|
PE-bearWhat it is? PE-bear is a new reversing tool for PE files. It is coded and designed basically by me (hasherezade), however I welcome every suggestion or feature proposal. For now it is a freeware, but you can expect open source in the future. Objective: to deliver fast and flexible “first view” tool for malware analysts. Stable and capable to handle malformed PE files.
DownloadThe latest version is 0.3.7 (beta), released: 23.03.2014
Please send me your remarks and help making PE-bear a top quality product! :)
/*Thanks for all the feature requests. I could not find time to implement them all for this release, but it doesn’t mean I’ve forgotten. They will be included as soon as possible. */
(Included PEid’s UserDB – converted by the script provided by crashish)
Features and details- handles PE32 and PE64
- views multiple files in parallel
- recognizes known packers (by signatures)
- fast disassembler – starting from any chosen RVA/File offset
- visualization of sections layout
- selective comparing of two chosen PE files
- adding new elements (sections, imports)
- and more…
Currently project is under rapid development. You can expect frequent updates. Any suggestions/bug reports are welcome. I am waiting for your e-mails and comments. Special thanks goes to:
Sfires, for hosting and supporting the project on early stage of development.
Ange Albertini – for valuable advices and excellent set of corner-case samples
Screenshots
Download :
x86
http://filecloud.io/rgc3ul7p
x64
http://filecloud.io/1gvs4xfl
Linux
http://filecloud.io/mn5yw8rg
| 
发表于 2014-9-23 11:31
