!EPack|packer|!EP(EXE Pack)
!eprot|protector|!EProt
"_!_!_!_|protector|Krypton
.!ep|packer|!EP(EXE Pack)
.00cfg|compiler|Control Flow Guard (CFG) section (added by newer versions of Visual Studio)
.AAWEBS|compiler|Section used by Amiti Antivirus DLLs webspam.dll and webspamwow64.dll
.ASPack|packer|Aspack
.BCPack|protector|Backdoor PE Compress Protector
.BSS|compiler|Uninitialized Data Section
.ByDwing|packer|(Win)Upack
.CLR_UEF|compiler|.CLR Unhandled Exception Handler section
.CRT|compiler|Initialized Data Section (C RunTime)
.CRT|compiler|mingw/cygwin
.DATA|compiler|Data Section
.DalKiT|protector|DalKrypt
.De-vir |packer|NoodleCrypt
.FISHPEP|packer|Fish PE Packer
.FishPE|protector|FishPE Shield
.HOODLUM|pe tool|HOODLUM
.Kaos12|protector|KaOs PE-DLL eXecutable Undetecter
.Kaos2 |protector|KaOs PE-DLL eXecutable Undetecter
.LARP|protector|lARP64
.MPRESS1|packer|MPRESS
.MPRESS2|packer|MPRESS
.MaskPE|packer|MaskPE
.Ncryo |packer|NoodleCrypt
.Np|packer|TTP Pack
.PEDATA|packer|Fish PE Packer
.RLPack|packer|RLPack
.RPCrypt|protector|RPCrypt
.Razor|demo|Razor
.Stone|protector|Stone's PE Encryptor
.TTP|protector|TTprotect
.Themida|protector|Themida
.UPX0|packer|UPX
.UPX1|packer|UPX
.UPX2|packer|UPX
.Upack|packer|(Win)Upack
.WISE|installer|Wise
.WWP32|packer|WWPack32
.WWPACK|packer|WWPACK
.aBc |protector|ABC Cryptor
.adata|packer|Aspack
.adata|protector|ASProtect
.adata|protector|Armadillo
.alex|protector|Alex Protector
.alloy32|protector|Alloy
.apiset|compiler|a section present inside the apisetschema.dll
.arch|compiler|Alpha-architecture section
.aspack|packer|Aspack
.autoload_text|compiler|cygwin/gcc; the Cygwin DLL uses a section to avoid copying certain data on fork.
.avc|protector|AverCryptor
.bedrock|packer|bambam
.bindat|compiler|Binary data (also used by one of the downware installers based on LUA)
.boom|builder|The Boomerang List Builder (config+exe xored with a single byte key 0x77)
.bootdat|compiler|Section that can be found inside Visual Studio files; contains palette entries
.boot|protector|Themida/Winlicense
.bss|compiler|Uninitialized Data Section
.buildid|compiler|gcc/cygwin; Contains debug information (if overlaps with debug directory)
.ccg|protector|PE-Armor
.ccg|packer|CCG Packer (Chinese Packer)
.ccp3p|protector|CrypToCrack Pe Protector
.charmve|tool|Added by the PIN tool
.code|compiler|Code Section
.complua|compiler|Most likely compiled LUA (also used by one of the downware installers based on LUA)
.cormeta|compiler|.CLR Metadata Section
.crtemui|demo|
.cygheap|compiler|mingw/cygwin DEBUG
.cygwin_dll_common|compiler|cygwin section containing flags representing Cygwin’s capabilities; refer to cygwin.sc and wincap.cc inside Cygwin run-time
.data1|compiler|Data Section
.data2|compiler|Data Section
.data3|compiler|Data Section
.data_cygwin_nocopy|compiler|cygwin
.data|compiler|Data Section
.debug$F|compiler|Debug info Section (Visual C++ version < 7.0)
.debug$F|compiler|mingw/cygwin
.debug$P|compiler|Debug info Section (Visual C++ debug information/compiler/precompiled information)
.debug$S|compiler|Debug info Section (Visual C++ debug information/compiler/precompiled information)
.debug$S|compiler|mingw/cygwin
.debug$T|compiler|Debug info Section (Visual C++ debug information/compiler/precompiled information)
.debug$T|compiler|mingw/cygwin
.debug_abbrev|compiler|mingw/cygwin DEBUG
.debug_aranges|compiler|mingw/cygwin DEBUG
.debug_frame|compiler|mingw/cygwin DEBUG
.debug_info|compiler|mingw/cygwin DEBUG
.debug_line|compiler|mingw/cygwin DEBUG
.debug_loc|compiler|mingw/cygwin DEBUG
.debug_macinfo|compiler|mingw/cygwin DEBUG
.debug_pubnames|compiler|mingw/cygwin DEBUG
.debug_ranges|compiler|mingw/cygwin DEBUG
.debug_str|compiler|mingw/cygwin DEBUG
.debug|compiler|Debug info Section
.decode|packer|MEW10
.delete|demo|
.depack|packer|dePack
.didata|compiler|Delay Import Section
.didat|compiler|Delay Import Section
.dotfix|protector|DotFix Nice Protect
.drectve|compiler|Directive section (temporary|demo|linker removes it after processing it
.drectve|compiler|mingw/cygwin
.dswlab|pe tool|VMUnpacker
.dyamarC|protector|DYAMAR
.dyamarD|protector|DYAMAR
.ecode|compiler|Built with EPL
.edata|compiler|Built with EPL
.edata|compiler|Export Data Section
.edata|compiler|mingw/cygwin
.eh_frame|compiler|mingw/cygwin
.eh_fram|compiler|gcc/cygwin; Exception Handler Frame section
.endjunk|compiler|mingw/cygwin
.enigma1|protector|Enigma Virtual Box
.enigma2|protector|Enigma Virtual Box
.ex_cod|protector|eXPressor
.ex_rsc|protector|eXPressor
.exc|demo|
.export|compiler|Alternative Export Data Section
.fasm|compiler|FASM flat Section
.ficken|protector|PECRYPT32
.fini|compiler|mingw/cygwin
.flat|compiler|FASM flat Section
.g4kcod2|demo|
.g4kcod3|demo|
.g4kcod4|demo|
.g4kcoda|demo|
.g4kcodb|demo|
.g4kcodc|demo|
.g4kcodd|demo|
.g4kcodf|demo|
.g4kcodg|demo|
.g4kcodh|demo|
.g4kcodi|demo|
.g4kcodj|demo|
.g4kcodk|demo|
.g4kcodl|demo|
.g4kcodp|demo|
.g4kcods|demo|
.g4kcodw|demo|
.g4kcodx|demo|
.g4kcody|demo|
.g4kcodz|demo|
.g4kdat1|demo|
.g4kdat2|demo|
.g4kmuc1|demo|
.g4kmuc2|demo|
.g4kmuc3|demo|
.g4kmuc4|demo|
.g4kmuc5|demo|
.gcc_except_table|compiler|mingw/cygwin
.gcc_exc|compiler|mingw/cygwin
.gentee|installer|Gentee Installer
.gfids|compiler|section added by new Visual Studio (14.0)
.giats|compiler|section added by new Visual Studio (14.0)
.gljmp|compiler|section added by new Visual Studio (14.0)
.glue_7t|compiler|ARMv7 core glue functions (thumb mode)
.glue_7t|compiler|mingw/cygwin
.glue_7|compiler|ARMv7 core glue functions (32-bit ARM mode)
.glue_7|compiler|mingw/cygwin
.guruX|protector|G!X Protector
.icon|demo|possibly an icon resource
.idata |protector|Xtreme-Protector
.idata$2|compiler|mingw/cygwin
.idata$3|compiler|mingw/cygwin
.idata$4|compiler|mingw/cygwin
.idata$5|compiler|mingw/cygwin
.idata$6|compiler|mingw/cygwin
.idata$7|compiler|mingw/cygwin
.idata|compiler|Initialized Data Section (Borland)
.idata|compiler|mingw/cygwin
.idlsym|compiler|IDL Attributes (registered SEH)
.impdata|compiler|Alternative Import data section
.imports|protector|Themida/Winlicense
.import|compiler|Alternative Import data section
.imrsiv|tool|special section used for applications that can be loaded to OS desktop bands.
.inq|protector|Inquartos Obfuscator
.intro|demo|
.itext|compiler|Code Section (Borland)
.jdpack|packer|JDPack
.jedata|compiler|Excelsior JET
.jidata|compiler|Excelsior JET
.loadcon|protector|Themida/Winlicense
.load|demo|
.mackt|tool|ImpRec-created section
.mnbvcx1|loader|Most likely associated with Firseria PUP downloaders
.mnbvcx2|loader|Most likely associated with Firseria PUP downloaders
.mslrh|protector|MSLRH
.mydata|demo|
.n-coder|protector|N-Code
.nPack|packer|nPack
.nah|protector|Morphnah
.naked1|packer|NakedPacker
.naked2|packer|NakedPacker
.ndata|installer|Nullsoft Installer section
.neolite|packer|NeoLite
.neolit|packer|NeoLite
.nos|packer|NOS Installer
.nsp0|packer|NsPack
.nsp1|packer|NsPack
.nsp2|packer|NsPack
.orpc|compiler|Code section inside rpcrt4.dll
.packed|packer|RLPack
.packed|packer|Unknown Packer
.pdata|compiler|Exception Handling Functions Section (PDATA records)
.perplex|protector|ACProtect
.perplex|protector|Perplex
.petite|packer|Petite
.pe|demo|possibly PE file
.pinclie|tool|Added by the PIN tool
.pklstb|demo|
.profile|tool|NightHawk C2 framework (by MDSec)
.ps4|protector|StarForce
.qtmetad|library|Qt
.rdata|compiler|Read-only initialized Data Section (MS and Borland)
.reacto|protector|.NET Reactor
.relo2|demo|
.reloc|compiler|Relocations Section
.rlp|packer|RLP
.rmnet|virus|Ramnit virus marker
.rodata|compiler|Read-only Data Section
.rsrc A|demo|Possibly variant of resource section
.rsrc|compiler|Resource section
.sCe!05|demo|Scienide group
.sbss|compiler|GP-relative Uninitialized Data Section
.scpack|packer|SC P
Detect It Easy(DIE.exe win64)查壳工具免费
需积分: 0 20 浏览量
更新于2023-01-20
1
收藏 19.4MB ZIP 举报
Detect It Easy(DIE)是一款深受逆向工程师和安全研究人员喜爱的查壳工具,尤其其win64版本专为64位Windows系统设计。DIE的主要功能在于帮助用户检测和分析可执行文件(如PE文件)的保护层,即所谓的“壳”。在计算机安全领域,壳通常被用于隐藏恶意代码,使反病毒软件难以检测。DIE能够快速识别出这些保护机制,包括但不限于UPX、ASProtect、VMProtect等常见的壳。
DIE.exe本身是一个便携式应用,无需安装即可直接运行。操作简便,用户只需将待检测的文件拖放到DIE.exe上,程序便会自动分析并显示出关于该文件的各种详细信息,包括文件头、节区、导出和导入表、资源、证书以及可能存在的壳信息。这种直观的拖放界面使得即使是初学者也能轻松上手。
在提供的压缩包文件中,我们看到包含了一些Qt库的动态链接库(DLL)文件,如Qt5Gui.dll、Qt5Core.dll和Qt5Widgets.dll等。这些是Qt框架的核心组件,用于构建图形用户界面和实现应用程序的基本功能。Qt5Network.dll则负责网络通信,Qt5Script.dll支持脚本语言执行,而Qt5ScriptTools.dll可能与Qt的脚本工具或调试有关。此外,libcrypto-1_1-x64.dll和libssl-1_1-x64.dll是OpenSSL库的64位版本,用于加密和安全通信,msvcp140.dll则是Microsoft Visual C++运行时库的一部分,用于支持C++程序的运行。Qt5Svg.dll则用于处理SVG(Scalable Vector Graphics)格式的图像。
在逆向工程中,理解这些库的作用至关重要,因为它们可能与目标程序的行为和功能紧密相关。例如,如果一个恶意软件使用了Qt库来创建界面,逆向工程师就需要了解Qt的API调用来分析其行为。同样,OpenSSL库的存在可能表明程序涉及敏感数据传输,逆向过程中需要特别关注加密算法和解密过程。
Detect It Easy作为一个强大的查壳工具,结合对压缩包内库文件的深入理解,可以为逆向工程提供有力的支持,帮助安全专家揭示隐藏在复杂程序背后的真相。无论是为了研究恶意软件,还是进行软件逆向工程,DIE都是不可或缺的工具之一。
Detect It Easy(DIE.exe win64)查壳工具免费 (1614个子文件) 
_init 4KB _init 1KB _init 1KB _init 78B _init 52B _init 51B _init 51B _init 50B _init 50B _init 50B ACE 2KB archive 1KB arj 2KB Borland 2KB Cab 2KB CurIcoBPP 469B crypto.db 2.94MB Qt5Gui.dll 6.68MB Qt5Core.dll 5.74MB Qt5Widgets.dll 5.24MB libcrypto-1_1-x64.dll 2.58MB qwindows.dll 1.41MB qsqlite.dll 1.35MB Qt5Network.dll 1.28MB Qt5Script.dll 1.19MB libssl-1_1-x64.dll 629KB Qt5ScriptTools.dll 556KB msvcp140.dll 553KB qjpeg.dll 411KB qtiff.dll 381KB Qt5Svg.dll 323KB Qt5OpenGL.dll 313KB Qt5Sql.dll 204KB vcruntime140.dll 96KB qgif.dll 38KB qico.dll 37KB vcruntime140_1.dll 36KB msvcp140_1.dll 23KB duration 441B
die.exe 11.25MB diel.exe 1.34MB diec.exe 1.05MB FASM 480B FPC 307B
QT.html 2KB MPRESS.html 2KB polink.html 2KB Wine.html 1KB HTML.html 1KB PKLITE32.html 1KB 7-Zip.html 1019B Go.html 1019B Guitar Pro.html 1011B Carbon.html 984B SafeNet Sentinel LDK.html 898B python.html 825B Microsoft Visual C_C++.html 817B Microsoft Visual C++.html 817B RTF.html 815B Nullsoft Scriptable Install System.html 804B SDL.html 785B Xojo.html 744B RosASM.html 732B aPACK.html 725B Obsidium.html 713B Oracle Solaris Studio.html 695B Cocoa.html 682B _NET.html 680B Microsoft Compiled HTML Help.html 654B DeepSea.html 640B IntelliProtector.html 627B GLIBC.html 601B Visual Basic.html 594B FASM.html 561B pdb.html 543B Free Pascal.html 522B MASM32.html 512B Agile .NET.html 459B GNU linker ld (GNU Binutils).html 429B MFC.html 426B ISO 9660.html 395B (Win)Upack.html 389B Borland Delphi.html 388B Petite.html 388B gcc.html 387B Enigma Virtual Box.html 383B Pascal.html 372B AutoIt.html 365B Denuvo protector.html 351B XML.html 338B HP C++.html 309B Excelsior JET.html 306B ARJ.html 302B VMProtect.html 289B Watcom.html 270B _NET Reactor.html 226B Inno Setup Module.html 226B FDM Installer.html 213B Embarcadero Delphi.html 213B UPX.html 189B共 1614 条
- 1
- 2
- 3
- 4
- 5
- 6
- 17
5星 · 资源好评率100%2022-06-17 上传
2022-06-17 上传
5星 · 资源好评率100%187 浏览量
184 浏览量
163 浏览量
2023-12-23 上传
2020-05-15 上传
2021-07-05 上传
2014-06-25 上传
2023-11-24 上传
115 浏览量
2021-06-23 上传
资源评论
OrientalGlass
- 粉丝: 252
- 资源: 6
最新资源
- 处理定时器和消息的队列.7z
- 基于netty3.5的游戏服务器端框架 消息封装,编解码结构提供扩展,请求消息队列处理,基于protobuf的实例已经完成.7z
- 一个服务器处理框架,包括 协议处理,消息处理,持久层数据处理.7z
- matlab实现粒子群算法综合线阵低副瓣方向图设计-粒子群算法-天线阵列-PSO算法-matlab
- 动态规划算法详解及应用实例分析
- fscan一款内网资产排查工具提高工作效率
- 800高压脱泡机.STEP全套设计资料100%好用.zip
- 动态规划算法详解及Python代码实现
- 50kg双向单立柱堆垛机step全套设计资料100%好用.zip
- BBR12包装机卷包机热熔编带机sw12可编辑+cad全套设计资料100%好用.zip
- SQLAlchemy 基础用法完整示例
- X射线平板探测器架车step全套设计资料100%好用.zip
- TE-桁架机械手sw12全套设计资料100%好用.zip
- Z2021-4-顶升移栽机sw18可编辑全套设计资料100%好用.zip
- 2024注册测绘师《综合能力》讲义-第3章-工程测量(3)城乡规划与建筑工程测量.pdf
- 点胶贴合机step全套设计资料100%好用.zip
