ChangeLog.txt

2024-12-15 version 2.18
* New plugins
  - Encoding operations
    - "Custom base92 encode" plugin and "Custom base92 decode" plugin
      These plugins encode and decode selected region with custom base92 table.
* Enhancements
  - Crypto operations
    - AES plugins
      - "No unpadding" option is added for ECB mode and CBC mode.
      - Segment size is selectable for CFB mode.
  - Compression operations
    All plugins show output size.
  - Encoding operations
    - "Binary data to hex text" plugin and "Hex text to binary data" plugin
      These plugins are rewritten to use external Python 3 scripts. They can encode or decode much faster.
    - "Octal text to binary data" plugin
      Negative number is supported.
    - "Decimal text to binary data" plugin and "Octal text to binary data" plugin
      Delimiters are automatically detected and loose format
      (multiple lines and using multiple delimiter types) is acceptable.
  - Misc operations
    - "Emulate code" plugin
      - RISC-V architecture is supported in emulation with Qiling Framework.
  - Parsing operations
    - "Binwalk scan" plugin
      - Binwalk is upgraded to version 3 that is rewritten with Rust.
      - Detected file types will be shown in bookmarks.
    - Disassemble plugin
      RISC-V architecture is supported.
    - "File type" plugin
      File type detection accuracy with python-magic is improved with updated libmagic.
* Bug fixes
  - Compression operations
    - "QuickLZ decompress" plugin
      Decompression failure for some cases is fixed.
  - Encoding operations
    - "Decimal text to binary data" plugin
      Incorrect byte order for negative values is fixed.
* Other changes
  - Python Windows embeddable package is updated to 3.12.5.
  - Python package dependencies are updated accordingly.
  - Encoding operations
    - "Binary data to octal text" plugin
      "0" prefix is not prepended for octal values.
    - "Protobuf decode" plugin
      blackboxprotobuf is switched from the forked version to the original version
      (https://github.com/nccgroup/blackboxprotobuf).
  - Misc operations
    - "Hash values" plugin
      Hash algorithm of exphash is changed from SHA256 to MD5 due to update of pefile.
  - Parsing operations
    - "Binwalk scan" plugin
      Binwalk is bundled with FileInsight-plugins-embeddable-python-packages
      because Windows binary of Binwalk is not distributed.
    - "Show metadata" plugin
      ExifTool is bundled with FileInsight-plugins-embeddable-python-packages to avoid
      unavailability on installation because only the latest production
      versions of ExifTool is available and old production versions are
      not available.

2023-06-07 version 2.17.1
* Critical bug fix
  This version fixes a critical bug of show_simple_dialog.py that prevents the following plugins from running:
  - Basic operations
    - Fill plugin
    - Bookmark plugin
  - Search operations
    - "Regex extraction" plugin
    - "Regex search" plugin
    - "XOR hex search" plugin
    - "XOR text search" plugin
* Other change
  - Encoding operations
    - "Custom base16 decode" plugin
    - "Custom base32 decode" plugin
    - "Custom base58 decode" plugin
    - "Custom base62 decode" plugin
    - "Custom base64 decode" plugin
    - "Custom base85 decode" plugin
    - "Custom base91 decode" plugin
      These plugins now automatically remove CR and LF before decode.

2023-06-04 version 2.17
* New plugins
  - Compression operations
    - "lzip compress" plugin and "lzip decompress" plugin
      These plugins compress and decompress selected region with lzip format.
  - Crypto operations
    - Camellia plugins
      These plugins encrypt and decrypt selected region with Camellia.
    - CAST-128 plugins
      These plugins encrypt and decrypt selected region with CAST-128.
    - RC5 plugins
      These plugins encrypt and decrypt selected region with RC5.
    - RC6 plugins
      These plugins encrypt and decrypt selected region with RC6.
    - XXTEA plugins
      These plugins encrypt and decrypt selected region with XXTEA.
  - Encoding operations
    - "Custom base91 encode" plugin and "Custom base91 decode" plugin
      These plugins encode and decode selected region with custom base91 table.
    - "gob decode" plugin
      This plugin decodes selected region as gob (serialization format for golang) serialized data into Python notation
  - Parsing operations
    - "Extract VBA macro" plugin
      This plugin extracts Microsoft Office VBA macro from selected region (the whole file if not selected). It also supports p-code decompilation and VBA stomping detection.
    - "String type" plugin
      This plugin identifies type of strings such as API keys and cryptocurrency wallet addresses in the selected region (the whole file if not selected) with lemmeknow.
* Enhancements
  - Crypto operations
    - ChaCha20 plugins
      These plugins now support 24 bytes nonce.
    - RC4 plugins
      These plugins now support key shorter than five bytes.
    - TEA plugins and XTEA plugins
      These plugins are rewritten with Binary Refinery and they now support five cipher block modes of operation (ECB, CBC, CFB, OFB, and CTR)
  - Encoding operations
    - "Decimal text to binary data" plugin
      - This plugin now suports conversion from negative numbers.
      - This plugin now automatically removes spaces when you choose a non-space delimiter.
  - Misc operations
    - "Hash values" plugin
      This plugin now supports exphash, Rich PE header hash, TLSH, authentihash, icon MD5, icon dhash, gimphash, and telfhash.
  - Parsing operations
    - "Find PE file" plugin
      - This plugin now notes file types on bookmark comments.
      - This plugin now can find PE file with MSDOS stub if "MZ" signature is missing.
  - Search operations
    - "YARA scan" plugin
      - This plugin now can show XOR keys for "xor" keyword.
  - XOR operations
    - "Guess multibyte XOR keys" plugin
      This plugin now can find XORed PE file with MSDOS stub if "MZ" signature is missing.
* Bug fixes
  - Compression operations
    - "PPMd compress" plugin and "PPMd decompress" plugin
      Improper check of order value is fixed.
  - Crypto operations
    - RC2 plugins
      Improper check of IV for CTR mode is fixed.
  - Search operations
    - "YARA scan" plugin
      Crash of FileInsight on bookmarking matched regions is fixed.
* Other changes
  - Parsing operations
    - "Parse file structure" plugin
      File structure parsers are updated with recent kaitai_struct_formats and kaitai_struct_compiler 0.10.
    - "Show metadata" plugin
      ExifTool is updated to 12.60.

2023-01-04 version 2.16
* Important changes
  - Embeddable Python is used instead of Python virtual environment (venv) to fully isolate Python environment for FileInsight-plugins from existing Python installation.
  - Embeddable Python and requisite Python packages are bundled into a single package and installed from the FileInsight-plugins-embeddable-python-packages (https://github.com/nmantani/FileInsight-plugins-embeddable-python-packages/) repository to speed up installation.
  - Python version is 3.10.9.
* New plugins
  - Compression operations
    - "LZFSE compress" plugin and "LZFSE decompress" plugin
      These plugins compress and decompress selected region with LZFSE algorithm.
  - Encoding operations
    - "MessagePack encode" plugin and "MessagePack decode" plugin
      These plugins encode JSON of selected region into MessagePack serialized data and vice versa.
  - XOR operations
    - "Simple XOR" plugin
      This plugin does XOR selected region with specified XOR key. You can specify a multibyte XOR key with big endian hex for this plugin, though built-in XOR function of FileInsight accepts a multibyte XOR key with "0x" prefix and little endian hex.
* Enhancements
  - Misc operations
    - "Send to" plugin
      Detect It Easy (https://github.com/horsicq/Detect-It-Easy) is added to default external GUI programs.
  - Parsing operations
    - "File type" plugin
      Detect It Easy is used for file type detection in addition to python-magic.
  - XOR operations
    - "Null-preserving XOR" plugin
      Multibyte XOR key is supported.
* Bug fixes
  - XOR operations
    - "Incremental XOR" plugin and "Decremental XOR" plugin
      Input parameter check is added.
* Other changes
  - Crypto operations
    - Rename ARC2 to RC2
    - Rename ARC4 to RC4
  - XOR operations
    - "Guess multibyte XOR keys" plugin
      Decode instruction is changed to use "Simple XOR" plugin instead of built-in XOR function of FileInsight.

2022-06-27 version 2.15
* Important changes
  - Python virtual environment (venv) is used to avoid Python package version conflicts with other analysis tools.
  - All Python package dependencies are installed under "%USERPROFILE%\Documents\McAfee FileInsight\plugins\Operations\python3-venv" .
* New plugin
  - Basic operations
    - "Switch file tabs" plugin
      This plugin switches file tabs with a listbox.
* Enhancement
  - Misc operations
    - Emulate code plugin
      - Speakeasy (https://github.com/mandiant/speakeasy) emulation framework is supported in addition to Qiling Framework.
      - Qiling Framework 1.4.3 is supported.
      - Multithread option is added for Qiling Framework.
* Other changes
  - All plugins
    An information dialog of the instruction for faster processing is shown when a whole file (> 10MB) is processed without selecting the whole region.
  - Compression operations
    - "PPMd compress" plugin and "PPMd decompress" plugin
      - Python module dependency is changed from ppmd-cffi to pyppmd (https://github.com/miurahr/pyppmd). pyppmd is the successor of ppmd-cffi.
  - install.ps1
    - Python version is updated to 3.9.13. python-lzo 1.12 does not work with Python 3.10.x.
    - Binwalk version is still fixed to 2.3.2 because 2.3.3 is broken on Windows and it has not been fixed yet.

2021-12-04 version 2.14
* New plugins
  - Basic operations
    - "Change endianness" plugin
      This plugin changes endianness of selected region.
  - Compression operations
    - Plugins for the following compression algorithms are added.
      - Brotri
      - LZF
      - LZJB
      - LZRW1/KH
      - Snappy
  - Encoding operations
    - "Custom base62 decode" plugin and "Custom base62 encode" plugin
      These plugins decode / encode selected region with custom base62 table.
  - XOR operations
    - "XOR with another file" plugin
      This plugin does XOR selected region (the whole file if not selected) with the content of another file as XOR key.
* Enhancements
  - Encoding operations
    - "Binary data to decimal text" plugin and "Decimal text to binary data" plugin
      Conversion from / into single integer value larger than 255 is supported.
  - Misc operations
    - "Emulate code" plugin
      Qiling Framework 1.4.0 is supported. However, Qiling Framework 1.4.0 can not emulate dyniamically linked Linux executable file.
      I recommend to use Qiling Framework 1.2.3 until this issue will be fixed.
  - All plugins
    Index number is appended to the name of newly opened tab.
  - Plugins that require region selection
    Instruction is shown when no file is opened or no region is selected.
* Bug fixes
  - Encoding operations
    - "Custom base58 decode" plugin
    - "Custom base58 encode" plugin
    - "Custom base85 decode" plugin
    - "Custom base85 encode" plugin
    - "Protobuf decode" plugin
      Error handling is fixed.
  - Plugins that show a messagebox
    messagebox becomes modal to prevent it from going behind FileInsight window and being inoperable.
* Other changes
  - install.ps1
    - Python version is updated to 3.9.9. Currently some Python modules such as ppmd-cffi and yara-python
      are not available for Python 3.10.x.
    - ExifTool version is updated to 12.36.
    - Binwalk version is fixed to 2.3.2 because newer versions does not work on Windows.
    - lz4 version is fixed to 3.1.3 because Windows package of lz4 3.1.10 is currently not available.
    - Qiling Framework version is fixed to 1.2.3 because Qiling Framework 1.4.0 can not emulate dyniamically linked Linux executable file.

2021-07-22 version 2.13
* New plugins
  - Search operations
    - "Regex extraction" plugin
      This plugin searches with regular expression in selected region (the whole file if not selected)
      and extract matched regions as single concatenated region.
  - XOR operations
    - "XOR with next byte (reverse)" plugin
      This plugin does reverse operation of "XOR with next byte" plugin.
* Enhancements
  - install.ps1
    Proxy server setting of Windows is automatically used and specifying a proxy server by editing install.ps1 is no longer needed.
  - Basic operations
    - Bookmark plugin
      Offset will be prepended to bookmark comment.
  - Encoding operations
    - "Hex text to binary data" plugin
      Hex values of 0x0 ... 0xf are treated as 0x00 ... 0x0f.
    - ROT13 plugin
      Spinbox for amount of rotation is changed to editable.
  - Search operations
    - "Regex search" plugin and "Replace" plugin
      Number of search hits will be shown.
  - Parsing operations
    - Strings plugin
      Spinbox for minimum length is changed to editable.
  - XOR operations
   - "Guess multibyte XOR keys" plugin
     File type will be noted as bookmark comment.
   - "Visual decrypt" plugin and "Visual encrypt" plugin
     Variable XOR key length is supported.
* Bug fixes
  - install.ps1
    Behavior of pip with a proxy server is fixed.
  - Parsing operations
    - "Parse file structure" plugin
      Bug of showing negative offset is fixed.
  - XOR operations
    - "XOR with next byte" plugin
      Fix bug that XOR is skipped when value of current position is 0x00.
* Other changes
  - Misc operations
    - "Emulate code" plugin
      Emulation trace will be shown in a new "Emulation trace" tab instead of the Output pane.
  - Parsing operations
    - "Binwalk scan" plugin
      Output will be shown in a new "Binwalk output" tab instead of the Output pane.
    - "Show metadata" plugin
      Output will be shown in a new "Metadata" tab instead of the Output pane.
  - Search operations
    - All plugins
      Output will be shown in a new tab instead of the Output pane.
    - "XOR hex search" plugin and "XOR text search" plugin
      Elapsed time will be shown after execution of the plugins.
  - Visualization operations
    - "Byte histogram" plugin
      Byte frequency wiil be shown in a new "Byte frequency" tab.
  - XOR operations
    - "Guess multibyte XOR keys" plugin
      - Elapsed time will be shown after execution of the plugin.
      - Output will be shown in a new "Guessed XOR keys" tab.

2021-06-05 version 2.12
* New plugin
  - Misc operations
    - "Send to (CLI)" plugin
      This plugin sends selected region (the whole file if not selected) to other CLI program and shows output in a new tab.
      Menu items of this plugin can be customized with send_to_cli.json (this file can be opened with "Customize menu").
      This plugin supports multiple command line arguments.
* Important changes
  - Misc operations
    - "Send to" plugin
      This plugin is renamed to "Send to (GUI)".
* Enhancements
  - Plugin menu
    Features of "Check for update" and "Version info" are added.
    "Check for update" feature can check whether new version is available and execute install.ps1.
    "Check for update" feature requires "requests" Python module.
  - Misc operations
    - "Send to (GUI)" plugin
      Support of multiple command line arguments is added.
* Bug fixes
  - install.ps1
    Use HTTP proxy for curl.exe when $PROXY_HOST and $PROXY_PORT are defined.

2021-05-15 version 2.11
* Important changes
  Sub-categories are added to the following categories and plugin menu is reorganized accordingly:
  - Compression operations
    Compress and Decompress sub-categories are added.
  - Crypto operations
    Decrypt and Encrypt sub-categories are added.
  - Encoding operations
    Decode and Encode sub-categories are added.
* Enhancements
  - All plugins that will show a setting dialog
    Plugins can be executed by hitting Enter key in addition to clicking OK button.
  - Basic operations
    - Bookmark plugin
      Selected bookmark color will be saved as colorchooser.json in Operations folder and set as default in next time.
  - Misc operations
    - Emulate code plugin
      [brk] memory region can be dumped for Linux code emulation.
  - Parsing operations
    - "Parse file structure" plugin
      - Mach-O parser is added.
      - Parsed data is sorted by offset.
      - Parser modules are improved to bookmark regions that are not bookmarked in previous versions.
  - Search operations
    - "Regex search" plugin and Replace plugin
      Search keywords will be added to bookmark comments.
    - "YARA scan" plugin
      YARA rule names and string identifiers will be added to bookmark comments.
  - install.ps1
    The latest snapshot of FileInsight-plugins can be installed with "-update -snapshot" option.
* Bug fixes
  - Basic operations
    - Bookmark plugin
      Root window will be set to topmost to prevent color chooser dialog from going behind FileInsight main window and becoming inoperable.
  - Parsing operations
    - "Parse file structure" plugin
      - Gzip parser and PE parser
        Bug of timezone handling is fixed.
* Other changes
  - Misc operations
    - "Send to" plugin
      Default paths of IDA Free and CyberChef are updated.
  - Parsing operations
    - "Parse file structure" plugin
      - Parser modules are updated with the ones that are compiled from the latest snapshot of kaitai_struct_formats.
      - kaitai_struct_python_runtime is updated to the latest snapshot.
  - install.ps1
    - Python is updated to 3.9.5.
    - ExifTool is updated to 12.25.
    - Repository separation of rootfs files from Qiling Framework is suported.

2021-04-10 version 2.10
* New plugins
  - Basic operations
    - Bookmark plugin
      This plugin bookmarks selected region with specified comment and color.
  - Encoding operations
    - "Custom base16 decode" plugin
      This plugin decodes selected region with custom base16 table.
    - "Custom base16 encode" plugin
      This plugin encodes selected region with custom base16 table.
    - "Custom base85 decode" plugin
      This plugin decodes selected region with custom base85 table.
    - "Custom base85 encode" plugin
      This plugin encodes selected region with custom base85 table.
* Enhancement
  - Parsing operations
    - Strings plugin
      - Decoded strings will be shown at the top of plugin output.
      - Capability to decode BASE64 strings has been added.
* Bug fix
  - Parsing operations
    - Disassemble plugin
      Bookmarking incorrect end of disassembly location has been fixed.
* Other change
  - Misc operations
    - "Emulate code" plugin
      Qiling Framework 1.2.3 is supported.

2021-03-13 version 2.9
* New operation category
  - "Visualization operations" category has been added.
* New plugins
  - Visualization operations
    - "Byte histogram" plugin
      This plugin shows byte histogram of selected region (the whole file if not selected).
    - "Entropy graph" plugin
      This plugin shows entropy graph of selected region (the whole file if not selected).
* Removed plugin
  - Misc operations
    - "Byte frequency" plugin
      This plugin's function has been integrated into "Byte histogram" plugin.
* Bug fixes
  - Misc operations
    - "File comparison" plugin
      Fix corruption of file names that contain Non-ASCII characters in current Windows code page.
      Characters not in current Windows code page will be shown as "?".
      This behavior is due to the limitation of FileInsight.
  - Search operations
    - "YARA scan" plugin
      Ditto.
* Other change
  - "Bitmap view" plugin has been moved from "Misc operations" category to "Visualization operations" category.

2021-02-21 version 2.8
* New plugins
  - Crypto operations
    - "TEA decrypt" plugin and "TEA encrypt" plugin.
      These plugins decrypt/encrypt selected region with TEA (Tiny Encryption Algorithm).
    - "XTEA decrypt" plugin and "XTEA encrypt" plugin.
      These plugins decrypt/encrypt selected region with XTEA (eXtended Tiny Encryption Algorithm).
* Enhancements
  - Plugins that show a dialog
    Dialog position will be adjusted at center of screen based on window size.
* Bug fixes
  - Misc operations
    - "Emulate code" plugin
      Change of last access timestamp will be ignored as on_modified event.
* Other changes
  - Plugins of Basic operations, Compression operations, Crypto operations and Encoding operations
    Refactoring: unnecessary data conversion to list are eliminated.
  - Plugins of Compression operations, Crypto operations, Encoding operations, Misc operations, Parsing operations and XOR operations
    Refactoring: unnecessary data conversion to hex text on communication with subprocesses are eliminated.
  - Compression operations
    - "PPMd compress" plugin and "PPMd decompress" plugin
      Memory size is increased.
  - Misc operations
    - "Emulate code" plugin
      Qiling Framework 1.2.2 is supported.

2021-01-30 version 2.7
* New plugins
  - Compression operations
    - "PPMd compress" plugin and "PPMd decompress" plugin
      These plugins compress/decompress selected region with PPMd algorithm.
    - "QuickLZ compress" plugin and "QuickLZ decompress" plugin
      These plugins compress/decompress selected region with QuickLZ compression library.
  - Encoding operations
    - "Custom base32 decode" plugin and "Custom base32 encode" plugin
      These plugins decode/encode selected region with custom base32 table
    - "Custom base58 decode" plugin and "Custom base58 encode" plugin
      These plugins decode/encode selected region with custom base58 table
  - Misc operations
    - "Bitmap view" plugin
      This plugin visualizes the whole file as bitmap representation.
* Enhancements
  - install.ps1
    Installation of ExifTool is supported.
  - Basic operations
    - Copy to new file
      Sequence number will be assigned to a new tab name like "New file 0", "New file 1" and "New file 2".
  - Misc operations
    - "Emulate code" plugin
      Capability to set emulation timeout is added.
* Bug fixes
  - Parsing operations
    - "Disassemble" plugin
      Bookmark position of disassembly error is fixed.
  - Search operations
    - "YARA scan" plugin
      Combobox width will be adjusted to show whole file name.

2021-01-03 version 2.6
* New plugins
  - Compression operations
    - "LZ4 compress" plugin and "LZ4 decompress" plugin
      These plugins compress/decompress selected region with LZ4 algorithm.
    - "LZO compress" plugin and "LZO decompress" plugin
      These plugins compress/decompress selected region with LZ4 algorithm.
    - "zlib compress (deflate)" plugin and "zlib decompress (inflate)" plugin
      These plugins compress/decompress selected region with zlib (Deflate algorithm).
    - "Zstandard compress" plugin and "Zstandard decompress" plugin
      These plugins compress/decompress selected region with Zstandard algorithm.
  - Encoding operations
    - "Protobuf decode" plugin
      This plugin decodes selected region as Protocol Buffers serialized data without .proto files.
* Enhancements
  - Plugins that create new tabs
    - New tab name will be set to "Output of [plugin name]" instead of "New file".
  - Parsing operations
    - "Disassemble" plugin
      Width of each columns in disassembly output will be adjusted.
  - XOR operations
    - "Guess 256 byte XOR keys" plugin
      - Plugin name is renamed to "Guess multibyte XOR keys".
      - Shortened XOR key will be shown if it has a cyclic pattern.
      - Top ten guessed XOR keys will be shown.
      - Capability to find ELF header is added.
      - Capability to bookmark from start to end of PE file is added.
      - Capability to find ZIP file, Microsoft Office file (OOXML) and Java Archive (JAR) file is added.
* Bug fixes
  - Encoding operations
    - Binary data to octal text" plugin and "Octal text to binary data" plugin
      Message is corrected.
  - Misc operations
    - "File comparison" plugin
      Width of file selection dialog will be adjusted to show whole file name.
    - "Send to" plugin
      Temporary file will be removed after exit of selected program.
  - XOR operations
    - "Visual Decrypt" plugin and "Visual Encrypt" plugin
      Tooltips are corrected.
* Other changes
  - Encoding operations
    Plugin output style is unified so that output retains non-selected region (same behaviour as ROT13 plugin and so on)
  - Misc operations
    - "Emulate code" plugin
      Qiling Framework 1.2.1 is supported.

2020-11-23 version 2.5
* New plugins
  - Encoding operations
    - Unicode escape plugin
    - Unicode unescape plugin
      These plugins convert Unicode characters of selected region to Unicode escape sequences
      and vice versa. The following Unicode escape sequence formats are supported:
       - \uXXXX (Java, JavaScript)
       - \UXXXXXXXX (C, Python)
       - \u{XXXX} (JavaScript ES6+, PHP 7+)
       - `u{XXXX} (PowerShell 6+)
       - %uXXXX (Legacy JavaScript)
       - U+XXXX (Unicode code point)
    - URL decode plugin
    - URL encode plugin
      These plugins encode / decode selected region into percent-encoded text that is used by URL.
* Enhancements
  - Encoding operations
    - Hex text to binary data plugin
      Support of 0x?? hex text format is added.
  - Misc operations
    - Emulate code plugin
      Capability to show file system events in rootfs (creation, deletion,
      modification and move) is added.
    - Hash values plugin
      Capability to compute ssdeep, imphash and impfuzzy hashes is added.
    - File comparison plugin
      Capability to show comparison score of ssdeep and impfuzzy hashes is added.
* Bug fix
  - Encoding operations
    - Hex text to binary data plugin
      An error that occurs when data is not selected is fixed.
  - Misc operations
    - File comparison plugins
      A bug that it shows deltas twice is fixed.
* Other changes
  - Misc operations
    - Emulate code plugin
      - Support of Qiling Framework 1.2 is added.
      - watchdog Python module is required since this version.
  - README.md
    Instructions of manual installation is moved to INSTALL.md.

2020-11-02 version 2.4
* New plugin
  - Parsing operations
    - Disassemble plugin
      This plugin disassembles selected region (the whole file if not selected).
      Supported architectures: x64, x86, ARM, ARM64, MIPS, PowerPC, PowerPC64, SPARC
      You need to install Capstone (https://github.com/aquynh/capstone/) to use this plugin.
      Please execute "py.exe -3 -m pip install capstone" to install it.
* Enhancement
  - Misc operations
    - Emulate code plugin
      - Memory dump of heap region will be created
      - Bookmark regions will be splitted if there is continuous zeros more than 1024 bytes

2020-10-18 version 2.3
* New plugin
  - Misc operations
    - Emulate code
      This plugin emulates selected region as an executable or shellcode with Qiling Framework (the whole file if not selected)
      - Supported operating systems: Windows and Linux
      - Supported architectures: x64, x86, arm, arm64, mips
      You need to set up Qiling Framework (https://github.com/qilingframework/qiling/) to use this plugin.
      I recommend to use the following command to update to 2.3.

      powershell -exec bypass -command "& ([scriptblock]::Create((New-Object Net.WebClient).DownloadString('https://github.com/nmantani/FileInsight-plugins/master/install.ps1'))) -update"

      If you would like to set up manually, please read the instructions in the README files.

2020-09-21 version 2.2
* New plugin
  - Parsing operations
    - Parse file structure
      Parse file structure of selected region (the whole file if not selected) with Kaitai Struct
      Supported file formats: gzip, rar, zip, elf, microsoft_pe, mbr_partition_table, bmp, gif, jpeg, png, windows_lnk_file
* Enhancement
  - Implement tooltip for plugin menu.
* Bug fixes
  - Replace showSimpleDialog() with show_simple_dialog.py that is implemented with tkinter.
    showSimpleDialog() of FileInsight 3.5 has a bug that causes freeze when a dialog loses focus.
  - Fix the path of send_to.json in the "Send to" plugin.

2020-06-28 version 2.1
* Important changes
  - Plugin menus are integrated into the single menu tree.
  - The plugin menu is displayed by clicking "Operations" in the "Plugin" tab.
  - All category folders are moved into the "Operations" folder.
    If you manually install version 2.1, please remove old "plugins" folder or rename it for safekeeping before installation.
* Enhancement
  - CTR (Counter) mode is added to AES, Blowfish, DES and Triple DES plugins.
    Use of the IV parameter in CTR mode is compatible with CyberChef.
    The first half of IV is used as the nonce and the second half is used as the initial value of the counter for AES.
    The first seven bytes of IV are used as the nonce and the last one byte is used as the initial value of the counter for Blowfish, DES and Triple DES.
* Other changes
  - "Delete after" plugin deletes from current cursor position.
  - install.ps1 installs FileInsight, Python 3 and so on with "-update" option.
  - install.ps1 updates pip during installation.
* Bug fixes
  - Error of "YARA scan" plugin with YARA rules that does not have tag has been fixed.
  - Binwalk installation failure of install.ps1 has been fixed.
  - aPLib installation failure of install.ps1 has been fixed.

2020-05-06 version 2.0
* Important changes
  - FileInsight-plugins now requires Python 3 and You no longer need to install Python 2 (x86)
    to use FileInsight-plugins.
  - This version is compatible only with the latest version (3.5) of FileInsight and not compatible
    with older version (such as 2.1) of FileInsight.
* New plugins
  - Basic operations
    - Cut binary to clipboard
      Cut binary data of selected region to clipboard as hex-encoded text
    - Copy binary to clipboard
      Copy binary data of selected region to clipboard as hex-encoded text
    - Paste binary from clipboard
      Paste binary data (converted from hex-encoded text) from clipboard
  - Parsing operations
    - Show metadata
      Show metadata of selected region (the whole file if not selected) with ExifTool
* Enhancement
  - Added checks of Python 3 installation
  - Show confirmation dialog before adding many (over 100) bookmarks because it takes long time
  - Speeding up log display by reducing number of print() calls
* Other changes
  - Added a workaround for the truncation bug of getDocument() brought in FileInsight 3.5
  - Removed existing workarounds regarding Python 3
  - Removed dependency on backports.lzma module because Python 3 has lzma module

2019-12-22 version 1.5
* New plugins
  - Binary data to decimal text
    - Convert binary of selected region into decimal text
  - Decimal text to binary data
    - Convert decimal text of selected region into binary data
  - Binary data to octal text
    - Convert binary of selected region into octal text
  - Octal text to binary data
    - Convert octal text of selected region into binary data
* Enhancement
  - Installation script install.ps1 has been added. It installs the latest release version of
    FileInsight-plugins and all all pre-requisites.
    install.ps1 is not included in the release archive because it checks hash value of the archive.
    Please download it from the repository then execute "powershell -exec bypass .\install.ps1" to
    use it or please execute the following command to directly execute it.

    powershell -exec bypass -command "IEX((New-Object Net.WebClient).DownloadString('https://github.com/nmantani/FileInsight-plugins/master/install.ps1'))"
* Other changes
  - The slide deck files of CODE BLUE 2019 are excluded from the release archive.

2019-11-02 version 1.4.3.1
* Bug fix
  - All plugins
    - Add a workaround not to execute python.exe of Python 3.
* Other changes
  - Add the slide deck presented at Bluebox of CODE BLUE 2019 to "doc" folder.
  - Add an instruction to make sure that python.exe of Python 2.7 will be executed from FileInsight.
    (reported by graneed (@graneed111))

2019-10-07 version 1.4.3
* Enhancement
  - Search operations category
    - "XOR hex search" and "XOR text search" plugins
      -  Add capability to search data encoded with combination of XOR and bit rotate at one time.
* Bug fixes
  - Misc operations category
    - "Send to" plugin
      - Fix the bug that an external program is executed twice.
  - All plugins
    - Add a workaround not to execute python.exe of Microsoft Store (for Windows 10 version 1903)
* Other change
  - Add notes regarding Python 3 to README.

2019-08-24 version 1.4.2
* Bug fix
  - Add workarounds to avoid crash of FileInsight on closing on Windows 7
    (reported by: You Nakatsuru (@you0708)).
* Enhancement
  - Misc operations category
    - Send to
      - Show a file selection dialog when a selected program file is missing.
        send_to.json file will be updated accordingly with the new file location.
* Other changes
  - Move plugin folders into the "plugins" folder.
  - Move screenshots into the "docs" folder.

2019-07-07 version 1.4.1
* New plugins
  - Parsing operations category
    - Strings (extracts text strings from selected region (the whole file if not selected))
* Enhancement
  - Markdown version of README has been added.
* Bug fixes
  - Encoding operations category
    - Dialog position of ROT13 plugin has been adjusted.
  - Misc operations category
    - Breakage of "Send to" plugin has been fixed.

2019-05-25 version 1.4.0
* Important changes
  - New "Parsing operations" category has been created.
  - Misc operations category
    - "File type" plugin and "Find PE file" plugin have been moved to the new "Parsing operations" category.
  - New Python module dependencies
    - backport.lzma (for new "LZMA compress", "LZMA decompress", "XZ compress" and "XZ decompress" plugins)
    - binwalk (for new "Binwalk scan" plugin)
  - Encoding operations category
    - "Binary to hex text" plugin has been renamed to "Binary data to hex text".
    - "Hex text to binary" plugin has been renamed to "Hex text to binary data".
* New plugins
  - Compression operations category
    - LZMA compress (compresses selected region with LZMA algorithm)
    - LZMA decompress (decompresses selected region with LZMA algorithm)
    - XZ compress (compresses selected region with XZ format)
    - XZ decompress (decompresses selected XZ compressed region)
  - Encoding operations caterogy
    - Binary data to binary text (converts binary of selected region into binary text)
    - Binary text to binary data (converts binary text of selected region into binary data)
  - Parsing operations category
    - Binwalk scan (scans selected region (the whole file if not selected) to find embedded files)
* Enhancements
  - Encoding operations category
    - ROT13 plugin becomes capable to rotate by the specified amount.
  - Misc operations category
    - Send to plugin
      - CyberChef file path has become customizable.
      - File input dialog will be shown if CyberChef file is not found.
* Bug fix
  - Encoding operations category
    - Custom base64 decode / Custom base64 encode
      - Exit GUI script when a dialog is closed

2019-04-21 version 1.3.0
* Important change
  - Switch from PyCrypto to PyCryptodome for crypto-related plugins.
    Please execute "c:\Python27\python.exe -m pip install pycryptodomex".
    to install PyCryptodome.
* New plugins
  - Crypto operations category
    - AES decrypt (decrypt selected region with AES)
    - AES encrypt (encrypt selected region with AES)
    - ARC2 decrypt (decrypt selected region with ARC2 (Alleged RC2))
    - ARC2 encrypt (encrypt selected region with ARC2 (Alleged RC2))
    - Blowfish decrypt (decrypt selected region with Blowfish)
    - Blowfish encrypt (encrypt selected region with Blowfish)
    - ChaCha20 decrypt / encrypt (decrypt / encrypt selected region with ChaCha20)
    - DES decrypt (decrypt selected region with DES)
    - DES encrypt (encrypt selected region with DES)
    - Salsa20 decrypt / encrypt (decrypt / encrypt selected region with Salsa20)
    - Triple DES decrypt (decrypt selected region with Triple DES)
    - Triple DES encrypt (encrypt selected region with Triple DES)
* Other change
  - Rename "ARC4 decrypt" plugin to "ARC4 decrypt / encrypt".

2018-11-25 version 1.2.0
* New plugins
  - Search operations category
    - Replace (replace matched data in selected region (the whole file if not selected) with specified data)
    - YARA scan (scan selected region (the whole file if not selected) with YARA)
* Enhancements
  - All plugins depend on additional Python modules
    - Show instructions to install the modules if they are not installed.
  - Misc operations category
    - File comparison
      - Show elapsed time at the end of execution.
    - Send to
      - Move menu config to the external config file "send_to.json".
  - Search operations category
    - Regex search, Replace and YARA scan
      - Show matched data as hex if it contains non-printable characters
* Bug fix
  - Misc operations category
    - File comparison
      - Fix handling on window close.
  - Search operations category
    - All plugins
      - Do nothing if no file is opened.

2018-11-14 version 1.1.0
* New plugins
  - Basic operations category
    - To upper case
    - To lower case
    - Swap case
  - Encoding operations category
    - From quoted printable
    - To quoted printable
  - Misc operations
    - File comparison
  - Search operations
    - Regex search (with Python re module syntax)
* Enhancements
  - Misc operations category
    - Send to
      - Change path of VS Code to the current default install location.
      - New "CyberChef" menu to send data to CyberChef locally saved on desktop (up to 12000 bytes)

2018-09-17 version 1.0.0
* Reorganize plugins into the following seven categories.
  Plugins can be launched from pull-down menus.
  Basic operations
  Compression operations
  Crypto operations
  Encoding operations
  Misc operations
  Search operations
  XOR operations
* Remove TrID plugin (please use 'Misc operations' -> 'Send to' plugin instead).