<![CDATA[الفريق العربي للهندسة العكسية - برامج فحص الملفات - PE Scanning Tools]]> https://www.at4re.net/f/ Fri, 01 May 2026 17:41:31 +0000 MyBB <![CDATA[Detect It Easy 3.20 New Version]]> https://www.at4re.net/f/thread-5138.html Tue, 21 Apr 2026 22:35:32 +0000 vosiyons]]> https://www.at4re.net/f/thread-5138.html [+] Build instructions for openSuse, Fedora, Arch Linux, WSL
[+] Improved Heuristic module for PE by DosX_dev
[+] New detects and optimization of all scripts (thanks to DosX_dev, hypn0, Kae, BJNFNE and all contributors)
[+] New scanning method: PEiD
[+] Some GUI changes
[+] Many bugs have been fixed
[+] Add AVX2 and SSE2 optimisation

.txt   Detect It Easy 3.20 New Version.txt (الحجم : 205 bytes / التحميلات : 2) ]]> [+] Build instructions for openSuse, Fedora, Arch Linux, WSL
[+] Improved Heuristic module for PE by DosX_dev
[+] New detects and optimization of all scripts (thanks to DosX_dev, hypn0, Kae, BJNFNE and all contributors)
[+] New scanning method: PEiD
[+] Some GUI changes
[+] Many bugs have been fixed
[+] Add AVX2 and SSE2 optimisation

.txt   Detect It Easy 3.20 New Version.txt (الحجم : 205 bytes / التحميلات : 2) ]]> <![CDATA[ExeinfoPE v0.0.9.5 [ViP]]]> https://www.at4re.net/f/thread-5109.html Thu, 02 Apr 2026 17:51:15 +0000 sadwide]]> https://www.at4re.net/f/thread-5109.html  
https://github.com/ExeinfoASL/ASL/releases
]]>  
https://github.com/ExeinfoASL/ASL/releases
]]> <![CDATA[PE API Replacer]]> https://www.at4re.net/f/thread-4923.html Wed, 17 Dec 2025 01:55:46 +0000 altair]]> https://www.at4re.net/f/thread-4923.html [صورة مرفقة: 2uxmdlkj.png]

.txt   PE API Replacer.txt (الحجم : 73 bytes / التحميلات : 3) ]]> [صورة مرفقة: 2uxmdlkj.png]

.txt   PE API Replacer.txt (الحجم : 73 bytes / التحميلات : 3) ]]> <![CDATA[Detect It Easy (DiE)]]> https://www.at4re.net/f/thread-4825.html Thu, 13 Nov 2025 17:05:50 +0000 capcom2008]]> https://www.at4re.net/f/thread-4825.html Detect It Easy (DiE) is a powerful tool for file type identification, popular among malware analystscybersecurity experts, and reverse engineers worldwide. Supporting both signature-based and heuristic analysis, DiE enables efficient file inspections across a broad range of platforms, including Windows, Linux, and MacOS. Its adaptable, script-driven detection architecture makes it one of the most versatile tools in the field, with a comprehensive list of supported OS images.
[صورة مرفقة: 1.png]
Download link from Github
https://github.com/horsicq/DIE-engine/re...10_x64.zip]]> Detect It Easy (DiE) is a powerful tool for file type identification, popular among malware analystscybersecurity experts, and reverse engineers worldwide. Supporting both signature-based and heuristic analysis, DiE enables efficient file inspections across a broad range of platforms, including Windows, Linux, and MacOS. Its adaptable, script-driven detection architecture makes it one of the most versatile tools in the field, with a comprehensive list of supported OS images.
[صورة مرفقة: 1.png]
Download link from Github
https://github.com/horsicq/DIE-engine/re...10_x64.zip]]> <![CDATA[فحص أصدارة البرامج و ملفات الـ DLL المشابة و مقارنة الأصدارات الخاصة بها]]> https://www.at4re.net/f/thread-4615.html Thu, 26 Jun 2025 20:30:33 +0000 H@wk0]]> https://www.at4re.net/f/thread-4615.html
أداة خفيفة و سريعة ..
 
[صورة مرفقة: screenshot.png]
رابط البرنامج:
 
https://www.nodesoft.com/filever
]]>
أداة خفيفة و سريعة ..
 
[صورة مرفقة: screenshot.png]
رابط البرنامج:
 
https://www.nodesoft.com/filever
]]> <![CDATA[الأداة Dumpbin.exe]]> https://www.at4re.net/f/thread-4614.html Thu, 26 Jun 2025 17:21:58 +0000 H@wk0]]> https://www.at4re.net/f/thread-4614.html
تتوفر هذه الأداة ضمن الأدوات المتوفرة مع برنامج ++Visual Studio C، و يمكن تفعيلها أثناء عملية التنصيب:
 
[صورة مرفقة: DkZLR.png]

و يمكن تشغيل الأداة من Visual Studio Command Prompt أو من خلال أستخدام رابط مثل:
 
"C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.43.34808\bin\Hostx86\x86\dumpbin.exe"
 
و هذا المسار بالمناسبة خاص بالأصدارة VS C++ 2022.

أحد الأستخدامات الجميلة لهذه الأداة هو الخيار Export:
 
 dumpbin.exe /exports xyz.dll

و هذا مثال لأحد نتائج هذا الخيار:
 
[صورة مرفقة: Screenshot-2025-06-26-200723.png]

و الخيارات الأخرى المتاحة تشمل ما يلي:
 
/ALL
/ARCHIVEMEMBERS
/CLRHEADER
/DEPENDENTS
/DIRECTIVES
/DISASM[:{BYTES|NOBYTES}]
/ERRORREPORT:{NONE|PROMPT|QUEUE|SEND} (Deprecated)
/EXPORTS
/FPO
/HEADERS
/IMPORTS[:filename]
/LINENUMBERS
/LINKERMEMBER[:{1|2}]
/LOADCONFIG
/NOPDB
/OUT:filename
/PDATA
/PDBPATH[:VERBOSE]
/RANGE:vaMin[,vaMax]
/RAWDATA[:{NONE|1|2|4|8}[,#]]
/RELOCATIONS
/SECTION:name
/SUMMARY
/SYMBOLS
/TLS

هذه الأداة بسيطة ولا تعد أفضل من الأدوات الأخرى المتخصصة في هذا المجال و لكنها قد تكون في متناول اليد بسهولة و أستخدامها آمن في بعض الظروف التي يصعب فيها التحقق من سلامة الأدوات المتواجدة على الأنترنت أو في حال الأضطرار إلى أستخدامها في بيئة نظام التشغيل الأساسي و ليس الوهمي، حيث قد يكون أستخدام الأدوات الأخرى محفوف بالمخاطر، أو أن مكافح الفيروسات المتوفر لديك قد يسبب أشكالات مع الأدوات الأخرى.

]]>
تتوفر هذه الأداة ضمن الأدوات المتوفرة مع برنامج ++Visual Studio C، و يمكن تفعيلها أثناء عملية التنصيب:
 
[صورة مرفقة: DkZLR.png]

و يمكن تشغيل الأداة من Visual Studio Command Prompt أو من خلال أستخدام رابط مثل:
 
"C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.43.34808\bin\Hostx86\x86\dumpbin.exe"
 
و هذا المسار بالمناسبة خاص بالأصدارة VS C++ 2022.

أحد الأستخدامات الجميلة لهذه الأداة هو الخيار Export:
 
 dumpbin.exe /exports xyz.dll

و هذا مثال لأحد نتائج هذا الخيار:
 
[صورة مرفقة: Screenshot-2025-06-26-200723.png]

و الخيارات الأخرى المتاحة تشمل ما يلي:
 
/ALL
/ARCHIVEMEMBERS
/CLRHEADER
/DEPENDENTS
/DIRECTIVES
/DISASM[:{BYTES|NOBYTES}]
/ERRORREPORT:{NONE|PROMPT|QUEUE|SEND} (Deprecated)
/EXPORTS
/FPO
/HEADERS
/IMPORTS[:filename]
/LINENUMBERS
/LINKERMEMBER[:{1|2}]
/LOADCONFIG
/NOPDB
/OUT:filename
/PDATA
/PDBPATH[:VERBOSE]
/RANGE:vaMin[,vaMax]
/RAWDATA[:{NONE|1|2|4|8}[,#]]
/RELOCATIONS
/SECTION:name
/SUMMARY
/SYMBOLS
/TLS

هذه الأداة بسيطة ولا تعد أفضل من الأدوات الأخرى المتخصصة في هذا المجال و لكنها قد تكون في متناول اليد بسهولة و أستخدامها آمن في بعض الظروف التي يصعب فيها التحقق من سلامة الأدوات المتواجدة على الأنترنت أو في حال الأضطرار إلى أستخدامها في بيئة نظام التشغيل الأساسي و ليس الوهمي، حيث قد يكون أستخدام الأدوات الأخرى محفوف بالمخاطر، أو أن مكافح الفيروسات المتوفر لديك قد يسبب أشكالات مع الأدوات الأخرى.

]]> <![CDATA[ExeinfoPE v0.0.9.0 - 1214 181 - x64 signatures]]> https://www.at4re.net/f/thread-4605.html Mon, 16 Jun 2025 17:15:34 +0000 karakoro]]> https://www.at4re.net/f/thread-4605.html Salam
اخر اصدار من اداة  ExeinfoPE للكشف عن الضغط  او الحماية
ExeinfoPE v0.0.9.0 - 1214  181 - x64 signatures

[صورة مرفقة: exeinfo-screen.png]


.txt   link.txt (الحجم : 111 bytes / التحميلات : 6) ]]> Salam
اخر اصدار من اداة  ExeinfoPE للكشف عن الضغط  او الحماية
ExeinfoPE v0.0.9.0 - 1214  181 - x64 signatures

[صورة مرفقة: exeinfo-screen.png]


.txt   link.txt (الحجم : 111 bytes / التحميلات : 6) ]]> <![CDATA[Armadillo_x64_Tools]]> https://www.at4re.net/f/thread-4245.html Sat, 11 Jan 2025 12:37:23 +0000 TeRcO]]> https://www.at4re.net/f/thread-4245.html
 
1.  Armadillo x64 Inline Patch ECDSA Verify v0.2 - inline ECDSA signature patcher, supports EXE and DLL protected by Armadillo x64.

2. Armadillo x64 Version Info v0.1 - version and protection options detection, supports EXE and DLL protected by Armadillo x64.

Programming language - assembler.

Support all versions of Armadillo x64, up to 9.64


.zip   Armadillo_x64_Tools.zip (الحجم : 48.17 KB / التحميلات : 34) ]]>
 
1.  Armadillo x64 Inline Patch ECDSA Verify v0.2 - inline ECDSA signature patcher, supports EXE and DLL protected by Armadillo x64.

2. Armadillo x64 Version Info v0.1 - version and protection options detection, supports EXE and DLL protected by Armadillo x64.

Programming language - assembler.

Support all versions of Armadillo x64, up to 9.64


.zip   Armadillo_x64_Tools.zip (الحجم : 48.17 KB / التحميلات : 34) ]]> <![CDATA[Exeinfo PE O.O.8.3 by A.S.L- 1183+169 sign 2024.01.02]]> https://www.at4re.net/f/thread-4035.html Mon, 20 May 2024 09:56:11 +0000 sitifis]]> https://www.at4re.net/f/thread-4035.html Exeinfo PE O.O.8.3 by A.S.L- 1183+169 sign 2024.01.02


[صورة مرفقة: Exeinfo.png]

 Added pack .lzma , .lzma Undetectable , .lzma unpacker
config : added [Internet Browset ] change to user path
Viewer : added [ Save to File - window log ]
fixed VMprotect v3.5+
added : Inno unpacker script view
Exe Rippers - save to created Directory : !Rip_exe_{file_name}
added overlay detector l + section ovl scan [ Python .Zlib Archive "PYZ"
added Function : Detect_BoxedApp_SDK32
Ripper .7z xor FF - fixed , detect crypted 7z v.0.4 in Advanced Installer [ v19.x ]
Set Buffer for exe file : 336 MB
Lzma packer ( now you can send malware file via gmail ) :
exeinfope.exe FileName /plzma - pack file with lzma packer ( 7z compatible )
for many files ( mask files ) :
console mode - exeinfope.exe FileName* /plzma - pack file with lzma packer
Lzma unpacker :
exeinfope.exe FileName /ulzma - unpack file with lzma packer ( 7z compatible )
for many files ( mask files ) :
console mode - exeinfope.exe FileName* /ulzma - unpack file with lzma packer
update Obsidium v1.5 - 1.8.2.2
added detector for DLL 32bit : [ plugin for : AutoPlay Media Studio ] v8.5 http://www.indigorose.com
added detector for DLL 64bit : [ .PYD Python C Extensions library ]
added console mode :
unpack all exe files and Inno script from InnoSetup installer
( work only if you don't have installed Inno Extractor - Exeinfo Pe internal unpacker )
parameter example : exeinfope.exe file_name /unp-inno-exe
added Skater v24.2.0.51 2024 ( protected DLL still not detected )
Delphi version resolver Added ( not 100% ) :
Delphi XE7 - v10.4 , Delphi v10.4 Sydney , Delphi v10.4 Rio , Delphi v11.0 Alexandria , Delphi v12 Yukon , Delphi v10.2 Tokyo , Delphi v10.1 Berlin
added Config GUI : Wow64 redirect
added [Internet Browset ] change to user path
added Inno extractor - view inno script
added to NOT EXE - .7z 7-ZIP Archive v.0.4
[ AES - detected - password required ]
[ Mode : DEFLATE ]
[ Mode : P7Z_BCJ ]
[ Mode : LZMA:21 BCJ ]
added detector for protected 7zip : Ripper don't ripp "protected .7z archives by CryptoNickSof"
but Exeinfo PE detect it !
and others ...
 
https://github.com/ExeinfoASL/ASL/releases/tag/exeinfo
]]> Exeinfo PE O.O.8.3 by A.S.L- 1183+169 sign 2024.01.02


[صورة مرفقة: Exeinfo.png]

 Added pack .lzma , .lzma Undetectable , .lzma unpacker
config : added [Internet Browset ] change to user path
Viewer : added [ Save to File - window log ]
fixed VMprotect v3.5+
added : Inno unpacker script view
Exe Rippers - save to created Directory : !Rip_exe_{file_name}
added overlay detector l + section ovl scan [ Python .Zlib Archive "PYZ"
added Function : Detect_BoxedApp_SDK32
Ripper .7z xor FF - fixed , detect crypted 7z v.0.4 in Advanced Installer [ v19.x ]
Set Buffer for exe file : 336 MB
Lzma packer ( now you can send malware file via gmail ) :
exeinfope.exe FileName /plzma - pack file with lzma packer ( 7z compatible )
for many files ( mask files ) :
console mode - exeinfope.exe FileName* /plzma - pack file with lzma packer
Lzma unpacker :
exeinfope.exe FileName /ulzma - unpack file with lzma packer ( 7z compatible )
for many files ( mask files ) :
console mode - exeinfope.exe FileName* /ulzma - unpack file with lzma packer
update Obsidium v1.5 - 1.8.2.2
added detector for DLL 32bit : [ plugin for : AutoPlay Media Studio ] v8.5 http://www.indigorose.com
added detector for DLL 64bit : [ .PYD Python C Extensions library ]
added console mode :
unpack all exe files and Inno script from InnoSetup installer
( work only if you don't have installed Inno Extractor - Exeinfo Pe internal unpacker )
parameter example : exeinfope.exe file_name /unp-inno-exe
added Skater v24.2.0.51 2024 ( protected DLL still not detected )
Delphi version resolver Added ( not 100% ) :
Delphi XE7 - v10.4 , Delphi v10.4 Sydney , Delphi v10.4 Rio , Delphi v11.0 Alexandria , Delphi v12 Yukon , Delphi v10.2 Tokyo , Delphi v10.1 Berlin
added Config GUI : Wow64 redirect
added [Internet Browset ] change to user path
added Inno extractor - view inno script
added to NOT EXE - .7z 7-ZIP Archive v.0.4
[ AES - detected - password required ]
[ Mode : DEFLATE ]
[ Mode : P7Z_BCJ ]
[ Mode : LZMA:21 BCJ ]
added detector for protected 7zip : Ripper don't ripp "protected .7z archives by CryptoNickSof"
but Exeinfo PE detect it !
and others ...
 
https://github.com/ExeinfoASL/ASL/releases/tag/exeinfo
]]> <![CDATA[Exeinfo 0.0.8.3]]> https://www.at4re.net/f/thread-3807.html Tue, 09 Apr 2024 07:29:32 +0000 motaghred]]> https://www.at4re.net/f/thread-3807.html Added pack .lzma , .lzma Undetectable , .lzma unpacker
config : added [Internet Browset ] change to user path
Viewer : added [ Save to File - window log ]
fixed VMprotect v3.5+
added : Inno unpacker script view
Exe Rippers - save to created Directory : !Rip_exe_{file_name}
added overlay detector l + section ovl scan [ Python .Zlib Archive "PYZ"
added Function : Detect_BoxedApp_SDK32
Ripper .7z xor FF - fixed , detect crypted 7z v.0.4 in Advanced Installer [ v19.x ]
Set Buffer for exe file : 336 MB
Lzma packer ( now you can send malware file via gmail ) :
exeinfope.exe FileName /plzma - pack file with lzma packer ( 7z compatible )
for many files ( mask files ) :
console mode - exeinfope.exe FileName* /plzma - pack file with lzma packer
Lzma unpacker :
exeinfope.exe FileName /ulzma - unpack file with lzma packer ( 7z compatible )
for many files ( mask files ) :
console mode - exeinfope.exe FileName* /ulzma - unpack file with lzma packer
update Obsidium v1.5 - 1.8.2.2
added detector for DLL 32bit : [ plugin for : AutoPlay Media Studio ] v8.5 http://www.indigorose.com
added detector for DLL 64bit : [ .PYD Python C Extensions library ]
added console mode :
unpack all exe files and Inno script from InnoSetup installer
( work only if you don't have installed Inno Extractor - Exeinfo Pe internal unpacker )
parameter example : exeinfope.exe file_name /unp-inno-exe
added Skater v24.2.0.51 2024 ( protected DLL still not detected )
Delphi version resolver Added ( not 100% ) :
Delphi XE7 - v10.4 , Delphi v10.4 Sydney , Delphi v10.4 Rio , Delphi v11.0 Alexandria , Delphi v12 Yukon , Delphi v10.2 Tokyo , Delphi v10.1 Berlin
added Config GUI : Wow64 redirect
added [Internet Browset ] change to user path
added Inno extractor - view inno script
added to NOT EXE - .7z 7-ZIP Archive v.0.4
[ AES - detected - password required ]
[ Mode : DEFLATE ]
[ Mode : P7Z_BCJ ]
[ Mode : LZMA:21 BCJ ]
added detector for protected 7zip : Ripper don't ripp "protected .7z archives by CryptoNickSof"
but Exeinfo PE detect it !
and others ...

https://github.com/ExeinfoASL/ASL/releases/tag/exeinfo


.rar   exeinfope 0.0.8.3.part1.rar (الحجم : 1 MB / التحميلات : 14)

.rar   exeinfope 0.0.8.3.part2.rar (الحجم : 946.98 KB / التحميلات : 16) ]]> Added pack .lzma , .lzma Undetectable , .lzma unpacker
config : added [Internet Browset ] change to user path
Viewer : added [ Save to File - window log ]
fixed VMprotect v3.5+
added : Inno unpacker script view
Exe Rippers - save to created Directory : !Rip_exe_{file_name}
added overlay detector l + section ovl scan [ Python .Zlib Archive "PYZ"
added Function : Detect_BoxedApp_SDK32
Ripper .7z xor FF - fixed , detect crypted 7z v.0.4 in Advanced Installer [ v19.x ]
Set Buffer for exe file : 336 MB
Lzma packer ( now you can send malware file via gmail ) :
exeinfope.exe FileName /plzma - pack file with lzma packer ( 7z compatible )
for many files ( mask files ) :
console mode - exeinfope.exe FileName* /plzma - pack file with lzma packer
Lzma unpacker :
exeinfope.exe FileName /ulzma - unpack file with lzma packer ( 7z compatible )
for many files ( mask files ) :
console mode - exeinfope.exe FileName* /ulzma - unpack file with lzma packer
update Obsidium v1.5 - 1.8.2.2
added detector for DLL 32bit : [ plugin for : AutoPlay Media Studio ] v8.5 http://www.indigorose.com
added detector for DLL 64bit : [ .PYD Python C Extensions library ]
added console mode :
unpack all exe files and Inno script from InnoSetup installer
( work only if you don't have installed Inno Extractor - Exeinfo Pe internal unpacker )
parameter example : exeinfope.exe file_name /unp-inno-exe
added Skater v24.2.0.51 2024 ( protected DLL still not detected )
Delphi version resolver Added ( not 100% ) :
Delphi XE7 - v10.4 , Delphi v10.4 Sydney , Delphi v10.4 Rio , Delphi v11.0 Alexandria , Delphi v12 Yukon , Delphi v10.2 Tokyo , Delphi v10.1 Berlin
added Config GUI : Wow64 redirect
added [Internet Browset ] change to user path
added Inno extractor - view inno script
added to NOT EXE - .7z 7-ZIP Archive v.0.4
[ AES - detected - password required ]
[ Mode : DEFLATE ]
[ Mode : P7Z_BCJ ]
[ Mode : LZMA:21 BCJ ]
added detector for protected 7zip : Ripper don't ripp "protected .7z archives by CryptoNickSof"
but Exeinfo PE detect it !
and others ...

https://github.com/ExeinfoASL/ASL/releases/tag/exeinfo


.rar   exeinfope 0.0.8.3.part1.rar (الحجم : 1 MB / التحميلات : 14)

.rar   exeinfope 0.0.8.3.part2.rar (الحجم : 946.98 KB / التحميلات : 16) ]]> <![CDATA[اداة 4n4lDetector]]> https://www.at4re.net/f/thread-3695.html Fri, 24 Nov 2023 14:29:38 +0000 motaghred]]> https://www.at4re.net/f/thread-3695.html
https://github.com/4n0nym0us/4n4lDetector]]>
https://github.com/4n0nym0us/4n4lDetector]]> <![CDATA[Enigma Info v0.11]]> https://www.at4re.net/f/thread-3528.html Fri, 03 Mar 2023 08:02:23 +0000 H@wk0]]> https://www.at4re.net/f/thread-3528.html
ملاحظة: الأصدارات اللاحقة لأصدارة 5 من Enigma يمكن فحصها بواسطة ال code injection و لا يتوفر برنامج جاهز بهذا الخصوص و لكن يمكن عملها يدوياً
 
https://www.mediafire.com/file/buchy3xjpy5q2zd/Enigma+Info+v0.11.zip/file
]]>
ملاحظة: الأصدارات اللاحقة لأصدارة 5 من Enigma يمكن فحصها بواسطة ال code injection و لا يتوفر برنامج جاهز بهذا الخصوص و لكن يمكن عملها يدوياً
 
https://www.mediafire.com/file/buchy3xjpy5q2zd/Enigma+Info+v0.11.zip/file
]]> <![CDATA[WinTools.net Premium]]> https://www.at4re.net/f/thread-3102.html Tue, 10 May 2022 19:40:27 +0000 vosiyons]]> https://www.at4re.net/f/thread-3102.html
the training showing the use of the program is attached.   


Rar Pas: www.at4re.net


[صورة مرفقة: hhg0ey8.jpg]

.txt   WinTools.net Premium.txt (الحجم : 117 bytes / التحميلات : 66) ]]>
the training showing the use of the program is attached.   


Rar Pas: www.at4re.net


[صورة مرفقة: hhg0ey8.jpg]

.txt   WinTools.net Premium.txt (الحجم : 117 bytes / التحميلات : 66) ]]> <![CDATA[PE Anatomist]]> https://www.at4re.net/f/thread-2634.html Fri, 05 Mar 2021 15:10:21 +0000 Th3-R3p4ck3r]]> https://www.at4re.net/f/thread-2634.html PE Anatomist
0.2.1.125

[صورة مرفقة: screenshot-640.gif]
 0.2.1.125 (2021-03-04)PEAnatomist.exe SHA256: 
BC52CBE85FD779878F0E06624C2BF8A2A4995EBBBD381A400385AE01620B531A
  • 110B.009: Significant improvement to the MSVC ILStore (CxxIL) symbols parser and increased compatibility with different VS versions
  • 1111.027: Decoding of local symbols table (.cil$sy) of MSVC ILStore (CxxIL) format in OBJ files
  • 1117.033: Displaying the line number of the beginning of the function in the source file in the description of symbols MSVC ILStore (CxxIL)
  • 1117.034: Fixed display of source file names in MSVC ILStore (CxxIL) symbols descriptions for VS 2002 and 2003 versions (encoding is not UTF8)
  • 1118.035: Fixed decoding of LF_POINTER in CodeView and MSVC ILStore (CxxIL) type tables if the described type is a pointer to a class member
  • 1119.036: Changed the names of some keys in the configuration file for portability in future versions
  • 111B.039: Fixed display of CodeView type description in MSVC ILStore (CxxIL) tables, if debug information is moved to PDB
  • 111C.046: Fixed error displaying the incorrect name in the description of a CodeView type referenced by another type or symbol (in rare cases)
  • 1201.071: Accelerated access to sections and their data in OBJ files
  • 1205.081: Added support for ExtendedObj files (a.k.a. BIGOBJ, obj files with more than 0xFEFF sections)
  • 1207.094: For some types of CodeView debug information, a more detailed description is available (for example, for LF_POINTER, LF_MODIFIER, LF_ARRAY and LF_BITFIELD, the description of the type to which they refer and some properties are displayed)
  • 120C.110: Clarified interpretation of data from Rich signature
  • 121B.116: The program license was changed from MIT to Freeware (the text of the License Agreement is located in the "Readme" file)
  • 1303.122: Fixed a bug with parsing version information from the resources section in some cases
  • 1304.123: Fixed error getting a member name for LIB archives created by BSD-compatible toolkit
  • 1304.124: Support for ARM64EC in OBJ files
Download]]> PE Anatomist
0.2.1.125

[صورة مرفقة: screenshot-640.gif]
 0.2.1.125 (2021-03-04)PEAnatomist.exe SHA256: 
BC52CBE85FD779878F0E06624C2BF8A2A4995EBBBD381A400385AE01620B531A
  • 110B.009: Significant improvement to the MSVC ILStore (CxxIL) symbols parser and increased compatibility with different VS versions
  • 1111.027: Decoding of local symbols table (.cil$sy) of MSVC ILStore (CxxIL) format in OBJ files
  • 1117.033: Displaying the line number of the beginning of the function in the source file in the description of symbols MSVC ILStore (CxxIL)
  • 1117.034: Fixed display of source file names in MSVC ILStore (CxxIL) symbols descriptions for VS 2002 and 2003 versions (encoding is not UTF8)
  • 1118.035: Fixed decoding of LF_POINTER in CodeView and MSVC ILStore (CxxIL) type tables if the described type is a pointer to a class member
  • 1119.036: Changed the names of some keys in the configuration file for portability in future versions
  • 111B.039: Fixed display of CodeView type description in MSVC ILStore (CxxIL) tables, if debug information is moved to PDB
  • 111C.046: Fixed error displaying the incorrect name in the description of a CodeView type referenced by another type or symbol (in rare cases)
  • 1201.071: Accelerated access to sections and their data in OBJ files
  • 1205.081: Added support for ExtendedObj files (a.k.a. BIGOBJ, obj files with more than 0xFEFF sections)
  • 1207.094: For some types of CodeView debug information, a more detailed description is available (for example, for LF_POINTER, LF_MODIFIER, LF_ARRAY and LF_BITFIELD, the description of the type to which they refer and some properties are displayed)
  • 120C.110: Clarified interpretation of data from Rich signature
  • 121B.116: The program license was changed from MIT to Freeware (the text of the License Agreement is located in the "Readme" file)
  • 1303.122: Fixed a bug with parsing version information from the resources section in some cases
  • 1304.123: Fixed error getting a member name for LIB archives created by BSD-compatible toolkit
  • 1304.124: Support for ARM64EC in OBJ files
Download]]> <![CDATA[Detect It Easy v3.00]]> https://www.at4re.net/f/thread-1971.html Sat, 01 Aug 2020 17:05:14 +0000 Th3-R3p4ck3r]]> https://www.at4re.net/f/thread-1971.html  
[صورة مرفقة: screenshot.jpg?raw=true]

DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.
 
Many programs of the kind (PEID, PE tools) allow to use third-party signatures. Unfortunately, those signatures scan only bytes by the pre-set mask, and it is not possible to specify additional parameters. As the result, false triggering often occur. More complicated algorithms are usually strictly set in the program itself. Hence, to add a new complex detect one needs to recompile the entire project. No one, except the authors themselves, can change the algorithm of a detect. As time passes, such programs lose relevance without the constant support.
 
Detect It Easy has totally open architecture of signatures. You can easily add your own algorithms of detects or modify those that already exist. This is achieved by using scripts. The script language is very similar to JavaScript and any person, who understands the basics of programming, will understand easily how it works. Possibly, someone may decide the scripts are working very slow. Indeed, scripts run slower than compiled code, but, thanks to the good optimization of Script Engine, this doesn't cause any special inconvenience. The possibilities of open architecture compensate these limitations.
 
DIE exists in three versions. Basic version ("DIE"), Lite version ("DIEL") and console version ("DIEC"). All the three use the same signatures, which are located in the folder "db". If you open this folder, nested sub-folders will be found ("Binary", "PE" and others). The names of sub-folders correspond to the types of files. First, DIE determines the type of file, and then sequentially loads all the signatures, which lie in the corresponding folder. Currently the program defines the following types:
 
Whats New
  • [+] Qt 5.12.8.
  • [+] New HEX editor
  • [+] New Disassembler
  • [+] New scan engine
Homepage / NTinfo
DIE-GitHub
 
Download Links:
  1. Download DIE - Mac OS X, DMG
  2. Download DIE - Mac OS X, ZIP
  3. Download DIE - Windows
  4. Download DIE - Windows XP
  5. Download DIE - Linux Ubuntu 64-bit
]]>  
[صورة مرفقة: screenshot.jpg?raw=true]

DIE" is a cross-platform application, apart from Windows version there are also available versions for Linux and Mac OS.
 
Many programs of the kind (PEID, PE tools) allow to use third-party signatures. Unfortunately, those signatures scan only bytes by the pre-set mask, and it is not possible to specify additional parameters. As the result, false triggering often occur. More complicated algorithms are usually strictly set in the program itself. Hence, to add a new complex detect one needs to recompile the entire project. No one, except the authors themselves, can change the algorithm of a detect. As time passes, such programs lose relevance without the constant support.
 
Detect It Easy has totally open architecture of signatures. You can easily add your own algorithms of detects or modify those that already exist. This is achieved by using scripts. The script language is very similar to JavaScript and any person, who understands the basics of programming, will understand easily how it works. Possibly, someone may decide the scripts are working very slow. Indeed, scripts run slower than compiled code, but, thanks to the good optimization of Script Engine, this doesn't cause any special inconvenience. The possibilities of open architecture compensate these limitations.
 
DIE exists in three versions. Basic version ("DIE"), Lite version ("DIEL") and console version ("DIEC"). All the three use the same signatures, which are located in the folder "db". If you open this folder, nested sub-folders will be found ("Binary", "PE" and others). The names of sub-folders correspond to the types of files. First, DIE determines the type of file, and then sequentially loads all the signatures, which lie in the corresponding folder. Currently the program defines the following types:
 
Whats New
  • [+] Qt 5.12.8.
  • [+] New HEX editor
  • [+] New Disassembler
  • [+] New scan engine
Homepage / NTinfo
DIE-GitHub
 
Download Links:
  1. Download DIE - Mac OS X, DMG
  2. Download DIE - Mac OS X, ZIP
  3. Download DIE - Windows
  4. Download DIE - Windows XP
  5. Download DIE - Linux Ubuntu 64-bit
]]>