EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-02-2018, 02:34
hors's Avatar
hors hors is offline
Family
 
Join Date: Aug 2014
Posts: 19
Rept. Given: 3
Rept. Rcvd 34 Times in 11 Posts
Thanks Given: 8
Thanks Rcvd at 95 Times in 12 Posts
hors Reputation: 34
Nauz File Detector

Nauz File Detector is a portable linker/compiler/packer identifier utility

Download

The program works on OSX, Linux and Windows.
There are two versions of program.

nfd - GUI version
nfdc - console version.

The program is Open Source and you can find the source code here.

More info
Reply With Quote
The Following 4 Users Gave Reputation+1 to hors For This Useful Post:
Aaron (12-03-2018), copyleft (12-06-2018), Insid3Code (12-03-2018), MarcElBichon (12-03-2018)
The Following 7 Users Say Thank You to hors For This Useful Post:
Agmcz (12-03-2018), alexandernst (12-04-2018), copyleft (12-06-2018), LPVOID (12-07-2018), ontryit (12-04-2018), p4r4d0x (12-05-2018), wilson bibe (12-02-2018)
  #2  
Old 12-04-2018, 05:45
alexandernst alexandernst is offline
Friend
 
Join Date: Dec 2017
Posts: 4
Rept. Given: 0
Rept. Rcvd 3 Times in 2 Posts
Thanks Given: 2
Thanks Rcvd at 9 Times in 2 Posts
alexandernst Reputation: 3
How does this compare to PEID or DIE?
Reply With Quote
  #3  
Old 12-04-2018, 15:51
hors's Avatar
hors hors is offline
Family
 
Join Date: Aug 2014
Posts: 19
Rept. Given: 3
Rept. Rcvd 34 Times in 11 Posts
Thanks Given: 8
Thanks Rcvd at 95 Times in 12 Posts
hors Reputation: 34
Quote:
Originally Posted by alexandernst View Post
How does this compare to PEID or DIE?
PEID was a good project, but unfortunately very old.

I am the author of DIE, so probably I know his pros and cons better than anyone.

Detect It Easy[DiE]

[+] Currently, DIE has significantly more detects.
[+] The signature system allows you to easily add your own detections without recompiling the program.

[-] Signatures slower than compiled code
[-] Not all types of detections can be implemented in signatures.
[-] It is difficult to implement a full reverse scan of individual parts of the program.

Nauz File Detector[NFD]

[+] Compiled code is faster than signatures.
[+] It is possible to implement complex detections. For example using emulation.
[+] There is a reverse scan.

[-] NFD has less detections than DiE
[-] When adding new detection, you need to recompile the program.

Last edited by hors; 12-04-2018 at 15:53. Reason: Fix
Reply With Quote
The Following 8 Users Say Thank You to hors For This Useful Post:
alexandernst (12-04-2018), chants (12-12-2018), Corsten (12-06-2018), darkBLACK (12-05-2018), LPVOID (12-07-2018), MarcElBichon (12-04-2018), ontryit (12-04-2018), tonyweb (12-05-2018)
  #4  
Old 12-05-2018, 23:14
RDGMax's Avatar
RDGMax RDGMax is offline
rdgsoft.net
 
Join Date: Apr 2011
Location: rdgsoft.net
Posts: 60
Rept. Given: 5
Rept. Rcvd 140 Times in 23 Posts
Thanks Given: 4
Thanks Rcvd at 107 Times in 20 Posts
RDGMax Reputation: 100-199 RDGMax Reputation: 100-199
Excellent! :*
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 04:39.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX