Tigzy

From Adlice
Verified
Developer
Hello, I'm Tigzy, owner and lead dev @AdliceSoftware.
Today I come here to present you a tool that I think could be useful for all the researchers of this forum, Adlice PEViewer.

Adlice PEViewer (RogueKillerPE) is a PE parsing tool, able to show internal structure of executable files.

It's able to read either the memory image (process module) or the disk image (filesystem) of a given executable.

Documentation: Adlice PEViewer Official Documentation - Adlice Software

Features:
  • Open PE from file, and read disk image.
  • Open PE from process, and read memory or disk image.
  • Open file from command line.
  • Drag and drop support.
  • Explorer context menu integration.
  • Process general information (pid, parent, ...)
  • File general information (attributes, size, ...)
  • Process module general information (address, size, ...)
  • A bunch of hashes (MD5, SHA1, SHA256, ...)
  • Process memory pages, with ability to dump.
  • Injected pages detection, non-readable pages detection.
  • Ability to dump injected pages to file.
  • Hex code, with ability to search (hex values, or string ANSI/UNICODE).
  • Assembly code, with ability to navigate.
  • PE Headers (MZ, PE, Optional, ...)
  • RunPE detection, shows which header fields are modified.
  • Checksum validation.
  • PE Sections, with ability to watch hex code and dump to file.
  • PE Debug, with ability to watch hex code and dump to file.
  • PE Imports, with ability to watch APIs assembly code (memory only).
  • PE Exports, with ability to watch APIs assembly code.
  • Hooks detection in imports/exports (table and inline hooks).
  • PE Resources. Able to parse all well known types and display them accordingly (strings, version information, icons, ...)
  • Ability to scan resources, sections, debug on VirusTotal.
  • Executable files detection in resources.
  • Ability to watch hex code of resources.
  • Ability to dump resources to file.
  • PDB path detection.
  • Strings scanner, with classification (Registry, files, ...)
  • Ability to dump all strings (by category or not) to file.
  • Digital Signature parsing (embedded only).
  • Bright or dark theme (Premium).
  • Samples Comparator (Premium).
  • Sample Scoring.
  • Maliciousness Indicators.

Looks like the link didn't make it: Adlice PEViewer (RogueKillerPE) Download - Official Website

 
Last edited by a moderator:

Tigzy

From Adlice
Verified
Developer
Hello, version 2.0 is online:

V2.0.0 10/02/2017
=========================
- Updated EULA
- NEW! Dump RT_ICON as true image
- NEW! DLL characteristics as checkboxes
- NEW! Sections flags as checkboxes
- NEW! Dos Stub, Rich string
- Refactored dashboard
- NEW! Binary image
- Added VBA symbols table
- Added many new indicators
- Removed NAG screen for FREE users
- Fixed multiple bugs
 

tim one

Level 21
Verified
Trusted
Malware Hunter
Is it for average users?or need a lot of knowledge about the windows and you created it for experts?
Btw watched thread thnx for your work.
Sunshine, tools like PEViewer usually are for advanced users, programmers and code reverser that allow you to "take a look" inside of a Windows PE executable file.

PE stands for "Portable Executable" and it is the native format of the binary executable files (DLLs, drivers and programs).
 
Last edited:
Top