My app will ignore PE packed files ... how i can recognize them? ¿Ideas? ... help plz.
Posted on 2001-02-16 19:41:00 by Unknow
what kind of app is it? a virus?
Posted on 2001-02-16 19:49:00 by Hiroshimator
No generic way to tell... all packers leave signature bytes in the pe hdr and sometimes sections, so you'd have to write a large - updateable - db that checked for these signatures and blah blah...:D There are a few ID progs around (check protools) but they dont update often as the workload to keep adding new types of packers is a nightmare... like updating a AV program really. ie dont bother... Maybe look at aspack and see how it ID's some compressed files in it's small db James
Posted on 2001-02-16 22:59:00 by James