Packed exe

bigz

Member
Hello.
I just noticed that hwinfo exe is packed, is it really necessary? I just wanted to see in what programming language author writes this app and would like to offer assistance for tray icons drawing. Binary packing can be used for hiding of suspicious app instructions because nowadays making exe size smaller does not makes any sense, but adds some delay for unpacking on launch. Anyway I found answer for my question in the app image in memory, but please consider this small recomendation for future. Thanks for this great app.
 
I don't agree that executable packing is an indication of attempting to hide some nasty tricks, several other applications use it.
If you have any recommendations in C++ for tray icon drawing, you can contact me via e-mail.
 
I don't see any problem with packed exe files, but based on the fact that some Virus scanners trigger false alarms on those packed exe files, I'd like to know which packer you are using?
 
I don't agree that executable packing is an indication of attempting to hide some nasty tricks, several other applications use it.
Ok, but you did not explain the reason why you are packing it and this makes me even more suspicious. HWiNFO users leave it running all time even when they don't use PC, so why should I trust app that uses binary packing and even breaking decompression possibility (I'm not even talking about making it open source, can understand some commercial reasons)? If your app is clear, you have no reasons to pack its binary. Anyone who want to see unpacked version will find the way to unpack it using a little bit hard way because of broken decompression possibility. I unpacked last version and can tell that at least it starts 2x time faster than packed one image.
Tell me I'm paranoid, but I wish to use it, but not current packed versions, so I will wait.
 
Last edited:
The reason for packing is to protect HWiNFO and its internal information. This is to avoid (at least to a certain degree) leaks. Check how the AMD Vermeer and Genesis information leaked from AIDA64 (by decompilation) not long ago.
I believe that if someone can really assess safety of a program, he can do it with a compressed file as well.
 
Exellent, now I see the reason, thanks. To protect internal info (I suppose its human readable strings but actually doesn't matter) you simply can use xor encoding/decoding and its derivatives like base64, deflate, windows crypto api, etc. Only thing you need is to pre-encode that sensitive info before compilation and decode it during runtime when needed, it will be much more safer and longer to decompile than just binary packing. To unpack your binary and make it runnable it took about 5 minutes for me (and I'm not genius), so as you see this protection does not work but makes hurt for paranoids like me :)
 
I wouldn't even call the packing as protection, it's a very simple method. But at least it does deter the majority of folks with just basic skills.
 
Maybe, but as special bonus of packing:
1. you will read such distrustful posts from advanced users/coders.
2. you are getting app launch timelags.
3. antivirus notifications, etc.
And this is all for folks with basic skills? For those who will search through exe for special string or uuids? I think you got my idea how to hide it :)
Will hope for any news, thanks.
 
Back
Top