PE Viewer 3.0

[iteg]

2Fla$her
1)

Where is it? I want to customize the background and font colors, but there is no description.

After the implementation of "Dark Mode", this functionality was removed. I have already corrected the description both on the website and in ReadMe.txt.
2)

What is the meaning of TYPELIB binary?

TypeLib data is used by operating systems to tell them how to connect COM objects. COM stands for Component Object Model. It commonly occurs alone in ".TLB" files and also as resources in PE (Portable Executable) format files (.DLL, .EXE, .OCX, ...). When it occurs as a resource, it is in a section named "TYPELIB". I have already planned the analysis of this resource.
3)

I would like to remove unnecessary things from there: "s "

The plugin displays the original text without changes or filtering. The presence of "s" is necessary because this is the format. Without "s" the object will not be registered. I agree that when viewing the "s " seems like a typo or a mistake.
4)

When clicking on COM (TYPELIB) on the first tab, go to the Resources tab and expand REGYSTRY.

After parsing this resource, I’ll probably implement a transition to the Resources tab and to TypeLib, and not REGISTRY.
5)

virustotal.com: Option to replace /gui/ with /old-browsers/.

Implemented it in a test build.
https://dropmefiles.com/xNZKl

Thank you for participating in the project.

[KozakMak]

i still think that plugin must have .net tab with determining installed versions of .Net in system

[Fla$her]

After the implementation of "Dark Mode", this functionality was removed.

Yes, but you also wrote this:

Over time, I plan to change it to read colors from wincmd.ini.

And I suggested using both background colors (BackColor/BackColor2), if any, so that there would be no disagreement which of the two background colors is more suitable.
How soon can we expect this?

TypeLib data is used by operating systems to tell them how to connect COM objects.

I wouldn't ask about the binary view if I didn't know what it is.

I have already planned the analysis of this resource.

Understood, i.e. it's early to talk about usage. This will probably help you.
Maybe you can do something similar? Or will it be closer to TLB, OLExp and OleView?

I agree that when viewing the "s " seems like a typo or a mistake.

Can you change that? I'm in favor of simplifying the process of selecting and copying as much as possible with the output of only useful information.

After parsing this resource, I’ll probably implement a transition to the Resources tab and to TypeLib, and not REGISTRY.

The benefit of REGISTRY is to create an sxs manifest, and TypeLib is to read the functionality (classes, methods and properties).
Which should come first? I think it's REGISTRY.

I ask you again to expand tree nodes by one click on the text, not only by +/- or the icon, at least optionally.
I also return to the discussion of replacing the arrow tips (⌃⌄) under the tab headers with full-fledged arrows (8-11 rows) to the right of them.

Implemented it in a test build.

Please do it on x32 too, if it's not difficult.

[iteg]

2KozakMak

i still think that plugin must have .net tab with determining installed versions of .Net in system

Implemented it in a test version.

2Fla$her
x32 version included.

On the Import tab, you can open the imported library in a separate plugin process from the context menu or by pressing the 'Space' key.
Test version 3.0.13.5:
https://dropmefiles.com/v7TSH2

[Fla$her]

2iteg
Thanks for "Use Old Link", but for some reason "Get File Status" does not work. The link appears if the hash isn't found.
Also the "Company Name - Code Page" block on TOTALCMD.EXE it is repeated three times.

Space on the Import tab

I am waiting for answers on other questions.

[KozakMak]

2iteg
pls add option to set path to winrar
so we can see sfx scenario

[iteg]

2Fla$her
1)

How soon can we expect this?

I ask you again to expand tree nodes by one click on the text, not only by +/- or the icon, at least optionally.
I also return to the discussion of replacing the arrow tips (⌃⌄) under the tab headers with full-fledged arrows

I added this functionality to the ToDo list. I'm currently working on expanding the overall functionality. When I accumulate several GUI tasks, I will do them all together.
2) Parsing the TypeLib format will be similar to the output of the fileinfo plugin.
3)

Can you change that?

In the plugin, I adhere to the principle of displaying original string or numeric values ​​without modification. For many this is important. This will not be useful information, because information will be changed. I also previously wrote about a format where deleting “s” will lead to an error in registering the object in the system. It is possible to copy the entire text representation of a resource using Ctrl+C without explicit selection. You can then edit as you wish.
4)

The benefit of REGISTRY is to create an sxs manifest, and TypeLib is to read the functionality (classes, methods and properties).
Which should come first? I think it's REGISTRY.

If there is a TypeLib resource, then there is not always a REGISTRY resource nearby. Look at the system components.
5)

but for some reason "Get File Status" does not work.

Improved functionality in the new version. In Windows XP and Windows 7, data transfer over https will fail due to expired Trusted Root Certificate Authorities certificates (E12175). You must import them manually if there is no corresponding system update.
6)

Also the "Company Name - Code Page" block on TOTALCMD.EXE it is repeated three times.

Everything is correct. The x32 version of totalcmd.exe has 3 StringTable blocks. There is only one block in x64. If you look closely, each version block has its own language code. You can check it with the Restorator utility.

2KozakMak
1) Check the functionality of the list of installed ".Net Framework" on the "CLR Header" tab.
2)

pls add option to set path to winrar. so we can see sfx scenario

Describe in detail.

Test version 3.0.13.6: https://dropmefiles.com/Kgw2R

[AntonyD]

2iteg
If we talk about the same file -TOTALCMD.EXE- it has a Dialog type in the Resources section, and there are 6 records inside it.
But none of them are anything resembling dialog. So WHAT is it, then, in essence?

[Sir_SiLvA]

2iteg
If we talk about the same file -TOTALCMD.EXE- it has a Dialog type in the Resources section, and there are 6 records inside it.
But none of them are anything resembling dialog. So WHAT is it, then, in essence?

go to totalcmd.exe -> using the plugin fileinfo (https://totalcmd.net/plugring/fileinfo.html), upon pressing f3 on totalcmd.exe you see that it has 3 version infos (german, english and french - totalcmd64.exe has only the english one)
THATS what is talked about.

[iteg]

2AntonyD

If we talk about the same file -TOTALCMD.EXE- it has a Dialog type in the Resources section, and there are 6 records inside it.
But none of them are anything resembling dialog. So WHAT is it, then, in essence?

Parsing the Dialog resource structure is not implemented in the current version. Binary text is output. Already planned implementation.

[KozakMak]

1) Check the functionality of the list of installed ".Net Framework" on the "CLR Header" tab.

https://ibb.co/F50Lp8x
works!
if i install Core, will it show up? https://versionsof.net/

Describe in detail.

something like this: https://ibb.co/SvkGxtH

[AntonyD]

2Sir_SiLvA

go to totalcmd.exe -> using the plugin fileinfo (https://totalcmd.net/plugring/fileinfo.html), upon pressing f3 on totalcmd.exe you see that it has 3 version infos (german, english and french - totalcmd64.exe has only the english one)
THATS what is talked about.

You gave a clarification completely different from what was lurking in my question.
Below your post, the developer has navigated perfectly and provided a comprehensive response.

[AntonyD]

2KozakMak

something like this:

And what exactly in the above example is necessary and sufficiently useful information for the user?

[Fla$her]

2iteg

1. I will do them all together.

   Noted. That’s good news anyway.
2. Too bad. It's inconvenient to work with such text.

3. It is possible to copy the entire text representation of a resource using Ctrl+C without explicit selection.

   Tips for dummies are, of course, great, but I would like a little optimization.
   

   For many this is important.

   Okay, I have a specific suggestion/request then. ActiveX are more often used in writing scripts.
   Could you make an additional node with sxs manifests that will immediately solve the conversion problem? Then your plugin would be invaluable.
   I understand that this is not easy, but such an optimization would be a masterpiece.
   I don't expect this to happen anytime soon, but it would be cool.
   `
4. It happens that the information is simply encrypted, i.e. neither TypeLib nor registry data can be obtained.
   A priority option would be helpful. What do you think? And in the absence of one of them, go to the existing one.

5. You must import them manually if there is no corresponding system update.

   I get E12175, but this code works:
   VT-DetectionRatio.vbs

   Code: Select all

   Set oHTML = CreateObject("htmlfile")
   GetRatio "67381e360f4436b38ade138255b8a10ea483f1d0579256f840bea36c486af278"
   GetRatio "dfbec46482bb56e426137b3cb0cfc343865360c72eb27bdf196fcc7543622701"
   Set oHTML = Nothing
   
   Sub GetRatio(Hash)
      With CreateObject("MSXML2.ServerXMLHTTP.6.0")
          .SetOption(2) = 13056
          .Open "GET", "https://www.virustotal.com/old-browsers/file/" & Hash, 0
          .SetRequestHeader "Cache-Control", "no-cache"
          .SetRequestHeader "Pragma", "no-cache"
          .Send 0
          .WaitForResponse 10
          oHTML.Write .ResponseText
          .Abort
      End With
      For Each i In oHTML.getElementsByTagName("span")
         If i.getAttribute("id") = "detections" Then Ratio = RTrim(i.InnerText): Exit For
      Next
      oHTML.close
      If IsEmpty(Ratio) Then Ratio = "Hash not found!"
      MsgBox Ratio, 262208
   End Sub

   Could you implement something like this?
   Also, when copying the value, the extra text "(E12175) " gets along with the link. Is it possible to exclude it?

6. Everything is correct. The x32 version of totalcmd.exe has 3 StringTable blocks.

   Even if this is the case, the implementation of version 2.0 looks more successful, duplicate blocks are excluded there. Could you delete repeating lines? Language codes can be placed side by side.

[Sir_SiLvA]

duplicate blocks are excluded there.

there are no duplicated blocks

2iteg:
Please continue to show all the data that is there just cause one User doesnt want it TIA