flat assembler
Message board for the users of flat assembler.

Index > Windows > Cheating PEid

Author
Thread Post new topic Reply to topic
Enko



Joined: 03 Apr 2007
Posts: 676
Location: Mar del Plata
Enko 04 Jul 2011, 21:12
Hy again,
http://www.peid.info/

I think you all know the tool. It give you the info of what compiler where used to generate an executable. Of course there should be other too.


The thing is, how to generate windows executables with fasm, so this PE identifyer or other, identify it like Visual Basic 6.0 compiled program or Visual Cpp 2008 or others..


A custom PE should be built? or its the imports table? What makes the diference beetwen this compilers and fams?


thanks a lot.
Post 04 Jul 2011, 21:12
View user's profile Send private message Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22 05 Jul 2011, 19:31
PEID uses a general fingerprint to figure out what compiler was used.
For example, a program compiled with VC++ will import functions from MSVCR8.DLL.
Maybe PEID would fingerprint FASM by how it encodes an op-code with multiple (correct) encodings.
Post 05 Jul 2011, 19:31
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 676
Location: Mar del Plata
Enko 05 Jul 2011, 19:41
r22 wrote:

Maybe PEID would fingerprint FASM by how it encodes an op-code with multiple (correct) encodings.

PEID dont´t recognize fasm. yes it recognize masm/tasm. But no fasm Mad



so you think that the PE itself has nothing to do with the recognition?

Ive got an idea to try, make a console exe with visual studio but without the c runtime. And then check it with peid.
Post 05 Jul 2011, 19:41
View user's profile Send private message Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1905
DOS386 10 Jul 2011, 02:12
Quote:
Update 04-04-2011
The PEiD project has been discontinued. No new versions will be released.


Quote:
Latest Version
PEiD v0.95 Build date: Oct 21, 2008


PEID is DEAD Shocked
Post 10 Jul 2011, 02:12
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u 10 Jul 2011, 15:18
I think its a good thing that it can not be fingerprinted so easy.
Post 10 Jul 2011, 15:18
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.