| PE Explorer R3 Helps Analyze Packed Malware Executables. |
| Released by: Heaventools |
| Web Site: http://www.heaventools.com |
Heaventools Software announces a new version R3 of PE Explorer.
|
 |
Email: info@heaventools.com |
| Keywords: disassembler,unpacker,exe,dll,upx,edit,resource,editor |
| Update Date: 7/9/2006 1:01:56 AM |
| Hits: 347 |
|
Descrption:
Heaventools Software announces that a new version R3 of PE Explorer, its award-winning software development tool for inspection and editing of executable files has been released.
PE Explorer is a great tool for analyzing what procedures and libraries an executable uses without ever activating the executable unlike a debugger which would normally have to. It will show you imported or exported function prototypes in Delphi syntax, as there's a very strong emphasis on peeking inside Delphi/Builder VCL applications and packages.
PE Explorer comes with a full disassembler, resource editor, dependency scanner, UPX unpacker, and has plug-in support. You can view the structure and all of the resources contained in the file, track down and diagnose problems and more. Version R3 now supports unpacking of files packed with a number of
UPX scramblers: Advanced UPX Scrambler, UPoLyX, UPX Lock, UPX Mutanter, UPX Scrambler, UPX SHIT, etc. Previously, you had to run the executable and damp the packed segments right after the executable had been completely unpacked in memory. Now you can open these obfuscated files even without knowing that: your file will be unpacked automatically. The UPX Unpacker plug-in works on packed malware executables and can handle a file even if it has been packed with UPX and modified manually so that UPX cannot be used directly to unpack the file, because internal structures have been modified, for example the names of the sections have been changed from UPX to XYZ, or the version number of the UPX format has been changed from 1.20 to 3.21. This technique often is used by malware authors to make unpacking and reverse engineering harder.
The program enables you to customize any application by editing and replacing resources, even if you do not have the source code for it, even if its original developers are long gone. PE Explorer Disassembler utilizes a qualitative algorithm designed to reconstruct the assembly language source code of target binary win32 PE files (EXE, DLL, OCX) with the highest degree of accuracy possible.
PE Explorer runs on Windows 98/NT/2000/XP/2003. An evaluation version has unrestricted functionality and can be downloaded from: http://www.heaventools.com/download.htm
For an overview about new and existing features, see:
http://www.heaventools.com/news.htm |
|
|
|