PE Anatomist - PE files internals
PE Anatomist - PE files internalsPE Anatomist shows almost all known data structures inside a PE file and makes some analytics.
Author: RamMerLabs
Project Home: rammerlabs.alidml.ru
Overview
FILE FORMATS
[*]PE32
[*]PE32+
PE IMAGE ARCHITECTURES
[*]Intel x86
[*]AMD64
[*]ARM7
[*]ARM7 Thumb
[*]ARM8-64
[*]Intel IA64
[*]CHPE (x86 on ARM8-64)
HEADERS AND DATA STRUCTURES PARSING
[*]IMAGE_DOS_HEADER (partially), IMAGE_FILE_HEADER, IMAGE_OPTIONAL_HEADER, IMAGE_OPTIONAL_HEADER64 with additional information about some fields
[*]Table of COFF symbols
[*]Sections table, supporting long section names (via symbols table) and entropy calculating
[*]Import table (supports MS-styled names demangling)
[*]Bound Import Table
[*]Delayed Import Table
[*]Export Table with additional info
[*]Resource Table with additional info about different resource types and detailed view for all types
[*]Base Relocation Table. Target address determining and interpretation available for all supporting architectures. It detects imports, delayed imports, exports, tables from loadconfig directory, ANSI and UNICODE strings.
[*]Brief info about PE Authenticode Signature
[*]LoadConfig Directory with SEH, GFID, GIAT, Guard LongJumps, CHPE Metadata, Dynamic Value Reloc Table, Enclave Configuration, Volatile Metadata tables parsing and additional information about some fields
[*]Debug Directory. It parses contents of CODEVIEW, POGO, VC FEATURE, REPRO, FPO, EXDLL CHARACTERISTICS, SPGO debug types
[*]TLS config and callbacks table with additional information about some fields
[*]Exceptions Data Table. x64 (including version 2 with EPILOG unwind codes), arm, arm64, ia64 architectures are support, as well as chain of unwind data for x64, language-specific handler data (C Scope, C++ FuncInfo, C++ EH4, C++ DWARF LSDA) and hexadecimal view of unwind data
[*]Partial .NET directory pasring: IMAGE_COR20_HEADER, CORCOMPILE_HEADER, READYTORUN_HEADER with additional information about some fields
[*]Decode Rich signature indicating the tool used, the action being taken, the full version of the tool, and the version of VisualStudio to which the tool belongs
[*]IAT table contents
History
0.1.6.260 (2019-11-23)
[*]Fixed parsing of import table modified by some packers
[*]Added forced cleaning of recent files list
[*]Added reaction to the ENTER key in FLC text fields
[*]New settings:
[*]set main window always on top;
[*]contrast selection of alternating lists background;
[*]number of bytes displayed in the HEX form in the description in the Base Relocations table;
[*]restore last opened tab;
[*]pasting the list header into the data copied to the clipboard;
[*]use the ESC key to exit the program
[*]Display of minor instrument version in RICH signature for VS2017 and higher fixed
[*]Fixed incorrect behavior when resizing the main window
[*]Deleting file associations fixed
[*]FLC editboxes are cleared after loading a new file
[*]Fixed the error in displaying the section table if some header fields were nullified
[*]Added section naming by number if their name is not specified in the header or does not contain printable characters
[*]The mechanism for working with sections and calculating the correspondence of RVA to raw offset has been completely redone
[*]Several FLC bugs fixed
0.1.5.46 (2019-11-09)
[*]IMAGE_DIRECTORY_ENTRY_IAT table parsing available
[*]Symbols description added in Dynamic Value Relocations table
[*]Data description added in Volatile Metadata table for x86
[*]Minor optimizations of the code prepearing new GUI
[*]FuncInfo4 (ExceptionsData table) parsing error fixed, it appears when data layout has optimized
[*]FuncInfo4 (ExceptionsData table) with Separated code segments parsing error fixed
[*]RVA of instructions for appropriate unwind codes added in table for x64
0.1.4.192 (2019-10-31)
[*]ExceptionsData table LSDA headers parsing improved
[*]LSDA headers parsing implemented for C Builder 10.2 and newer
[*]Commandline keys are not required to open a file
[*]Minor error in filename processing fixed
[*]Recent files menu available now
[*]The program settings file layout modified
[*]Any size overlays supported
[*]GUI handling optimized
[*]Hide unused tabs
[*]HighDPI support
0.1.3.2 (2019-10-19)
[*]x64 ExceptionsData Table parsing bug fixed
0.1.2.57 (2019-10-18)
[*]Taskbar file icon display fixed
Crash on unsupported files fixed
Files load errors display added
Internal data size optimization
ExceptionsData Table parsing speed optimization
Download
[*]PEAnatomist-0.1.6.zip
这个东西是干什么用的 zlm110 发表于 2019-12-2 15:45
这个东西是干什么用的
好像是反汇编类的东西 什么东东,英文不好 。 全是英文,没明白,也不知道怎样用 吾爱破解 这是静态反汇编工具? 先谢谢分享了 好东西,谢谢分享! 终于看到这东西了,
好东西,谢谢分享!
页:
[1]
2