PPEE - Professional PE file Explorer

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
Message
Author
billon
Posts: 566
Joined: Sat Jun 23, 2012 4:28 pm

PPEE - Professional PE file Explorer

#1 Post by billon » Fri Apr 22, 2016 11:45 am

https://mzrst.com/
PPEE (puppy) is a Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more details.
Puppy is free and tries to be small, fast, nimble and friendly as your puppy!

Features
Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details. All directories in a PE file including Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported.
  • Both PE32 and PE64 support
  • Parsing exe, dll, sys, scr, drv, cpl, ocx and more
  • Entropy and MD5 calculation of the sections and resource items
  • View strings embedded in files
  • Built in hex editor
  • Edit most of the data directory structures
  • Descriptive information for data members
  • Refresh, Save and Save as menu commands
  • List view columns can sort data in an appropriate way
  • Plugin enabled
There are lots of tools out there for statically analyzing malicious binaries, but they are ordinary tools for ordinary files. Puppy is a lightweight yet strong tool for static investigation of suspicious files. A companion plugin is also provided to take one-click technical information about the file such as its size, entropy, attributes, hashes, version info and so on.
Image
Image
Image
Image
Image
Image

DL - https://mzrst.com/puppy/PPEE(puppy)%201.05.zip (91.44 KB)
Portable/Stealth
Alternative to corrupted pestudio

User avatar
I am Baas
Posts: 4144
Joined: Thu Aug 07, 2008 4:51 am

Re: PPEE - Professional PE file Explorer

#2 Post by I am Baas » Fri Apr 22, 2016 5:54 pm

That is a nice find; thanks for posting about PPEE, billon.

Tested v1.05: Portable
billon wrote:Alternative to corrupted pestudio
That is an unfair comment :evil:
Bəəs 2.0

billon
Posts: 566
Joined: Sat Jun 23, 2012 4:28 pm

Re: PPEE - Professional PE file Explorer

#3 Post by billon » Thu Jul 07, 2016 11:04 pm

Current version: 1.06 (2016-07-08)
  • GUI is improved
  • Anomaly detection added
  • Check update menu item added
  • Toolbar and Statusbar Added
  • Added RightClick context menu to copy or search
  • Dump Sections, Resources and .Net assembly directories
  • Separated items for URL, Registry, File strings
  • Minor bugs in .Net directory fixed
  • Fuzzy hash(ssdeep) support by plugin

User avatar
Midas
Posts: 4265
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: PPEE - Professional PE file Explorer

#4 Post by Midas » Fri Jul 08, 2016 5:16 am

I completely missed this topic. PPEE (Puppy? Looks like peepee from here... :oops:) is a great find. Will test ASAP. 8)

User avatar
__philippe
Posts: 484
Joined: Wed Jun 26, 2013 2:09 am

Re: PPEE - Professional PE file Explorer

#5 Post by __philippe » Fri Jul 08, 2016 7:30 am

Good find indeed.

Only annoyance so far: lacking tooltips for a few non-intuitive toolbar icons.
Just dropped PPEE's developer a suggestion to remedy this minor lapse.

TP109
Posts: 483
Joined: Sat Apr 08, 2006 7:12 pm
Location: Illinois/Indiana

Re: PPEE - Professional PE file Explorer

#6 Post by TP109 » Fri Jul 08, 2016 1:11 pm

79kB download, 93kB installed. Very fast and snappy. Works on XP too.

User avatar
__philippe
Posts: 484
Joined: Wed Jun 26, 2013 2:09 am

Re: PPEE - Professional PE file Explorer

#7 Post by __philippe » Sun Jul 10, 2016 4:31 am

A little bird told me PPEE tooltips are forthcoming...

Ask and thou shalt be given, and there will be joy forever after... ;-)

billon
Posts: 566
Joined: Sat Jun 23, 2012 4:28 pm

Re: PPEE - Professional PE file Explorer

#8 Post by billon » Sat Sep 10, 2016 11:12 am

Current version: 1.07 (2016-09-10)
- Virustotal and OPSWAT's Metadefender query report is added to the plugin (Without submitting the file)
- Suspicious strings treeview item added (Customizable via Suspicious.txt file)
- Timedate stamp now shown in UTC standard, with days passed
- Statusbar shows basic PE info
- Minor bug fixes
From ReadMe.txt:
Greetings
--------------
... __philippe ...
:)

User avatar
__philippe
Posts: 484
Joined: Wed Jun 26, 2013 2:09 am

Re: PPEE - Professional PE file Explorer

#9 Post by __philippe » Sun Sep 11, 2016 7:25 am

@billon

Cor Blimey, the little bird did come home to roost indeed...;-)

User avatar
smaragdus
Posts: 2000
Joined: Sat Jun 22, 2013 3:24 am
Location: Aeaea

Re: PPEE - Professional PE file Explorer

#10 Post by smaragdus » Sun Oct 09, 2016 12:38 pm

When I try to open PPEE web-site I got a warning that This Connection is Untrusted.

User avatar
deathcubek
Posts: 181
Joined: Thu Jul 14, 2011 9:42 am
Location: Island of Lost Minds

Re: PPEE - Professional PE file Explorer

#11 Post by deathcubek » Sun Oct 09, 2016 1:20 pm

smaragdus wrote:When I try to open PPEE web-site I got a warning that This Connection is Untrusted.
Looks like their TLS certificate expired this Sunday:
mzrst.com verwendet ein ungültiges Sicherheitszertifikat.
Das Zertifikat ist am Sonntag, 9. Oktober 2016 01:59 abgelaufen. Die aktuelle Zeit ist Sonntag, 9. Oktober 2016 22:56.
They will need to buy a new certificate for their domain. Or switch to a free service like "Let's Encrypt", which will constantly renew your certificate...
„One of my most productive days was throwing away 1,000 lines of code“ – Ken Thompson

Dreamatorium | In Search Of The Disembodied Sounds | Best Regards!

User avatar
smaragdus
Posts: 2000
Joined: Sat Jun 22, 2013 3:24 am
Location: Aeaea

Re: PPEE - Professional PE file Explorer

#12 Post by smaragdus » Wed Oct 12, 2016 6:37 pm

@deathcubek
Thanks for the detailed explanation. Now PPEE web-site is back to normal.

billon
Posts: 566
Joined: Sat Jun 23, 2012 4:28 pm

Re: PPEE - Professional PE file Explorer

#13 Post by billon » Wed Dec 21, 2016 7:07 pm


User avatar
__philippe
Posts: 484
Joined: Wed Jun 26, 2013 2:09 am

Re: PPEE - Professional PE file Explorer

#14 Post by __philippe » Thu Dec 22, 2016 2:56 am

Voted.

Tiny PPEE (108kb) has supplanted PEstudio (3Mb) as my preferred PE explorer utility.
Looking forward to future updates.

User avatar
smaragdus
Posts: 2000
Joined: Sat Jun 22, 2013 3:24 am
Location: Aeaea

Re: PPEE - Professional PE file Explorer

#15 Post by smaragdus » Thu Dec 22, 2016 5:49 pm

@billon
Thank you for taking your time to add Professional PE Explorer to the database, its place there is well-deserved.

Post Reply