Is it possible to change original filename of an exe?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{
margin-bottom:0;
}
32
We are using an application control solution which denies access for some exes according to their original filename. Is it possible to change original filename with hex editor or another method?
windows blacklist
asked May 27 at 7:14
frkntrnfrkntrn
1672 silver badges5 bronze badges
|
show 1 more comment
32
We are using an application control solution which denies access for some exes according to their original filename. Is it possible to change original filename with hex editor or another method?
windows blacklist
asked May 27 at 7:14
frkntrnfrkntrn
1672 silver badges5 bronze badges
11
Basing a security solution on the immutability of a property and then asking if that property can be changed trivially seems to be in scope indeed. OP asks "Is it possible?" not "How can I do it?"
– MechMK1
May 27 at 8:13
10
To the OP: If you want a solution that is more difficult to defeat, you may want to use some kind of code signing.
– Kevin
May 27 at 15:43
10
Have you noticed the "Remove Properties and Personal Information" in your screenshot? Try clicking on it and select "Original Filename".
– Damon
May 27 at 19:14
13
I'm uncertain if frkntn is trying to create a security system or bypass one.
– Mooing Duck
May 28 at 4:38
6
If I want to run something you don't want me to run, I'l be rather annoyed but recompile it from source with a different name. Good luck matching that.
– Joshua
May 28 at 15:18
|
show 1 more comment
32
32
32
8
We are using an application control solution which denies access for some exes according to their original filename. Is it possible to change original filename with hex editor or another method?
windows blacklist
asked May 27 at 7:14
frkntrnfrkntrn
1672 silver badges5 bronze badges
We are using an application control solution which denies access for some exes according to their original filename. Is it possible to change original filename with hex editor or another method?
windows blacklist
windows blacklist
asked May 27 at 7:14
frkntrnfrkntrn
1672 silver badges5 bronze badges
asked May 27 at 7:14
frkntrnfrkntrn
1672 silver badges5 bronze badges
asked May 27 at 7:14
frkntrnfrkntrn
1672 silver badges5 bronze badges
asked May 27 at 7:14
frkntrnfrkntrn
1672 silver badges5 bronze badges
asked May 27 at 7:14
frkntrnfrkntrn
1672 silver badges5 bronze badges
1672 silver badges5 bronze badges
11
Basing a security solution on the immutability of a property and then asking if that property can be changed trivially seems to be in scope indeed. OP asks "Is it possible?" not "How can I do it?"
– MechMK1
May 27 at 8:13
10
To the OP: If you want a solution that is more difficult to defeat, you may want to use some kind of code signing.
– Kevin
May 27 at 15:43
10
Have you noticed the "Remove Properties and Personal Information" in your screenshot? Try clicking on it and select "Original Filename".
– Damon
May 27 at 19:14
13
I'm uncertain if frkntn is trying to create a security system or bypass one.
– Mooing Duck
May 28 at 4:38
6
If I want to run something you don't want me to run, I'l be rather annoyed but recompile it from source with a different name. Good luck matching that.
– Joshua
May 28 at 15:18
|
show 1 more comment
11
Basing a security solution on the immutability of a property and then asking if that property can be changed trivially seems to be in scope indeed. OP asks "Is it possible?" not "How can I do it?"
– MechMK1
May 27 at 8:13
10
To the OP: If you want a solution that is more difficult to defeat, you may want to use some kind of code signing.
– Kevin
May 27 at 15:43
10
Have you noticed the "Remove Properties and Personal Information" in your screenshot? Try clicking on it and select "Original Filename".
– Damon
May 27 at 19:14
13
I'm uncertain if frkntn is trying to create a security system or bypass one.
– Mooing Duck
May 28 at 4:38
6
If I want to run something you don't want me to run, I'l be rather annoyed but recompile it from source with a different name. Good luck matching that.
– Joshua
May 28 at 15:18
11
11
Basing a security solution on the immutability of a property and then asking if that property can be changed trivially seems to be in scope indeed. OP asks "Is it possible?" not "How can I do it?"
– MechMK1
May 27 at 8:13
Basing a security solution on the immutability of a property and then asking if that property can be changed trivially seems to be in scope indeed. OP asks "Is it possible?" not "How can I do it?"
– MechMK1
May 27 at 8:13
10
10
To the OP: If you want a solution that is more difficult to defeat, you may want to use some kind of code signing.
– Kevin
May 27 at 15:43
To the OP: If you want a solution that is more difficult to defeat, you may want to use some kind of code signing.
– Kevin
May 27 at 15:43
10
10
Have you noticed the "Remove Properties and Personal Information" in your screenshot? Try clicking on it and select "Original Filename".
– Damon
May 27 at 19:14
Have you noticed the "Remove Properties and Personal Information" in your screenshot? Try clicking on it and select "Original Filename".
– Damon
May 27 at 19:14
13
13
I'm uncertain if frkntn is trying to create a security system or bypass one.
– Mooing Duck
May 28 at 4:38
I'm uncertain if frkntn is trying to create a security system or bypass one.
– Mooing Duck
May 28 at 4:38
6
6
If I want to run something you don't want me to run, I'l be rather annoyed but recompile it from source with a different name. Good luck matching that.
– Joshua
May 28 at 15:18
If I want to run something you don't want me to run, I'l be rather annoyed but recompile it from source with a different name. Good luck matching that.
– Joshua
May 28 at 15:18
|
show 1 more comment
1 Answer
1
active
oldest
votes
58
Yes. There is a tool on GitHub here that can change that information. It supports both 64-bit and 32-bit.
The syntax I used: rcedit-x64.exe cmx.exe --set-version-string OriginalFilename "cmdx.exe" --set-version-string FileDescription "details are irrelevant"
Therefore, your solution may be efficient against beginners, but not against people with IT knowledge.
answered May 27 at 8:07
OvermindOvermind
7,4281 gold badge13 silver badges24 bronze badges
26
If people are allowed to download and run arbitrary applications from the Internet, there's little point in preventing them from running specific apps on the local machine. "The other side of the airtight hatchway"...
– IMil
May 28 at 1:03
11
Does this invalidate code signing?
– Sevron
May 28 at 10:11
3
Yes, it should invalidate it because the cryptographic hash is also used to validate integrity and file CRC changes after such alteration.
– Overmind
May 28 at 12:16
@IMil you can also make the change with notepad (though not practical if you want to change it to something longer). It's just a lot easier with this dedicated tool.
– OrangeDog
May 28 at 16:51
add a comment
|
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210843%2fis-it-possible-to-change-original-filename-of-an-exe%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
58
Yes. There is a tool on GitHub here that can change that information. It supports both 64-bit and 32-bit.
The syntax I used: rcedit-x64.exe cmx.exe --set-version-string OriginalFilename "cmdx.exe" --set-version-string FileDescription "details are irrelevant"
Therefore, your solution may be efficient against beginners, but not against people with IT knowledge.
answered May 27 at 8:07
OvermindOvermind
7,4281 gold badge13 silver badges24 bronze badges
26
If people are allowed to download and run arbitrary applications from the Internet, there's little point in preventing them from running specific apps on the local machine. "The other side of the airtight hatchway"...
– IMil
May 28 at 1:03
11
Does this invalidate code signing?
– Sevron
May 28 at 10:11
3
Yes, it should invalidate it because the cryptographic hash is also used to validate integrity and file CRC changes after such alteration.
– Overmind
May 28 at 12:16
@IMil you can also make the change with notepad (though not practical if you want to change it to something longer). It's just a lot easier with this dedicated tool.
– OrangeDog
May 28 at 16:51
add a comment
|
58
Yes. There is a tool on GitHub here that can change that information. It supports both 64-bit and 32-bit.
The syntax I used: rcedit-x64.exe cmx.exe --set-version-string OriginalFilename "cmdx.exe" --set-version-string FileDescription "details are irrelevant"
Therefore, your solution may be efficient against beginners, but not against people with IT knowledge.
answered May 27 at 8:07
OvermindOvermind
7,4281 gold badge13 silver badges24 bronze badges
26
If people are allowed to download and run arbitrary applications from the Internet, there's little point in preventing them from running specific apps on the local machine. "The other side of the airtight hatchway"...
– IMil
May 28 at 1:03
11
Does this invalidate code signing?
– Sevron
May 28 at 10:11
3
Yes, it should invalidate it because the cryptographic hash is also used to validate integrity and file CRC changes after such alteration.
– Overmind
May 28 at 12:16
@IMil you can also make the change with notepad (though not practical if you want to change it to something longer). It's just a lot easier with this dedicated tool.
– OrangeDog
May 28 at 16:51
add a comment
|
58
58
58
Yes. There is a tool on GitHub here that can change that information. It supports both 64-bit and 32-bit.
The syntax I used: rcedit-x64.exe cmx.exe --set-version-string OriginalFilename "cmdx.exe" --set-version-string FileDescription "details are irrelevant"
Therefore, your solution may be efficient against beginners, but not against people with IT knowledge.
answered May 27 at 8:07
OvermindOvermind
7,4281 gold badge13 silver badges24 bronze badges
Yes. There is a tool on GitHub here that can change that information. It supports both 64-bit and 32-bit.
The syntax I used: rcedit-x64.exe cmx.exe --set-version-string OriginalFilename "cmdx.exe" --set-version-string FileDescription "details are irrelevant"
Therefore, your solution may be efficient against beginners, but not against people with IT knowledge.
answered May 27 at 8:07
OvermindOvermind
7,4281 gold badge13 silver badges24 bronze badges
answered May 27 at 8:07
OvermindOvermind
7,4281 gold badge13 silver badges24 bronze badges
answered May 27 at 8:07
OvermindOvermind
7,4281 gold badge13 silver badges24 bronze badges
answered May 27 at 8:07
OvermindOvermind
7,4281 gold badge13 silver badges24 bronze badges
7,4281 gold badge13 silver badges24 bronze badges
26
If people are allowed to download and run arbitrary applications from the Internet, there's little point in preventing them from running specific apps on the local machine. "The other side of the airtight hatchway"...
– IMil
May 28 at 1:03
11
Does this invalidate code signing?
– Sevron
May 28 at 10:11
3
Yes, it should invalidate it because the cryptographic hash is also used to validate integrity and file CRC changes after such alteration.
– Overmind
May 28 at 12:16
@IMil you can also make the change with notepad (though not practical if you want to change it to something longer). It's just a lot easier with this dedicated tool.
– OrangeDog
May 28 at 16:51
add a comment
|
26
If people are allowed to download and run arbitrary applications from the Internet, there's little point in preventing them from running specific apps on the local machine. "The other side of the airtight hatchway"...
– IMil
May 28 at 1:03
11
Does this invalidate code signing?
– Sevron
May 28 at 10:11
3
Yes, it should invalidate it because the cryptographic hash is also used to validate integrity and file CRC changes after such alteration.
– Overmind
May 28 at 12:16
@IMil you can also make the change with notepad (though not practical if you want to change it to something longer). It's just a lot easier with this dedicated tool.
– OrangeDog
May 28 at 16:51
26
26
If people are allowed to download and run arbitrary applications from the Internet, there's little point in preventing them from running specific apps on the local machine. "The other side of the airtight hatchway"...
– IMil
May 28 at 1:03
If people are allowed to download and run arbitrary applications from the Internet, there's little point in preventing them from running specific apps on the local machine. "The other side of the airtight hatchway"...
– IMil
May 28 at 1:03
11
11
Does this invalidate code signing?
– Sevron
May 28 at 10:11
Does this invalidate code signing?
– Sevron
May 28 at 10:11
3
3
Yes, it should invalidate it because the cryptographic hash is also used to validate integrity and file CRC changes after such alteration.
– Overmind
May 28 at 12:16
Yes, it should invalidate it because the cryptographic hash is also used to validate integrity and file CRC changes after such alteration.
– Overmind
May 28 at 12:16
@IMil you can also make the change with notepad (though not practical if you want to change it to something longer). It's just a lot easier with this dedicated tool.
– OrangeDog
May 28 at 16:51
@IMil you can also make the change with notepad (though not practical if you want to change it to something longer). It's just a lot easier with this dedicated tool.
– OrangeDog
May 28 at 16:51
add a comment
|
draft saved
draft discarded
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f210843%2fis-it-possible-to-change-original-filename-of-an-exe%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
11
Basing a security solution on the immutability of a property and then asking if that property can be changed trivially seems to be in scope indeed. OP asks "Is it possible?" not "How can I do it?"
– MechMK1
May 27 at 8:13
10
To the OP: If you want a solution that is more difficult to defeat, you may want to use some kind of code signing.
– Kevin
May 27 at 15:43
10
Have you noticed the "Remove Properties and Personal Information" in your screenshot? Try clicking on it and select "Original Filename".
– Damon
May 27 at 19:14
13
I'm uncertain if frkntn is trying to create a security system or bypass one.
– Mooing Duck
May 28 at 4:38
6
If I want to run something you don't want me to run, I'l be rather annoyed but recompile it from source with a different name. Good luck matching that.
– Joshua
May 28 at 15:18