|
|
#1
11-01-2025, 22:30
|
|||
|
|||
Help unpacking HWiNFO
Hello, first of all I'm not sure if my rank is high enough to start this post or if I'm breaking any rules (this could be something like a request and I don't have enough rank), so before any problems start, a moderator should delete it if they deem it necessary.
My knowledge of reverse engineering is very limited, and I know there are some very skilled people here. My question might seem very beginner-level, but it's normal for a beginner to ask beginner-level questions. I'm trying to find a way to work around the 12-hour limit imposed by the HWiNFO application on "shared memory" usage in the settings section. The program lets you use this functionality for 12 hours, but then it disables the option, and you have to manually re-enable it. However, the first step is to unpack the program, which I can't seem to do. I extract it with UPX using the command "upx.exe -d HWiNFO64.exe", but the resulting unpacked HWiNFO64.exe file doesn't seem to work. I can't figure out much more because even when I try to run the .exe in x64dbg, it doesn't work; x64dbg crashes. Perhaps someone can take a look and give me some help. I used DIE and the output shows next: Original HWiNFO64.exe Code:
PE64
Operation system: Windows(7)[AMD64, 64-bit, GUI]
Linker: Microsoft Linker(14.29.30159)
Compiler: Microsoft Visual C/C++(19.30.30795)[CVTCIL/C]
Language: C
Tool: Visual Studio(2019, v16.11)
Sign tool: Windows Authenticode(2.0)[PKCS #7]
(Heur)Protection: Generic[Unreadable resources]
Packer: UPX(4.24)[LZMA,brute]
(Heur)Packer: Compressed or packed data[EntryPoint + Imports like UPX (v3.91+) + Sections like UPX + Sections collision ("UPX") + High entropy + Section 1 ("UPX1") compressed]
Overlay: Binary[Offset=0x00931000,Size=0x29e8]
Certificate: WinAuth(2.0)[PKCS #7]
Code:
PE64
Operation system: Windows(7)[AMD64, 64-bit, GUI]
Linker: Microsoft Linker(14.29.30159)
Compiler: Microsoft Visual C/C++(19.30.30795)[CVTCIL/C]
Language: C
Tool: Visual Studio(2019, v16.11)
Sign tool: Windows Authenticode(2.0)[PKCS #7]
(Heur)Packer: Compressed or packed data[Strange overlay]
(Heur)Licensing: Licensing[Strings]
Resource: PE64[Offset=0x0154bfa0,Size=0xeaa8]
Operation system: Windows(10)[AMD64, 64-bit, Driver]
Linker: Microsoft Linker(14.36.35216)
Compiler: Microsoft Visual C/C++(19.36.35216)[C]
Language: C
Tool: Visual Studio(2022, v17.6)
Sign tool: Windows Authenticode(2.0)[PKCS #7]
Resource: PE64[Offset=0x0155aa48,Size=0xf6a8]
Operation system: Windows(7)[AMD64, 64-bit, Driver]
Linker: Microsoft Linker(9.00.30729)
Compiler: Microsoft Visual C/C++(15.00.30729)[LTCG/C]
Language: C
Tool: Visual Studio(2008)
Sign tool: Windows Authenticode(2.0)[PKCS #7]
Resource: PE64[Offset=0x0156a0f0,Size=0x4aa8]
Operation system: Windows(10)[ARM64, 64-bit, Driver]
Linker: Microsoft Linker(14.31.31107)
Compiler: Microsoft Visual C/C++(19.31.31107)[LTCG/C]
Language: C
Tool: Visual Studio(2022, v17.1)
Sign tool: Windows Authenticode(2.0)[PKCS #7]
Resource: PE64[Offset=0x01543db8,Size=0x81e8]
Operation system: Windows(Server 2003)[AMD64, 64-bit, GUI]
Linker: Microsoft Linker(9.00.30729)
Compiler: Microsoft Visual C/C++(15.00.30729)[LTCG/C++]
Language: C++
Tool: Visual Studio(2008)
Sign tool: Windows Authenticode(2.0)[PKCS #7]
Packer: UPX(4.24)[LZMA,best]
(Heur)Packer: Compressed or packed data[EntryPoint + Imports like UPX (v3.91+) + Sections like UPX + Sections collision ("UPX") + High entropy + Section 1 ("UPX1") compressed]
Overlay: Binary[Offset=0x01577c00,Size=0x29e8]
Certificate: WinAuth(2.0)[PKCS #7]
|
| Thread Tools | |
| Display Modes | |
|
|
Threaded Mode