mirror of
https://github.com/horsicq/Detect-It-Easy.git
synced 2026-06-24 01:54:08 +00:00
17 lines
No EOL
527 B
JavaScript
Executable file
17 lines
No EOL
527 B
JavaScript
Executable file
// Detect It Easy: detection rule file
|
|
// Author: horsicq <horsicq@gmail.com>
|
|
// Detects zero-byte overlay padding added by linkers to align the output file
|
|
// to sector (0x200) or page (0x1000) boundaries.
|
|
// Example: TLINK32 pads PE files with null bytes up to the next 0x1000 boundary.
|
|
|
|
function detect() {
|
|
if (!Binary.isOverlay()) {
|
|
return result();
|
|
}
|
|
|
|
var nSize = Binary.getSize();
|
|
|
|
if (Binary.isZeroFilled(0, nSize)) {
|
|
_setResult("overlay", "null padding", "", "");
|
|
}
|
|
} |