- Mar 15, 2017
- 210
Hello, I'm Tigzy, owner and lead dev @AdliceSoftware.
Today I come here to present you a tool that I think could be useful for all the researchers of this forum, Adlice PEViewer.
Adlice PEViewer (RogueKillerPE) is a PE parsing tool, able to show internal structure of executable files.
It's able to read either the memory image (process module) or the disk image (filesystem) of a given executable.
Documentation: Adlice PEViewer Official Documentation - Adlice Software
Features:
Looks like the link didn't make it: Adlice PEViewer (RogueKillerPE) Download - Official Website
Today I come here to present you a tool that I think could be useful for all the researchers of this forum, Adlice PEViewer.
Adlice PEViewer (RogueKillerPE) is a PE parsing tool, able to show internal structure of executable files.
It's able to read either the memory image (process module) or the disk image (filesystem) of a given executable.
Documentation: Adlice PEViewer Official Documentation - Adlice Software
Features:
- Open PE from file, and read disk image.
- Open PE from process, and read memory or disk image.
- Open file from command line.
- Drag and drop support.
- Explorer context menu integration.
- Process general information (pid, parent, ...)
- File general information (attributes, size, ...)
- Process module general information (address, size, ...)
- A bunch of hashes (MD5, SHA1, SHA256, ...)
- Process memory pages, with ability to dump.
- Injected pages detection, non-readable pages detection.
- Ability to dump injected pages to file.
- Hex code, with ability to search (hex values, or string ANSI/UNICODE).
- Assembly code, with ability to navigate.
- PE Headers (MZ, PE, Optional, ...)
- RunPE detection, shows which header fields are modified.
- Checksum validation.
- PE Sections, with ability to watch hex code and dump to file.
- PE Debug, with ability to watch hex code and dump to file.
- PE Imports, with ability to watch APIs assembly code (memory only).
- PE Exports, with ability to watch APIs assembly code.
- Hooks detection in imports/exports (table and inline hooks).
- PE Resources. Able to parse all well known types and display them accordingly (strings, version information, icons, ...)
- Ability to scan resources, sections, debug on VirusTotal.
- Executable files detection in resources.
- Ability to watch hex code of resources.
- Ability to dump resources to file.
- PDB path detection.
- Strings scanner, with classification (Registry, files, ...)
- Ability to dump all strings (by category or not) to file.
- Digital Signature parsing (embedded only).
- Bright or dark theme (Premium).
- Samples Comparator (Premium).
- Sample Scoring.
- Maliciousness Indicators.
Looks like the link didn't make it: Adlice PEViewer (RogueKillerPE) Download - Official Website
Last edited by a moderator:
