User contributions
(newest | oldest) View (newer 100 | older 100) (20 | 50 | 100 | 250 | 500)
- 18:21, 18 February 2008 (diff | hist) . . (-53) . . Size(res) (→Similar parameters)
- 18:20, 18 February 2008 (diff | hist) . . (+738) . . N Size(res) (New page: {{AdvFileParam|size[res]}} The size of a specific resource of the file. ==Usage== size[res]=<resource type(string)>|<resource name(string)>|<size(int)> size[res]>=<resource type(string)...)
- 18:18, 18 February 2008 (diff | hist) . . (-13) . . Md5(res) (→Similar parameters)
- 18:18, 18 February 2008 (diff | hist) . . (+552) . . N Exists(res) (New page: {{AdvFileParam|exists[res]}} Checks if a resource with that name and of that type exists. ==Usage== exists[res]=<type(string)>|<name(string)> exists[res]!=<type(string)>|<name(string)> ...)
- 18:16, 18 February 2008 (diff | hist) . . (+555) . . N Md5(res) (New page: {{AdvFileParam|md5[res]}} A MD5 check of a specific resource of the file. ==Usage== md5[res]=<resource type(string)>|<resource name(string)|<hash(text[32])> ===Examples=== ===Descripti...)
- 18:15, 18 February 2008 (diff | hist) . . (+542) . . N Count(sections) (New page: {{AdvFileParam|count[sections]}} A check about the number of sections. ==Usage== count[sections]=<count(int)> count[sections]>=<count(int)> count[sections]<=<count(int)> ===Examples==...)
- 18:14, 18 February 2008 (diff | hist) . . (+2) . . Md5(section) (→Usage)
- 18:14, 18 February 2008 (diff | hist) . . (+2) . . Size(section) (→Usage)
- 18:14, 18 February 2008 (diff | hist) . . (+424) . . N Size(section) (New page: {{AdvFileParam|size[section]}} A check of the size of one specific section ==Usage== size[section]=<sectionname(string)|size(int)> ===Examples=== size[section]=.text|37947 ===Descript...)
- 18:13, 18 February 2008 (diff | hist) . . (+390) . . N Size(sections) (New page: {{AdvFileParam|size[sections]}} A check of the valid section part size of the file ==Usage== size[sections]=<size(int)> ===Examples=== ===Description=== Checks the size of all Portable...)
- 18:13, 18 February 2008 (diff | hist) . . (+477) . . N Exists(section) (New page: {{AdvFileParam|exists[section]}} Checks if section with given name exists. ==Usage== exists[section]=<sectionname(string)> ===Examples=== exists[section]=.text exists[section]=CODE =...)
- 18:12, 18 February 2008 (diff | hist) . . (+543) . . N Md5(section) (New page: {{AdvFileParam|md5[section]}} A MD5 check of the one section of the file ==Usage== md5[section]=<sectionname(string)>-<hash(text32)> ===Examples=== md5[section]=.text-1234567890ABCDEFA...)
- 17:02, 18 February 2008 (diff | hist) . . (+705) . . N Md5(sections) (New page: {{AdvFileParam|md5[sections]}} A MD5 check of the valid section part of the file. ==Usage== md5[sections]=<hash(text[32])> ===Examples=== ===Description=== Calculates the MD5 hash of t...)
- 16:59, 18 February 2008 (diff | hist) . . (+551) . . N Count(exports) (New page: {{AdvFileParam|count[exports]}} The number of exported functions. ==Usage== count[exports]=<size(int)> count[exports]>=<size(int)> count[exports]<=<size(int)> ===Examples=== count[ex...)
- 16:58, 18 February 2008 (diff | hist) . . (+479) . . N Exists(export) (New page: {{AdvFileParam|exists[export]}} The name of an exported function. ==Usage== exists[export]=<functionname(string)> ===Examples=== exists[export]=DoSomethingBad This would test whether ...)
- 16:55, 18 February 2008 (diff | hist) . . (+4) . . Md5(exports) (→See also)
- 16:53, 18 February 2008 (diff | hist) . . (+529) . . N Md5(exports) (New page: {{AdvFileParam|md5[exports]}} A simple MD5 check of the alpha-sorted uppercase export list ==Usage== md5[exports]=<hash(text[32])> ===Examples=== md5[exports]=1234567890ABCDEFABCDEF123...)
- 16:51, 18 February 2008 (diff | hist) . . (+589) . . N Crc32 (New page: {{AdvFileParam|crc32}} A simple CRC check of the whole file ==Usage== crc32=<hash(text[8])> ===Examples=== crc32=1234ABCD ===Description=== Compares the CRC32 hash of the file content...)
- 16:48, 18 February 2008 (diff | hist) . . (+591) . . N Sizemd5 (New page: {{AdvFileParam|sizemd5}} A MD5 check of a specific part of the file ==Usage== sizemd5=<startoffset(int)>|<endoffset(int)>|<hash(text[32])> ===Examples=== sizemd=10|20|12345678901234567...)
- 16:47, 18 February 2008 (diff | hist) . . (0) . . Endmd5 (→Usage)
- 16:47, 18 February 2008 (diff | hist) . . (+631) . . N Endmd5 (New page: {{AdvFileParam|endmd5}} A MD5 check of the last bytes, optionally with an offset ==Usage== endmd5=<sizefromend(int)><|deltatoend(int)>|<hash(text[32])> ===Examples=== endmd5=2000|100|1...)
- 16:44, 18 February 2008 (diff | hist) . . (+499) . . N Md5 (New page: {{AdvFileParam|md5}} A simple MD5 check of the whole file. ==Usage== md5=<hash(text[32])> ===Examples=== md5=123456789012345678901234567890AB ===Description=== This parameter compares...)
- 16:41, 18 February 2008 (diff | hist) . . (+510) . . N Delenv (New page: {{AdvFileParam|delenv}} Deletes the environment variable with the given name. ==Usage== delenv=<name(string)> ===Examples=== delenv=greeting chkenv=greeting:Hello,delenv=greeting ===...)
- 16:40, 18 February 2008 (diff | hist) . . (+446) . . N Clearenv (New page: {{AdvFileParam|clearenv}} Clears the environment completely. ==Usage== clearenv=<flag(boolean)> ===Examples=== clearenv=1 ===Description=== This ''flag'' has to be set to ''1'' to act...)
- 16:39, 18 February 2008 (diff | hist) . . (+439) . . N Isenv (New page: {{AdvFileParam|isenv}} Checks if an environment variable is set. ==Usage== isenv=<name(string)> ===Examples=== isenv=greeting ===Description=== Checks if the environment variable name...)
- 16:38, 18 February 2008 (diff | hist) . . (+498) . . N Chkenv (New page: {{AdvFileParam|chkenv}} Checks if the environment variable has the given value. ==Usage== chkenv=<name(string):value(string)> ===Examples=== chkenv=greeting:Hello chkenv=greeting:Hall...)
- 16:36, 18 February 2008 (diff | hist) . . (+411) . . N Setenv (New page: {{AdvFileParam|setenv}} Sets a global environment variable. ==Usage== setenv=<name(string)>:<value(string)> ===Examples=== setenv=greeting:Hello ===Description=== This parameter can b...)
- 16:32, 18 February 2008 (diff | hist) . . (+467) . . N Skipcount (New page: {{AdvFileParam|skipcount}} Skips the next X lines if reached. ==Usage== skipcount=<linecount(int)> ===Examples=== skipcount=5 To skip the next 5 lines. ===Description=== Often used i...)
- 16:19, 18 February 2008 (diff | hist) . . (+778) . . N Modunload (New page: {{AdvFileParam|modunload}} Tries to unload DLL through API from specified process. ==Usage== modunload=<filename(string)> ===Examples=== modunload=<$WINDIR>\notepad.exe Tries to unloa...)
- 16:15, 18 February 2008 (diff | hist) . . (+620) . . N Ignore (New page: {{AdvFileParam|ignore}} Tells the scanner to break if it is of a given type. ==Usage== ignore=<scanner-id(byte)>[+scanner-id(byte)[+scanner-id(byte)]] ===Examples=== ignore=0+2 ===Des...)
- 16:12, 18 February 2008 (diff | hist) . . (+564) . . N Silentregreboot (New page: {{AdvFileParam|silentregreboot}} If set (as last parameter), it will write the registry setting to scan on reboot. ==Usage== silentregreboot=<flag(boolean)> ===Examples=== silentregreb...)
- 16:11, 18 February 2008 (diff | hist) . . (-3) . . Flagifnofile (→Description)
- 16:10, 18 February 2008 (diff | hist) . . (+608) . . N Askregreboot (New page: {{AdvFileParam|askregreboot}} ==Usage== askregreboot=<flag(boolean)> ===Examples=== askregreboot=something ===Description=== If set (as last parameter), it will ask if it should write...)
- 16:06, 18 February 2008 (diff | hist) . . (+1,094) . . N Build (New page: {{AdvFileParam|build}} Checks the build number ==Usage== build=<build number> build!=<build number> build>=<build number> build<=<build number> ===Examples=== build>=20070830 This ...)
- 16:00, 18 February 2008 (diff | hist) . . (+621) . . N Flagifnofile (New page: {{AdvFileParam|flagifnofile}} Determines if entry should be flagged if no file present. ==Usage== flagifnofile=<flag(boolean)> ===Examples=== flagifnofile=0 flagifnofile=1 ===Descrip...)
- 15:57, 18 February 2008 (diff | hist) . . (+606) . . N Attribs (New page: {{AdvFileParam|attribs}} Checks if file attributes are set or not set. ==Usage== attribs=<attrib(char)>modifier(char)[attrib(char)modifier(char)[...]] ===Examples=== attribs=H+R+S+ ==...)
- 15:53, 18 February 2008 (diff | hist) . . (+595) . . N Size(file) (New page: {{AdvFileParam|filesize}} Defines which size the scanned file must have ==Usage== filesize=<size(int)> filesize>=<size(int)> filesize<=<size(int)> ===Examples=== filesize=18373 file...)
- 15:50, 18 February 2008 (diff | hist) . . (+145) . . N Category:Advanced file parameters (New page: This category lists all advanced file parameters provided by file ''AdvCheck.dll'' and used to verify file contents.)
- 15:49, 18 February 2008 (diff | hist) . . (0) . . Filename (→See also: alpha-sorted)
- 15:48, 18 February 2008 (diff | hist) . . (+556) . . N Filepath (New page: {{AdvFileParam|filepath}} Checks if the file path (no filename) is of the given value. ==Usage== filepath=<path(string)> ===Examples=== filepath=<$WINDIR>\ ===Description=== Tests whe...)
- 15:48, 18 February 2008 (diff | hist) . . (+574) . . N Fullpath (New page: {{AdvFileParam|fullpath}} Checks if the full path (filename and path) is of the given value. ==Usage== fullpath=<path(string)> ===Examples=== filepath=<$WINDIR>\blubbels.txt ===Descri...)
- 15:44, 18 February 2008 (diff | hist) . . (0) . . m ProgramFile
- 15:44, 18 February 2008 (diff | hist) . . (+645) . . N Filename (New page: {{AdvFileParam|filename}} Defines filename for Directory command check. ==Usage== filename=<filename(string)> ===Examples=== filename=<$WINDIR>\malware.exe ===Description=== Sets the ...)
- 15:43, 18 February 2008 (diff | hist) . . (0) . . Directory (→Description)
- 15:38, 18 February 2008 (diff | hist) . . (+1) . . Template:AdvFileParam
- 15:38, 18 February 2008 (diff | hist) . . (+27) . . Msg(info)
- 15:38, 18 February 2008 (diff | hist) . . (+27) . . Msg(warn)
- 15:38, 18 February 2008 (diff | hist) . . (+27) . . Msg(crit)
- 15:36, 18 February 2008 (diff | hist) . . (+519) . . N Msg(crit) (New page: Displays a message when reached, failing the test. ==Usage== msg[crit]=<text(string)> ===Examples=== msg[crit]="Fatal Example Error!" Please not that as part of quoted [[Advanced file...)
- 15:36, 18 February 2008 (diff | hist) . . (+508) . . N Msg(info) (New page: Displays a message when reached, fulfilling the test. ==Usage== msg[info]=<text(string)> ===Examples=== msg[crit]="Just FYI." Please not that as part of quoted [[Advanced file paramet...)
- 15:36, 18 February 2008 (diff | hist) . . (+680) . . N Msg(warn) (New page: Displays a message when reached, allowing you to choose to continue or cancel. ==Usage== msg[warn]=<text(string)> ===Examples=== msg[crit]="Do you really want to continue this silly ex...)
- 15:10, 18 February 2008 (diff | hist) . . (+492) . . Target(link)
- 15:06, 18 February 2008 (diff | hist) . . (+1) . . Template:AdvFileParam
- 15:06, 18 February 2008 (diff | hist) . . (+98) . . N File:Icon wrong title.png (An icon describing an article name that has not the correct syntax, due to technical restrictions.) (current)
- 15:01, 18 February 2008 (diff | hist) . . (+764) . . N Template:AdvFileParam (New page: <div id="Template_AdvFileParam"> {|{{Bausteindesign1}} | style="width: 25px; vertical-align: top; padding-top: 2px;" | 25px | The proper syntax of this [[Adva...)
- 14:58, 18 February 2008 (diff | hist) . . (-2) . . Template:Outdated SBI (current)
- 14:56, 18 February 2008 (diff | hist) . . (+29) . . N Target(link) (New page: {{AdvFileParam|target[link]}})
- 14:07, 18 February 2008 (diff | hist) . . (+724) . . N MoveFile (New page: Renames/moves a file. ==Usage== MoveFile:<source filename>,<destination filename>[,advanced file parameters] ===Examples=== ===Description=== This command renames files. # The first p...)
- 14:03, 18 February 2008 (diff | hist) . . (+1,082) . . N WinSecCenter (New page: Identifies ''Windows Security Center'' entries. ==Usage== WinSecCenter:<type>,<field>,<data> ===Examples=== WinSecCenter:"av","guid","{3207EF9A-E64B-40A0-B897-3F2B9D794816}" Detects a...)
- 13:57, 18 February 2008 (diff | hist) . . (+1,707) . . N NTFile (New page: Identifies files, using the Windows NT native mode, to avoid rootkit hiding in Windows 32 mode. ==Usage== NTFile:<description>,<filename>[,advanced file parameters] ===Examples=== See [...)
- 13:53, 18 February 2008 (diff | hist) . . (+993) . . Nm HandleFile (New page: Identifies files of running processes using handles they've got opened. ==Usage== HandleFile:<handletype>,<handlename>[,advanced file parameters] ===Examples=== HandleFile:"file","\Tes...)
- 13:38, 18 February 2008 (diff | hist) . . (+130) . . RegyFix
- 13:36, 18 February 2008 (diff | hist) . . (+335) . . RegyChange
- 13:34, 18 February 2008 (diff | hist) . . (+90) . . RegyRemove (→Scan Results: new)
- 13:30, 18 February 2008 (diff | hist) . . (+27) . . RegyRemove
- 13:24, 18 February 2008 (diff | hist) . . (-36) . . m Winsock (→Similar commands)
- 13:23, 18 February 2008 (diff | hist) . . (0) . . RegyKey (→See also: link order)
- 13:23, 18 February 2008 (diff | hist) . . (0) . . RegyValue (→See also: link order)
- 13:23, 18 February 2008 (diff | hist) . . (+4) . . m RegyValue (→Usage: typo)
- 13:23, 18 February 2008 (diff | hist) . . (-28) . . RegyValue
- 13:22, 18 February 2008 (diff | hist) . . (-30) . . RegyKey
- 13:15, 18 February 2008 (diff | hist) . . (+105) . . Winsock
- 13:14, 18 February 2008 (diff | hist) . . (-3) . . m Typelib
- 13:13, 18 February 2008 (diff | hist) . . (+232) . . Typelib
- 13:11, 18 February 2008 (diff | hist) . . (+101) . . TCPIPAddress
- 13:10, 18 February 2008 (diff | hist) . . (-7) . . m StripADS (Usage format)
- 13:09, 18 February 2008 (diff | hist) . . (+24) . . StripADS (→Similar commands)
- 13:09, 18 February 2008 (diff | hist) . . (-36) . . StripADS
- 13:09, 18 February 2008 (diff | hist) . . (+24) . . StripADS (→Examples)
- 13:08, 18 February 2008 (diff | hist) . . (+548) . . StripADS
- 12:47, 18 February 2008 (diff | hist) . . (+286) . . SharedDLL
- 12:37, 18 February 2008 (diff | hist) . . (+151) . . RootClass
- 12:30, 18 February 2008 (diff | hist) . . (+348) . . ProtocolFilter
- 12:25, 18 February 2008 (diff | hist) . . (+235) . . ModuleUsage
- 12:23, 18 February 2008 (diff | hist) . . (-36) . . MRUList
- 12:22, 18 February 2008 (diff | hist) . . (0) . . m MRUList (→Description: typo)
- 12:22, 18 February 2008 (diff | hist) . . (+152) . . MRUList
- 12:20, 18 February 2008 (diff | hist) . . (+2) . . m NoOp
- 12:20, 18 February 2008 (diff | hist) . . (+435) . . NoOp
- 12:13, 18 February 2008 (diff | hist) . . (0) . . m Interface (→Scan ResultS)
- 12:08, 18 February 2008 (diff | hist) . . (+175) . . Interface
- 12:01, 18 February 2008 (diff | hist) . . (+162) . . Interface
- 11:54, 18 February 2008 (diff | hist) . . (+3) . . IniValueRemove
- 11:54, 18 February 2008 (diff | hist) . . (-36) . . m IniValueDelete
- 11:54, 18 February 2008 (diff | hist) . . (+38) . . IniValueDelete
- 11:51, 18 February 2008 (diff | hist) . . (+6) . . IniValueChange
- 11:46, 18 February 2008 (diff | hist) . . (+1) . . AlgoPrefix (→Combining rules)
- 11:44, 18 February 2008 (diff | hist) . . (+328) . . AlgoPrefix
- 11:12, 18 February 2008 (diff | hist) . . (+278) . . IELinks
- 11:04, 18 February 2008 (diff | hist) . . (+252) . . IEExtension
(newest | oldest) View (newer 100 | older 100) (20 | 50 | 100 | 250 | 500)