Portable Executable DLL file and binary date format

Question

I have got a PE executable file *.exe (32-bit), which is an small application (2.6Mb) to update firmware software of TV device. However, the update mechanism was only available up to 2013-03-12. I want to hack this executable just for pleasure. I'm trying to find this expiration date in file hexdump using PE Explorer, and replace it by some date in future to make this program work.

I found this article about binary date format:

binary date format

I am trying to find something like this value:

2013-03-xx: 0x713xxxxx

Is this a good approach to solve my task? Any suggestions? Do you know any others tools for hexdump that may be useful?

Best regard, WP

Answer 1

There are likely a lot of values of the form 0x713xxxxx -- 2.6 MB might be larger than you've thought when you start looking through it more or less at random (you don't actually know that the application uses this date format internally).

The conventional approach to deal with this sort of problem is to use a tool to step through the program, examining the code that is executing, until you find the point where the check occurs. Then simply disable the check so that it always fails -- by altering the date, or simply by altering the code.

A popular tool for stepping through code that you do not control is the Interactive Dissassembler, IDA. You can download a freeware version of it here: https://www.hex-rays.com/products/ida/support/download_freeware.shtml

It might be harder than you think to do what you want, but you'll almost certainly learn a lot by trying.

Be aware of the legal issues you may be getting yourself into by making modifications to someone else's binaries, particularly if you distribute them afterwards.

Answer 2

dumpbin is a good PE parser (but if I were you, I won't do such kind of time stamp hacks :))