吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 2951|回复: 4
收起左侧

[PEtools] PE-LiteScan (PELS) v1.1 beta (x64 & Linux))

  [复制链接]
风吹屁屁凉 发表于 2024-6-17 17:58

PELS analyzer

PE-LiteScan (or PELS) is a simple heuristic analyzer for common PE-anomalies, specifically focusing on the detection of packers and protectors. Designed for Windows and Linux.

Download for Windows/Linux x64

Using

Windows

PE-LiteScan-windows.exe "file_to_check.exe"

Linux

./PE-LiteScan-linux "file_to_check.exe"

Detection types

Detection Type Description
LAST_SECTION_ENTRYPOINT The entry point is located in the last section of the file.
NO_TEXT_SECTION The .text section is missing from the PE file.
STRANGE_OVERLAY Compressed data found in the overlay section of the file.
HIGH_ENTROPY High entropy detected, indicating possible packed data.
NET_ANTI_ILDASM The .NET binary has the SuppressIldasmAttribute attribute.
PUSHAL_AT_ENTRY Strange entry point detected (e.g., starts with PUSHAL instruction).
CUSTOM_DOS_STUB Unusual DOS stub found in the PE file.
IMPORT_TABLE_MISSING The import table is missing from the PE file.
SECTIONS_LIKE_%s Section names match known packer signatures (e.g., UPX, VMProtect).
SECTION_%d_HIGH_ENTROPY Section contains compressed data.
WEIRD_%d_SECTION_NAME Section looks very strange.

To do

  • More signatures for .NET

Powered by PeNet library.

https://github.com/DosX-dev/PE-LiteScan/releases

免费评分

参与人数 5吾爱币 +6 热心值 +5 收起 理由
小朋友呢 + 2 + 1 用心讨论,共获提升!
zhczf + 1 + 1 我很赞同!
为之奈何? + 1 + 1 我很赞同!
jy138290 + 1 + 1 谢谢@Thanks!
唐小样儿 + 1 + 1 我很赞同!

查看全部评分

本帖被以下淘专辑推荐:

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

那些年打的飞机 发表于 2024-6-18 11:12
多谢大佬分享实用的工具
dling89 发表于 2024-6-18 16:16
gtr1258 发表于 2024-6-20 09:02
fengmsn 发表于 2024-6-21 09:59

感谢大佬
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-22 20:53

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表