Author Topic: Some more definitions  (Read 3967 times)

masamune3210

  • Newbie
  • *
  • Posts: 18
Some more definitions
« on: September 06, 2020, 04:07:38 PM »
Here is my latest batch of files, I apologize if some of them are dups, as I had to revert to a backup of the drive they are on and couldn't remember which had been sent in already

masamune3210

  • Newbie
  • *
  • Posts: 18
Re: Some more definitions
« Reply #1 on: September 06, 2020, 04:24:18 PM »
Also, dont mean to muddy up the forum so ill just put it here, what is the best way to fix a misdetect? I have some exe files that are being misdetected as dll files

Mark0

  • Administrator
  • Hero Member
  • *****
  • Posts: 2840
    • Mark0's Home Page
Re: Some more definitions
« Reply #2 on: September 07, 2020, 01:52:50 PM »
Thanks for the new defs, will surely check them out.

As for the misidentification, that's a somehow complex/broad matter, and there isn't a catch-all solution.
An easy case is when there's for example a file of a certain type that isn't recognized by an existing definition: using the -d switch of TrIDScan it's possible to start from the existing definition and remove/refine the few patterns or string that doesn't match, thus creating an updated, simplified def that recognize the new file too (and hopefully many others).

In case of EXE and DLL, the issue is more complicate because they are indeed variants of what essentially is the same file format.

masamune3210

  • Newbie
  • *
  • Posts: 18
Re: Some more definitions
« Reply #3 on: September 07, 2020, 05:40:31 PM »
Ok, thanks for the info!