PE format
Top tools
-
Training 3: Basics About the PE Format and .NET
You already know how to find that out. Use the "file" command, TrID, or look at the sample with a hex editor. All of these ways should tell you what kind of file we have here.
-
app-peid
PE iDentifier v0.95 (2008.11.03) by snaker, Qwerton, Jibz & xineohP
------------------------------------------------------
PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files.
-
ExeInfo: PE
Packer, compressor detector / unpack info / internal exe tools
Detect : Symbian / Android / Linux / Mac OS - files
PUP / PUA Applications & Downloaders
Archives : .zip , .rar , .zlb , .gz , .7 zip , .tar , .cab .is , ...
-
A.S.L Soft
Free Windows software
Detect packer , compiler , protector , .NET obfuscator , PUA application
-
PEiD
PEiD detects most common packers, cryptors and compilers for PE files.
It can currently detect more than 470 different signatures in PE files.
It seems that the official website (www.peid.info) has been discontinued. Hence, the tool is no longer available from the official website but it still hosted on other sites.
-
PE Format Illustrated – Part 1
Beginners tutorial on PE format, with illustrations. Planned to be an easy-to-follow overview tutorial with a lot of illustrations, without going into all the details. We tried to focus on the big picture.
-
PE Format Illustrated – Part 2
This is a beginner’s tutorial on PE format applied to .NET assemblies. We tried to give light illustrated text. We tried to focus on the big picture.
-
A Number of Reusable PE File Format Scanning Functions
Useful functions to retrieve information from PE files.
his article accompanies a number of command line sample applications that wrap some common code of mine. This common code can be used to extract various information from PE format files (PE format stands for Portable Executable Format). The four samples are named bitness, pefileuses, dotnetsearch and pdbget.
-
Pepper
PE (x86) and PE+ (x64) files viewer, based on libpe.
-
Anatomy of a .NET Assembly – PE Headers
Today, I’ll be starting a look at what exactly is inside a .NET assembly – how the metadata and IL is stored, how Windows knows how to load it, and what all those bytes are actually doing. First of all, we need to understand the PE file format.
-
.NET File Format - Signatures Under the Hood, Part 1 of 2
A full description of signatures, that are part of the .NET file format
-
.NET File Format - Signatures Under the Hood, Part 2 of 2
A full description of signatures, that are part of the .NET file format
-
PE file format part1 - DOS Headers, Signature, File Header
-
PE file format part2 - Optional Header
0:16 / 3:32
PE file format part2 - Optional Header
-
The .NET File Format
The standards of the .NET format are public, you can find them on Microsoft and in your .NET SDK (look after "Partition II Metadata.doc"), but they are intended to be a more like a reference, not really a guide. So, the truth is that a description of the format can be useful. I mean there's a huge difference between having the WinNT.h and having the full explanation of structures and stuff. The documentation given by Microsoft has some explanations, but a lot of passages aren't very clear at all. Of course, it's required that you know quite well the PE File Format. If that's not the case, you should start with that first, otherwise you won't be able to make heads or tails of this article. A little warning: I'm not going to explain how to use the libraries given by Microsoft to access the .NET Format, I'm going to explain the format itself. This article is based on the Framework 2.0.
-
Explorer Suite
Small announcement: If you or your organization needs professional PE inspection, then take a look at Cerbero Suite (the commercial product of my company), which properly supports many file formats beyond the complete Portable Executable specification. It’s multi-platform (Windows, OS X & Linux) and it comes as a free trial.
-
The .NET File Format
A full description of the .NET File format.
-
-
-
-
-
-
-
-
-
-
-