To those that use and test of ExploidShield 0.8.1 beta next to their resident avast av solution,
Just to revive this thread after using the beta now for quite some time and it closed down just only once in all that time. I could restart it easily. I gave the Exploit Shield executable a run of a nice exploration tool called exeinfoPE power pack and got back some interesting results (to whom it may concern). ExeinfoPE is a great tool for packer determination.
For ExploitShield executable we get EntryPoint 0011C50 oo File Offset 00011050 File Size etc. But interesting is Overlay 000024D8 encoding 0x000024D8 (24d8)
Unpack info try :
Protection_ID.exe from
http://pid.gamecopyworld.com , true ep
-only and signature patterm 8B FF 55 8B EC is for Visual C++ 2003 DLL -> Microsoft UPolyX v.0.5 gives
? so cannot be established but as false
Also interesting would be to perform a walk with dependency walker as seen from the signature pattern we land here:
http://www.nirsoft.net/articles/windows_7_kernel_architecture_changes.html (article and info from Nir Sofer, an exellent developer with a list of very helpful tools: hxtp://www.softpedia.com/developer/Nir-Sofer-10197.html) and we see that the executable is all about kernel protection.
Thanks also for !Donovan for inspiring me to test out the ExeinfoPE_PowerPack tool as we both rather like the interesting interface of it.
This while we went over some ins and outs of packer detection....
polonus
