Kansa
Kansa copied to clipboard
davehull
Merge ShimCacheParser into upstream
Hey, i found this module ( https://github.com/davidhowell-tx/PS-ShimCacheParser ) for parsing AppCompatCache that have Kansa module. It works on windows 7, but unfortunately not on newer versions, but it shouldn't be hard to implement. Can we consider merging it into upstream?
you can use my appcompat code if you can drop in the RegBinary bytes.
https://github.com/EricZimmerman/AppCompatCacheParser
Pull request #163 was just added to get the output of ShimCacheParser.exe. It might be what you are looking for.
This route was chosen because Mandiant keeps the tool updated for newer OS versions. It should be easier to maintain that way.
except maniant doesnt keep it up to date =(
https://github.com/mandiant/ShimCacheParser/issues/14
Is there another tool you know of that supports Windows 10 anniversary edition?
On Jul 28, 2017 4:15 PM, "Eric" [email protected] wrote:
except maniant doesnt keep it up to date =(
mandiant/ShimCacheParser#14 https://github.com/mandiant/ShimCacheParser/issues/14
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318763629, or mute the thread https://github.com/notifications/unsubscribe-auth/AHnyt5cMiJw4UkJ-8U27xudvq1dEXZwgks5sSk9hgaJpZM4Fu7W4 .
Yes. Mine. Has since before creators was released
On Jul 28, 2017 7:24 PM, "Daniel" [email protected] wrote:
Is there another tool you know of that supports Windows 10 anniversary edition?
On Jul 28, 2017 4:15 PM, "Eric" [email protected] wrote:
except maniant doesnt keep it up to date =(
mandiant/ShimCacheParser#14 https://github.com/mandiant/ShimCacheParser/issues/14
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318763629, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHnyt5cMiJw4UkJ- 8U27xudvq1dEXZwgks5sSk9hgaJpZM4Fu7W4> .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318783843, or mute the thread https://github.com/notifications/unsubscribe-auth/AEEVJgI4VZtxfDjmfo09VznOFc3GR2Xiks5sSm3GgaJpZM4Fu7W4 .
Cool I'll check it out more and possibly redo the pull request.
Sorry for not doing more research first.
Thanks!
On Jul 28, 2017 7:07 PM, "Eric" [email protected] wrote:
Yes. Mine. Has since before creators was released
On Jul 28, 2017 7:24 PM, "Daniel" [email protected] wrote:
Is there another tool you know of that supports Windows 10 anniversary edition?
On Jul 28, 2017 4:15 PM, "Eric" [email protected] wrote:
except maniant doesnt keep it up to date =(
mandiant/ShimCacheParser#14 https://github.com/mandiant/ShimCacheParser/issues/14
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318763629, or mute the thread <https://github.com/notifications/unsubscribe-auth/AHnyt5cMiJw4UkJ- 8U27xudvq1dEXZwgks5sSk9hgaJpZM4Fu7W4> .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318783843, or mute the thread <https://github.com/notifications/unsubscribe-auth/ AEEVJgI4VZtxfDjmfo09VznOFc3GR2Xiks5sSm3GgaJpZM4Fu7W4> .
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/davehull/Kansa/issues/127#issuecomment-318788170, or mute the thread https://github.com/notifications/unsubscribe-auth/AHnytwiRly3IvfYNKeWUI32zkmlU3nEQks5sSnfCgaJpZM4Fu7W4 .
Pull request #164 adds a new module Get-AppCompatCache that uses Eric's tool to get this data.
Thanks Eric!