EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #16  
Old 05-14-2018, 10:30
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
PE_OVL.HEM PlugIn for HIEW32

PE_OVL.HEM PlugIn for HIEW32
for Strip/Add/Save/Goto overlay of PE-EXE file.

Logic:
Quote:
If PE-EXE contains the overlay
then select:
-Strip overlay
-Append or replace overlay from file
-Save overlay to file
else
-Append overlay from file
Plugin Actions Menu:
Quote:
Overlay:
- Strip
- Add
- Save
- Goto
See ->Start Post <-



Last edited by dosprog; 06-09-2018 at 15:22.
Reply With Quote
The Following User Says Thank You to dosprog For This Useful Post:
MarcElBichon (05-30-2018)
  #17  
Old 05-14-2018, 15:23
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
Note about using HEM-plugins

Not only everyone(c) knows that you can speed up
the launch of Plug-Ins using the "hemkeys.ini" file.
For example:
Quote:
[HemKeys 7.45]
c: crack
w: pe_rwe
o: pe_ovl
t: pe_tails
h: pe_hints
v: peverify
e: peentrypointhere
a: checksum
g: goto

Last edited by dosprog; 05-29-2018 at 07:19.
Reply With Quote
The Following 2 Users Say Thank You to dosprog For This Useful Post:
an0rma1 (05-18-2018), tonyweb (05-14-2018)
  #18  
Old 05-29-2018, 18:20
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
Goto.HEM - PlugIn for HIEW32

GOTO.HEM - HEM-PlugIn for locate some positions in MZ-PE-EXE file.

Menu available:
Quote:
Goto MZ:
========
MZ relocs
MZ relocs END

Goto PE:
========
MZ Header ...
PE Header
PE Characteristics
PE Directories
PE Directories END
PE Obj Table
PE Obj Table END
PE Overlay
See ->Start Post <-



Last edited by dosprog; 06-09-2018 at 15:23.
Reply With Quote
The Following 4 Users Say Thank You to dosprog For This Useful Post:
kienmanowar (05-30-2018), MarcElBichon (05-30-2018), niculaita (05-30-2018), zeuscane (05-30-2018)
  #19  
Old 06-09-2018, 15:28
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
Updated 5 PlugIns for manipulate with PE-EXE.
(Now if file opened in Hiew is not PE, then PE_xxxx PligIns not listed in Hiew32 PlugIns Menu).

Updated full PlugIns archive.

See ->Start Post <-
Reply With Quote
  #20  
Old 06-12-2018, 11:11
agoo agoo is offline
Friend
 
Join Date: Dec 2014
Posts: 70
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 13
Thanks Rcvd at 1 Time in 1 Post
agoo Reputation: 0
Quote:
Originally Posted by an0rma1 View Post
I found this: https://github.com/lallousx86/pyhiew

And an example able to retrieve results from virustotal: https://github.com/matrosov/pyHiew/blob/master/vt_check.py
Be aware of some malware in this site I found a while ago.
Reply With Quote
  #21  
Old 06-13-2018, 18:11
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 810
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 149
Thanks Rcvd at 217 Times in 111 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
you say malware found @github?
how come... or maybe it started to happen after MS bought GH by 7 500 000 000 usd?
Reply With Quote
  #22  
Old 06-14-2018, 17:42
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
) sendersu, he got little excited
Reply With Quote
  #23  
Old 06-23-2018, 09:54
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
Goto.HEM - PlugIn for HIEW32 (updated)

Goto.HEM - added new option "Goto PE CheckSum".

Menu available:
Quote:
Goto MZ:
========
MZ relocs
MZ relocs END

Goto PE:
========
MZ Header ...
PE Header
PE Characteristics
PE CheckSum <-------NEW OPTION----
PE Directories
PE Directories END
PE Obj Table
PE Obj Table END
PE Overlay
See ->Start Post <-

Last edited by dosprog; 06-27-2018 at 08:00.
Reply With Quote
The Following User Says Thank You to dosprog For This Useful Post:
p4r4d0x (06-27-2018)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 20:19.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX