Windows Settings, IDA, and generally, RevEng

I dunno where to put this there no hacker topic.

I am making this thread to note what I am doing for the AME team, mostly so I can go to bed at a decent time, and they can message me if they see anything wonk here or have questions. I have 2 weeks to get the task done.

Which is?

To get rid of this ugly bastard.

As it stands, the US version has this banner as of 2004. I’m not going to list all of my information here, but I will show things as I find them that I find interesting. I haven’t done this sorta thing in a while, so its a bit of a relearning process.

One of the first things I thought of doing before looking into too much was to get my PC set up for Hyper V. Short review of hyper V? I fucking hate it and its slow. So I am looking at replacing it with ProxMox like, tomorrow. I would do it tonight but I need to be healthy.

After I had done some fiddling around, I randomly thought “Hey what is something is different in the EXE? Diff lang right?”

https://www.diffchecker.com/0Fw1UX2U

IDRK much about app dev esp on windows, but it makes sense to me that it’d be the same app I guess.

After some fiddling around and looking up other tools, I found the old tool that was used to get rid of this banner. While the tool isn’t updated, the info on the github is, and with this I can use a tool like LOGNT32 and see if I can just find where the data itself is located. My current theory is whatever Feature ID was being used for the banner, they changed it, forcing AME to be on an older version. So, fine, we’ll just delete it out of the heap.

I am hoping to be able to track down the data I need thanks to that logging tool, but if there were a more in depth one, or one I could run in a VM framework in linux, that would be much better. I am aware that game cheaters use VM’s and have tools for memory analysis. What are those?

Tools I Am Looking For

HEAP ID List, doubt one exists publicly but the feature ID’s link to data that doesn’t exactly have an interface. Its just there.

Logging Framework for System Interactions - If it could be applied to a VM framework bonus points but if it can just be run in a VM, such as LNT32, big yeet

Someone to lend me an IDA Pro license (plz?)

Whatever the hell tarkov cheaters use to see memory contents

Possible Github Source for M$ Features? Or kernel info? I am very unlurnd hurr

As well, does anyone know anybody over at KernelEX? There were some tools I remember using for fun back in the day that I remember them talking about a lot but they are completely skipping muh brain. Had to do with EXE decomp. I think. I could have misread too as that was a while ago.


Future dingus notes here for after or near solve.

1 Like

My god Daves Garage is cringe as fuck, however he has enlightened me to the io performance of wsl2. In the event I can get my apps I use in linux working, I might go full autismo on this in a few days. Might just set up a prime dual os setup. If I like it I will standardize.

Today I attack a proxmox setup, the heap manager (maybe), and to see if anyone at KEX has anything I can use.

Heap manager might be a later deal after some reserach.

Ah who am I kidding all of this is research level