吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 9622|回复: 18
收起左侧

[PEtools] PortEx Analyzer

  [复制链接]
m4n0w4r 发表于 2017-7-6 18:49
PortEx is a Java library for static malware analysis of Portable Executable files. Its focus is on PE malformation robustness, and anomaly detection.PortEx is written in Java and Scala, and targeted at Java applications.



Features
  • Reading header information from: MSDOS Header, COFF File Header, Optional Header, Section Table
  • Reading standard section formats: Import Section, Resource Section, Export Section, Debug Section, Relocations
  • Dumping of sections, overlay, embedded ZIP, JAR or .class files
  • Scanning for file anomalies, including structural anomalies, deprecated, reserved, wrong or non-default values.
  • Visualize a PE file structure as it is on disk and visualize the local entropies of the file
  • Calculate Shannon Entropy for files and sections
  • Calculate hash values for files and sections
  • Scan for PEiD signatures or your own signature database
  • Scan for Jar to EXE wrapper (e.g. exe4j, jsmooth, jar2exe, launch4j)
  • Extract Unicode and ASCII strings contained in the file
  • Overlay detection and dumping
  • Extraction of ICO files from resource section
  • Extraction of version information from the file

Download latest version:
https://github.com/katjahahn/PortEx/tree/master/progs

Regards,

免费评分

参与人数 3吾爱币 +5 热心值 +3 收起 理由
ahmeijian + 1 + 1 谢谢@Thanks!
六日Jessica + 1 + 1 用心讨论,共获提升!
Sound + 3 + 1 鼓励转贴优秀软件安全工具和文档!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

 楼主| m4n0w4r 发表于 2018-3-20 19:27
[Bash shell] 纯文本查看 复制代码
usage:
 java -jar PortexAnalyzer.jar -v
 java -jar PortexAnalyzer.jar -h
 java -jar PortexAnalyzer.jar --repair <file>
 java -jar PortexAnalyzer.jar --dump <all|resources|overlay|sections|ico> <imagefile>
 java -jar PortexAnalyzer.jar --diff <filelist or folder>
 java -jar PortexAnalyzer.jar --pdiff <file1> <file2> <imagefile>
 java -jar PortexAnalyzer.jar [-a] [-o <outfile>] [-p <imagefile> [-bps <bytes>] [--visoverlay <textfile>]] [-i <folder>] <PEfile>

 -h,--help          show help
 -v,--version       show version
 -a,--all           show all info (slow and unstable!)
 -o,--output        write report to output file
 -p,--picture       write image representation of the PE to output file
 -bps               bytes per square in the image
 --visoverlay       text file input with square pixels to mark on the visualization
 --repair           repair the PE file, use this if your file is not recognized as PE
 --dump             dump resources, overlay, sections, icons
 --diff             compare several files and show common characteristics (alpha feature)
 --pdiff            create a diff visualization
 -i,--ico           extract icons from the resource section as .ico file


Sample:
PortEX.PNG

Here is the image that created from the above command:
crackme.png

Regards,

我在喝绿茶 发表于 2018-3-20 11:35
你好,请问一下具体怎么用啊?
为啥我java -jar PortexAnalyzer.jar -p ./WSAConnect.exe不能生成像哈勃那样的图片啊?
清风尘客 发表于 2017-7-6 19:12
小马五面 发表于 2017-7-6 19:13
有大神能解释一下吗?
benjermen 发表于 2017-7-6 19:16
小马五面 发表于 2017-7-6 19:13
有大神能解释一下吗?

恶意软件分析执行程序
风经过 发表于 2017-7-7 00:27
大哥,都是 中国人,英语水平不高啊

点评

这位是越南朋友,本人有幸邀请过来注册。  发表于 2017-7-7 21:32
gky86886 发表于 2017-7-7 08:09
分析仪。。
peterq521 发表于 2017-7-7 09:02
楼主舍不得说句汉语吗
Monitor 发表于 2017-7-7 09:19
我说此图如此熟悉  原来哈勃里面也有
冥界3大法王 发表于 2017-7-7 10:43
这玩意不错,是个综合工具。
Sound 发表于 2017-7-7 21:32
王美君 发表于 2017-7-7 00:27
大哥,都是 中国人,英语水平不高啊

这位是越南朋友,本人有幸邀请过来注册。
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-23 14:56

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表