RogueKillerPE is a PE parsing tool, able to
show internal structure of executable files. It’s able to open either the memory image (process module) or the disk image (filesystem) of the same executable.
This software is currently in early alpha stage.
RogueKillerPE can parse PE (Portable Executable) files, and display the following:
- Open PE from file, and read disk image
- Open PE from process, and read memory or disk image
- Display basic information regarding Process (if any), Module (if any), File
- Display Pages from process’s memory
- Display Hex code
- Display PE Headers
- Display PE Sections
- Display PE Imports
- Display PE Exports
- Display PE Resources (parses and shows images, strings, XML in a user-friendly way)
Download
Download
14 Mb 98
User guide
Start the tool.
Starting from here, you can either l
oad processes list and inspect process memory or file, or
open a file on disk.
Once opened, an item is
parsed and will display all internal structures of the selected PE (Portable Executable) file.
Roadmap
We have open our trello board, feel free to leave comment and vote for features:
https://trello.com/b/sWcd0epv/roguekillerpe
Screenshots
=========================================================
=== ===
=== RogueKillerPE Changelog ===
=== ===
=========================================================
-------------------
- Adlice Software -
-------------------
V1.0.0 alpha 7 11/17/2015
=========================
- added multiple context menus
- added disassembly for imports/exports
- fixed bugs
- added ADS (Alternate Data Streams)
- now disassembly can read whole process memory
V1.0.0 alpha 6 11/13/2015
=========================
- Improved UI responsiveness
- Added more resource types
V1.0.0 alpha 5 11/12/2015
=========================
- Added SHA1
- Added SHA256
- Added CRC32
- Now PE Checksum is verified and compared to calculated one
- Added VirusTotal score and permalink
- Added button to refresh current item
- Fixed bugs in disassembly
V1.0.0 alpha 4 11/11/2015
=========================
- Added disassembly tab
- Fixed imports by ordinal display
- Added Imphash
- Better Packer/Compiler signatures
- Added Hex editor for sections tab
- Now can open file with command line parameter
V1.0.0 alpha 3 11/10/2015
=========================
- Now linked to RogueKiller SDK
- Added resource MD5
- Added resource Size
- Moved resource text helper in the lower part
- Added version checker
- Added Packer/Compiler detection
- Better icons for treeviews
V1.0.0 alpha 2 11/06/2015
=========================
- Added drag-drop support to load a file
- Now processes listing button needs an elevation
V1.0.0 alpha 1 11/06/2015
=========================
- Initial release
