PE Insider is a free Portable Executable viewer for the community. It shares the same codebase for inspection as Cerbero Profiler and hence it supports the entire PE specification and is incredibly fast and stable
Created by Daniel Pistelli, a freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86 and x64.
LordPE is a tool e.g. for system programmers which is able to edit/view many parts of PE (Portable Executable) files, dump them from memory, optimize them, validate, analyze, edit,...
* Task viewer/dumper
* Huge PE editor (with big ImportTable viewer, ...)
* Break'n'Enter (break at the EntryPoint of dll or exe files)
* PE Rebuilder
PEview provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files. This PE/COFF file viewer displays header, section, directory, import table, export table, and resource information within EXE, DLL, OBJ, LIB, DBG, and other file types.
PE Explorer gives you the power to look inside these PE binary files, perform static analysis, reveal a lot of information about the function of the executable, and collect as much information about the executable file as possible, without executing it.
PE Explorer leaves you with only minimal work to do in order to get an analysis of a piece of software. Once you have selected the file you wish to examine, PE Explorer will analyze the file and display a summary of the PE header information, and all of the resources contained in the PE file. From here, the tool allows you to explore the specific elements within an executable file.
This is the 32/64-bit imports rebuilder that I introduced at ReCon 2008 in Montreal.
Made for the best compatibility with WoW64 on x64-based Windows XP or Vista.
This is the same version that was used at the conference.
The first official release will come soon.
The first universal 64-bit imports rebuilder
32-bit version included
Interface similar to ImpREC
Integrated 32/64-bit process dumper
IAT AutoSearch from ImageBase or OEP
Unshuffle thunks function
Manual imports editor
MALCODE ANALYSIS PACK (MAP)
The Malcode Analysis Pack, developed by David Zimmer, contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis.
Included in this package are:
ShellExt: 5 explorer shell extensions
socketTool: manual TCP Client for probing functionality
MailPot: mail server capture pot
fakeDNS: spoofs dns responses to controlled ip’s
sniff_hit: HTTP, IRC, and DNS sniffer
sclog: Shellcode research and analysis application
IDCDumpFix: aids in quick RE of packed applications
Shellcode2Exe: embeds multiple shellcode formats in exe husk
GdiProcs: detect hidden processes
finddll: scan processes for loaded dll by name
Virustotal: virus reports for single and bulk hash lookups. Explorer integration