PE iDentifier v0.92 by snaker, Qwerton & Jibz
---------------------------------------------
PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 450 different signatures in PE files.
PEiD is special in some aspects when compared to other identifiers already out there!
1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown files.
4. Shell integration, Command line support, Always on top and Drag'n'Drop capabilities.
5. Multiple file and directory scanning with recursion.
6. Task viewer and controller.
7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
8. Extra scanning techniques used for even better detections.
9. Heuristic Scanning options.
10. New PE details, Imports, Exports and TLS viewers
11. New built in quick disassembler.
12. New built in hex viewer.
13. External signature interface which can be updated by the user.
There are 3 different and unique scanning modes in PEiD.
The *Normal Mode* scans the PE files at their Entry Point for all documented signatures. This is what all other identifiers also do.
The *Deep Mode* scans the PE file's Entry Point containing section for all the documented signatures. This ensures detection of around 80% of modified and scrambled files.
The *Hardcore Mode* does a complete scan of the entire PE file for the documented signatures. You should use this mode as a last option as the small signatures often tend to occur a lot in many files and so erroneous outputs may result.
The scanner's inbuilt scanning techniques have error control methods which generally ensure correct outputs even if the last mode is chosen. The first two methods produce almost instantaneous outputs but the last method is a bit slow due to obvious reasons!
Command line Options
--------------------
PEiD now fully supports commandline parameters.
peid -time // Show statistic before quitting
peid -r // Recurse through subdirectories
peid -nr // Dont scan subdirectories even if its set
peid -hard // Scan files in Hardcore Mode
peid -deep // Scan files in Deep Mode
peid -norm // Scan files in Normal Mode
peid -ext // Scan files with external signatures only
peid <file1> <file2> <dir1> <dir2>
You can combine one or more of the parameters.
For example.
peid -hard -time -r c:\windows\system32
peid -time -deep c:\windows\system32\*.dll
Task Viewing / Control Module
-----------------------------
You can scan currently running tasks with PEiD. The files are scanned from memory. Processes can also be terminated. You can also optionally dump a module and scan the dumped image. You can also view all dependant modules of the processes.
Multiple File Scan Module
-------------------------
You can scan multiple files at one go with PEiD. Just drag and drop the files on the PEiD main dialog and the Multiple File Scan Dialog will popup displaying the results. You can keep dragging and dropping files onto this dialog as well. It also offers you to choose from the different scanning modes and optionally load a single file in PEiD. It allows you to skip the non PE files so that the list looks clean. You can also scan the contents of a directory choosing files of custom extension if required. MFS v0.02 now supports recursive directory scanning.
Disassembler Module
-------------------
You can have a quick disassembly of the file loaded in PEiD. Double click to follow JMPs and CALLs and use the Back button to trace back to the original positions. Thanks to Overflow for his code.
Hex Viewer Module
-------------------
You can have a quick hex view of the file loaded in PEiD. A modified version of 16Edit by y0da is used for this purpose.
We intend to update the signatures quite often to keep pace with this ever evolving scene :)
Please report bugs, ideas, new signatures or packer info to
snaker -> snaker@myrealbox.com
Jibz -> mail@ibsensoftware.com
Qwerton -> qwaci@gmx.net
ALL SUGGESTIONS, IDEAS, BUG REPORTS AND CRITICS ARE WELCOME.
History
-------
0.7 Beta -> First public release.
0.8 Public -> Added suport for 40 more packers. OEP finding module. Task viewing/control module.
GUI changes. General signature bug fixes. Multiple File and Directory Scanning module.
0.9 Recode -> Completely recoded from scratch. New Plugin Interface which lets you use extra features.
Added more than 130 new signatures. Fixed many detections and general bugs.
0.91 Reborn -> Recoded everything again. New faster and better scanning engine. New internal signature system.
MFS v0.02 now supports Recursive Scanning. Commandline Parser now updated and more powerful.
Detections fine tuned and newer detections added. Very basic Heuristic scanning.
0.92 Classic -> Added support for external database, independant of internal signatures. Added PE details lister.
Added Import, Export, TLS and Section viewers. Added Disassembler. Added Hex Viewer.
Added ability to use plugins from Multiscan window. Added exporting of Multiscan results.
Added ability to abort MultiScan without loosing results.
Added ability to show process icons in Task Viewer.
Added ability to show modules under a process in Task Viewer. Added some more detections.
Greets
------
Qwerton, Jibz, Asha, CHRiST0PH, uno, DAEMON, MackT, VAG, SAC, Gamumba, SnowP and all the rest at UG2003, Michael Hering, tE!, pusher, {igNo}, CoDE, BaND, Snacker, skamer, HypnZ, ParaBytes, Clansman, BuL-Let, Devine9, innuendo, Corby, cokine, AiRW0lF, fxfighter, GodsJiva, Carpathia, DEATH, artik, r!sc, NoodleSPA, SiR_dReaM, CHoRDLeSS, NeOXQuiCk, un4Giv3n, RZX, LibX and all who helped with PEiD :)
snaker, Jibz, cokine, Iczelion, Clansman, Z-Wing, Unknown One/TMG, PeeWee, DnNuke, sinny/BAFH, all the other nice people in CiA, UG2003 and all of you who helped us develope PEiD. Thanks.
snaker, Qwerton, DAEMON, VaG, Parabytes, bse, f0dder, Stone, Michael Hering, Iczelion, Steve Hutchesson, Eugene Suslikov, and everybody in #unpacking and #compression.
Qwerton - Hope you get time someday again, was nice working with you :)
Jibz - You rock evil friend. Thanks for all your help. It's a pleasure working with you.
Michael Hering - FILE INFO is still the absolute best. Your suggestions rock :)
uG2oo4 - Rise in 2004!
MackT - Thanks for all your help and for ImpREC of course ;)
Unknown One - Spend more time with us :)
BaND - Thanks for all your testing and help.
pusher - Thanks for your help. You're learning fast ;)
Kaparo & Aaron - Thanks for your sites :)
We would also like to thank the *few* people who sent us their comments and feedback about PEiD.
Also greetings to everyone who has supported PEiD till date. Without you this new release would never be possible.
You can check out the PEiD homepage at http://peid.has.it and the PEiD Forums at http://peidforums.has.it
snaker, Qwerton & Jibz Productions
-2004-
windigoice
- 粉丝: 0
- 资源: 1
最新资源
- dbeaver-ce-24.3.1-x86-64-setup.exe
- 国际象棋桌子检测6-YOLO(v5至v9)、COCO、CreateML、Darknet、Paligemma、TFRecord数据集合集.rar
- 某平台广告投入分析与销售预测
- 连接ESP32手表来做验证20241223-140953.pcapng
- 小偏差线性化模型,航空发动机线性化,非线性系统线性化,求解线性系统具体参数,最小二乘拟合 MATLAB Simulink 航空发动机,非线性,线性,非线性系统,线性系统,最小二乘,拟合,小偏差,系统辨
- 好用的Linux终端管理工具,支持自定义多行脚本命令,密码保存、断链续接,SFTP等功能
- Qt源码ModbusTCP 主机客户端通信程序 基于QT5 QWidget, 实现ModbusTCP 主机客户端通信,支持以下功能: 1、支持断线重连 2、通过INI文件配置自定义服务器I
- QGroundControl-installer.exe
- 台球检测40-YOLO(v5至v11)、COCO、CreateML、Paligemma、TFRecord、VOC数据集合集.rar
- 颜色拾取器 for Windows
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈