-
-
[转帖]PE File by darklich
-
发表于: 2013-3-19 08:26
-
PE File by darklich
PE File Info
This is an intermediate version, with fix to the windows XP problem, I also added support for 64 bit files and getting resources information.
What does PE stand for:
PE is Portable Executable, that it the file type that windows base operating system can run, execute.
Basically a PE can be EXE, DLL (Dynamic Link Library) and SYS (Device Driver) files.
PEFile is a free command line base tool that will dump any PE base file (exe, dll) and show all kind of header information.
PEFile Updates March 10, 2013:
SHA1 Hash.
File Entropy.
Overlay Count.
NT Offset.
File-Overlay.
Sections MD5.
Sections Entropy.
More readable dates parameters.
Updated File Resources Information.
Tested on coruppted files.
And Some Fix Bugs.
It will give you the following information on the given file:
File Name.
MD5 Hash.
File Attributes.
Time Stamp.
File Version Info.
Header Information.
Characteristics information.
Dll Characteristics.
Data directory sections.
Image ConfigInformation.
Imported DLL List.
Imported functions from the DLL.
Stream (ADS) Information.
Resource Information.
Fix Issue:
[FIX] Problem with BIG files( test on 100 MB EXE File).
[FIX] Not working on windows XP/2003.
Tested On:
Windosw XP SP3
Windosw XP SP3 64bit
Windows vista
Windows 7 64bit
Windows 2003
Windows 2008 R2 64bit
New Features:
Getting Resource Information
Zip file contain 2 files, one for 32 bit and one for 64 bit
Please Note:
This version does not export to XML.
4caK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8W2k6X3W2D9k6g2)9J5k6h3&6W2N6q4)9J5c8R3`.`.
63aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8W2k6X3W2D9k6g2)9J5k6h3&6W2N6q4)9J5c8Y4N6H3i4K6u0V1j5$3!0F1N6r3g2F1N6q4)9J5c8Y4m8D9N6h3N6A6L8Y4y4Q4x3V1k6V1L8%4N6F1L8r3!0S2k6q4)9J5k6r3#2G2L8X3W2@1L8%4u0Q4x3V1k6V1L8%4N6F1L8r3!0S2k6q4)9J5k6i4m8Z5M7q4)9K6c8X3W2V1i4K6y4p5x3b7`.`.
