Log in

View Full Version : PEvoyeur


marciano
June 11th, 2005, 20:28
PEvoyeur is my PE editor and identifier.

Features:
Code:

Features:
~~~~~~~~~

- Identify compilers and executable packers (the user can add signatures
to the database).

- Summary.
- EntryPoint (RVA).
- EntryPoint (raw).
- Linker version.
- Subsystem.
- EP section.
- Flags.

- View/modify the DOS Header.
- View/modify the File Header.
- Edit Flags.
- Edit Machine.
- View/modify the Optional Header.
- Edit Subsystem.

- View/modify the Data Directories info.
- Export the Data Directories info to html.
- View the exported functions.
- Edit the Export Table.
- Export the list of exported functions to html.
- View the imported functions.
- Export the list of imported libraries to html.
- Export the list of imported functions from a certain library to html.

- View/modify/dump the sections.
- Edit Flags.
- Identification of the EntryPoint section with an icon.
- Open section with hex viewer.
- Export the section headers table to html.

- Support for PEiD plugins. Just place them in the PEvoyeur "plugins" folder.

- It doesn't need installation.
- It consumes little RAM.
- Drag & drop support.
- Command line support (pass the file name as argument).
- Shell integration (context menu of .exe and .dll files).


You can download it from http://xthost.info/marciano/archivos/pevoyeur_en.zip (459 Kb).

seven
June 12th, 2005, 06:04
ilove it , perfect tool , thx --_a

Knight
June 12th, 2005, 06:24
Not bad!
But I don't see no advantages using this tool than PEiD, LordPE or Stud PE. It even looks like those tools clone (especially PEiD and LordPE) . Anyway keep it going and maybe soon we'll have tool much better than those we're using know.

Regards

marciano
June 12th, 2005, 19:43
Thank you all for the comments!
I began it as my private tool:it is similar to PEiD and LordPE, but PEvoyeur combines PE edition and identification in one tool. With PEiD you cannot modify the file, and LordPE has not identification ability.

However, I'll keep improving my tool. Thank you for testing it.

Greetings,
marciano

SiGiNT
June 12th, 2005, 23:52
I like it!, not a citicism but an observation, it mis-identified aspr 2.0 as aspr 1.23 RC, of course then again peid 0.93 said the file wasn't packed - 0.92 identified it correctly.

SiGiNT