【2018.03.30】PE Tools v1.9 (Meet the new release of good old-fashioned PE To...

cxj98

                                                Meet the new release of good old-fashioned PE Tools

It's been years since NEOx released latest public version of PE Tools in 2006, so you may have decided that PET is already dead, but it came back from the dead for a while in 2018!

Official Announce

Principal Changes

Fixes

Primarily, new release is about bug fixes. There are lot of things fixed including memory leaks and program logic. Be warned, sometimes new bugs are replacing old ones, but we had worked hard to bring you bug-free release without introducing new bugs (we really hope so).

New Features

Some nice new features are added to make your experience more visible and comfortable:

• Brand new Entropy View (approximately detect packing status, presence of encrypted data) with two modes: Curve and Histogram;
• New disassembler engine (previously it was CADt by Ms-Rem, then Mediana by mika0x65 and now it's diStorm by Gil Dabah) has now resulted in x86-64 (64 bit) disasm in addition to x86 (32 bit);
• Load Config Directory (`IMAGE_LOAD_CONFIG_DIRECTORY`) support with new additional values and sizes (non-standard sizes);
• Display of Structured Exception Handlers in Config directory;
• Certificates (Security Directory) removal (with all certificates);
• File System Redirector (Windows-on-Windows, WoW) support;
• Edit functionality in hex-editor;
• Correct process list display in modern OS;
• Display x86-64 (64 bit) processes in process list;
• DLL Characteristics dialog;
• PE Sniffer (Signs.txt) are translated to PEiD format.
  

A whole bunch of small but useful features

• Link files support (.lnk);
• Debug directory info: PDB name, GUID, POGO types, VC types;
• Disasm call/jmp direction (up / down relative to current offset);
• Copy and Save menus in disasm and hex-editor dialogs;
• Copy options in hex-editor: C source, Editor display, hex values (raw bytes);
• Shortcuts in Copy menu in hex-editor;
• Fill Block dialog in в hex-editor: fill with values; XOR, OR, AND, NOT operations supported;
• Sections Editor shows zero-based section number (useful with files with many unnamed sections);
• Default action for double click: opening corresponding dialogs without context menu by default;
• Values `OperatingSystemVersion` and `SubsystemVersion` are automatically updated to conform maximum number of sections for specific OS when increasing number of sections;
• Correct calculation and fix of certain header sizes;
• Detection of many int3 opcodes to interrupt fast disasm;
• Correct relocation table removal with fix of corresponding flags;
• Serious bugs fixed in File Location Calculator (FLC);
• Import adder: fixed library name truncation bug;
• Auto close of Admin privilege warning.
  

Get high

High-DPI display modes supported including 192 DPI:

• DPI modes supported and tested: 96, 120, 144, 192
• Graphics redrawn:
• Main Application Icon
• Logo
• Toolbar icons
  

Cleanup

Outdated and unnecessary features removed:

• Old update system removed;
• Plugins removed (old plugins had very basic API set with only 2 functions);
• Number of external libraries reduced;
• Modules with similar functionality merged.
  

Other changes

Full list of changes:
HISTORY

Many other small things are fixed or added (not all are listed), so it's a good way to study new features by downloading new release.


Links

Project site on Github:
petoolse.github.io/petools

PE Tools project news:
@petoolse


DOWNLOAD

github.com/petoolse/petools/releases

--

• Jupiter
• PainteR
  

2018.03.30               

f88u8

让自己去下载吗？英文版的？

sjhchinapyg

此工具功能很强大

psbox

谢谢分享！！

sinewtec

必须支持 好东西

chishingchan

网页能打开，但下载好像出问题。翻墙后下载了

chishingchan

微软机器翻译：

[AppleScript] 纯文本查看 复制代码

# 迎接新推出的优秀老式 PE 工具

自从 NEOx 在2006年发布了最新的公共版本的 PE 工具, 已经很多年了, 所以你可能已经决定 PET 已经死了, 但在2018年它从死亡回来了一段时间!

## 主要更改

### 修复

主要是关于 bug 修复的新版本. 有很多东西固定, 包括内存泄漏和程序逻辑. 被警告, 有时新的 bug 取代旧的, 但我们已经努力为您带来无 bug 释放, 而不引入新的 bug (我们真的希望如此).

### 新功能

一些不错的新功能添加, 使您的经验更直观和舒适:

- 全新的熵观 (近似检测包装状态, 加密数据的存在) 和两种模式: 曲线和直方图;
- 新的拆装引擎 (以前是 CADt 的 Ms Rem, 然后 Mediana 由 mika0x65, 现在它的 diStorm 由吉尔 Dabah) 现在已经导致 x86-64 (64 位) disasm 除了 x86 (32 位);
- 使用新的附加值和大小 (非标准大小) 加载配置目录 (IMAGE_LOAD_CONFIG_DIRECTORY) 支持;
- 在配置目录中显示结构化异常处理程序;
- 证书 (安全目录) 删除 (带所有证书);
- 文件系统重定向器 (windows 上窗口, WoW) 支持;
- 在十六进制编辑器中编辑功能;
- 正确的流程列表显示在现代操作系统中;
- 在进程列表中显示 x86-64 (64 位) 进程;
- DLL 特征 "对话框;
- PE 嗅探器 (Signs.txt) 被翻译成 PEiD 格式.

## 一整串小但有用的功能

- 链接文件支持(.lnk);
- 调试目录信息: PDB 名称、GUID、弹跳类型、VC 类型;
- Disasm 呼叫/选配方向(相对于当前偏移量向上/向下);
- 在 disasm 和十六进制编辑器对话框中复制和保存菜单;
- 在十六进制编辑器中复制选项: C 源、编辑器显示、十六进制值(原始字节);
- 十六进制编辑器中 "复制" 菜单中的快捷方式;
- в十六进制编辑器中的填充块对话框: 填充值;XOR, 或, 而不是支持的操作;
- 节编辑器显示从零开始的节号 (对于具有许多未命名节的文件很有用);
- 双击的默认操作: 默认情况下打开不带上下文菜单的相应对话框;
- 当增加节数时, 值 OperatingSystemVersion 和 SubsystemVersion 自动更新以符合特定 OS 的最大节数;
- 正确计算和修正某些标头尺寸;
- 检测多 int3 操作码中断快速 disasm;
- 正确的重新定位表删除与相应标志的修复;
- 在文件位置计算器中固定的严重 bug (刚果解放阵线);
- 导入加法器: 固定库名称截断 bug;
- 自动关闭管理权限警告.

### 获得高 DPI

支持的高 DPI 显示模式, 包括 192 dpi:
- 支持和测试 DPI 模式:96、120、144、192
- 重新绘制图形:
  - 主应用程序图标
  - 标志
  - 工具栏图标

### 清理

删除过时和不必要的功能:
- 已删除旧更新系统;
- 删除的插件 (旧插件有非常基本的 API 集只有2功能);
- 减少的外部库数;
- 合并了类似功能的模块.

### 其他更改

更改的完整列表:

- [历史]([url]https://petoolse.github.io/petools/HISTORY[/url])

许多其他小东西是固定的或添加的 (不是所有列出), 所以这是一个很好的方法来学习新的功能, 下载新的版本.

### 链接

Github 项目网站:

- [petoolse.github.io/petools]([url]https://petoolse.github.io/petools[/url])


PE 工具项目新闻:

- [@petoolse]([url]https://twitter.com/petoolse[/url])

### 下载

- [github.com/petoolse/petools/releases]([url]https://github.com/petoolse/petools/releases[/url])

--
- Jupiter
- PainteR

`2018.03.30`

hahacker

下载不下来，百度网盘上传一份吧。

老伙计

    什么意思，难道楼主不知道 Github 多数人访问不了吗？

sunshinesong

感谢分享！@！！！