Thread: Different Detection Methods
View Single Post
  #1  
Old 10-21-2003, 10:11
OHPen's Avatar
OHPen OHPen is offline
Friend
  
Join Date: Aug 2003
Location: lost in code...
Posts: 92
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
OHPen Reputation: 0
Different Detection Methods
Lo,

the last two weeks i spent a lot of time in thinkin' over different packer/crypter detection methods...

ATM state of my mind is:

- Signature Scan:
Scan for a unique ByteSignature which can be found in every x.x packed/crypted appliction.

- Wildcard Signature Scan:
Scan for unique pattern which can be found in every x.x packed/crypted version.

- OEP anlalysis:
x.x packed/crypted application always uses same OEP.

That's what i have implemented atm in retool.

BUT:

This can't be all methods to detect packers/crypter or ?

Maybe it's possible to detect if you take a lot look at probability distribution of bytepatterns in the file.
Maybe there is a way to find something identifying.

What do you think about this topic,

and solutions, conclusion, ideas ;D

OHPen
Reply With Quote