View Single Post
  #3  
Old 12-04-2018, 15:51
hors's Avatar
hors hors is offline
Developer
 
Join Date: Aug 2014
Posts: 71
Rept. Given: 16
Rept. Rcvd 111 Times in 52 Posts
Thanks Given: 27
Thanks Rcvd at 652 Times in 64 Posts
hors Reputation: 100-199 hors Reputation: 100-199
Quote:
Originally Posted by alexandernst View Post
How does this compare to PEID or DIE?
PEID was a good project, but unfortunately very old.

I am the author of DIE, so probably I know his pros and cons better than anyone.

Detect It Easy[DiE]

[+] Currently, DIE has significantly more detects.
[+] The signature system allows you to easily add your own detections without recompiling the program.

[-] Signatures slower than compiled code
[-] Not all types of detections can be implemented in signatures.
[-] It is difficult to implement a full reverse scan of individual parts of the program.

Nauz File Detector[NFD]

[+] Compiled code is faster than signatures.
[+] It is possible to implement complex detections. For example using emulation.
[+] There is a reverse scan.

[-] NFD has less detections than DiE
[-] When adding new detection, you need to recompile the program.

Last edited by hors; 12-04-2018 at 15:53. Reason: Fix
Reply With Quote
The Following 19 Users Say Thank You to hors For This Useful Post:
alexandernst (12-04-2018), an0rma1 (01-25-2019), backdoor_b (04-28-2022), chants (12-12-2018), Corsten (12-06-2018), darkBLACK (12-05-2018), Doit (05-06-2020), Indigo (07-19-2019), korosh (06-12-2019), MarcElBichon (12-04-2018), msi_g (03-27-2019), N0P (08-23-2021), niculaita (06-13-2019), ontryit (12-04-2018), riverstore (03-03-2019), tonyweb (12-05-2018), trickyboy (07-30-2019), Zeokat (12-27-2021)