Categories /

Programming - Resource Tools (14)

pestudio standard v9.07 Updated

billon on 26 Sep 2020
  • 3MB (uncompressed)
  • Released on 24 Sep 2020
  • Suggested by joby_toss

pestudio shows details about applications and other system files (.exe, .dll, .cpl, .ocx, .ax, .sys etc.) without starting them including:

  • Libraries that are used by an application
  • Functions that are imported by an application
  • Functions (also anonymous) that are exported by an application
  • All functions that are forwarded to other libraries
  • Obsolete Functions that are exported and imported by an application
  • If Data Execution Prevention (DEP) Windows security mechanism is used
  • If Address Space Layout Randomization (ASLR) Windows security mechanism is used
  • If Windows security mechanism Structured Exception Handling (SEH) is used
  • Whether some sections are compressed

pestudio standard lacks some features of pro version.

Category:
Runs on: Win2K / WinXP / Vista / Win7 / Win8 / Win10
Writes settings to: Application folder
Stealth: ? Yes
Unicode support: Yes
License: Free for personal use/Liteware
How to extract: Download the ZIP package and extract to a folder of your choice. Delete AddToShell.reg and RemoveFromShell.reg. Launch pestudio.exe.
Similar/alternative apps: PPEE, PE Anatomist
What's new?
  • Add Sections > Characteristics field.
  • Show Relocations and Exceptions.
  • Extend support of MUI files.
  • Fixed bugs:
    • When retrieving executable hidden in data section;
    • About > Check update;
    • GUID pdb.
Latest comments
Midas on 2017-11-26 19:37

Like noted elsewhere, unless significant for the comment exchange, program changelogs are best posted to the forum topic (or entered at the appropriate field), my dear _phillipe. B-)

__philippe on 2017-11-26 21:39

All righty,... next time round,

the undersigned hereby pledge to abide by the recommendations, protocols,
procedures and regulations set forth by my Right Honourable Friend Midas,
the Member for TPFC's constituency,... cross my heart and hope to die... ;-)

__philippe

Special on 2019-09-14 18:16

Looks like with 8.98 they've removed even more features from the previous 9.87 free version (detect well-known whitelisted libraries/blacklisted resources), funny they don't mention that in the changelog.

See all

MiTeC EXE Explorer v2.8.0 Updated

billon on 18 Sep 2020
  • 3MB (uncompressed)
  • Released on 18 Sep 2020
  • Suggested by juvera

MiTeC EXE Explorer reads and displays executable file properties and structure. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable) and VxD (Windows 9x Virtual Device Driver) file types, as well as .NET executables.

The program identify compiler and packer/protector, enumerates introduced classes, used units and forms for files compiled by Borland compilers. It contains powerfull Resource Viewer that is able to abalyze and display all basic resouce types and some extra ones as JPEG, PNG, GIF, AVI, REGISTRY and Type Library viewer that enumerates all objects and creates import interface unit in Object Pascal language. Every type of resource can be saved to file.

Program data can be output to a text report.

Category:
Runs on: WinXP / Vista / Win7 / Win8 / Win10
Writes settings to: If "File | Persistent Layout" option is enabled, an INI file will be written to '%APPDATA%\MITEC\EXE Explorer'. Also writes to the Registry when "File | Shell Integration" is enabled (saved to 'HKLM\SOFTWARE\Classes\*\shell\EXE Explorer').
Stealth: ? Yes. But only without persistent layout or shell integration; otherwise see "Writes settings to" above.
Unicode support: Yes
License: Freeware
How to extract: Download the ZIP package and extract to a folder of your choice. Launch EXE.exe or EXE64.exe (for 64-bit OS).
Similar/alternative apps: PPEE, PE Anatomist, pestudio
What's new?
  • Executable description.
  • Overlay data type detection.
  • Advanced Installer detection.
  • StarForce protection detection.
  • WinZip installer detection.
  • Rich header table detection enhanced.
  • Debug information type detection enhanced.
  • Load Config detection enhanced.
  • Nested certificates enumeration added
Latest comments
CornHolio the Gringo on 2018-02-06 16:27

All MiTeC software that I use, writes to registry.
MiTeC HexEdit 6.1.0
MiTeC Icon Explorer 4.2.0
MiTeC Mail Viewer 2.3.0
MiTeC Network Scanner 4.0

Therefore Ive used JauntePE060Nightly to make it true stealth.

Add comment

PE Anatomist v0.1.17 Updated

billon on 10 Sep 2020
  • 378KB (uncompressed)
  • Released on 10 Sep 2020
  • Suggested by billon

PE Anatomist shows almost all known data structures inside a PE file and makes some analytics.

Category:
Runs on: WinXP / Vista / Win7 / Win8 / Win10
Writes settings to: Application folder
Stealth: ? Yes
Unicode support: Yes
License: MIT License
How to extract: Download the ZIP package and extract to a folder of your choice. Launch PEAnatomist.exe.
Similar/alternative apps: PPEE, MiTeC EXE Explorer, pestudio
What's new? See:
https://rammerlabs.alidml.ru/changelog-eng.html
Latest comments
__philippe on 2019-12-28 12:07

PE Anatomist changelog history:

https://rammerlabs.alidml.ru/changelog-eng.html

Add comment

Resource Hacker v5.1.7

billon on 3 Jan 2019

Resource Hacker is an utility to view, modify, rename, add, delete and extract resources in 32-bit and 64-bit Windows executables and resource files (*.res). The program can modify program icons as they appear in the taskbar, Start Menu and Desktop, among many other things.

It incorporates an internal resource script compiler and decompiler.

Category:
Runs on: Win2K / WinXP / Vista / Win7 / Win8 / Win10
Writes settings to: Application folder
Stealth: ? Yes
Unicode support: Yes
License: Freeware
How to extract: Download the ZIP package and extract to a folder of your choice. Launch ResourceHacker.exe.
What's new?
  • Fixed broken Accelerator compiling.
Latest comments
rbon on 2016-10-06 12:05

Resource Hacker version 4.4.26 released at October 6, 2016.
What's New in this ver. 4.4.26:
- Bugfix: The toolbar state wasn't being preserved between sessions
- Bugfix: Minor bug decompiling some version info resources
Downloads:
- Setup executable: http://www.angusj.com/resourcehacker/reshacker_setup.exe
- 'Portable' zip file: http://www.angusj.com/resourcehacker/resource_hacker.zip

MIKLO on 2016-10-09 14:10

Have been using for quite some time and really like this program. Thanks for a good program.
MIKLO

rbon on 2016-10-15 12:20

Resource Hacker new Beta in 'Portable' zip format.
Changes in 4.5.28
- Update: Numerous changes and improvements to command line support.
- Update: Filenames in resource scripts are no longer required to be enclosed within double quotes unless they contain
spaces.
- 'Portable' zip file: http://www.angusj.com/resourcehacker/resource_hacker_beta.zip

See all

PPEE v1.12

billon on 27 Dec 2019
  • 1MB (uncompressed)
  • Released on 17 Aug 2018
  • Suggested by billon

PPEE (Professional PE file Explorer) allows analysis of malformed and crafted PE files, making it handy for reverse-engineering, malware researchers and more. The program includes PE Export, Import, Resource, Exception, Certificate (relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR.

The program includes a HEX editor and supports Virustotal and OPSWAT's Metadefender query reports.

Category:
Runs on: WinXP / Vista / Win7 / Win8 / Win10 / Wine
Writes settings to: Application folder
Unicode support: Yes
License: Freeware
How to extract: Download the ZIP package and extract to a folder of your choice. Delete Plugin folder. Launch PPEE.exe.
Similar/alternative apps: pestudio, MiTeC EXE Explorer
What's new?
  • Rich Header supported (experimental).
  • Resolve ordinal to name in imported APIs.
  • Added:
    • Filter/Search box for listview;
    • PE type icon in statusbar;
    • SHA256 and ImpHash in FileInfo plugin.
  • .ini file converted to UTF.
  • Bugfixes.
Latest comments
smaragdus on 2018-04-12 09:27

@doctor__philippe
What other kind of maladies do you cure? Or only software ones?

__philippe on 2018-04-12 17:50

Now that you mention it, I have been known to cure images hosting service broken links...;-)
https://www.portablefreeware.com/forums/viewtopic.php?p=89747#p89747

smaragdus on 2018-04-13 00:12

@@doctor__philippe
Thanks for the new cure!

See all