mirrors/Detect-It-Easy
2
0
Fork 0
mirror of https://github.com/horsicq/Detect-It-Easy.git synced 2026-06-24 01:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity
Detect-It-Easy/peid_rules/PE/overlay.userdb.txt
DosX c7ee6ca357 Split PEiD userdb into PE-specific files 
Move and split peid_rules/userdb.txt into multiple PE-focused signature files under peid_rules/PE (compiler, file_format, installer, joiner, overlay, packer, protection, protector, sfx_archive, and PE/userdb.txt). Add split_userdb.ps1 script used to perform the split and include the generated PE signature files (auto-categorized from the original userdb).
2026-03-18 19:41:15 +03:00

63 lines
2.5 KiB
Text
Raw Permalink Blame History

; PEiD signature database - overlay
; Auto-categorized from userdb.txt (15 entries)
[CauseWay DOS Extender v2.64, v3.25 1992-95]
signature = EB J3 8B E8 8C C6 0E 1F 8C C0 05 ?? ?? 01 ?? ?? ?? B8 ?? ?? CD 21 3C ?? 73
ep_only = true
[CauseWay DOS Extender v3.25]
signature = FA 16 1F 26 ?? ?? ?? 83 ?? ?? 8E D0 FB 06 16 07 BE ?? ?? 8B FE B9 ?? ?? F3 A4 07
ep_only = true
[Crinkler V0.1-V0.2 -> Rune L.H.Stubbe and Aske Simon Christensen]
signature = B9 ?? ?? ?? ?? 01 C0 68 ?? ?? ?? ?? 6A 00 58 50 6A 00 5F 48 5D BB 03 00 00 00 BE ?? ?? ?? ?? E9
ep_only = true
[Crinkler V0.1-V0.2 -> Rune L.H.Stubbe and Aske Simon Christensen]
signature = B8 EF BE AD DE 50 6A ?? FF 15 10 19 40 ?? E9 AD FF FF FF
ep_only = true
[Crinkler V0.3-V0.4 -> Rune L.H.Stubbe and Aske Simon Christensen]
signature = B8 00 00 42 00 31 DB 43 EB 58
ep_only = true
[Crinkler V0.3-V0.4 -> Rune L.H.Stubbe and Aske Simon Christensen]
signature = B8 00 00 00 00 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8 00 00 00 00 58 25 00 F0 FF FF 33 FF 66 BB 19 5A 66 83 C3 34 66 39 18 75 12 0F B7 50 3C 03 D0 BB E9 44
ep_only = true
[DOS/16M DOS Extender (c) Tenberry Software Inc 1987-1995]
signature = BF ?? ?? 8E C7 8E D7 BC ?? ?? 36 ?? ?? ?? ?? FF ?? ?? ?? 36 ?? ?? ?? ?? BE ?? ?? AC 8A D8 B7 00 ?? ?? 8B ?? ?? ?? 4F 8E C7
ep_only = true
[E.S.O. Eclipse Operating System v.2.08 + DOS Extender]
signature = 8C C8 8E D8 BA ?? ?? E8 ?? ?? BB ?? ?? 8C C0 2B D8 B4 4A CD 21 BA ?? ?? 73 ?? E9
ep_only = true
[Go32Stub v.2.00 DOS-Extender]
signature = 0E 1F 8C 1E ?? ?? 8C 06 ?? ?? FC B4 30 CD 21 80
ep_only = true
[Go32Stub v.2.00T DOS-Extender]
signature = 0E 1F 8C 1E ?? ?? 8C 06 ?? ?? FC B4 30 CD 21 3C
ep_only = true
[MetaWare High C + Phar Lap DOS Extender 1983-89]
signature = EB J3 33 ED 2E 8E 1E ?? ?? 26 A1 ?? ?? A3 ?? ?? 26 8B 1E ?? ?? B1 ?? 4B
ep_only = true
[MetaWare High C Run-Time Library + Phar Lap DOS Extender 1983-89]
signature = B8 ?? ?? 50 B8 ?? ?? 50 CB
ep_only = true
[Overlay]
signature = 55 8B EC 83 C4 D4 53 56 57 33 C0 89 45 F0 89 45 E4 E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? BE ?? ?? ?? ?? 33 C0 55 68 ?? ?? ?? ?? 64 FF 30 64 89 20 33 D2 55 68 ?? ?? ?? ?? 64 FF 32 64 89 22
ep_only = true
[Phar Lap DOS Extender 1986-91]
signature = EB J3 8C D8 8E C0 B8 ?? ?? 8E D8 BB ?? ?? 8C C0 2B D8 81 ?? ?? ?? B4 4A CD 21
ep_only = true
[PMODE/W v.1.12, 1.16, 1.21, 1.33 DOS extender]
signature = FC 16 07 BF ?? ?? 8B F7 57 B9 ?? ?? F3 A5 06 1E 07 1F 5F BE ?? ?? 06 0E A4
ep_only = true
Reference in a new issue View git blame Copy permalink