الفريق العربي للهندسة العكسية

Compare Two Processes v0.5 x32 & x64

[صورة مرفقة: r8vgfrL.gif]

التحميل من المرفقات

victory

@[b]Str0x, This version seems to work pretty well, if I make a copy of PE1 and then rename the copied
PE to a differnt name. Well done! Does the tool allow to view different sections?

Q: do you know of a tool that will compare an in-memory PE file to one on the hard drive?
Or would you have the expertise to write such an app? I have tried without success.[/b]

(09-08-2025, 06:15 PM)Stingered كتب : [ -> ]Does the tool allow to view different sections

The tool compare difference of HEX of tow sections which has same section name

(09-08-2025, 06:15 PM)Stingered كتب : [ -> ]do you know of a tool that will compare an in-memory PE file to one on the hard drive

That not logic because if the file in hard dirve is packed and an other in memory is unpacked maybe the tool will get a crash

There is a lot of tools compare files in hard drive but in memory I never seen that's why I coded this one

Thx!

There is this but it doesn't work so reliable.

olliencc/WindowsPatchDetector: Experimental: Windows .text section compare - disk versus memory

Well the Logic is if the file in hard drive is
unpacked then its possible I think
But if the file is packed in hard drive then no way really
I dont know this tool i will test it

If you would be so kind, pls let me knwow what you determine from your testing. -TY

(11-08-2025, 09:27 PM)Stingered كتب : [ -> ]pls let me knwow what you determine from your testing.

Tested...Not interested