https://github.com/notifications/unsubscribe-auth/AHnyt5cMiJw4UkJ-
8U27xudvq1dEXZwgks5sSk9hgaJpZM4Fu7W4>
> .
>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#127 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AEEVJgI4VZtxfDjmfo09VznOFc3GR2Xiks5sSm3GgaJpZM4Fu7W4>
.
|
|
Cool I'll check it out more and possibly redo the pull request.
Sorry for not doing more research first.
Thanks!
…On Jul 28, 2017 7:07 PM, "Eric" ***@***.***> wrote:
Yes. Mine. Has since before creators was released
On Jul 28, 2017 7:24 PM, "Daniel" ***@***.***> wrote:
> Is there another tool you know of that supports Windows 10 anniversary
> edition?
>
> On Jul 28, 2017 4:15 PM, "Eric" ***@***.***> wrote:
>
> > except maniant doesnt keep it up to date =(
> >
> > mandiant/ShimCacheParser#14
> > <mandiant/ShimCacheParser#14>
> >
> > —
> > You are receiving this because you commented.
> > Reply to this email directly, view it on GitHub
> > <#127 (comment)>,
> or mute
> > the thread
> > <https://github.com/notifications/unsubscribe-auth/AHnyt5cMiJw4UkJ-
> 8U27xudvq1dEXZwgks5sSk9hgaJpZM4Fu7W4>
> > .
> >
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <#127 (comment)>,
or mute
> the thread
> <https://github.com/notifications/unsubscribe-auth/
AEEVJgI4VZtxfDjmfo09VznOFc3GR2Xiks5sSm3GgaJpZM4Fu7W4>
> .
>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#127 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AHnytwiRly3IvfYNKeWUI32zkmlU3nEQks5sSnfCgaJpZM4Fu7W4>
.
|
|
Pull request #164 adds a new module Get-AppCompatCache that uses Eric's tool to get this data. Thanks Eric! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey,
i found this module ( https://github.com/davidhowell-tx/PS-ShimCacheParser ) for parsing AppCompatCache that have Kansa module. It works on windows 7, but unfortunately not on newer versions, but it shouldn't be hard to implement.
Can we consider merging it into upstream?
The text was updated successfully, but these errors were encountered: