EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-31-2018, 01:19
Jupiter Jupiter is offline
Lo*eXeTools*rd
 
Join Date: Jan 2005
Location: Moscow, Russia
Posts: 173
Rept. Given: 23
Rept. Rcvd 53 Times in 30 Posts
Thanks Given: 4
Thanks Rcvd at 55 Times in 13 Posts
Jupiter Reputation: 53
Lightbulb PE Tools 1.9

Meet the new release of good old-fashioned PE Tools

It's been years since NEOx released latest public version of PE Tools in 2006, so you may have decided that PET is already dead, but it came back from the dead for a while in 2018!

Official Announce

Principal Changes

Fixes

Primarily, new release is about bug fixes. There are lot of things fixed including memory leaks and program logic. Be warned, sometimes new bugs are replacing old ones, but we had worked hard to bring you bug-free release without introducing new bugs (we really hope so).

New Features

Some nice new features are added to make your experience more visible and comfortable:
  • Brand new Entropy View (approximately detect packing status, presence of encrypted data) with two modes: Curve and Histogram;
  • New disassembler engine (previously it was CADt by Ms-Rem, then Mediana by mika0x65 and now it's diStorm by Gil Dabah) has now resulted in x86-64 (64 bit) disasm in addition to x86 (32 bit);
  • Load Config Directory (`IMAGE_LOAD_CONFIG_DIRECTORY`) support with new additional values and sizes (non-standard sizes);
  • Display of Structured Exception Handlers in Config directory;
  • Certificates (Security Directory) removal (with all certificates);
  • File System Redirector (Windows-on-Windows, WoW) support;
  • Edit functionality in hex-editor;
  • Correct process list display in modern OS;
  • Display x86-64 (64 bit) processes in process list;
  • DLL Characteristics dialog;
  • PE Sniffer (Signs.txt) are translated to PEiD format.

A whole bunch of small but useful features
  • Link files support (.lnk);
  • Debug directory info: PDB name, GUID, POGO types, VC types;
  • Disasm call/jmp direction (up / down relative to current offset);
  • Copy and Save menus in disasm and hex-editor dialogs;
  • Copy options in hex-editor: C source, Editor display, hex values (raw bytes);
  • Shortcuts in Copy menu in hex-editor;
  • Fill Block dialog in в hex-editor: fill with values; XOR, OR, AND, NOT operations supported;
  • Sections Editor shows zero-based section number (useful with files with many unnamed sections);
  • Default action for double click: opening corresponding dialogs without context menu by default;
  • Values `OperatingSystemVersion` and `SubsystemVersion` are automatically updated to conform maximum number of sections for specific OS when increasing number of sections;
  • Correct calculation and fix of certain header sizes;
  • Detection of many int3 opcodes to interrupt fast disasm;
  • Correct relocation table removal with fix of corresponding flags;
  • Serious bugs fixed in File Location Calculator (FLC);
  • Import adder: fixed library name truncation bug;
  • Auto close of Admin privilege warning.

Get high

High-DPI display modes supported including 192 DPI:
  • DPI modes supported and tested: 96, 120, 144, 192
  • Graphics redrawn:
  • Main Application Icon
  • Logo
  • Toolbar icons

Cleanup

Outdated and unnecessary features removed:
  • Old update system removed;
  • Plugins removed (old plugins had very basic API set with only 2 functions);
  • Number of external libraries reduced;
  • Modules with similar functionality merged.

Other changes

Full list of changes:
HISTORY

Many other small things are fixed or added (not all are listed), so it's a good way to study new features by downloading new release.


Links

Project site on Github:
petoolse.github.io/petools

PE Tools project news:
@petoolse


DOWNLOAD

github.com/petoolse/petools/releases

--
  • Jupiter
  • PainteR

2018.03.30
Attached Images
File Type: gif PETools-Screens-Entropy.gif (170.0 KB, 13 views)
__________________
EnJoy!

Last edited by Jupiter; 03-31-2018 at 02:08.
Reply With Quote
The Following 5 Users Gave Reputation+1 to Jupiter For This Useful Post:
Asus (03-31-2018), chessgod101 (03-31-2018), MarcElBichon (03-31-2018), sendersu (03-31-2018), tonyweb (03-31-2018)
The Following 25 Users Say Thank You to Jupiter For This Useful Post:
an0rma1 (05-31-2018), Asus (03-31-2018), BiMode (03-31-2018), bolo2002 (04-01-2018), CCDebuger (06-27-2018), chessgod101 (03-31-2018), computerline (03-31-2018), FiNALSErAPH (06-04-2018), h4sh3m (03-31-2018), Kameo (05-10-2018), LaDidi (04-05-2018), niculaita (03-31-2018), nikkapedd (04-02-2018), ontryit (03-31-2018), pps44 (03-31-2018), ragdog (04-04-2018), sendersu (03-31-2018), Stingered (03-31-2018), tonyweb (03-31-2018), Turkuaz (04-02-2018), uranus64 (05-31-2018), wilson bibe (03-31-2018), winndy (03-31-2018), WRP (03-31-2018), Zeokat (03-31-2018)
  #2  
Old 05-31-2018, 03:27
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 61
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
Bug:
Pe-Editor -> Sections -> Kill(From File)
- This action should update [PE:50h] field "Image size", but does not do this.
Its IMAGE_OPTIONAL_HEADERxx.ImageSize (IMAGE_OPTIONAL_HEADERxx[38h]).
Old version 1.5 works fine in this case.

--Add--
Resulting "damaged" PE-file can be fixed with Hiew32:
View PE Header(F8) -> Edit(F3) -> Image Size (F3=update).

--Add2--
sendersu, I think this is the same bug.
Plus working with PE-overlay, - discussed


Last edited by dosprog; 05-31-2018 at 04:34.
Reply With Quote
The Following User Says Thank You to dosprog For This Useful Post:
niculaita (05-31-2018)
  #3  
Old 05-31-2018, 03:31
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 817
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 154
Thanks Rcvd at 223 Times in 114 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
another bug is that PETOOLs in case of X.509 cert present is corrupting PE files
Reply With Quote
The Following User Says Thank You to sendersu For This Useful Post:
dosprog (07-02-2018)
Reply

Tags
petools

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 12:44.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX