Fake out PEID

Magnum · May 19, 2010, 03:20:12 AM

This works as intended if you don't want to later use an EXE packer.

But if, for example you use UPX on this, PEID identifies the packer correctly.
So I am wondering if the author thought of it ??

start:

;   For example this is ExeCryptor`s OEP

   db 0E8h,024h,000h,000h,000h,08Bh,04Ch,024h,00Ch,0C7h,001h,017h,000h,001h,000h,0C7h
   db 081h,0B8h,000h,000h,000h,000h,000h,000h,000h,031h,0C0h,089h,041h,014h,089h,041h
   db 018h,080h,0A1h,0C1h,000h,000h,000h,0FEh,0C3h,031h,0C0h,064h,0FFh,030h,064h,089h
   db 020h

News:

Fake out PEID

Magnum