Jump to content
Tuts 4 You

Stores and reads array


icha

Recommended Posts

Posted

I am curious about how peid loads signature database. Does Peid store the signature as an array and load it to memory?

If I compare the used memory between peid and exeinfope

Exeinfope

Priv. Working Set : 316,676 K

Commit Size : 318.068 K

Peid

Priv. Working Set : 2232 K

Commit Size : 6792 K

I know they are different program but they are quite similar with big difference about memory consumption.

Actually, I have signature database, I put it as an array in a DLL. My EXE retrieve the array from DLL and assign the array to EXE's variable. The problem is my EXE will consume huge memory. What is the effective way?

Posted

question is are they both packed with same packers? if you dont use a packer then it wont be as big in memory as a packer has to load the whole lot in memory before executing, I think custom signatures are stored in .txt file and loaded into to an array at scan time, They probably have small pre-defined database compiled into the exe, to be honest I wouldn't know...

Posted

I am not just talking about Peid, but what is the effective way to load huge data/array as database and read it fastly.

Hmm..I think scan time is not a good idea because I/O activity is more consume time. I might be wrong.

Posted

I am not just talking about Peid, but what is the effective way to load huge data/array as database and read it fastly.

Hmm..I think scan time is not a good idea because I/O activity is more consume time. I might be wrong.

linked list http://en.wikipedia.org/wiki/Linked_list , with a smart search algorithm ;)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...