-
Notifications
You must be signed in to change notification settings - Fork 16
HowTo Guides
Alex edited this page Nov 28, 2021
·
1 revision
Example done on Ubuntu 20.04 for UPX 3.95.
From the console, execute this command:
$ peid-sig /tmp/test-upx/*.exe --packer UPX --author jsmith
If you want to customize the length and the threshold of common bytes:
$ peid-sig /tmp/test-upx/*.exe -p UPX -a jsmith --length 50 --bytes-threshold .75
This will print an output like this:
[UPX v3.95 -> jsmith]
signature = 53 56 57 55 48 8D 35 ?? ?? ?? FF 48 8D BE ?? ?? ?? FF 57 31 DB 31 C9 48 83 CD FF E8 50 00 00 00 01 DB 74 02 F3 C3 8B 1E 48 83 EE FC 11 DB 8A 16 F3 C3
ep_only = true
Example done on Ubuntu 20.04 using userdb.txt and a folder userdbs with other signature databases.
import os
from peid import SignatureDatabase
db = SignatureDatabase("userdb.txt")
db.merge(*[SignatureDatabase("userdbs/" + x) for x in os.listdir("userdbs") if x.lower().endswith(".txt")])
db.dump()