Total Commander

[speller2]

Hi all!

Finally, I rewritten my plugin PE Viewer. Now it is beta and can be downloaded here: http://www.totalcmd.net/download.php?id=peviewer (32+64, with autoinstall) . Bug reports, comments and suggestions are welcome!

Main differences from old version:
- Added x64 version
- Added support of x64 binaries
- Added Resource tab, Info tab is redesigned
- Removed compiler determination

Not implemented yet:
- Validity checking
- Localization

Please try it and leave your comments.

[iana]

Nice, but I miss the compiler determination feature, I know it depended on an rather old text file with pe signatures but it correctly showed Delphi and vc6-8 apps plus some PE packers especially upx, I'd really like it back.
ps. a wdx plugin exeformat http://www.totalcmd.net/plugring/exeformat.html had a bit newer signs.txt file, maybe adding this back as an optional feature?

[speller2]

I thought compiler determination feature is not needed to most users... When I used it, it become more and more useless every year.

But if it is still needed, I can return it. But I think newer signs file needed than 2006's year file in ExeFormat plugin. I dot know where to obtain it. Do anybody have any suggestions where to find it?

[iana]

I don't think you can find an updated signs text file, anyhow it's not a big deal you can have both versions of the plugin just install the new one in a new folder like peviewer2 and place it above the old one in lister so if you need a feature from the old one you can just hit 4, tanks for a great plugin.

[speller2]

Old version have a bug and sometimes show error in binary format, but actually it is plugin internal error. So I dont want users keep it.

[speller2]

Ok, I will return the compiler determination feature in release version.

[iana]

I did a google search to find an updated pe signatures file and the best I could do is http://code.google.com/p/fuu/source/browse/trunk/bin/x86/Tools/Signaturesdb/signatures.txt
although it has a date of May 29, 2011 I think it's older it doesn't contain signatures info about visual studio 2008 or 2010 or newer Delphi versions (7 and above) plus no info about 64bit files.

ps.
After some more research I found partially compatible pe signatures, you're using "PE Tools" style text file, as you're modifying your source can you tweak it to use "PEiD" style text signatures, both "PE Tools" and "PEiD"are abandoned software but "PEiD" has a larger user base and it's database is updated more often, you can check out "PEiD"'s database here:
http://reverse-engineering-scripts.googlecode.com/files/UserDB.TXT or http://code.google.com/p/reverse-engineering-scripts/downloads/list
and
http://research.pandasecurity.com/blogs/images/userdb.txt

pss. You wrote:

[speller2]

Thank you for links! I will see them. It is not a problem to teach plugin to understand PEiD signatures or any other.

On totalcmd.net I updated only link to this discussion. I did not change plugin archive because it is not in release condition.

[speller2]

Public beta is made. http://www.totalcmd.net/download.php?id=peviewer . Plugin is updated on its page on totalcmd.net

What's new:

+ Autoinstall
+ Localization
+ Imports validation
+ Compiler determination (PEiD signs not implemented yet)
* Correct imports validation on 32 and 64 bit modules (System32/SysWow64 directories)
* Single Icon/Cursor and Icon/Cursor Group resource types now saved as valid ico/cur files instead of simple binary resource dumps.
* Some focus improvements

Plans:
- Option to switch settings storage: lsplugin.ini or plugin own ini.
- Different file to store plugin settings (various UI settings, wich is not autosaved in lsplugin.ini)
- PEiD signatures

[speller2]

New beta is available

What's new:

[+] Added plugin configuration reading from custom PEViewer_config.ini.
[+] Added support of the PEiD signatures.
[+] "Copy" popup menu item in lists splitted into "Copy Line" and "Copy Value".
[+] Added entry point icon into sections list.
[+] Added option to disable remembering last opened tab.
[+] Added option to choose plugin settings storage: lsplugin.ini (common for all plugins) or own plugin ini.
[*] Improved validity check displaying.
[*] improved delayed modules displaying.
[*] Added support of icon resources with PNG data.
[*] Fixed pseudo-button under text label with image info on tab buttons line.
[*] Fixed columns resize in lists.
[*] Widened extension list of the plugin used by default.
[*] Fixed some bugs in import and export reading, in compiler determination.
[*] Deleted columns with ordinal function number in import and export lists. Ordinal now displayed in the Name column.
[*] Automatic compiler determination now disabled by default, added option to turn it on.



Additional testing of the compiler determination feature is needed. Need to test determination speed and accuracy.

PS: Please download plugin again if you downloaded a 7z archive - it was missed the Lang folder in it. I reuploaded plugin in rar and with correct contents.

[tbeu]

I get an access violation when viewing PEViewer.wlx in PEViewer.wlx 2.0b3.
_________________
My plugins: Autodesk 3ds Max Preview, Blat Mailer, ImageMetaData (JPG Comment/EXIF/IPTC/XMP) , MATLAB MAT-file Viewer, SolidWorks Preview and more

[speller2]

[tbeu]

Both PEViewer 32 and 64bit give this AV on TC8. OS is Win7x64. Afterwards (clicking OK on the Error dialog) the plugin is correctly loaded.
Image: http://tbeu.de/forum/PEViewer.wlx64.png
Image: http://tbeu.de/forum/PEViewer.wlx.png
_________________
My plugins: Autodesk 3ds Max Preview, Blat Mailer, ImageMetaData (JPG Comment/EXIF/IPTC/XMP) , MATLAB MAT-file Viewer, SolidWorks Preview and more

[speller2]

2tbeu
Did you installed plugin first time or overwritten an older version?

[tbeu]

It was my first time installation.
_________________
My plugins: Autodesk 3ds Max Preview, Blat Mailer, ImageMetaData (JPG Comment/EXIF/IPTC/XMP) , MATLAB MAT-file Viewer, SolidWorks Preview and more