Quote:
Originally Posted by alexandernst
How does this compare to PEID or DIE?
|
PEID was a good project, but unfortunately very old.
I am the author of
DIE, so probably I know his pros and cons better than anyone.
Detect It Easy[DiE]
[+] Currently,
DIE has significantly more detects.
[+] The signature system allows you to easily add your own detections without recompiling the program.
[-] Signatures slower than compiled code
[-] Not all types of detections can be implemented in signatures.
[-] It is difficult to implement a full reverse scan of individual parts of the program.
Nauz File Detector[NFD]
[+] Compiled code is faster than signatures.
[+] It is possible to implement complex detections. For example using emulation.
[+] There is a reverse scan.
[-]
NFD has less detections than
DiE
[-] When adding new detection, you need to recompile the program.