PE format
- Training 3: Basics About the PE Format and .NET
- app-peid
- ExeInfo: PE
- A.S.L Soft
- PEiD
- PE Format Illustrated – Part 1
- PE Format Illustrated – Part 2
- A Number of Reusable PE File Format Scanning Functions
- Pepper
- Anatomy of a .NET Assembly – PE Headers
- .NET File Format - Signatures Under the Hood, Part 1 of 2
- .NET File Format - Signatures Under the Hood, Part 2 of 2
- PE file format part1 - DOS Headers, Signature, File Header
- PE file format part2 - Optional Header
- The .NET File Format
- Explorer Suite
- The .NET File Format
Top tools
You already know how to find that out. Use the "file" command, TrID, or look at the sample with a hex editor. All of these ways should tell you what kind of file we have here.
PE iDentifier v0.95 (2008.11.03) by snaker, Qwerton, Jibz & xineohP
------------------------------------------------------
PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files.
Packer, compressor detector / unpack info / internal exe tools Detect : Symbian / Android / Linux / Mac OS - files PUP / PUA Applications & Downloaders Archives : .zip , .rar , .zlb , .gz , .7 zip , .tar , .cab .is , ...
Free Windows software Detect packer , compiler , protector , .NET obfuscator , PUA application
PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 470 different signatures in PE files. It seems that the official website (www.peid.info) has been discontinued. Hence, the tool is no longer available from the official website but it still hosted on other sites.
Beginners tutorial on PE format, with illustrations. Planned to be an easy-to-follow overview tutorial with a lot of illustrations, without going into all the details. We tried to focus on the big picture.
This is a beginner’s tutorial on PE format applied to .NET assemblies. We tried to give light illustrated text. We tried to focus on the big picture.
Useful functions to retrieve information from PE files.
his article accompanies a number of command line sample applications that wrap some common code of mine. This common code can be used to extract various information from PE format files (PE format stands for Portable Executable Format). The four samples are named bitness, pefileuses, dotnetsearch and pdbget.
PE (x86) and PE+ (x64) files viewer, based on libpe.
Today, I’ll be starting a look at what exactly is inside a .NET assembly – how the metadata and IL is stored, how Windows knows how to load it, and what all those bytes are actually doing. First of all, we need to understand the PE file format.
A full description of signatures, that are part of the .NET file format
A full description of signatures, that are part of the .NET file format
0:16 / 3:32 PE file format part2 - Optional Header
The standards of the .NET format are public, you can find them on Microsoft and in your .NET SDK (look after "Partition II Metadata.doc"), but they are intended to be a more like a reference, not really a guide. So, the truth is that a description of the format can be useful. I mean there's a huge difference between having the WinNT.h and having the full explanation of structures and stuff. The documentation given by Microsoft has some explanations, but a lot of passages aren't very clear at all. Of course, it's required that you know quite well the PE File Format. If that's not the case, you should start with that first, otherwise you won't be able to make heads or tails of this article. A little warning: I'm not going to explain how to use the libraries given by Microsoft to access the .NET Format, I'm going to explain the format itself. This article is based on the Framework 2.0.
Small announcement: If you or your organization needs professional PE inspection, then take a look at Cerbero Suite (the commercial product of my company), which properly supports many file formats beyond the complete Portable Executable specification. It’s multi-platform (Windows, OS X & Linux) and it comes as a free trial.
A full description of the .NET File format.
No comments:
Post a Comment