icha Posted November 12, 2010 Posted November 12, 2010 I am curious about how peid loads signature database. Does Peid store the signature as an array and load it to memory?If I compare the used memory between peid and exeinfopeExeinfope Priv. Working Set : 316,676 KCommit Size : 318.068 KPeid Priv. Working Set : 2232 KCommit Size : 6792 KI know they are different program but they are quite similar with big difference about memory consumption.Actually, I have signature database, I put it as an array in a DLL. My EXE retrieve the array from DLL and assign the array to EXE's variable. The problem is my EXE will consume huge memory. What is the effective way?
Departure Posted November 12, 2010 Posted November 12, 2010 question is are they both packed with same packers? if you dont use a packer then it wont be as big in memory as a packer has to load the whole lot in memory before executing, I think custom signatures are stored in .txt file and loaded into to an array at scan time, They probably have small pre-defined database compiled into the exe, to be honest I wouldn't know...
icha Posted November 12, 2010 Author Posted November 12, 2010 I am not just talking about Peid, but what is the effective way to load huge data/array as database and read it fastly. Hmm..I think scan time is not a good idea because I/O activity is more consume time. I might be wrong.
Aguila Posted November 12, 2010 Posted November 12, 2010 I am not just talking about Peid, but what is the effective way to load huge data/array as database and read it fastly. Hmm..I think scan time is not a good idea because I/O activity is more consume time. I might be wrong. linked list http://en.wikipedia.org/wiki/Linked_list , with a smart search algorithm
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now