View Single Post
  #3  
Old 12-04-2018, 15:51
hors's Avatar
hors hors is offline
Family
 
Join Date: Aug 2014
Posts: 25
Rept. Given: 4
Rept. Rcvd 44 Times in 17 Posts
Thanks Given: 10
Thanks Rcvd at 185 Times in 18 Posts
hors Reputation: 44
Quote:
Originally Posted by alexandernst View Post
How does this compare to PEID or DIE?
PEID was a good project, but unfortunately very old.

I am the author of DIE, so probably I know his pros and cons better than anyone.

Detect It Easy[DiE]

[+] Currently, DIE has significantly more detects.
[+] The signature system allows you to easily add your own detections without recompiling the program.

[-] Signatures slower than compiled code
[-] Not all types of detections can be implemented in signatures.
[-] It is difficult to implement a full reverse scan of individual parts of the program.

Nauz File Detector[NFD]

[+] Compiled code is faster than signatures.
[+] It is possible to implement complex detections. For example using emulation.
[+] There is a reverse scan.

[-] NFD has less detections than DiE
[-] When adding new detection, you need to recompile the program.

Last edited by hors; 12-04-2018 at 15:53. Reason: Fix
Reply With Quote
The Following 15 Users Say Thank You to hors For This Useful Post:
alexandernst (12-04-2018), an0rma1 (01-25-2019), chants (12-12-2018), Corsten (12-06-2018), darkBLACK (12-05-2018), Indigo (07-19-2019), korosh (06-12-2019), MarcElBichon (12-04-2018), msi_g (03-27-2019), niculaita (06-13-2019), ontryit (12-04-2018), riverstore (03-03-2019), tonyweb (12-05-2018), trickyboy (07-30-2019)