View Single Post
  #3  
Old 12-04-2018, 15:51
hors's Avatar
hors hors is offline
Family
 
Join Date: Aug 2014
Posts: 23
Rept. Given: 4
Rept. Rcvd 39 Times in 15 Posts
Thanks Given: 9
Thanks Rcvd at 146 Times in 16 Posts
hors Reputation: 39
Quote:
Originally Posted by alexandernst View Post
How does this compare to PEID or DIE?
PEID was a good project, but unfortunately very old.

I am the author of DIE, so probably I know his pros and cons better than anyone.

Detect It Easy[DiE]

[+] Currently, DIE has significantly more detects.
[+] The signature system allows you to easily add your own detections without recompiling the program.

[-] Signatures slower than compiled code
[-] Not all types of detections can be implemented in signatures.
[-] It is difficult to implement a full reverse scan of individual parts of the program.

Nauz File Detector[NFD]

[+] Compiled code is faster than signatures.
[+] It is possible to implement complex detections. For example using emulation.
[+] There is a reverse scan.

[-] NFD has less detections than DiE
[-] When adding new detection, you need to recompile the program.

Last edited by hors; 12-04-2018 at 15:53. Reason: Fix
Reply With Quote
The Following 11 Users Say Thank You to hors For This Useful Post:
alexandernst (12-04-2018), an0rma1 (01-25-2019), chants (12-12-2018), Corsten (12-06-2018), darkBLACK (12-05-2018), MarcElBichon (12-04-2018), msi_g (03-27-2019), ontryit (12-04-2018), riverstore (03-03-2019), tonyweb (12-05-2018)