Want to Join Us ?

you'll be able to discuss, share and send private messages.

NEW RogueKillerPE Explore any executable file internals by TigzyRK

Discussion in 'Tools of the Trade.' started by storm shadow, Nov 17, 2015.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    RogueKillerPE is a PE parsing tool, able to show internal structure of executable files. It’s able to open either the memory image (process module) or the disk image (filesystem) of the same executable.
    This software is currently in early alpha stage.

    RogueKillerPE can parse PE (Portable Executable) files, and display the following:
    • Open PE from file, and read disk image
    • Open PE from process, and read memory or disk image
    • Display basic information regarding Process (if any), Module (if any), File
    • Display Pages from process’s memory
    • Display Hex code
    • Display PE Headers
    • Display PE Sections
    • Display PE Imports
    • Display PE Exports
    • Display PE Resources (parses and shows images, strings, XML in a user-friendly way)

    Download

    Download

    14 Mb 98

    User guide

    Start the tool.
    Starting from here, you can either load processes list and inspect process memory or file, or open a file on disk.
    Once opened, an item is parsed and will display all internal structures of the selected PE (Portable Executable) file.

    Roadmap

    We have open our trello board, feel free to leave comment and vote for features: https://trello.com/b/sWcd0epv/roguekillerpe

    Screenshots


    [​IMG]

     
    m4n0w4r and Rip Cord like this.
Top