It has been longer than normal for a winfingerprint release and I hope the changelog shows that I was indeed busy :)
Wininterrogate hasn't been worked on in quite a while and for those of you that aren't familiar with it, I suggest taking a look. It is now capable of enumerating processes as well as enumerating filesystems.
Winfingerprint 0.5.4 Changes: Download at:
+ Fixed Multiple connections to remote registry leaving open handles. Reported by Mike Clark. Fixed similar bug where open handle to service control manager could be left open if an error occured after successful connection. + Cleaned up code by introducing NetErrorHandler() function for formatting NET_API_STATUS error messages. +Consistently initialize all NET_API_STATUS nStatus = NULL;
+Added memory leak checking for DEBUG builds and fixed some memory leaks found with it.
+Noted that Active Directory Scanning works differently on W2k than on XP. W2k can only Win Fingerprint and Sessions, while XP can Win Fingerprint and Enumerate Users, Groups, Sessions, and Services.
+Turned on Pentium Pro compiler optimizations, fixed some unitilialized variables, and some minor code formatting. +Perform SID Lookups on computername, users, and groups. This is my implementation of user2sid by Evgenii Rudnyi.
+Added nbtstat-like query to UDPSockets() function to perform NetBIOS Lookup if NetWkstaGetInfo() call fails. NetWkstaGetInfo requires elevated privileges and fails quite often.
+Considerable output cleanup.
+Added a Stop button for IP List, IP Range, and Neighborhood Scans.
+Drastically improved accuracy and the success rate for banner grabbing durint TCP Portscans by introducing a short Sleep().
+Cleaned up UDP Portscan, still can be inaccurate against some hosts.
+Added Active Directory Support for Session Enumeration.
+Changed RichEdit Control from version 1.0 to version 2.0 (allowing for hyperlinks within output).
+Implemented hyerplinks in output window negating the need to the interactive function, so I removed the interactive functionality.
Wininterrogate 0.1.5 Download:
+ Migrated to Visual Studio .NET
+ Created WinInterrogate Engine Class Capable of "interrogating" filesystems and processes.
+ Moved Disk Info from Dialog Class to Wininterrogate engine class. + Multithreaded.
+ Removed Search String functionality as it was quite limited.
+ Corrected MD5 checksum length bug.
+ Merged Procinterrogate Functionality into Wininterrogate (output is in csv format).
+ Additional Process feature not in procinterrogate: MD5 checksums on process list option. + MD5 and Version gathering now optional for both processes and filesystems. +
+ Added Visit Website button to about dialog, Added Version information and updated Copyright.
+ Added Help button to Launch new wininterrogate.chm (Help File)
+ No Longer Exits After Completion.
+ Fixed File Dialog to Open to Save As, implement default name and extension properly.
+ Filename no longer read only. Now can enter output filename directly rather than being forced to browse.
+ Error handling for invalid or missing directory and filemask, error handling for missing .csv extension.
+ Added View Disk Information button which enumerates local drives and displays information.
Kirby Kuehl