petools
petools copied to clipboard
petoolse
PE Tools - Portable executable (PE) manipulation toolkit
PE Tools - portable executable (PE) manipulation toolkit.
Table of contents
- Description
- Features
- PE Editor
- File Location Calculator
- PE Files Comparator
- Process Viewer and Manager
- PE Dumper
- PE Rebuilder
- PE Sniffer
- System Requirements
- Limitations
- To do
- What's new
- Creators
- Contacts
Description
PE Tools lets you actively research PE files and processes.
Process Viewerand PE filesEditor,Dumper,Rebuilder,Comparator,Analyzerare included. PE Tools is an oldschool reverse engineering tool with a long history since2002. PE Tools was initially inspired by LordPE (yoda).
Features
PE Editor
- PE and DOS Headers Editor
- PE Sections Editor
- PE Directory Viewer and Editor
- Export Directory Editor
- Import Directory Editor
- Resource Directory Viewer
- Exception Directory Viewer
- Relocation Directory Viewer
- Debug Directory Viewer
- TLS Directory Editor
- Load Config Directory Editor
- Bound Directory Editor
File Location Calculator (FLC)
- Virtual Address
- Relative Virtual Address
- Raw File Offset
PE Files Comparator
- Side-by-side comparison of headers and characteristics of two PE files
Process Viewer and Manager
- Show basic process information
- Show process modules
PE Dumper
- Running process dumper
- Full Dump
- Partial Dump
- Region Dump
- ~~Dumper Server (accessible via Dumper Server SDK)~~
PE Rebuilder
- Dump Fixer
- Relocation Wiper
- Resource Directory Rebuilder
- PE file Validation
- Imports Binder
- ImageBase Changer
PE Sniffer
- Signature analysis of PE files
- Packer detection
HEX Editor
- HEX Editor available in:
Section Editorvia section context menu- Every
Data DirectoryinDirectory Editor
Plugins
- ~~PE Tools
Plugin SDKavailable~~
What's new in recent major releases
PE Tools v1.9
Complete PE Tools v1.9 announces:
Entropy View
- Entropy Viewer available in:
- Main
PE Editordialog Section Editorvia section context menuFile Comparedialog for both compared files
- Main
64-bit Disassembler
- diStorm
v3.3.4 - Shows
jmp / calldirection
Load Config Directory Editor
IMAGE_LOAD_CONFIG_DIRECTORYsupport- Additional Load Config Directory values and size support (non-standard sizes)
High-DPI display modes support
- 192 DPI supported
DPImodes supported and tested:96,120,144,192- Graphics redrawn:
- Main Application Icon
- Logo
- Toolbar icons
Bug-fixes and minor changes
See HISTORY
System Requirements
- Latest tested Operating System: Windows 10
- Supported Windows versions: Windows 10, Windows 8.1, Windows 8, Windows 7
- Minimal Operating System: Windows XP
- Administrative rights for
SeDebugPrivilege - macOS supported via Wine (tested Wine 3.4, 3.0, 2.16)
- ReactOS natively supported (tested ReactOS 0.4.7)
Limitations
- No large files support (over 4 GB)
- No ARM disassembler support (ARM architecture supported by Windows 10 Mobile, Windows RT, Windows Phone, Windows IoT Core, Windows Embedded Compact)
Source code
throw std::exception(“PE Tools source code is not available”);
- If you want to add some features, write ready-to-use snippet (C/C++) and post it in Issues
To do
- [ ]
Win64version - [ ] File
OverlayAnalyzer and Extractor - [ ]
AuthenticodeViewer - [x]
RichSignature Editor - [ ]
RelocationsChecker - [ ] Enhance
DebugDirectory Remover: remove debug section if empty - [ ] Corkami binaries testing and support
- [ ]
.NET DirectoryViewer - [ ]
External Toolssupport (preliminary list):- [ ] x64dbg
- [ ] Scylla Imports Reconstruction
- [ ] Hiew
- [ ] r2
- [ ] Resource Hacker
- [ ]
Structures Exportto readable formats likeJSON/YAML - [ ]
Cryptotools (hash,decryption/decryption) - [ ]
ARMdisassembler (far-far-away)
Distribution
| File | Description | Lang |
|---|---|---|
PETools.exe |
main PE Tools executable | |
HEdit.dll |
Hex-editor | |
RebPE.dll |
PE Rebuilder | |
Signs.txt |
PEiD signatures for PE Sniffer | |
ReadMe_EN.md |
ReadMe | EN |
WhatsNew_EN.md |
What's New | EN |
WhatsNew_RU.md |
What's New | RU |
petools.sha1 |
Checksums SHA-1 |
DOWNLOAD
Licensing
See LICENSE
Creators
PE Tools
- NEOx [uinC] - versions up to
1.5, 2002-2006 - Jupiter - versions from
1.5, 2007-2018 - PainteR - versions from
1.8, 2017-2018 - EvilsInterrupt aka NtVisigoth - versions from
1.5, 2012-2014
Additional modules
- yoda (author of LordPE): original HEdit32 component
Contacts
Feel free to contact via Twitter @petoolse.
petoolse