Monday, July 25, 2016

Expression Encoder Video Overlay Volume


 Adjusting the audio volume of a video overlay is little obfuscated in Expression Encode 4.  

Here's how to edit the volume levels of video overlay

In Expression Encoder 4 goto Windows -> Enhance (choose)



Now navigate to Enhance tab and mix your overlay audio relative to the master video/audio track. 
  1. Visual overlay audio volume can be set from 0-1. You can use decimal (.111), but only 1st decimal place (.1) will show. Adjust accordingly to mix you volume levels.
  2. Master video/audio volume of the default video, set accordingly.


Friday, July 22, 2016

Windows 10 Renaming File and Folders Fiasco - Warning

I was recently working on remotely on computer and had a bad lag. Somehow, I had a stuck multi-select mode and highlighted an number of folders and files. When I went to rename just the file, it looked pretty normal, it renaming the file. Then I pressed refresh icon and it had renamed all the folders as well. I was using Chrome to rename and upload the file and and I could not undo this action.

UI Problem:


  1. Windows 10 does not alert you of  renaming a mix of objects (files and folders). All to easy to do this by mistake. There is no pop-up warning you of mix of files and folders.
  2. No warning renaming different file types. If for example you differnt file types, and rename them. For example, selecting text files (.txt) vs photos (.jpg), there is no warning.
  3. Loss of functionality, in previous versions of Windows 8.1 < , this was enabled using a F2 key, so that you were well aware of what you were doing. This has been lost in Windows 10.



At Issue:

Looks like I am just renaming a file, and not all folders as well. No warning is given that I am renaming a mix of file and folders. 


If you remember or catch this you can undo this by pressing CTRL-Z

Thursday, July 21, 2016

Windows 10 Registry containing odd "bad" encrypted characters, not Trojan:Win32/Xadupi

Recently I was snooping around the Windows 10 Registry and found some odd or "bad" looking encrypted characters and a quick search on internet revealed it might be a Trojan:Win32/Xadupi. This was unlikely since just created a fresh install of Win10, but had to make sure.

Seems many keys under HKEY_CLASSES_ROOT\Installer\Assemblies have these odd characters as suffixes and prefixes in REG_MULTI_SZ keys.

3PgDT0$gy?~Dc}DI]?&!Complete5.1.41212.0>C%.qkZL4=Ax1x8*pgU8o

WINDOWS 10 Registry Export 


1
2
3
4
5
6
RegtoText Windows Registry Conversion Version 5.00
[
HKEY_CLASSES_ROOT\Installer\Assemblies\c:|Program Files (x86)|Microsoft Silverlight|5.1.40728.0|vi|system.resources.dll] "system.resources,culture=\"vi\",fileVersion=\"5.1.40728.0\",processorArchitecture=\"MSIL\",publicKeyToken=\"7cec85d7bea7798e\",version=\"5.0.5.0\""=[REG_MULTI_SZ] 3PgDT0$gy?~Dc}DI]?&!Complete5.1.41212.0>C%.qkZL4=Ax1x8*pgU8o 3PgDT0$gy?~Dc}DI]?&!Complete5.1.41212.0>WH7IkSJo49emP^-SBc]q


ANSWER : Not a Trojan

Turns out that this is a special encoded characters is part of a "Darwin Descriptor," (DD) and is a actually an encoded representation of a specific product, component, and feature.

Further reading at



The Darwin Descriptor is special encoding, and roughly is
ProductCode: {encoded GUID} Feature : {non-encoded string} ComponentId: {encoded GUID}

The Darwin Descriptor is used when installing an application, and the GUIDs are used to register additional capabilities, such as adding a file association extension for the application. For example,
 Notepad's  file associated extension is with .txt. That's just one example, you can do more with the DD, read here https://msdn.microsoft.com/en-us/library/aa302344.aspx for details.

The full DD specification is described well in following link, and involves some byte reordering! Further reading at 



The great news you can docode these values to be human readible, and back to a GUID.


Darwin Descriptor Decoder, download and check your key using the following link
https://www.symantec.com/connect/downloads/readydarwin-descriptors-dd

For example, using DarwinDesc_GUID.exe_.txt  from console (remove _.txt), to converted this string

1
3PgDT0$gy?~Dc}DI]?&!Complete5.1.41212.0>C%.qkZL4=Ax1x8*pgU8o

to the below decrypted text, we can read the GUIDs of ProductCode and ComponetID.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
---------------------------Darwin Descriptor---------------------------

ProductCode: {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Feature: Complete5.1.41212.0

ComponentId: {CFFE1F82-ED5D-4E98-92C5-8B16CCBD8CDA}
---------------------------
OK  
---------------------------