Want to Join Us ?

you'll be able to discuss, share and send private messages.

PE File by darklich

Discussion in 'Tools of the Trade.' started by storm shadow, Mar 19, 2013.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    This is an intermediate version, with fix to the windows XP problem, I also added support for 64 bit files and getting resources information.
    What does PE stand for:
    PE is Portable Executable, that it the file type that windows base operating system can run, execute.
    Basically a PE can be EXE, DLL (Dynamic Link Library) and SYS (Device Driver) files.
    PEFile is a free command line base tool that will dump any PE base file (exe, dll) and show all kind of header information.
    PEFile Updates March 10, 2013:
    • SHA1 Hash.
    • File Entropy.
    • Overlay Count.
    • NT Offset.
    • File-Overlay.
    • Sections MD5.
    • Sections Entropy.
    • More readable dates parameters.
    • Updated File Resources Information.
    • Tested on coruppted files.
    • And Some Fix Bugs.
    It will give you the following information on the given file:
    • File Name.
    • MD5 Hash.
    • File Attributes.
    • Time Stamp.
    • File Version Info.
    • Header Information.
    • Characteristics information.
    • Dll Characteristics.
    • Data directory sections.
    • Image ConfigInformation.
    • Imported DLL List.
    • Imported functions from the DLL.
    • Stream (ADS) Information.
    • Resource Information.
    Fix Issue:
    • [FIX] Problem with BIG files( test on 100 MB EXE File).
    • [FIX] Not working on windows XP/2003.
    Tested On:
    • Windosw XP SP3
    • Windosw XP SP3 64bit
    • Windows vista
    • Windows 7 64bit
    • Windows 2003
    • Windows 2008 R2 64bit
    New Features:
    • Getting Resource Information
    • Zip file contain 2 files, one for 32 bit and one for 64 bit
    Please Note:
    • This version does not export to XML.