> For the complete documentation index, see [llms.txt](https://docs.cyphor.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cyphor.net/code-guard/preventing-modifications/handling-complex-re-attacks/custom-payload-detection.md). # Custom payload detection Custom payload detection is a powerful feature that allows customers to add custom patterns that are matched on memory. This feature is designed to enhance the detection capabilities of the system and to provide more flexibility to customers. By leveraging this feature, customers can detect specific payloads that are unique to their environment, and take appropriate actions based on the detection results. It's worth noting that custom payload detection is a powerful and complex feature that can be overwhelming. Customers who are not familiar with this technique may unintentionally introduce false positives or find themselves feeling overwhelmed. As such, it's important to have a clear understanding of how to use this feature effectively and to test any rules thoroughly. ### Pattern matching Using "`??`", customers can match any single byte sequence. For example, `"A4 ?? A1"` would match `"A4 00 A1"`,`"A4 01 A1"`, and so on. ### Use cases Detecting custom payloads in memory can be extremely useful. For example, you may want to protect your software against a specific type of tampering, such as uncommon code injection techniques. By creating a custom rule that detects the specific pattern of bytes that are injected into memory during the attack, you can trigger an alert or take an appropriate action to prevent further tampering. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.cyphor.net/code-guard/preventing-modifications/handling-complex-re-attacks/custom-payload-detection.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.