#1
|
||||
|
||||
Different Detection Methods
Lo,
the last two weeks i spent a lot of time in thinkin' over different packer/crypter detection methods... ATM state of my mind is: - Signature Scan: Scan for a unique ByteSignature which can be found in every x.x packed/crypted appliction. - Wildcard Signature Scan: Scan for unique pattern which can be found in every x.x packed/crypted version. - OEP anlalysis: x.x packed/crypted application always uses same OEP. That's what i have implemented atm in retool. BUT: This can't be all methods to detect packers/crypter or ? Maybe it's possible to detect if you take a lot look at probability distribution of bytepatterns in the file. Maybe there is a way to find something identifying. What do you think about this topic, and solutions, conclusion, ideas ;D OHPen |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Flexlm ECC alternate patching methods | nathan | General Discussion | 103 | 07-05-2024 10:16 |
Anti tamper methods - .Net | msaly | General Discussion | 1 | 07-27-2020 05:27 |
Methods of detecting dongle emulator | MeteO | General Discussion | 4 | 02-17-2006 09:43 |
Where are the Class methods? | 5Alive | General Discussion | 0 | 07-28-2005 03:22 |