Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
72 lines (58 sloc) 7.98 KB
Windows Registry Editor Version 5.00
;This is my Malware Analysis Right click context menu script.
;See the blog post here: http://jcsocal.blogspot.com/2013/11/snazzy-windows-context-menu-for-malware.html
;Bother me on Twitter @JC_SoCal if you have any questions/comments
;Warning; these paths are based on my setup and installs
;you milage may vary.
[HKEY_CLASSES_ROOT\*\shell\MalwareAnalysis]
"MUIVerb"="Malware Analysis"
"SubCommands"="IDAPro;OllyDbg1;OllyDbg2;Shadow;Immunity;|;PEiD;PEStudio;PEBear;CFFExplorer;ResHacker;FileInsight;|;HXD"
"Icon"="imageres.dll,-27"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\IDAPro]
@="IDA Pro"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\IDAPro\command]
@="\"C:\\Program Files (x86)\\IDA 6.4\\idaq.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\OllyDbg1]
@="OllyDbg1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\OllyDbg1\command]
@="\"C:\\Program Files (x86)\\odbg110\\OLLYDBG.EXE\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\OllyDbg2]
@="OllyDbg2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\OllyDbg2\command]
@="\"C:\\Program Files (x86)\\odbg201\\ollydbg.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Shadow]
@="Shadow"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Shadow\command]
@="\"C:\\Program Files (x86)\\odbg110\\Shadow.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Immunity]
@="Immunity"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Immunity\command]
@="\"C:\\Program Files (x86)\\Immunity Inc\\Immunity Debugger\\ImmunityDebugger.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\PEiD]
@="PEiD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\PEiD\command]
@="\"C:\\Program Files (x86)\\PEiD-0.95-20081103\\PEiD.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\PEStudio]
@="PEStudio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\PEStudio\command]
@="\"C:\\Program Files (x86)\\PeStudio762\\PeStudio.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\PEBear]
@="PEBear"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\PEBear\command]
@="\"C:\\Program Files (x86)\\PE-bear_x86_0.2.8\\PE-bear.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\CFFExplorer]
@="CFF Explorer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\CFFExplorer\command]
@="C:\\Program Files\\NTCore\\Explorer Suite\\CFF Explorer.exe %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\ResHacker]
@="ResHacker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\ResHacker\command]
@="\"C:\\Program Files (x86)\\Resource Hacker\\ResHacker.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\FileInsight]
@="File Insight"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\FileInsight\command]
@="\"C:\\Program Files (x86)\\FileInsight\\FileInsight.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\HXD]
@="HxD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\HXD\command]
@="\"C:\\Program Files (x86)\\HxD\\HxD.exe\" \"%1\""