martes, 17 de noviembre de 2009

ExeInfo PE

Internal Tools Menu:
- overlay remover - generate new file without overlay data
- save overlay as external file
- EP Corrector (for Delphi) - generate many exe file with Entry Point
- EP Corrector (for Delphi) Runtime - correct EP
- XoR permutator (xor,or,shl..) - create one file with xor data (255x2000 bytes)
- Section splitter - save exe sections as files & exe header
- 8/16 bit string finder - enter 8 bit string = searching 16 bit strings & 8 bit (F7 key)
- REGistry call finder + CLSID - find registry call & regedit.exe strings
- overlay xor uncrypter - uncrypt one byte crypted exe in obl.

File Menu:
+ Rename file
+ Copy file As.. *.bak
+ Execute - create executable process (exe)
+ Execute - windows ext. associate (dll, zip...)
+ Delete file (ALt+Del) - work in multiscan mode
+ Run multifile scanner mode (Directory scan)
+ - view global log file (c:\Raport-exeinfo-log.txt)
- delete global log file (no confirm)

Rippers Menu:
- www address searcher inside exe - work on any file
- ExE inside ExE (Win32 Pe windows executable) - work on any file
- Zip archives inside ExE www.winzip.com - work on any file
- Rar archives inside ExE www.rarlab.com - work on any file
- CAB MS archives inside ExE (for MSI installers ) - work on any file
- SWF flash Adobe animation files (internal length fixer for non exe files)
- ICO nonstandard icon ripper
- (All in one) - for lazy boys (without 'www address')

F1 key - keyboard help
F2 key - Multiple file scanner for *.exe files
F3 key - external view (hiewdemo.exe or hiew32.exe) path directory
F4 key - external test (peid.exe) path directory
F5 key - external test RDG Packer Detector (I read location from Win registry)
F6 key - external test DiE.exe Detect it Easy (I read location from Win registry - shell integration req.)
F7 key - 8/16 bit String finder
F9 key - :-) UPX pack
F10 key - :-) UPX unpack
Alt+S - ZOOM Window x2!
Alt+Delete - delete file

"+", "-" - Numeric KEY = adjust transparent Form

Non executable file detection:
Image file - jpg, png, gif (87/89), bmp
Sound file - mp3 (ID3/noID), wma, ogg
Video file - avi (divx/xvid), wmv, mpg, 3GP
Archive file - 7zip, zip, rar
others: chm (Microsoft HTML Help), msi, pdf, xml, fws, cws, php, html, hlp, mdb, lnk.

Overlay detector:
01. zip archives
02. cab archives
03. SWF Flash object (packed & unpacked format)
04. Executable PE file
05. 7zip archives
06. RAR archives

Plugins like a Peid.exe (70% compatible:-()

Multiscaner use - command line:
Exeinfope *.* /s
Exeinfope *.exe /s

Show All PE files and sent to log file (silent mode no GUI ! -> !ExEinfo-Multiscan.log)


ACM* - anti cheat mechanism

Programas FUD

0 comentarios:

Quieres Comentar

Todos los comentarios están siendo leídos pero no moderados.

- Todos los comentarios deben ser relacionados con el artículo
- Serán borrados aquello comentarios que sean considerado SPAM
- Si quieren pedir ayuda,que no tenga nada que ver con el post, utilicen la página de Contacto
- Los comentarios serán contestados a la brevedad mínima posible


About Me

My Blog List

Term of Use