mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity

Optimize EP assembly instruction retrieval with caching

Browse source 
Introduces caching for entry point assembly instructions to avoid redundant disassembly calls. Updates related functions to use the cached instructions, improving performance and code clarity.
This commit is contained in:
DosX 2025-10-02 14:25:02 +03:00
commit 741db1dfcb
1 changed files with 16 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

20
db/PE/__GenericHeuristicAnalysis_By_DosX.7.sg
View file

@ -2032,11 +2032,11 @@ function scanForPackersAndCryptors_NET_and_Native() { // For .NET and Native app
var isStrangeCallOrJmpPresent = false;
var firstOpCode = getAsmOpCode(getAsmInstructionByIndex(0));
var firstOpCode = getAsmOpCode(getFirstEpAsmInstruction());
if (!PE.isDll()) {
if (isLastSectionEP && !PE.compareEP("E8 00 00 00 00") && (firstOpCode === "CALL" || firstOpCode === "JMP")) {
log(logType.nothing, "Strange " + firstOpCode.toLowerCase() + " at EP to address: " + getAsmInstructionByIndex(0).split(" ")[1].toLowerCase());
log(logType.nothing, "Strange " + firstOpCode.toLowerCase() + " at EP to address: " + getFirstEpAsmInstruction().split(" ")[1].toLowerCase());
isStrangeCallOrJmpPresent = true;
}
@ -3979,6 +3979,8 @@ function getEpAsmPattern(onlyOpCodes, numberOf) {
var epAsmInstructions = [];
/**
* Retrieves the assembly instruction at the specified index from the entry point of a PE file.
*
@ -3986,6 +3988,11 @@ function getEpAsmPattern(onlyOpCodes, numberOf) {
* @returns {string} The assembly instruction at the specified index.
*/
function getAsmInstructionByIndex(index) {
// Check if the instruction is already cached
if (epAsmInstructions[index] !== undefined) {
return epAsmInstructions[index];
}
// Get the address of the entry point
var disasmAddress = PE.getAddressOfEntryPoint();
@ -3997,10 +4004,15 @@ function getAsmInstructionByIndex(index) {
disasmAddress = PE.getDisasmNextAddress(disasmAddress);
}
// Cache the instruction if it hasn't been cached yet
if (epAsmInstructions[i] === undefined) {
epAsmInstructions[i] = PE.getDisasmString(disasmAddress);
}
// If the current iteration matches the specified index, retrieve the instruction
if (i === index) {
// Return the assembly instruction
return PE.getDisasmString(disasmAddress);
// Return the assembly instruction from cache
return epAsmInstructions[index];
}
}
}