TaskExplorer requires a driver to operate (xprocesshacker.sys), Windows however denies loading a driver file that has not been digitally signed.
" + "Luckily brave hackers have Leaked a few of these Certificates over the years, one of them was found by the author of this software and put to good use.
" + "Unfortunately, such certificates have been abused by malware authors resulting in many Anti Malware Fools being Lazy and flagging Everything signed with them Wrongfully as Malware. " + "This Prejudice is Damaging the Open Source Ecosystem.
" + "Therefore, the required driver is provided in an obfuscated form and before use must be unpacked. " + "When doing so said Anti Viruses will complain and attempt to destroy the freshly created file. " + "Please be aware that this is a false positive caused by the necessary use of a compromised certificate. " + "If this happens you will be notified and offered the option to repeat the unpacking operation, for the operation to succeed you will need to configure an appropriate exemption.
" + + "If you want to proceed with the unpacking of the driver press YES.
" + ); + QMessageBox *msgBox = new QMessageBox(NULL); + msgBox->setAttribute(Qt::WA_DeleteOnClose); + msgBox->setWindowTitle("TaskExplorer"); + msgBox->setText(Caption); + msgBox->setInformativeText(Text); + msgBox->setStandardButtons(QMessageBox::Yes); + msgBox->addButton(QMessageBox::No); + msgBox->setDefaultButton(QMessageBox::Yes); + + QIcon ico(QLatin1String(":/TaskExplorer.png")); + msgBox->setIconPixmap(ico.pixmap(64, 64)); + + return msgBox->exec() == QMessageBox::Yes; +} + +void UnPackDrivers() +{ + bool notifyNotOk = false; + QDir appDir(QApplication::applicationDirPath()); + foreach(const QString& FileName, appDir.entryList(QStringList("*.sys.rc4"), QDir::Files)) + { + QString InName = QApplication::applicationDirPath() + "/" + FileName; + QString OutName = InName.mid(0, InName.length() - 4); + + QFileInfo InInfo(InName); + QFileInfo OutInfo(OutName); + if (InInfo.size() != OutInfo.size() || InInfo.lastModified() > OutInfo.lastModified()) + { + if (theConf->GetBool("Options/NotifyUnPack", true)) { + if (!NotifyCert()) { + notifyNotOk = true; + break; + } + theConf->SetValue("Options/NotifyUnPack", false); + } + + retry: + if (!TransformFile(InName, OutName)) + QMessageBox::warning(NULL, "TaskExplorer", QObject::tr("Failed to decrypt %1 ensure app directory is writable.").arg(FileName)); + else if (!TestFile(OutName)) + { + if (QMessageBox("TaskExplorer", + QObject::tr("The decrypted file %1 seam to have been removed. Retry file extraction?").arg(FileName), + QMessageBox::Information, QMessageBox::Yes | QMessageBox::Default, QMessageBox::Cancel, QMessageBox::NoButton).exec() == QMessageBox::Yes) + goto retry; + notifyNotOk = true; + } + } + } + if (notifyNotOk) + QMessageBox::warning(NULL, "TaskExplorer", QObject::tr("Without the Driver TaskExplorer wont be able to run properly.")); +} \ No newline at end of file