Thread: PE Anatomist
View Single Post
Old 02-11-2020, 00:19
Abaddon Abaddon is offline
Join Date: May 2016
Posts: 40
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 130
Thanks Rcvd at 35 Times in 22 Posts
Abaddon Reputation: 2
Hi RamMerLabs,
It is a nice PE dumper at the moment.
I like how you handle things like RICH signature (not sure if someone documented it, or it is product of your own research? Anw, good job) and certificates.

Lots can be done towards improving it, though i'm not sure if it's your purpose to go towards this direction:

Make it a PE Editor, rather than a dumper (make fields editable).
Add an embedded hexeditor window, to show things like contents of buffers (or certificates).
etc, etc.

Anw, its a nice project, that at least adds something new (to the tools i was accustomed to). Good job.
Reply With Quote