v3.9.239
Released: 02-28-2023
General:
Increased privileges required to open virtual dd files to limit possible abuse of the virtual dd functionality
Fixed issues with large numbers of E01 segments which could result in an I/O error, TRIM commands being disabled against sparsely-allocated dd images and dynamically-allocated RAM disks, and dialogs related to missing or incompatible hypervisors
AIM CLI now includes a “—writable” switch and mounts read-only by default
Updated GUI and CLI readmes
Arsenal-Image-Mounter-v3.9.239.zip MD5 Hash = f6234004d84696002e6b62e82a1bf8b0
v3.9.235
Released: 01-20-2023
Free Mode:
Virtual dd: Partitions are now exposed in addition to disks, volumes, and VSCs. This may be useful when inspecting partitions that do not get assigned driver letters and/or contain file systems unrecognized by Windows.
General: Fixed issue with error displayed after AIM driver install (even though driver was installed successfully), updated GUI readme
Professional Mode:
Launch VM: Additional AV evasion within the virtual machines launched by AIM
Windows file system driver bypass: Fixed partition table validation which was too strict, fixed issue with errors related to file systems in one partition impacting recognition of other partitions, and fixed inability to open small files with all-zero content (without any physical cluster allocation) in ext file systems
Mount archive: Fixed issue with tar header validation being too strict, preventing proper mounting when owner/group names were missing
Arsenal-Image-Mounter_v3.9.235.zip MD5 Hash = 2509558fcea81d606e820b0e1f255f90
v3.9.218
Released: 07-28-2022
Free Mode:
Virtual dd: Upon enabling the virtual dd function, all available disks, volumes, and VSCs (whether AIM-mounted/attached or not) will be virtually exposed in a new volume as read-only raw disk images with the “.dd” extension. Disks will be exposed by their “PhysicalDrive” number, volumes will be exposed both by their currently assigned Windows drive letter and GUID, and VSCs by their volume GUID and timestamp.
Physical disks: Mounted disk images can now be written to physical disks with optional free space clearing (TRIM command for TRIM-enabled SSD disks, otherwise traditional clearing)
GUI: Mount points in AIM’s main screen are now displayed in collapsed details
Disk Image Mounting: Support for qcow/qcow2 format
Disk Image Mounting: Disk images which contain only an ISO9660 file system (CD-ROM) are now automatically mounted as virtual CD/DVDs
Updated readmes
Professional Mode:
VM Launching: DPAPI Bypass scenarios have been significantly expanded, including from VSCs AIM has launched into VMs as well as scenarios pre-Windows 10
VM Launching: In some DPAPI-bypass scenarios involving PIN (or non-password) authentication solely (i.e. password authentication was not an additional option), revealing browser-stored credentials could be problematic. AIM now actively resolves this problem.
VM Launching: In some DPAPI-bypass scenarios, for example involving Windows 8 or 8.1 and Microsoft online accounts, automatic logon does not work which makes AIM’s DPAPI bypass less intuitive. To solve this, AIM VM Tools now displays passwords in clear text so that AIM users can use them for logon with DPAPI fully unlocked.
VM Launching: New Linux authentication bypass
VM Launching: Additional boot driver assistance which results (for example) in more successful VM launches directly from VSCs
VM Launching: The Launch VM option “Boot with last Windows shutdown time” now displays the last shutdown time
VM Launching: VMs are now created with up to 6 GB RAM if >10 GB is available (previously max 4 GB) and with number of CPU cores set to half the number of physical host CPU cores (previously always 2 CPU cores)
VSC Mounting: VSC timestamps are more clearly identified in AIM’s main window and folders containing mounted VSCs
VSC Mounting: Enhanced performance mounting and accessing VSCs
Windows File System Driver Bypass: Support for single disk, non-striped, lvm/lvm2 volumes
Windows File System Driver Bypass: Fixed bugs in DiscUtils NTFS implementation which prevented mounting of some disk images, additional bug fixes in other DiscUtils file system implementations, many optimizations related to both DiscUtils and Dokan 2 resulting in significant performance improvements
Note: To enable Arsenal Image Mounter’s full functionality, the latest .NET 6 is now required.