PE INSIDER

 

PE Insider is a free Portable Executable viewer for the community. It shares the same codebase for inspection as Cerbero Profiler and hence it supports the entire PE specification and is incredibly fast and stable

CFF EXPLORER

 

Created by Daniel Pistelli, a freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86 and x64. 

LORDPE

 

LordPE is a tool e.g. for system programmers which is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit,...

Main features:

* Task viewer/dumper
* Huge PE editor (with big ImportTable viewer, ...)
* Break'n'Enter (break at the EntryPoint of dll or exe files)
* PE Rebuilder

PEVIEW

 

PEview provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files. This PE/COFF file viewer displays header, section, directory, import table, export table, and resource information within EXE, DLL, OBJ, LIB, DBG, and other file types.

PE EXPLORER

 

PE Explorer gives you the power to look inside these PE binary files, perform static analysis, reveal a lot of information about the function of the executable, and collect as much information about the executable file as possible, without executing it.

PE Explorer leaves you with only minimal work to do in order to get an analysis of a piece of software. Once you have selected the file you wish to examine, PE Explorer will analyze the file and display a summary of the PE header information, and all of the resources contained in the PE file. From here, the tool allows you to explore the specific elements within an executable file.

CHIMPREC

 

This is the 32/64-bit imports rebuilder that I introduced at ReCon 2008 in Montreal.
Made for the best compatibility with WoW64 on x64-based Windows XP or Vista.

This is the same version that was used at the conference.
The first official release will come soon.

+Features
The first universal 64-bit imports rebuilder
32-bit version included
Interface similar to ImpREC
Integrated 32/64-bit process dumper
IAT AutoSearch from ImageBase or OEP
Unshuffle thunks function
Manual imports editor

MALCODE ANALYSIS PACK (MAP)

 

 
The Malcode Analysis Pack, developed by David Zimmer, contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis.
 

Included in this package are:

 

  • ShellExt: 5 explorer shell extensions

  • socketTool: manual TCP Client for probing functionality

  • MailPot: mail server capture pot

  • fakeDNS: spoofs dns responses to controlled ip’s

  • sniff_hit: HTTP, IRC, and DNS sniffer

  • sclog: Shellcode research and analysis application

  • IDCDumpFix: aids in quick RE of packed applications

  • Shellcode2Exe: embeds multiple shellcode formats in exe husk

  • GdiProcs: detect hidden processes

  • finddll: scan processes for loaded dll by name

  • Virustotal: virus reports for single and bulk hash lookups. Explorer integration

 
 
 
 
 
 
 

Subscribe for Updates

Congrats! You’re subscribed