Hi all!
Finally, I rewritten my plugin PE Viewer. Now it is beta and can be downloaded here: http://www.totalcmd.net/download.php?id=peviewer (32+64, with autoinstall) . Bug reports, comments and suggestions are welcome!
Main differences from old version:
- Added x64 version
- Added support of x64 binaries
- Added Resource tab, Info tab is redesigned
- Removed compiler determination
Not implemented yet:
- Validity checking
- Localization
Please try it and leave your comments.
PE Viewer plugin
Moderators: Hacker, petermad, Stefan2, white
PE Viewer plugin
Last edited by speller2 on 2012-03-10, 10:42 UTC, edited 4 times in total.
Nice, but I miss the compiler determination feature, I know it depended on an rather old text file with pe signatures but it correctly showed Delphi and vc6-8 apps plus some PE packers especially upx, I'd really like it back.
ps. a wdx plugin exeformat http://www.totalcmd.net/plugring/exeformat.html had a bit newer signs.txt file, maybe adding this back as an optional feature?
ps. a wdx plugin exeformat http://www.totalcmd.net/plugring/exeformat.html had a bit newer signs.txt file, maybe adding this back as an optional feature?
I thought compiler determination feature is not needed to most users... When I used it, it become more and more useless every year.
But if it is still needed, I can return it. But I think newer signs file needed than 2006's year file in ExeFormat plugin. I dot know where to obtain it. Do anybody have any suggestions where to find it?
But if it is still needed, I can return it. But I think newer signs file needed than 2006's year file in ExeFormat plugin. I dot know where to obtain it. Do anybody have any suggestions where to find it?
I don't think you can find an updated signs text file, anyhow it's not a big deal you can have both versions of the plugin just install the new one in a new folder like peviewer2 and place it above the old one in lister so if you need a feature from the old one you can just hit 4, tanks for a great plugin.
I did a google search to find an updated pe signatures file and the best I could do is http://code.google.com/p/fuu/source/browse/trunk/bin/x86/Tools/Signaturesdb/signatures.txt
although it has a date of May 29, 2011 I think it's older it doesn't contain signatures info about visual studio 2008 or 2010 or newer Delphi versions (7 and above) plus no info about 64bit files.
ps.
After some more research I found partially compatible pe signatures, you're using "PE Tools" style text file, as you're modifying your source can you tweak it to use "PEiD" style text signatures, both "PE Tools" and "PEiD"are abandoned software but "PEiD" has a larger user base and it's database is updated more often, you can check out "PEiD"'s database here:
http://reverse-engineering-scripts.googlecode.com/files/UserDB.TXT or http://code.google.com/p/reverse-engineering-scripts/downloads/list
and
http://research.pandasecurity.com/blogs/images/userdb.txt
pss. You wrote:
although it has a date of May 29, 2011 I think it's older it doesn't contain signatures info about visual studio 2008 or 2010 or newer Delphi versions (7 and above) plus no info about 64bit files.
ps.
After some more research I found partially compatible pe signatures, you're using "PE Tools" style text file, as you're modifying your source can you tweak it to use "PEiD" style text signatures, both "PE Tools" and "PEiD"are abandoned software but "PEiD" has a larger user base and it's database is updated more often, you can check out "PEiD"'s database here:
http://reverse-engineering-scripts.googlecode.com/files/UserDB.TXT or http://code.google.com/p/reverse-engineering-scripts/downloads/list
and
http://research.pandasecurity.com/blogs/images/userdb.txt
pss. You wrote:
but the old plugin wlx_peviewer_1.11a from 2004 just appeared on totalcmd.netOld version have a bug and sometimes show error in binary format, but actually it is plugin internal error. So I dont want users keep it.
Public beta is made. http://www.totalcmd.net/download.php?id=peviewer . Plugin is updated on its page on totalcmd.net
What's new:
+ Autoinstall
+ Localization
+ Imports validation
+ Compiler determination (PEiD signs not implemented yet)
* Correct imports validation on 32 and 64 bit modules (System32/SysWow64 directories)
* Single Icon/Cursor and Icon/Cursor Group resource types now saved as valid ico/cur files instead of simple binary resource dumps.
* Some focus improvements
Plans:
- Option to switch settings storage: lsplugin.ini or plugin own ini.
- Different file to store plugin settings (various UI settings, wich is not autosaved in lsplugin.ini)
- PEiD signatures
What's new:
+ Autoinstall
+ Localization
+ Imports validation
+ Compiler determination (PEiD signs not implemented yet)
* Correct imports validation on 32 and 64 bit modules (System32/SysWow64 directories)
* Single Icon/Cursor and Icon/Cursor Group resource types now saved as valid ico/cur files instead of simple binary resource dumps.
* Some focus improvements
Plans:
- Option to switch settings storage: lsplugin.ini or plugin own ini.
- Different file to store plugin settings (various UI settings, wich is not autosaved in lsplugin.ini)
- PEiD signatures
New beta is available
What's new:
[+] Added plugin configuration reading from custom PEViewer_config.ini.
[+] Added support of the PEiD signatures.
[+] "Copy" popup menu item in lists splitted into "Copy Line" and "Copy Value".
[+] Added entry point icon into sections list.
[+] Added option to disable remembering last opened tab.
[+] Added option to choose plugin settings storage: lsplugin.ini (common for all plugins) or own plugin ini.
[*] Improved validity check displaying.
[*] improved delayed modules displaying.
[*] Added support of icon resources with PNG data.
[*] Fixed pseudo-button under text label with image info on tab buttons line.
[*] Fixed columns resize in lists.
[*] Widened extension list of the plugin used by default.
[*] Fixed some bugs in import and export reading, in compiler determination.
[*] Deleted columns with ordinal function number in import and export lists. Ordinal now displayed in the Name column.
[*] Automatic compiler determination now disabled by default, added option to turn it on.
Additional testing of the compiler determination feature is needed. Need to test determination speed and accuracy.
PS: Please download plugin again if you downloaded a 7z archive - it was missed the Lang folder in it. I reuploaded plugin in rar and with correct contents.
What's new:
[+] Added plugin configuration reading from custom PEViewer_config.ini.
[+] Added support of the PEiD signatures.
[+] "Copy" popup menu item in lists splitted into "Copy Line" and "Copy Value".
[+] Added entry point icon into sections list.
[+] Added option to disable remembering last opened tab.
[+] Added option to choose plugin settings storage: lsplugin.ini (common for all plugins) or own plugin ini.
[*] Improved validity check displaying.
[*] improved delayed modules displaying.
[*] Added support of icon resources with PNG data.
[*] Fixed pseudo-button under text label with image info on tab buttons line.
[*] Fixed columns resize in lists.
[*] Widened extension list of the plugin used by default.
[*] Fixed some bugs in import and export reading, in compiler determination.
[*] Deleted columns with ordinal function number in import and export lists. Ordinal now displayed in the Name column.
[*] Automatic compiler determination now disabled by default, added option to turn it on.
Additional testing of the compiler determination feature is needed. Need to test determination speed and accuracy.
PS: Please download plugin again if you downloaded a 7z archive - it was missed the Lang folder in it. I reuploaded plugin in rar and with correct contents.
Last edited by speller2 on 2012-06-13, 16:53 UTC, edited 2 times in total.
I get an access violation when viewing PEViewer.wlx in PEViewer.wlx 2.0b3.
TC plugins: Autodesk 3ds Max / Inventor / Revit Preview, FileInDir, ImageMetaData (JPG Comment/EXIF/IPTC/XMP), MATLAB MAT-file Viewer, Mover, SetFolderDate, Solid Edge Preview, Zip2Zero and more
Both PEViewer 32 and 64bit give this AV on TC8. OS is Win7x64. Afterwards (clicking OK on the Error dialog) the plugin is correctly loaded.
Image: http://tbeu.de/forum/PEViewer.wlx64.png
Image: http://tbeu.de/forum/PEViewer.wlx.png
Image: http://tbeu.de/forum/PEViewer.wlx64.png
Image: http://tbeu.de/forum/PEViewer.wlx.png
TC plugins: Autodesk 3ds Max / Inventor / Revit Preview, FileInDir, ImageMetaData (JPG Comment/EXIF/IPTC/XMP), MATLAB MAT-file Viewer, Mover, SetFolderDate, Solid Edge Preview, Zip2Zero and more
It was my first time installation.
TC plugins: Autodesk 3ds Max / Inventor / Revit Preview, FileInDir, ImageMetaData (JPG Comment/EXIF/IPTC/XMP), MATLAB MAT-file Viewer, Mover, SetFolderDate, Solid Edge Preview, Zip2Zero and more