Exeinfo PE 0.0.3.8
*******************************************************\
* *
* Exeinfo PE ver.0.0.3.8 *
* *
* with 860 + 4 signatures *
* *
* Ext_detector.dll v.2.8.8 *
* *
* www.exeinfo.xn.pl *
* *
* 2015.05.21 by A.S.L *
* *
* freeware version *
* *
* for Windows 32 bit *
* *
\*******************************************************
Executable and data file detector.
for : Win PE , Mac OS , Linux ELF , ...
* Include user languages : neutral , Chinese Big5
Internal : disassembler , data / archives Ripper ,
Zlib unpacker v1.2.8 , DFM Form scanner ,
Overlay tool , Compiler detector ,
Section Cafe finder
and others tools ....
* Plugin : advanced_scan.dll (AV fixed) + 4493 sign ( Peid compatible )
* Skins ( 12 jpg files )
* 1 sample Script for patch create
INFO : For 64bit PE files
Exeinfo PE support only : 1. UPX exe , 2. UPX dll, 3. UPX res, 4. MPRESS x64 (exe/dll)
NEWS :
- more inteli detection for unpacked exe
- signatures updated to new version protectors/compilers
- many non exe detection added : .apng , .apw , .key , .res , .dxa , .TS , ,k2p ...
- detect : Delphi 2014 XE7
- Windows-10 added OS Version - exe Header GUI
- MSI Ripper added ripper for Xor-ed with FF byte
- Zip Ripper added [ Continue - if 20/40/65/100 files ripped ]
- many signatures and fixes , overlay crypted CAB detector
- unpack info and version : updated
- .NET PE - added : Save to file Meta Data Streams ( #~ , #Streams , #US ... )
- Pe Header added : Button for Load Config
- Two internal skin changed II,III
- for DLL files Generic detector : compresor/decompressor library(zlib dll,lzma decompres)
- for DLL files Generic detector : Lzma packer/depacker library
- for DLL files detect Xojo compiler Library
- more infos if External detector not found ( .NET Menu )
- many fixes and more
External module used :
+ disassembler - www.beaengine.org
+ zlib - www.base2ti.com
+ DCPCrypt2 - www.cityinthesky.co.uk by David Barton
License status : Freeware for personal use ( copy / distribute )
* Tested AV false detection for Trojan - 1 detected : HW32.Packed.39AC
A.S.L (c) 2015.05.21
本帖最后由 tantanxin147 于 2015-7-1 17:14 编辑
Hmily 发表于 2015-7-1 15:22
更新到爱盘:
http://down.52pojie.cn/Tools/PEtools/ExeinfoPE.zip
搜了一下中文介绍方便像我一样的新手
ExEinfo PE它可以检查程序的打包方式,exe保护等,能方便的帮助开发人员快速便捷的查看程序是否加壳。
Exeinfo PE是一款查看PE文件信息的工具,可以查看EXE/DLL文件的编译器信息、是否加壳、入口点地址、输出表/输入表等等PE信息,帮助开发人员对程序进行分析和逆向。Exeinfo PE还可以提取PE文件中的资源,可以提取图片、EXE、压缩包、MSI、SWF等等资源。
下面是引用本论坛的li02
Exeinfo PE属于新一代查壳工具,作者目前还在更新,它和PEID的区别可能就在于它的特征库是作者自己维护,不支持外部修改,新版好像也开始支持外部特征库了,这款查壳工具的加壳特征库比较准确而且范围很广,如ThemIDA、WinLicense、VMProtect、ZProtect、Shielden都可以轻松识别出来,但对于具体加壳程序的版本都是模糊的,其实个人认为加壳版本真的不重要,这个后面再具体说道,Exeinfo PE可以说是目前可以说最好的查壳工具了,推荐大家使用。
更新到爱盘:
http://down.52pojie.cn/Tools/PEtools/ExeinfoPE.zip ,虽然全是英文看不懂,不过还是支持楼主{:301_987:} 楼上的,这个有中文的啊~ 收藏了
谢谢分享 楼主,这个软件有何用阿 楼主全英文,都不介绍下的啊 以前一直觉得是洋文我才看不懂的,后来发现中文的也看不懂{:1_906:} 好东西,已更新