Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Different Detection Methods (https://forum.exetools.com/showthread.php?t=2868)

OHPen 10-21-2003 10:11
Different Detection Methods
 
Lo,

the last two weeks i spent a lot of time in thinkin' over different packer/crypter detection methods...

ATM state of my mind is:

- Signature Scan:
Scan for a unique ByteSignature which can be found in every x.x packed/crypted appliction.

- Wildcard Signature Scan:
Scan for unique pattern which can be found in every x.x packed/crypted version.

- OEP anlalysis:
x.x packed/crypted application always uses same OEP.

That's what i have implemented atm in retool.

BUT:

This can't be all methods to detect packers/crypter or ?

Maybe it's possible to detect if you take a lot look at probability distribution of bytepatterns in the file.
Maybe there is a way to find something identifying.

What do you think about this topic,

and solutions, conclusion, ideas ;D

OHPen


All times are GMT +8. The time now is 07:14.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX