Why are most payloads x32 instead of x64, i mean the new ones too, is there a any certain reason why it is this way if so what are the reasons. I feel like x64 is more up to date and better in that sense so please inform me 
-
XSS.stack #1 – первый литературный журнал от юзеров форума
x32 vs x64 payload
- Автор темы DM7
- Дата начала
An x32 payload is able to run on both x32 and x64 machines, while an x64 payload can only run on x64 machines.
- Автор темы
- Добавить закладку
- #3
so theres no difference in like evasion etc?
even now windows 11 only supports x64 and most computers connected are x64 but still there millions of connected computers are still using x86 processor so if you wan't you'r payload works on all pcs you should use x86 but if you are targeting high end targets use x64Why are most payloads x32 instead of x64, i mean the new ones too, is there a any certain reason why it is this way if so what are the reasons. I feel like x64 is more up to date and better in that sense so please inform me
i would say no, just minor changes in structure...
i agree but with a few remarks:
1. better say windows 11 exists in x64, because it still can execute x32 PEs
2. wdym by high-end some corps PCs are x32
answering question, ask yourself why x64 better? i dont see any reason in malware coding tbh. better when more, isnt it?
Could an a advantage of writing malware in x64 be that anti-virus expect malware to be written x86. And not do as a throughout check ?
If I remember correct then some malware sandbox are not able to run x64 binaries
If I remember correct then some malware sandbox are not able to run x64 binaries
Like poster above said, x86 -- runs everywhere, even older systems, while x64 will need an x64 processor. Ok, so most machines are x64 already... but why take the gamble? Victim might be storing his treasure on an old laptop)
But as to the relationship of malware crypters and architecture, from my knowledge of crypt sellers, I did see that evasion on some crypts for x64 is better, while on x86 the same payload would trigger 2 or 3 detections. However this isn't due to the architecture used but the methods used by the coders, so it's better to ask someone who codes for both to tell you exactly what's up.
But as to the relationship of malware crypters and architecture, from my knowledge of crypt sellers, I did see that evasion on some crypts for x64 is better, while on x86 the same payload would trigger 2 or 3 detections. However this isn't due to the architecture used but the methods used by the coders, so it's better to ask someone who codes for both to tell you exactly what's up.