Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Can you hide/remove packer info from file?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #3  
Old 01-05-2005, 17:30
redbull redbull is offline
Friend
  
Join Date: Mar 2004
Posts: 160
Rept. Given: 17
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 6 Times in 6 Posts
redbull Reputation: 5
Some packers / cryptors leave a signature in the file.. Either as a name of a section in the PE Header file or as bytes appended to the file.

Other packers / cryptors use standard bytes in their body or around their entry points or in certain places in the body of their unpack / decryption code.

I asked a question on the PEID forum a while ago about true polymorphic protectors (EG a protector that has no stable bytes at the entrypoint or anywhere in its body)

http://www.secretashell.com/PEiD/viewtopic.php?t=82

Basically to prevent detection of a packer or cryptor you need to understand what gives that packer away to the detectors. Is it stable bytes or a section header name or a certain DWORD in the PE header or any other thing.

The best way to discover this is to protect several different files with the same protector and try to find the similarities.

Results of your work will be apreciated !!

l8rz
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to hide a file taos General Discussion 7 08-26-2004 18:31


All times are GMT +8. The time now is 18:31.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )