I used to use TASM. For a short spell, I used MASM and realized they, including a86, use different binary representations of nearly all register-to-register operations.
With that discovery, I wrote a forensic tool that would identify what compiler a computer virus was compiled with, and a subsequent tool that would flip (using a simple XOR) a few of them to create a short binary string watermark. The watermarking tool wasn't all that practical in the end, but it was a fun experiment.
With that discovery, I wrote a forensic tool that would identify what compiler a computer virus was compiled with, and a subsequent tool that would flip (using a simple XOR) a few of them to create a short binary string watermark. The watermarking tool wasn't all that practical in the end, but it was a fun experiment.