foxthree
March 13th, 2002, 10:48
Hi fellow RCEs:
Out of sheer curiosity (or boredom
), I thought I'd start up a collection of various packers and their OEiP Sigs. That way we can have a comprehensive way of dumping at OEiP (instead of debugging the polymorphic engine itself!).
What I wanted to know from your experience is that:
1. Has this already been attempted (i'm sure FileScanners already implement some form of this)
2. What has been the success rates (sigs have to be fairly invariant for this project to be successful... note: I use the term "fairly"
3. Any other thoughts (...including calling this one a lame idea
)
Thanks for sharing your wisdom,
Signed,
-- FoxThree
PS: Kayayker: If one can compile such information and write an app that can identify OEiP given the executable, is it worth a mini-project in RCE? Thanks!
Out of sheer curiosity (or boredom

What I wanted to know from your experience is that:
1. Has this already been attempted (i'm sure FileScanners already implement some form of this)
2. What has been the success rates (sigs have to be fairly invariant for this project to be successful... note: I use the term "fairly"

3. Any other thoughts (...including calling this one a lame idea

Thanks for sharing your wisdom,
Signed,
-- FoxThree
PS: Kayayker: If one can compile such information and write an app that can identify OEiP given the executable, is it worth a mini-project in RCE? Thanks!