Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

AVG's standalone virus scanner seems to be the worst for false positives, so far.  And it takes forever!

Best to run on a Cray2 minimum, an infinite loop only takes 8 minutes!  Forget not to top up the cryogenic tank, hmm?

Last edited by TechDud (2011-09-04 09:18:47)

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

mr_smartepants wrote:

@KickArse, I have a request.
Would it be possible to scan an .ini instead of .inf files?  I want to scan the dpms .ini and search for duplicated HWIDs.  Some of the LSI sections have nearly 200 HWIDs on a single line.  I can't do that manually. sad

I can certainly try smile

I don't have an active dev machine at the moment... but I'll see what I can do with it. I was in the process of writing a new INF files scanning function to speed up my scans. But that kind of got put on hold.

I'll also look into the SHA1 and exporting again into XLS format, but this time without needing Office to be installed (since we all know XLS is a glorified XML file). And the "file finder" function wink

As for relative paths what you are looking for is just output from the chosen root folder?? So if you were scanning D:\DriverPacks\Changes\2011.01.01\SomethingElseForFUn\AndWhatswithThis\Drivers for drivers, then you wouldn't need this just \G\3\something??

Last edited by stamandster (2011-09-29 15:55:29)

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Thanks.  The dpms .ini scan is not critical.  It only affects dpms.  With XP development winding down, this isn't really a priority.
BTW, I ran into this problem again last weekend.
This time, it's DP_Sound_A_wnt5_x86-32_1109b1\D\S\R\HDASRSA.inf that's causing the problem.  Odd since it only has around 200 HWIDs.  Must be something other than HWIDs causing the problem.

Read BEFORE you post.  HWID tool   DriverPacks Tutorial   DONATE!
http://driverpacks.net/userbar/admin-1.png
Not all heroes wear capes, some wear Kevlar!

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Even though you may be at work on a newer version, i have sent a false-positive report to Avira.

TechDud wrote:

Suspicious Files and Miscellaneous Uploads

Thank you for your submission. Below you can see the current status of the uploaded files.


A listing of files alongside their results can be found below:
File ID      Filename     Size (Byte)     Result
26330615      FindHwids.v3.2p.exe      416.99 KB      UNDER ANALYSIS


Please find a detailed report concerning each individual sample below:
Filename     Result
FindHwids.v3.2p.exe      UNDER ANALYSIS

The file 'FindHwids.v3.2p.exe' has been determined to be 'UNDER ANALYSIS'.



Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

If they are cooperative, perhaps your next version might not suffer this undeserving infamy! big_smile

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

This is a copy of an email (personally identifying info removed) in reply to the contention that FindHwids.v3.2p.exe is indeed a false positive:

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: .

A listing of files alongside their results can be found below:
File ID     Filename     Size (Byte)     Result
26330615     FindHwids.v3.2p.exe     416.99 KB     FALSE POSITIVE
26336063     fshash.dll     69.35 KB     CLEAN


Please find a detailed report concerning each individual sample below:
Filename     Result
FindHwids.v3.2p.exe     FALSE POSITIVE

The file 'FindHwids.v3.2p.exe' has been determined to be 'FALSE POSITIVE'.In particular this means that this file is not malicious but a false alarm.Detection will be added to our virus definition file (VDF) with one of the next updates.Detection will be removed from our virus definition file (VDF) with one of the next updates.
Filename     Result
fshash.dll     CLEAN

The file 'fshash.dll' has been determined to be 'CLEAN'.Our analysts did not discover any malicious content.

Please note: If you have specific questions please address them to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira Operations GmbH & Co. KG
Kaplaneiweg 1, 88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-500 3000
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

Confirmed:  'FindHwids.v3.2p.exe' does not generate false positives with latest VDF update from Avira. smile

Last edited by TechDud (2011-10-12 21:27:35)

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

False positive removed from Spybot S&D here --> http://forums.spybot.info/showpost.php? … ostcount=1 smile

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Pardon me if this was already posted.. I'm not finding it in the pages of posts. 

3.2p: I keep getting this error when scanning a structure with about 800+ inf files.  Too high?

---------------------------
AutoIt Error
---------------------------
Line 5539  (File "F:\DENOSDeploy\FOC\FindHwids.v3.2p.exe"):


Error: Array variable has incorrect number of subscripts or subscript dimension range exceeded.
---------------------------
OK   
---------------------------

Last edited by Denver_80203 (2012-04-10 06:30:20)

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

I'm sorry I'm not sure... I haven't had time to work on it in a LONG time. I did fix the download link though.

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Seems to fail at 581 of 800 or so.  Worked fine on a smaller sample. I'll try breaking things up a little

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

If anyone wants the source please let me know. I haven't had any time to devote to developing this but would still like it to thrive and be bug-fixed.

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

How about uploading it to github or similar free code hosting?
It would be a shame to lose you as a developer.  This utility is awesome and I can't imagine being able to build these DriverPacks without it.

Read BEFORE you post.  HWID tool   DriverPacks Tutorial   DONATE!
http://driverpacks.net/userbar/admin-1.png
Not all heroes wear capes, some wear Kevlar!

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

That sounds like a good idea! You won't loose me smile But I'm not as available as I'd like to be.

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

I found a speed issue with exporting to CSV. The longer the string to output to the slower it will export. So something like C:\h.csv will export up to 10 seconds faster than something like C:\Documents and Settings\USERNAME\Desktop\FindHWIDS\hwids.csv.

I'm changing the Checksum to CRC32 (supposedly faster, doesn't really need to be MD5 or SHA1) and making it an internal command instead of a third-party DLL. I also fixed an issue with some 64b workstation (Win 7) erroring for the WMI object call. I'll post when I have it all finished.

And I changed the compression of the UPX to least to help alleviate issues with virus scanners.

Last edited by stamandster (2012-10-17 02:34:04)

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Do you see my distaste for undocumented ClassGUIDs?

		Case "{2D3B1222-B28A-44f7-BE45-3D7FD2F57C43}" ; Emulex Crap
			$vClassName = "ElxPlus"
			$vClassExtName = "Emulex PLUS"
			$vClassDesc = ""

		Case "{1a3e09be-1e45-494b-9174-d7385b45bbf5}" ; NVIDIA Crap
			$vClassName = "Vendor_ClassName"
			$vClassExtName = "NVIDIA Network Bus Enumerator"
			$vClassDesc = ""

		Case "{4B571702-E6C6-4db1-A2C6-FD1D53A70FC3}" ; ALI Crap
			$vClassName = "ALiUSB"
			$vClassExtName = "ALi USB Controller"
			$vClassDesc = ""

		Case "{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}" ; INTEL Crap
			$vClassName = "SDHost"
			$vClassExtName = "Intel SD Controller"
			$vClassDesc = ""

		Case "{555E05A3-904C-42cf-AEF4-EE4035EC6362}" ; Axalto Crap
			$vClassName = "Egatecard"
			$vClassExtName = "Axalto USB SD"
			$vClassDesc = ""

		Case "{09E9A11D-CCB2-45ae-9BE8-65C263E60490}" ; Broadcom Crap
			$vClassName = "CVAULT"
			$vClassExtName = "Broadcom Fingerprint Scanner"
			$vClassDesc = ""

		Case "{e7f8dc5e-a591-4264-8a30-6eae85be7a3f}" ; ActivCard Crap
			$vClassName = "ActivCardClass"
			$vClassExtName = "ActivCard SmartReader"
			$vClassDesc = ""

		Case "{084ABEA7-3EE1-4917-AA78-7670D1E625E1}" ; ActivCard Crap
			$vClassName = "ActivCardKeyBus"
			$vClassExtName = "ActivCard Virtual Reader Enumerator"
			$vClassDesc = ""

		Case "{41AD5E8B-5CB0-4275-B829-EDA617114AE8}" ; ActivCard Crap
			$vClassName = "ActivKeySimBus"
			$vClassExtName = "ActivIdentity SmartReader"
			$vClassDesc = ""

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Oh... a new version wink

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Cool!  Thank you.
Symantec is coughing up a hairball and their 'Insight' scanner is flagging the x64 version as "unknown".
Simple enough to click "ignore" but thought you should know.

Read BEFORE you post.  HWID tool   DriverPacks Tutorial   DONATE!
http://driverpacks.net/userbar/admin-1.png
Not all heroes wear capes, some wear Kevlar!

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Avira's clueless.  No false positive either, BTW.  wink

I miss the sha1 check-summing; any chance it could be available as an option in a future version
(user-supplied .dll; perhaps call it a plugin)?

Last edited by TechDud (2012-10-17 17:47:49)

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

mr_smartepants wrote:

Cool!  Thank you.
Symantec is coughing up a hairball and their 'Insight' scanner is flagging the x64 version as "unknown".
Simple enough to click "ignore" but thought you should know.

Happy you like it smile! Can you add it to the exceptions?


TechDud wrote:

Avira's clueless.  No false positive either, BTW.  wink

I miss the sha1 check-summing; any chance it could be available as an option in a future version
(user-supplied .dll; perhaps call it a plugin)?

I can add an option to do either CRC32, MD5 or SHA1 (it was originally MD5). Curiously, what's the advantage for you on using SHA1 instead of CRC?

Does anyone think it'd be advantageous to move this thread to the Software section?

Last edited by stamandster (2012-10-18 05:54:51)

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Great work on the scanner. I have been using it for a long time. One minor bug: When choosing to look for a folder, it only allows me to browse the C drive. I can't choose any other drive. It will allow me to type/paste other drives and folders into the box.

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

stamandster wrote:

Does anyone think it'd be advantageous to move this thread to the Software section?

I do...

working...

Done

DP BartPE Tutorial   DP_BASE Tutorial   HWID's Tool     Read BEFORE you post    UserBars!
http://driverpacks.net/userbar/admin-1.png
The DriverPacks, the DP_Base program, and Support Forum are FREE!.

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

The dropbox links are no longer working because of the "Error (509)
This account's public links are generating too much traffic and have been temporarily disabled!" error

I am building an XP base image for my school district and I really wanted to get this program but even though I Googled the h*ll out of it, I couldn't find a single working link.

Is this tool totally dead now? There was supposed to be a section for it in Sourceforge as well but that's gone too.

Could anyone that has this program send it to me?

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Thank you for joining the forum, Vipriel.

edit:  Consider checking out some of the latest RC's/Nightlies in the
"Windows 2000, XP and Server 2003 DriverPacks (wnt5_x86-32)" forum section.

  For example:  http://forum.driverpacks.net/viewtopic.php?id=6623

Send in some test results, and you could become a member of the Testing Team and access the latest Graphics packs nearing completion.


If anyone can confirm that stamandster's "FindHWIDS v3.2s" is licensed under Creative Commons, then i will happily upload & make availabe (unless the author objects of course).

edit:  I have found no license anywhere for FindHWIDs; neither in nor around it or in this forum.  It's coded in AutoIT if that matters.  That has a license.
http://www.autoitscript.com/autoit3/docs/license.htm

                  stamandster's_FindHWIDs_v3.2s_x86_x64.7z

                             All copyrights retained by stamandster


When he does return, i would advise documenting a proper license for his work in order to protect it from "toolbar bundlers" at least.

Here's hoping that stamandster is alright.

Last edited by TechDud (2013-07-22 18:16:37)

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

there is no license...

Honor system is in play

i doubt anyone would bundle it, the usage is specific to very few people with advanced knowledge in a very specific field.

DP BartPE Tutorial   DP_BASE Tutorial   HWID's Tool     Read BEFORE you post    UserBars!
http://driverpacks.net/userbar/admin-1.png
The DriverPacks, the DP_Base program, and Support Forum are FREE!.

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

Even still; it is his work, he should protect his rights.  It isn't hard either.
  GitHub has setup a page to specifically deal with the issue.

Simon Sharwood of The Register wrote:

"GitHub to devs: pick a license, we dare you
Legalese confounds coders, so GitHub steps in to help"

     Quoted from:  http://www.theregister.co.uk/2013/07/17 … e_dot_com/

Uh, maybe he doesn't have to include a license to protect his work.

GitHub wrote:

"No License

You're under no obligation to choose a license and it's your right not to include one with your code or project. But please note that opting out of open source licenses doesn't mean you're opting out of copyright law.

You'll have to check with your own legal counsel regarding your particular project, but generally speaking, the absence of a license means that default copyright laws apply. This means that you retain all rights to your source code and that nobody else may reproduce, distribute, or create derivative works from your work. This might not be what you intend."

     Quoted from:  http://choosealicense.com/

stamandster did say specifically that he did create it for the DriverPacks team.

stamandster wrote:

"Nice script! Looks like the project I've been working on for the DriverPacks team called FindHWIDS -- http://forum.driverpacks.net/viewtopic.php?id=3018
I also wrote DriverGeek and DriverForge (depreciated)..."

     Quoted from:  http://www.autoitscript.com/forum/topic … ntry853801

There we have it, as clear as mud.  It would be best to have some input from it's author.     hmm



BTW, a similar program in the same topic written by llewxam looked to be imbued with a high degree of "wowness" too!
     reference http://www.autoitscript.com/forum/topic … ceinstall/

Last edited by TechDud (2013-07-22 13:23:55)

Re: FindHWIDS v3.2s - The INF Searching, Hardware ID Exporter

This is handy tool to have. When using it I get an error when it tries to read a certain Realtek inf file.
Error: Array variable has incorrect number of subscripts or subscript dimension range exceeded.

I emailed him about getting the source, haven't got a reply yet, but since it is made in autoit I was able to decompiled it and get the code. I found the section causing the error and fixed it.

This section is what fails

    Local $akey = StringRegExp(@LF & $adata[0], "\n\s*(.*?)\s*=", 3)
    Local $avalue = StringRegExp(@LF & $adata[0], "\n\s*.*?\s*=(.*?)\r", 3)
    Local $nubound = UBound($akey)
    Local $asection[$nubound + 1][2]
    $asection[0][0] = $nubound
    For $icc = 0 To $nubound - 1
        Select
            Case StringLeft($akey[$icc], 1) <> ";"
                $asection[$icc + 1][0] = $akey[$icc]
                $asection[$icc + 1][1] = $avalue[$icc]
        EndSelect
     Next

What happens is when the $avalue doesnt have the same amount or more as $akey, and there is no check for it. So a simple edit (just 3 added lines) fixes it by simply making sure $avaule has the same or more.

    Local $akey = StringRegExp(@LF & $adata[0], "\n\s*(.*?)\s*=", 3)
    Local $avalue = StringRegExp(@LF & $adata[0], "\n\s*.*?\s*=(.*?)\r", 3)
    Local $nubound = UBound($akey)
    Local $nubound2 = UBound($avalue)
    Local $asection[$nubound + 1][2]
    $asection[0][0] = $nubound
    if $nubound <= $nubound2 then
    For $icc = 0 To $nubound - 1
        Select
            Case StringLeft($akey[$icc], 1) <> ";"
                $asection[$icc + 1][0] = $akey[$icc]
                $asection[$icc + 1][1] = $avalue[$icc]
        EndSelect
     Next
     EndIf

So after that it now runs through all the inf files without erroring out.

If I get permission from him I will be more than happy to put out the updated fix for it, or if he sees this he can put the fix in himself. :-)

-Shane

Last edited by smc1979 (2014-03-19 11:57:52)