Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #46  
Old 01-31-2023, 12:57
TQN TQN is offline
VIP
 
Join Date: Apr 2003
Location: Vietnam
Posts: 357
Rept. Given: 143
Rept. Rcvd 24 Times in 13 Posts
Thanks Given: 193
Thanks Rcvd at 158 Times in 50 Posts
TQN Reputation: 24
Check with last version, 0.2.11320.1732
PEAnatomist will crash with DLLs that export API by oridinal when click on Export at tree left
For examples, check with all MFC Dlls: Mfcxxx.dll
And with many other Dlls
Reply With Quote
  #47  
Old 01-31-2023, 19:11
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
There is a new version (0.2.11322.0120) aimed at fixing exactly this error.
I don't always post on the forum about new versions. It will be safer to check for a new version on the program's website or via the RSS feed.

EDIT:

Update 0.2.11401.0000 (2023-02-01):
  • Fixed bug with listing records in dotNet VTableFixups table
  • Fixed handling of WM_CANCELMODE in some dialogs
  • Fixed determining of Cpp EH RVA in IMAGE_LOAD_CONFIG_DIRECTORY.SEHandlerTable table in some cases

Homepage # Changelog # PEAnatomist 0.2

Last edited by RamMerLabs; 02-01-2023 at 05:27.
Reply With Quote
The Following 4 Users Say Thank You to RamMerLabs For This Useful Post:
Abaddon (02-14-2023), ionioni (08-01-2023), TQN (01-31-2023), user_hidden (02-01-2023)
  #48  
Old 03-11-2023, 20:20
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.11511.1500 (2023-03-11):
  • Added parsing of Export, Import and DelayImport tables for emulated architecture in ARM64X
  • Updated IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS flag values (WinBuild 25309)
  • Fixed a number of errors in processing PE and OBJ

Homepage # Changelog # PEAnatomist 0.2
Reply With Quote
The Following 6 Users Say Thank You to RamMerLabs For This Useful Post:
darkBLACK (03-16-2023), ionioni (03-12-2023), niculaita (03-11-2023), TQN (03-12-2023), user_hidden (03-11-2023), wilson bibe (03-12-2023)
  #49  
Old 07-10-2023, 02:18
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.11909.2000 (2023-07-09):
  • Added support for DBG and MS PDB (Program Database) files
  • Added reading Codeview version C11 in all supported file formats
  • Fixed loading some PE with overlay
  • Fixed error counting IMAGE_DYNAMIC_RELOCATION_FUNCTION_OVERRIDE records in the DVRT table
  • Description of RVA in PE is supplemented with information about method addresses from the dotNet VTableFixups table

The size of supported MS PDBs is limited to ~700 MB as a result of mapping the entire file into the address space of a 32bit process.
Opening large files may be slightly delayed, it takes time to build indexes of Codeview types from TPI and IPI.
The program works with MS PDB in MSF v7 (DS) format, MSF v2 (JG) format is not supported yet.

Homepage # Changelog # PEAnatomist 0.2

Last edited by RamMerLabs; 07-10-2023 at 02:25.
Reply With Quote
The Following 2 Users Gave Reputation+1 to RamMerLabs For This Useful Post:
MarcElBichon (07-10-2023), TQN (07-10-2023)
The Following 5 Users Say Thank You to RamMerLabs For This Useful Post:
besoeso (07-10-2023), foosaa (07-10-2023), ionioni (08-01-2023), wilson bibe (07-10-2023), WRP (07-10-2023)
  #50  
Old 08-01-2023, 03:46
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.11931.2211 (2023-07-31):
  • Added support for MS PDB debug information files in MSF version 2 (JG) format
  • Fixed a number of errors in working with PDB
  • Fixed flag description error in Ready2Run header

Homepage # Changelog # PEAnatomist 0.2
Reply With Quote
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post:
MarcElBichon (08-01-2023)
The Following 9 Users Say Thank You to RamMerLabs For This Useful Post:
besoeso (08-02-2023), darkBLACK (08-10-2023), ionioni (08-01-2023), niculaita (08-01-2023), TQN (08-01-2023), user_hidden (08-02-2023), wilson bibe (08-01-2023), WRP (08-01-2023)
  #51  
Old 09-05-2023, 01:06
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.12104.1940 (2023-09-04):
  • Added support for long section names in PE and OBJ for the case when the size of the COFF string table exceeds 9999999 bytes
  • Fixed possible OOB reading during description preparation for some CodeView symbols in PDB
  • Fixed processor architecture description error in Codeview symbol S_HYBRIDRANGE

Homepage # Changelog # PEAnatomist 0.2
Reply With Quote
The Following 2 Users Gave Reputation+1 to RamMerLabs For This Useful Post:
MarcElBichon (09-05-2023), TQN (09-05-2023)
The Following 4 Users Say Thank You to RamMerLabs For This Useful Post:
Abaddon (09-18-2023), user_hidden (09-06-2023), wilson bibe (09-05-2023), WRP (09-05-2023)
  #52  
Old 10-24-2023, 01:36
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.12223.1950 (2023-10-23):
  • The description for RVA is supplemented with information from many tables, such as ExceptionData, .net Metadata, Ready2Run, HybridPE
  • Added decoding of fixup signatures in the R2R section READYTORUN_SECTION_IMPORT_SECTIONS
  • Added parsing of R2R section READYTORUN_SECTION_INSTANCE_METHOD_ENTRYPOINTS
  • Fixed a number of bugs

Homepage # Changelog # PEAnatomist 0.2
Reply With Quote
The Following 2 Users Gave Reputation+1 to RamMerLabs For This Useful Post:
ionioni (10-24-2023), MarcElBichon (10-24-2023)
The Following 4 Users Say Thank You to RamMerLabs For This Useful Post:
blue_devil (10-24-2023), ionioni (10-24-2023), user_hidden (10-24-2023), wilson bibe (10-24-2023)
  #53  
Old 10-25-2023, 01:10
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.12224.1953 (2023-10-24):
  • Fixed buffer overflow when copying lines containing RVA descriptions for methods from the READYTORUN_SECTION_INSTANCE_METHOD_ENTRYPOINTS table to the clipboard
  • Fixed a bug in copying lines containing RVA descriptions for .net metadata tokens, Ready2Run and .net method and type signatures to the clipboard

Homepage # Changelog # PEAnatomist 0.2
Reply With Quote
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post:
LOUZEW (10-26-2023)
The Following 6 Users Say Thank You to RamMerLabs For This Useful Post:
darkBLACK (11-02-2023), ionioni (10-25-2023), MarcElBichon (10-25-2023), tonyweb (10-28-2023), user_hidden (10-25-2023), wilson bibe (10-25-2023)
  #54  
Old 01-04-2024, 00:39
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.12506.0000 (2024-01-06):
  • Eliminated a crash due to the false positive detect of some PE-files as containing a VB5/6-specific headers
  • Added ExceptionsData table parsing for DEC Alpha and Alpha64 in PE
  • Added handling of exception unwinding information for DEC Alpha and Alpha64 in PE
  • Added recognition of VisualBasic 5/6 specific headers for DEC Alpha
  • Significantly expanded support for Visual Basic 5/6-specific headers and structures in PE
  • Added several new settings

Homepage # Changelog # PEAnatomist 0.2

Last edited by RamMerLabs; 01-06-2024 at 05:23. Reason: Updated version
Reply With Quote
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post:
MarcElBichon (01-04-2024)
The Following 8 Users Say Thank You to RamMerLabs For This Useful Post:
Abaddon (01-08-2024), darkBLACK (01-06-2024), ionioni (01-04-2024), niculaita (01-04-2024), TQN (01-04-2024), user_hidden (01-04-2024), wilson bibe (01-04-2024), WRP (01-05-2024)
  #55  
Old 01-09-2024, 21:36
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.12509.1612 (2024-01-09):
  • Fixed a use-after-free error on the CxxFH3, CxxFH4 tabs of the exception unwinding detail pages (all supported architectures) and the SEH table (x86)

Homepage # Changelog # PEAnatomist 0.2
Reply With Quote
The Following 4 Users Say Thank You to RamMerLabs For This Useful Post:
ionioni (01-10-2024), MarcElBichon (01-10-2024), user_hidden (01-09-2024), wilson bibe (01-10-2024)
  #56  
Old 01-17-2024, 20:02
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.12517.1445 (2024-01-17):
  • Fixed an error converting RVA from the OMAP_TO_SRC and OMAP_FROM_SRC tables in DBG files
  • Fixed error in generating method signatures for VisualBasic5/6 if a built-in control is used as a data type
  • Fixed an error displaying S_ENVBLOCK property values

Homepage # Changelog # PEAnatomist 0.2
Reply With Quote
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post:
MarcElBichon (01-17-2024)
The Following 3 Users Say Thank You to RamMerLabs For This Useful Post:
ionioni (01-18-2024), user_hidden (01-17-2024), Zeokat (01-18-2024)
  #57  
Old 05-16-2024, 03:16
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.12915.2200 (2024-05-15):
  • Implemented the ability to work with PDB files of any size (including those exceeding 4 GB) allowed by the MSFv7 format
  • Added parsing of tables with CodeView data in PDB: DEBUG_S_FILECHKSMS, DEBUG_S_CROSSSCOPEIMPORTS, DEBUG_S_CROSSSCOPEEXPORTS
  • Viewing the contents of PE file resources has been moved from a separate dialog to a built-in one
  • Fixed a number of bugs

Homepage # Changelog # PEAnatomist

Last edited by RamMerLabs; 05-16-2024 at 04:11.
Reply With Quote
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post:
MarcElBichon (05-16-2024)
The Following 11 Users Say Thank You to RamMerLabs For This Useful Post:
Abaddon (05-17-2024), besoeso (05-17-2024), blue_devil (05-16-2024), darkBLACK (05-31-2024), Doit (05-16-2024), ionioni (05-16-2024), niculaita (05-18-2024), tonyweb (05-18-2024), TQN (05-16-2024), wilson bibe (05-16-2024), WRP (05-16-2024)
  #58  
Old 06-12-2024, 23:46
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.13012.1820 (2024-06-12):
  • Fixed a program crash due to writing outside the allocated buffer when working with some PDBs
  • The set of collected information from the tables CORCOMPILE_IMPORT_SECTION, CORCOMPILE_VERSION_INFO, CORCOMPILE_DELAYLOADINFO has been expanded for different versions of NGEN

Homepage # Changelog # PEAnatomist
Reply With Quote
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post:
MarcElBichon (06-13-2024)
The Following 6 Users Say Thank You to RamMerLabs For This Useful Post:
darkBLACK (06-29-2024), Gyrus (06-13-2024), ionioni (06-13-2024), TQN (06-23-2024), user_hidden (06-13-2024), WRP (06-13-2024)
  #59  
Old 08-18-2024, 19:35
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.13218.1416 (2024-08-18):
  • Several bugs have been fixed
  • Clarified description of several values from Rich signatures
  • Added parsing of CORCOMPILE_HEADER and CORCOMPILE_VERSION_INFO headers for NGEN from preview versions of dotNet 1.2, 2.0, 4.5.2, 4.5.3

Homepage # Changelog # PEAnatomist
Reply With Quote
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post:
MarcElBichon (08-19-2024)
The Following 7 Users Say Thank You to RamMerLabs For This Useful Post:
besoeso (08-18-2024), Doit (08-20-2024), ionioni (10-13-2024), TQN (08-19-2024), user_hidden (08-18-2024), wilson bibe (08-19-2024), WRP (08-19-2024)
  #60  
Old 10-13-2024, 20:02
RamMerLabs RamMerLabs is offline
Family
 
Join Date: Feb 2020
Posts: 58
Rept. Given: 0
Rept. Rcvd 56 Times in 31 Posts
Thanks Given: 9
Thanks Rcvd at 302 Times in 52 Posts
RamMerLabs Reputation: 56
Update 0.2.13413.1440 (2024-10-13):
  • The set of dotNet NGEN prereleases whose CORCOMPILE_HEADER and CORCOMPILE_VERSION_INFO headers are supported by the program has been expanded
  • Fixed error reading COFF symbols from symbol table in OBJ files if table is corrupted
  • Added file type information and a short set of properties to the status panel

Homepage # Changelog # PEAnatomist
Reply With Quote
The Following User Gave Reputation+1 to RamMerLabs For This Useful Post:
MarcElBichon (10-14-2024)
The Following 10 Users Say Thank You to RamMerLabs For This Useful Post:
Abaddon (10-15-2024), darkBLACK (10-15-2024), Doit (10-14-2024), Gyrus (10-14-2024), ionioni (10-13-2024), niculaita (10-16-2024), TQN (10-14-2024), user_hidden (10-13-2024), wilson bibe (10-14-2024), zeffy (10-16-2024)
Reply

Tags
coff, ms pdb, pe32

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 00:06.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )