1 (edited by PPEE 2016-10-22 05:33:10)

Topic: PPEE - Professional PE Explorer

Hi, I'd like to share the new version of my tool.

PPEE AKA Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details. All directories in a PE file including Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR are supported.

There are lots of tools out there for statically analyzing malicious binaries, but they are ordinary tools for ordinary files.
Puppy is a lightweight yet strong tool for static investigation of suspicious files. A companion plugin is also provided to take one-click technical information about the file such as its size, entropy, attributes, hashes, version info and so on.


Features:
    Both PE32 and PE64 support
    Statically analyze windows native and .Net executables
    Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more
    Edit almost every data structure
    Easily dump sections, resources and .Net assembly directories
    Entropy and MD5 calculation of the sections and resource items
    View strings including URL, Registry, ... embedded in files
    Extract artifacts remained in PE file
    Anomaly detection
    Right-click for Copy, Search in web, Whois and dump
    Built in hex editor
    Explorer context menu integration
    Descriptive information for data members
    Refresh, Save and Save as menu commands
    Drag and drop support
    List view columns can sort data in an appropriate way
    Open file from command line
    Checksum validation
    Plugin enabled


Puppy is free and tries to be small, fast, nimble and friendly as your puppy!

Download: https://www.mzrst.com/puppy/PPEE(puppy)%201.07.zip
Website: https://www.mzrst.com/

I hope you'll enjoy it.

Thumbs up +3 Thumbs down

Re: PPEE - Professional PE Explorer

I like it! Keep it on! Good job! big_smile

Thumbs up Thumbs down

Re: PPEE - Professional PE Explorer

very good! smile

Thumbs up Thumbs down

Re: PPEE - Professional PE Explorer

New version (1.09) released
What's new:
    Yara rules supported(New plugin)
    Application manifest item added to Treeview
    Resource type detection added
    Treeview tooltips added
    Rearrange Debug Dir. items
    Show file size in binary unit(FileInfo plugin)
    Major Bugfixes

https://www.mzrst.com/

Thumbs up Thumbs down

Re: PPEE - Professional PE Explorer

Looks... alright. HOWEVER! You're a bot, and bots must be DISCOURAGED!
.
. .
. . .
. . . .
. . . . .
. . . . . . Fuck off.
. . . . .
. . . .
. . .
. .
.
That is all.

I like to examine and theorize about everything, from Amazon's <quote> impenetrable </quote> ultravisor to autorun viruses (virii?) being technology's version of an STD (Slot Transmitted Disease).
I dabble in Python 2.x and non-stereotypical BATCH (x>50 lines). I also fuck up VMs from time to time.

┬──┬ ︵ /(.□. \)

Thumbs up Thumbs down