pestudio shows details about applications and other system files (.exe, .dll, .cpl, .ocx, .ax, .sys etc.) without starting them including:
Category: | |
Runs on: | Win2K / WinXP / Vista / Win7 / Win8 / Win10 |
Writes settings to: | Application folder |
Stealth: ? | Yes |
Unicode support: | Yes |
License: | Free for personal use/Liteware |
How to extract: | Download the ZIP package and extract to a folder of your choice. Delete AddToShell.reg and RemoveFromShell.reg. Launch pestudio.exe. |
Similar/alternative apps: | PPEE, PE Anatomist |
What's new? | See: https://www.winitor.com/tools/pestudio/changes.log |
Latest comments |
__philippe
on 2017-11-26 21:39
All righty,... next time round,
Special
on 2019-09-14 18:16
See all
86›
Looks like with 8.98 they've removed even more features from the previous 9.87 free version (detect well-known whitelisted libraries/blacklisted resources), funny they don't mention that in the changelog. |
PEAnatomist shows almost all known data structures inside a PE file and makes some analytics.
Current version provides an entropy histogram possibly handy for cursory PE forensics
Category: | |
Runs on: | WinXP / Vista / Win7 / Win8 / Win10 |
Writes settings to: | Application folder |
Stealth: ? | Yes |
Unicode support: | Yes |
License: | MIT License |
How to extract: | Download the ZIP package and extract to a folder of your choice. Launch PEAnatomist.exe. |
Similar/alternative apps: | PPEE, MiTeC EXE Explorer, pestudio |
What's new? | See: https://rammerlabs.alidml.ru/changelog-eng.html |
Latest comments |
__philippe
on 2019-12-28 12:07
PE Anatomist changelog history:
__philippe
on 2021-11-05 10:42
Add comment
2›
PEanatomist notably includes (since v0.2.4) a colorful byte-level entropy(*) histogram of the file under analysis, possibly handy for inquiring minds dabbling in PE forensics ? |
DataProtectionDecryptor allows you to decrypt passwords and other information encrypted by the DPAPI (Data Protection API) system of Windows operating system, such as passwords of Microsoft Outlook accounts, credentials files of Windows, wireless network keys, passwords in some versions of Internet Explorer, passwords and cookies of Chrome Web browser.
Category: | |
Runs on: | WinXP / Vista / Win7 / Win8 / Win10 |
Writes settings to: | Application folder |
License: | Freeware |
How to extract: | Download the ZIP package and extract to a folder of your choice. Launch DataProtectionDecryptor.exe. |
Similar/alternative apps: | EncryptedRegView |
What's new? |
|
Windows File Analyzer decodes and analyzes to provide cached information for forensic analysis. Includes a tabbed interface with a multiple-document window and horizontal/vertical/cascade view settings. Analysis results can be printed in user-friendly form. The program includes a variety of analysis tools useful for seeing how much information your computer leaves behind that could represent a privacy risk or for trying to detect nefarious activity.
Features include thumbnail viewers available for Windows XP, ACDSee, Google Picasa, FastStone Viewer, and HP Digital Imaging files, displaying content with stored data and image preview. A Prefetch Analyzer looks at recent programs run and stored in the Prefetch folder while the Shortcut Analyzer for all shortcut files in specified folder and data stored in them. An Index.DAT Analyzer looks at Internet Explorer cookies, temporary files or history while a Recycle Bin decoding tool displays Info2 files that hold recycle bin content (Win2k and XP only).
A PDF-format help file is available from the author website.
Category: | |
Runs on: | Win2K / WinXP / Vista / Win7 / Win8 / Win10 |
Writes settings to: | None |
Unicode support: | Yes |
License: | Free for personal use |
How to extract: | Download the ZIP package and extract to a folder of your choice. Launch WFA.exe. |
What's new? |
|
Latest comments |
__philippe
on 2013-07-08 20:53
Categories classification:
AndTheWolf
on 2021-06-18 12:36
Add comment
2›
Now at version 2.9.0 (The download link at the site is still labeled "MiTeC Windows File Analyzer 2.8.0", but the executable within the zip file shows as 2.9.0) |
PPEE (Professional PE file Explorer) allows analysis of malformed and crafted PE files, making it handy for reverse-engineering, malware researchers and more. The program includes PE Export, Import, Resource, Exception, Certificate (relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR.
The program includes a HEX editor and supports Virustotal and OPSWAT's Metadefender query reports.
Category: | |
Runs on: | WinXP / Vista / Win7 / Win8 / Win10 / Wine |
Writes settings to: | Application folder |
Unicode support: | Yes |
License: | Freeware |
How to extract: | Download the ZIP package and extract to a folder of your choice. Delete Plugin folder. Launch PPEE.exe. |
Similar/alternative apps: | pestudio, MiTeC EXE Explorer |
What's new? |
|
Latest comments |
smaragdus
on 2018-04-12 09:27
@doctor__philippe
__philippe
on 2018-04-12 17:50
See all
16›
Now that you mention it, I have been known to cure images hosting service broken links...;-) |