PE Viewer plugin

Discuss and announce Total Commander plugins, addons and other useful tools here, both their usage and their development.

Moderators: Hacker, petermad, Stefan2, white

speller2
Junior Member
Junior Member
Posts: 92
Joined: 2009-01-26, 13:49 UTC

PE Viewer plugin

Post by *speller2 »

Hi all!

Finally, I rewritten my plugin PE Viewer. Now it is beta and can be downloaded here: http://www.totalcmd.net/download.php?id=peviewer (32+64, with autoinstall) . Bug reports, comments and suggestions are welcome!

Main differences from old version:
- Added x64 version
- Added support of x64 binaries
- Added Resource tab, Info tab is redesigned
- Removed compiler determination

Not implemented yet:
- Validity checking
- Localization


Please try it and leave your comments.
Last edited by speller2 on 2012-03-10, 10:42 UTC, edited 4 times in total.
iana
Senior Member
Senior Member
Posts: 345
Joined: 2010-07-27, 22:00 UTC

Post by *iana »

Nice, but I miss the compiler determination feature, I know it depended on an rather old text file with pe signatures but it correctly showed Delphi and vc6-8 apps plus some PE packers especially upx, I'd really like it back.
ps. a wdx plugin exeformat http://www.totalcmd.net/plugring/exeformat.html had a bit newer signs.txt file, maybe adding this back as an optional feature?
speller2
Junior Member
Junior Member
Posts: 92
Joined: 2009-01-26, 13:49 UTC

Post by *speller2 »

I thought compiler determination feature is not needed to most users... When I used it, it become more and more useless every year.

But if it is still needed, I can return it. But I think newer signs file needed than 2006's year file in ExeFormat plugin. I dot know where to obtain it. Do anybody have any suggestions where to find it?
iana
Senior Member
Senior Member
Posts: 345
Joined: 2010-07-27, 22:00 UTC

Post by *iana »

I don't think you can find an updated signs text file, anyhow it's not a big deal you can have both versions of the plugin just install the new one in a new folder like peviewer2 and place it above the old one in lister so if you need a feature from the old one you can just hit 4, tanks for a great plugin.
speller2
Junior Member
Junior Member
Posts: 92
Joined: 2009-01-26, 13:49 UTC

Post by *speller2 »

Old version have a bug and sometimes show error in binary format, but actually it is plugin internal error. So I dont want users keep it.
speller2
Junior Member
Junior Member
Posts: 92
Joined: 2009-01-26, 13:49 UTC

Post by *speller2 »

Ok, I will return the compiler determination feature in release version.
iana
Senior Member
Senior Member
Posts: 345
Joined: 2010-07-27, 22:00 UTC

Post by *iana »

I did a google search to find an updated pe signatures file and the best I could do is http://code.google.com/p/fuu/source/browse/trunk/bin/x86/Tools/Signaturesdb/signatures.txt
although it has a date of May 29, 2011 I think it's older it doesn't contain signatures info about visual studio 2008 or 2010 or newer Delphi versions (7 and above) plus no info about 64bit files.

ps.
After some more research I found partially compatible pe signatures, you're using "PE Tools" style text file, as you're modifying your source can you tweak it to use "PEiD" style text signatures, both "PE Tools" and "PEiD"are abandoned software but "PEiD" has a larger user base and it's database is updated more often, you can check out "PEiD"'s database here:
http://reverse-engineering-scripts.googlecode.com/files/UserDB.TXT or http://code.google.com/p/reverse-engineering-scripts/downloads/list
and
http://research.pandasecurity.com/blogs/images/userdb.txt

pss. You wrote:
Old version have a bug and sometimes show error in binary format, but actually it is plugin internal error. So I dont want users keep it.
but the old plugin wlx_peviewer_1.11a from 2004 just appeared on totalcmd.net
speller2
Junior Member
Junior Member
Posts: 92
Joined: 2009-01-26, 13:49 UTC

Post by *speller2 »

Thank you for links! I will see them. It is not a problem to teach plugin to understand PEiD signatures or any other.

On totalcmd.net I updated only link to this discussion. I did not change plugin archive because it is not in release condition.
speller2
Junior Member
Junior Member
Posts: 92
Joined: 2009-01-26, 13:49 UTC

Post by *speller2 »

Public beta is made. http://www.totalcmd.net/download.php?id=peviewer . Plugin is updated on its page on totalcmd.net

What's new:

+ Autoinstall
+ Localization
+ Imports validation
+ Compiler determination (PEiD signs not implemented yet)
* Correct imports validation on 32 and 64 bit modules (System32/SysWow64 directories)
* Single Icon/Cursor and Icon/Cursor Group resource types now saved as valid ico/cur files instead of simple binary resource dumps.
* Some focus improvements

Plans:
- Option to switch settings storage: lsplugin.ini or plugin own ini.
- Different file to store plugin settings (various UI settings, wich is not autosaved in lsplugin.ini)
- PEiD signatures
speller2
Junior Member
Junior Member
Posts: 92
Joined: 2009-01-26, 13:49 UTC

Post by *speller2 »

New beta is available

What's new:

[+] Added plugin configuration reading from custom PEViewer_config.ini.
[+] Added support of the PEiD signatures.
[+] "Copy" popup menu item in lists splitted into "Copy Line" and "Copy Value".
[+] Added entry point icon into sections list.
[+] Added option to disable remembering last opened tab.
[+] Added option to choose plugin settings storage: lsplugin.ini (common for all plugins) or own plugin ini.
[*] Improved validity check displaying.
[*] improved delayed modules displaying.
[*] Added support of icon resources with PNG data.
[*] Fixed pseudo-button under text label with image info on tab buttons line.
[*] Fixed columns resize in lists.
[*] Widened extension list of the plugin used by default.
[*] Fixed some bugs in import and export reading, in compiler determination.
[*] Deleted columns with ordinal function number in import and export lists. Ordinal now displayed in the Name column.
[*] Automatic compiler determination now disabled by default, added option to turn it on.



Additional testing of the compiler determination feature is needed. Need to test determination speed and accuracy.

PS: Please download plugin again if you downloaded a 7z archive - it was missed the Lang folder in it. I reuploaded plugin in rar and with correct contents.
Last edited by speller2 on 2012-06-13, 16:53 UTC, edited 2 times in total.
User avatar
tbeu
Power Member
Power Member
Posts: 1337
Joined: 2003-07-04, 07:52 UTC
Location: Germany
Contact:

Post by *tbeu »

I get an access violation when viewing PEViewer.wlx in PEViewer.wlx 2.0b3.
TC plugins: Autodesk 3ds Max / Inventor / Revit Preview, FileInDir, ImageMetaData (JPG Comment/EXIF/IPTC/XMP), MATLAB MAT-file Viewer, Mover, SetFolderDate, Solid Edge Preview, Zip2Zero and more
speller2
Junior Member
Junior Member
Posts: 92
Joined: 2009-01-26, 13:49 UTC

Post by *speller2 »

tbeu wrote:I get an access violation when viewing PEViewer.wlx in PEViewer.wlx 2.0b3.
Can not reproduce this. Can you provide more detailed information? TC version, bits, OS.
User avatar
tbeu
Power Member
Power Member
Posts: 1337
Joined: 2003-07-04, 07:52 UTC
Location: Germany
Contact:

Post by *tbeu »

Both PEViewer 32 and 64bit give this AV on TC8. OS is Win7x64. Afterwards (clicking OK on the Error dialog) the plugin is correctly loaded.
Image: http://tbeu.de/forum/PEViewer.wlx64.png
Image: http://tbeu.de/forum/PEViewer.wlx.png
TC plugins: Autodesk 3ds Max / Inventor / Revit Preview, FileInDir, ImageMetaData (JPG Comment/EXIF/IPTC/XMP), MATLAB MAT-file Viewer, Mover, SetFolderDate, Solid Edge Preview, Zip2Zero and more
speller2
Junior Member
Junior Member
Posts: 92
Joined: 2009-01-26, 13:49 UTC

Post by *speller2 »

2tbeu
Did you installed plugin first time or overwritten an older version?
User avatar
tbeu
Power Member
Power Member
Posts: 1337
Joined: 2003-07-04, 07:52 UTC
Location: Germany
Contact:

Post by *tbeu »

It was my first time installation.
TC plugins: Autodesk 3ds Max / Inventor / Revit Preview, FileInDir, ImageMetaData (JPG Comment/EXIF/IPTC/XMP), MATLAB MAT-file Viewer, Mover, SetFolderDate, Solid Edge Preview, Zip2Zero and more
Post Reply