Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-21-2003, 10:11
OHPen's Avatar
OHPen OHPen is offline
Friend
 
Join Date: Aug 2003
Location: lost in code...
Posts: 92
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
OHPen Reputation: 0
Different Detection Methods

Lo,

the last two weeks i spent a lot of time in thinkin' over different packer/crypter detection methods...

ATM state of my mind is:

- Signature Scan:
Scan for a unique ByteSignature which can be found in every x.x packed/crypted appliction.

- Wildcard Signature Scan:
Scan for unique pattern which can be found in every x.x packed/crypted version.

- OEP anlalysis:
x.x packed/crypted application always uses same OEP.

That's what i have implemented atm in retool.

BUT:

This can't be all methods to detect packers/crypter or ?

Maybe it's possible to detect if you take a lot look at probability distribution of bytepatterns in the file.
Maybe there is a way to find something identifying.

What do you think about this topic,

and solutions, conclusion, ideas ;D

OHPen
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Anti tamper methods - .Net msaly General Discussion 1 07-27-2020 05:27
Flexlm ECC alternate patching methods nathan General Discussion 102 05-31-2019 06:30
Methods of detecting dongle emulator MeteO General Discussion 4 02-17-2006 09:43
Where are the Class methods? 5Alive General Discussion 0 07-28-2005 03:22


All times are GMT +8. The time now is 12:58.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )