News:

- Fixed Export Table Bug
- Fixed Advanced Interface Bug
- General Improvements
- Improved Resource Viewer
- Improved MetaData Tables Viewer
- Added TLS Directory
- Added Import Adder
- Added .NET Flags Modification

Link:

http://pmode.net/USERS/116/Files/CFF_Explorer_install.msi

Have fun...

Thanks for the update Ntoskrnl. Maybe I'm doing something wrong but I can't add a new import successfully. I take notepad and add say a new kernel32 import, importing either by name or ordinal, then choose Rebuild Import Table. The saved file *looks* OK, a new .NewIT section is added and the new import is there. But when I try to start the modified app I get the Windows message

The dynamic link library jÿ5Ô‡ could not be found in the specified path

If I try adding some other dll import, from say a non-system dll, I get the same error message with the same cryptic snafu-ed name "jÿ5Ô‡".

Maybe someone else can confirm this either works or it doesn't. I'm using Win2K for the moment.


One other small point just in terms of feedback for some future version, I find it useful in a PE editor to be able to list imports in alphabetical order, say by clicking on a listview column header. A quick glance at the alphabetical listing is often helpful for getting a feel for what the program does and what API breakpoints might be useful.

Cheers,
Kayaker

Is there any specific reason you made CFF explorer msi setup ??
CFF_Explorer_install.msi = 553 KB

I extracted files with msi unpacker , packed with WinRar (max compression , solid archive) ; RAR file is = 310 KB

+i saved 553 KB inside folder \windoze\Downloaded Installations
+ there is absolutely no need to "install" it...

Q: Why all MSI based setup copy a copy od *.MSI inside \Downloaded Installations ? I dont want to buy 500 GB HD .


Btw. Try to visit pmode.net with Opera browser (nothing is seen on my display) ; with FF it works (but i dislike FF).

I can confirm (Win XP).

Kayaker: you are doing nothing wrong except using notepad. Everybody thinks that notepad is a good exe for tests, but the fact is that it's the worst PE ever. The IT is not in a section but in the header, and this wouldn't be a problem because I move the IT but the real problem is that the IAT is in the header as well, so, in order to add a new section (.NewIT) I'm overwriting the IAT who comes right after the section headers (sounds crazy, I know), and there's nothing I can do since I can't move the IAT. The only solution would be delete the new section's header, rebuild the first dwords of the iat anche increase the .rsrc section size. There is no other way to add imports to the notepad, check by yourself. - For the alphabetical order: yes it's very useful, unfortunately I don't have time to implement such things at the moment. Maybe in the next future... But thx.

hosiminh: Opera is the only browser among the important ones (firefox, IE, netscape, mozilla etc) who doesn't support the xsl/xml standard, so it won't work with pmode. MSI installation isn't "necessary", it's cool. The main reason I added it was for sites like download.com. Maybe I could upload also a .rar version, but is it really necessary for 200k? Also if you have a 300 mb hd, I would advise you to make backup copies of your data on cd/dvd and delete the hd ones =).

Zairon: same problem =).

LordPE can add new import on Notepad

What's 'anche'? I'm pretty sure I know this word

ahahhaahahah okok you got me! Sorry, I just woke up.



Didn't know lordpe had one, but if so it won't add a new section just increase the size of the last section. Maybe in the next version I'll add this option if the user prefers to increase the last section or add a new one, just for the notepad =).