This tool is a tool that assists in virus analysis. It includes various file format recognition functions, uses part of Super Patrol's format recognition engine code, integrates shell checking, PE file editing, MD5 calculation, and quick third-party tool utilization. , suitable for systematic processing of some virus and Trojan samples in virus analysis. It supports file drag and drop, and can set the right-click shell check function for files and directories. In addition to FFI's own shell library unpack.avd, you can also use extensions Shell library (must be named userdb.txt. This library format is compatible with the PEID library format. You can put the userdb.txt you collected into the enhanced shell detection function).
The main interface of this program can display the entry point/physical offset of the entry point, sections and other information of the program being checked.
The button after PE Section can edit the section table of the current file. After clicking, the Sections Editor window will appear.
The main functions are:
★Show detailed segment information
★You can view the edit section name, size, execution attributes and other related information.
★Clear selected section names
★Automatic repair of sections
★Load sections from disk
★Save sections to disk
★Add a new section
★Delete sections from files
★Delete the section from the PE header (the content of the section is still there)
★Fill the section with specified data
The button behind SubSystem can display the detailed information of the PE file, support detailed editing of the Dos header, NT header and other information of the PE file, and support viewing the export table and import table information of the PE file. The function of this project is too detailed, please refer to the interface for details.
Additional data detection:
Scans applications for attachment data and provides detailed starting location and size of the attached data.
Third-party tool support:
In the Options button, click the Manage Tools button, and you can use the right-click menu to add/delete third-party tools such as IDA/OllyDBG. In this way, you can directly start OllyDBG, IDA and other tools in FFI to open the current file for disassembly.
注:添加第三方工具后,点Plugin>>Click the button to see the tool information you added. Click to use this tool to open the currently processed file.
Hot search terms: 360 Security Guard Office365 360 browser WPS Office iQiyi Huawei Cloud Market Tencent Cloud Store
it works
it works
it works