I dunno where to put this there no hacker topic.
I am making this thread to note what I am doing for the AME team, mostly so I can go to bed at a decent time, and they can message me if they see anything wonk here or have questions. I have 2 weeks to get the task done.
Which is?
To get rid of this ugly bastard.
As it stands, the US version has this banner as of 2004. I’m not going to list all of my information here, but I will show things as I find them that I find interesting. I haven’t done this sorta thing in a while, so its a bit of a relearning process.
One of the first things I thought of doing before looking into too much was to get my PC set up for Hyper V. Short review of hyper V? I fucking hate it and its slow. So I am looking at replacing it with ProxMox like, tomorrow. I would do it tonight but I need to be healthy.
After I had done some fiddling around, I randomly thought “Hey what is something is different in the EXE? Diff lang right?”
https://www.diffchecker.com/0Fw1UX2U
IDRK much about app dev esp on windows, but it makes sense to me that it’d be the same app I guess.
After some fiddling around and looking up other tools, I found the old tool that was used to get rid of this banner. While the tool isn’t updated, the info on the github is, and with this I can use a tool like LOGNT32 and see if I can just find where the data itself is located. My current theory is whatever Feature ID was being used for the banner, they changed it, forcing AME to be on an older version. So, fine, we’ll just delete it out of the heap.
I am hoping to be able to track down the data I need thanks to that logging tool, but if there were a more in depth one, or one I could run in a VM framework in linux, that would be much better. I am aware that game cheaters use VM’s and have tools for memory analysis. What are those?
Tools I Am Looking For
HEAP ID List, doubt one exists publicly but the feature ID’s link to data that doesn’t exactly have an interface. Its just there.
Logging Framework for System Interactions - If it could be applied to a VM framework bonus points but if it can just be run in a VM, such as LNT32, big yeet
Someone to lend me an IDA Pro license (plz?)
Whatever the hell tarkov cheaters use to see memory contents
Possible Github Source for M$ Features? Or kernel info? I am very unlurnd hurr
As well, does anyone know anybody over at KernelEX? There were some tools I remember using for fun back in the day that I remember them talking about a lot but they are completely skipping muh brain. Had to do with EXE decomp. I think. I could have misread too as that was a while ago.
Future dingus notes here for after or near solve.