|
Your download link is at the very bottom of the page... always. |
Processed through Paypal No account required. Donate Bitcoin to this wallet: 1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm Donate Ethereum to this wallet: 0x40E56922F43637224935CDC35e2c96E0392A8505 Donate Litecoin to this wallet: LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL |
Home » OlderGeeks.com Freeware Downloads » Anti-Virus, Anti-Malware, Security Utilities » Malware Diagnostic Tools » PEAnatomist v0.2 | File - Download PEAnatomist v0.2 | ||||||||
| Description | ||||||||
|
Always scroll to the bottom of the page for the main download link. We don't believe in fake/misleading download buttons and tricks. The link is always in the same place. PEAnatomist v0.2 Want to look inside PE format? The free PEAnatomist utility supports almost all known and some undocumented structures inside MS PortableExecutable files (EXE, DLL, SYS and the like), LIB files and object files in COFF, MSVC CxxIL and ExtendedObj formats, and also performs simple analysis of the received data.  File Formats PE32 PE32+ COFF Object MSVC IntermediateLanguage AnonCOFF Object File (MSVC CxxIL) AnonCOFF ExtendedObj Objects Library PE Image Architectures Intel x86 AMD64 ARM7 ARM7 Thumb ARM8-64 Intel IA64 CHPE (x86 on ARM) ARM64X (x64 on ARM64) A little of supported headers and data structures PE: IMAGE_DOS_HEADER, IMAGE_FILE_HEADER, IMAGE_OPTIONAL_HEADER, IMAGE_OPTIONAL_HEADER64 and the DataDirectories List with additional information about some fields PE: Table of COFF symbols PE: Sections table, supporting long section names (via symbols table) and entropy calculating PE: Import table (supports MS-styled names demangling) PE: Bound Import Table PE: Delayed Import Table PE: Export Table with additional info PE: Resource Table with additional info about different resource types and detailed view for all types PE: Base Relocation Table. Target address determining and interpretation available for all supporting architectures. It detects imports, delayed imports, exports, tables from loadconfig directory, ANSI and UNICODE strings. PE: Brief info about PE Authenticode Signature PE: LoadConfig Directory with SEH, GFID, decoded CFG bitmap, GIAT, CFG LongJumps, CHPE Metadata, ARM64X Metadata, Dynamic Value Reloc Table, Enclave Configuration, Volatile Metadata, CFG Eh Continuations tables parsing and additional information about some fields PE: Debug Directory. It parses contents of CODEVIEW, POGO, VC FEATURE, REPRO, FPO, EXDLL CHARACTERISTICS, SPGO debug types PE: TLS config and callbacks table with additional information about some fields PE: Exceptions Data Table. x64 (including version 2 with EPILOG unwind codes), arm, arm64, ia64 architectures are support, as well as chain of unwind data for x64, language-specific handler data (C Scope, C++ FuncInfo, C++ EH4, C++ DWARF LSDA) and hexadecimal view of unwind data PE: COM Descriptor directory pasring: headers, tables and metadata info available. Some of NGEN and ReadyToRun headers are also included PE: Decode Rich signature indicating the tool used, the action being taken, the full version of the tool, and the version of VisualStudio to which the tool belongs PE: IAT table contents PE: VB5 and VB6 typical structures: project info, DLLCall-imports, referenced modules, object table PE: Detecting an ANSI and Unicode encoded strings PE: Plotting entropy OBJ: IMAGE_FILE_HEADER, ANON_OBJECT_HEADER, ANON_OBJECT_HEADER_V2, IMPORT_OBJECT_HEADER OBJ: COFF symbol table with decoding @comp.id and @feat.00, as well as auxiliary symbols OBJ: Section table and relocations for the selected section OBJ: Exceptions Data Table. x64 (including version 2 with EPILOG unwind codes), arm, arm64, ia64 architectures are support, as well as chain of unwind data for x64 OBJ: Functions xFG-hash values table OBJ: Table of CodeView Debug Symbols OBJ: Table of CodeView Types OBJ: Table of MSVC CxxIL Types (.cil$db) OBJ: Table of MSVC CxxIL Global Symbols (.cil$gl) OBJ: Table of MSVC CxxIL Local Symbols (.cil$sy) LIB: List of archive members LIB: The first and second (if available) linker members LIB: Summary table of import elements IMPORT_OBJECT_HEADER, if any ZIP-file hash: MD5: 3287A771F15CBC113A8F1D1134CD67CB SHA1: C9AA837BEB5861D732979871D1119D301CC8167B SHA256: 21DEEFE5ED39D6D5193208CF674377AB01793A19895F7E65078B33F919E6135D This tool was designed to be used with: Windows XP SP3 (x86), Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11, ReactOS 0.4 and newer The new version highlights A rare error of out-of-border reading was eliminated during recognition of the exception handler kind in some PE files The error of out-of-border access in some distorted PE has been eliminated for the IMAGE_DIRECTORY_ENTRY_DEBUG parsing and the dotnet metadata header handling Changes: 0.2.10712.2124 (2022-07-12) 10701.2342: A rare error of out-of-border reading was eliminated during recognition of the exception handler kind in some PE files 10703.0012: The error of out-of-border access in some distorted PE has been eliminated for the IMAGE_DIRECTORY_ENTRY_DEBUG parsing 10703.0047: The error of out-of-border access in some distorted PE has been eliminated for the dotnet metadata header handling       Click here to visit the author's website. Continue below for the main download link. |
||||||||
| Downloads | Views | Developer | Last Update | Version | Size | Type | Rank | |
| 3,090 | 6,240 | RamMerLabs <img src="https://www.oldergeeks.com/downloads/gallery/thumbs/PEAnatomist7_th.png"border="0"> | Sep 06, 2022 - 10:28 | 0.2.10712.2124 | 205.8KB | ZIP |  , out of 28 Votes. |
|
| File Tags | ||||||||
| v0.2 PEAnatomist | ||||||||
Click to Rate File Share it on Twitter → Tweet
|
