Retrieving Executable File Hidden Information

Before the emerging of web application all the program in our daily use were written in *.exe files. This file is also known as the executable files and mostly run in windows platform. For a client-server architecture program, the client was needed to be installed in each machine. This was the main drawback of client-server application.

Once an executable file has been compiled, it is quite difficult for you to retrieve its source code as it will be changed to binary format. In this state you can only see garbage characters while trying to open it in your text editor, unless you are using other forensic tools like decompiler and hex editors.

In this current technology, developer has the same methodology as the above statement. While developing a program they tend to ignore the security features as they think it’s not necessary and might not able to disclose sensitive information to the hackers.

Today, let me show you how to retrieve string which has been hardcoded or hidden in an executable file while it’s running on the background of your windows.

Steps

1. Download process explorer from the Sysinternal website.

2. Run the executable program and open your process explorer.

3. Once in the process explorer window you will be able to see all the list of process running.

4. In this list, double click the process name which has the hidden strings information.

5. Once you have the main window for the process, navigate to the “Strings” tab.

6. Here you will be able to see all the strings information available to the process.

Note: In steps 6, you can also copy all this contents shown in the windows an export it to a text file format for easy reading.

Although this is a simple process, it can still disclose as information like password to the hacker which able them to access database, login screen and so on. So developers, beware of hard coding sensitive information even in a executable file, cause the hacker will use all kind of ways to access your application 🙂

Advertisements

One thought on “Retrieving Executable File Hidden Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s