52ky 发表于 2021-7-7 13:17:45

PE文件分析扫描器

1>PE Editor,它好像是LordPE的克隆版,其实不是,LordPE用C/C++编写的,我用汇编编写的,
而且LordPE在某些方面的修改其实有潜在的错误,这点,我参考过微软的PE COFF的文档,我的这个东西除了修正LordPE上面的几点,还增加了LordPE不具备的某些内容的修改。
2>以前本软件使用的是PEiD的插件,现在本软件支持自己的插件,不过如果同时指定PEiD的导出函数和我的PES的导出函数,会优先使用PEiD的导出函数。使用我的PES的导出函数只是可以获得更多的信息而已,方便操作。
3>文件比较只会简单比较,因为涉及到64位程序和32位程序比较时,因为我用汇编开发的,没有64位的OptionalHeader的结构头文件,自己也懒得编个头文件,所以一向是“移着寄存器跑”

(1>PE Editor, it seems to be a clone of LordPE, but it is not. LordPE is written in C/C++, I wrote it in assembly,
In addition, there are potential errors in some aspects of the modification of LordPE. For this point, I have referred to Microsoft's PE COFF document. In addition to correcting the above points of LordPE, this item of mine also adds some content that LordPE does not have. modify.
2> Previously, this software used PEiD plug-ins. Now this software supports its own plug-ins, but if you specify both the export function of PEiD and the export function of my PES, the export function of PEiD will be used first. Using the export function of my PES is just to get more information and easy to operate.
3> File comparison will only be simple comparison, because when it comes to comparing 64-bit programs and 32-bit programs, because I use assembly development, there is no 64-bit OptionalHeader structure header file, and I am too lazy to compile a header file, so it has always been " Move the register and run")

页: [1]
查看完整版本: PE文件分析扫描器