Hello, everyone!
I rebuilt the project based on the sources of "PE Viewer 2.0".
For suggestions and errors, post in the current topic.
Plugin posted on sites:
https://wincmd.ru/plugring/PEViewer3.html
http://totalcmd.net/plugring/PEViewer3.html
PE Viewer 3.0
Moderators: white, Hacker, petermad, Stefan2
PE Viewer 3.0
Last edited by iteg on 2023-06-07, 17:56 UTC, edited 2 times in total.
Re: PE Viewer 3.0
Something seems to be missing..
Re: PE Viewer 3.0
2iteg
i can only guess, but very probably w/o any link for downloading of your new rebuilt sources we can't add any significant suggestions.
i can only guess, but very probably w/o any link for downloading of your new rebuilt sources we can't add any significant suggestions.
#146217 personal license
Re: PE Viewer 3.0
I guess the plugin is on totalcmd.net...
Re: PE Viewer 3.0
Hey, thanks for taking the time to create this plugin.
I suggest not only to supply a russian.lng2 but also an english.lng2 so that translators have an easier job translating
@white and the rest: must be really hard to look at totalcmd.net:
http://totalcmd.net/plugring/PEViewer3.html
I suggest not only to supply a russian.lng2 but also an english.lng2 so that translators have an easier job translating
@white and the rest: must be really hard to look at totalcmd.net:
http://totalcmd.net/plugring/PEViewer3.html
Last edited by Sir_SiLvA on 2023-06-05, 17:36 UTC, edited 1 time in total.
Hoecker sie sind raus!
Re: PE Viewer 3.0
2Gral
Good point.
http://totalcmd.net/plugring/PEViewer3.html?
So, the initial question imho should be: HOW (and how often) we can get updated for PEid database? Am I correct in assuming that it is stored in UserDB.txt?
And in general - does this base, in principle, have the concept of updating? Maybe someone fills it from time to time. Purely for yourself?
Despite the changed size, the relevance of the database is in doubt. I opened totalcmd64.exe with a plugin and was surprised to find that the compiler definition didn't work! The string Unknown is displayed. Are these 64 bit applications impossible to detect?
Signs.txt - this database looks like was not updated? So we still have only outdated list of such things? And what is stored in it?
What should I do with file 'PEViewer_config.ini.sample'? What options are expected to be supported here? There should also be a complete list of all options that can be found in this file with a description of all options for entering values for these options.
Batch saving of selected resources is very necessary. And accordingly, for this you need to provide this selection. I.e, for example, out of 30 string constants, I need to save 5 of them. I would like to open the "Batch Copy" action from the context menu of the "String" tree-item, which would list all the current resources, and I could check the boxes next to the ones I need. And well, a couple of commonly used checkboxes "select all" / "deselect all". And a Save to... button.
Good point.
http://totalcmd.net/plugring/PEViewer3.html?
So, the initial question imho should be: HOW (and how often) we can get updated for PEid database? Am I correct in assuming that it is stored in UserDB.txt?
And in general - does this base, in principle, have the concept of updating? Maybe someone fills it from time to time. Purely for yourself?
Despite the changed size, the relevance of the database is in doubt. I opened totalcmd64.exe with a plugin and was surprised to find that the compiler definition didn't work! The string Unknown is displayed. Are these 64 bit applications impossible to detect?
Signs.txt - this database looks like was not updated? So we still have only outdated list of such things? And what is stored in it?
What should I do with file 'PEViewer_config.ini.sample'? What options are expected to be supported here? There should also be a complete list of all options that can be found in this file with a description of all options for entering values for these options.
Batch saving of selected resources is very necessary. And accordingly, for this you need to provide this selection. I.e, for example, out of 30 string constants, I need to save 5 of them. I would like to open the "Batch Copy" action from the context menu of the "String" tree-item, which would list all the current resources, and I could check the boxes next to the ones I need. And well, a couple of commonly used checkboxes "select all" / "deselect all". And a Save to... button.
Last edited by AntonyD on 2023-06-06, 08:10 UTC, edited 1 time in total.
#146217 personal license
Re: PE Viewer 3.0
You can always update it yourself, plus UserDB.txt was updated from 1832 Signatures to 5588 signatures.
after first run the PEViewer.ini is filled with:
Code: Select all
[PEViewer]
DefaultTab=ctResources
SaveDefaultTab=True
Localization=
AutoDetermineCompiler=True
ImportExportFrame.Splitter1Pos=157
ImportExportFrame.Splitter2Pos=375
ImportExportFrame.UndecorateCPPNames=True
HeadersFrame.Splitter1Pos=172
ResourcesFrame.Splitter1Pos=119
Hoecker sie sind raus!
Re: PE Viewer 3.0
1) Plugin posted on sites:
https://wincmd.ru/plugring/PEViewer3.html
http://totalcmd.net/plugring/PEViewer3.html
2) UserDB.txt was taken from the project:
https://github.com/packing-box/peid/tree/main/src/peid
3) Signs.txt not updated.
4) Selective and full resource saving added to the "To Do" list.
5) Adding English.lng2 added to the "To Do" list.
6) Documentation writing added to the "To Do" list.
https://wincmd.ru/plugring/PEViewer3.html
http://totalcmd.net/plugring/PEViewer3.html
2) UserDB.txt was taken from the project:
https://github.com/packing-box/peid/tree/main/src/peid
3) Signs.txt not updated.
4) Selective and full resource saving added to the "To Do" list.
5) Adding English.lng2 added to the "To Do" list.
6) Documentation writing added to the "To Do" list.
Re: PE Viewer 3.0
Possible that not recognize file compiled with Visual Studio 2022 C++?
HeadersFrame.Splitter1Pos=472
ResourcesFrame.Splitter1Pos=419
don't seem to work.
HeadersFrame.Splitter1Pos=472
ResourcesFrame.Splitter1Pos=419
don't seem to work.
Re: PE Viewer 3.0
2iteg
What in which file is more important and useful for the purposes of the plugin?
Is it possible? And Expected? And how does its content intersect with UserDB.txt?3) Signs.txt not updated.
What in which file is more important and useful for the purposes of the plugin?
#146217 personal license
Re: PE Viewer 3.0
It is necessary to look for signatures, if any.Possible that not recognize file compiled with Visual Studio 2022 C++?
The splitter position for HeadersFrame.Splitter1Pos is set automatically to display all sections, but is ignored from the configuration file.HeadersFrame.Splitter1Pos=472
ResourcesFrame.Splitter1Pos=419
For the ResourcesFrame.Splitter1Pos splitter, I fixed the usage from the configuration file.
Implemented in version 3.0.2.Batch saving of selected resources is very necessary.
To analyze the compiler, the signature databases of the projects "PETools / PE Sniffer" (Signs.txt) and "PEiD" (UserDB.txt) are used. The two analysis methods use only the search starting from the OEP. The plugin displays search results for these two databases.Is it possible? And Expected? And how does its content intersect with UserDB.txt?
What in which file is more important and useful for the purposes of the plugin?
Bases can be created manually. A signature search starting with OEP is ineffective (or even the entire file) because some distinctive data may be stored in other sections and very slowly. Well implemented in the project https://github.com/horsicq/Detect-It-Easy when using scripts.
I couldn't find a newer Signs.txt base.
Re: PE Viewer 3.0
Thanks for the update, 2 bugs:
1st when you have an upx'ed exe and click on Export/Import it turns on the display of "File Corrupted" which is just wrong
2nd this is a bug that was present in PEViewer 2 and FileInfo plugin too:
https://ibb.co/3ssbsMz as you can see, it clearly correctly identifies the exe as 64bit but claims the Target OS to be 32bit (which
I hope u mayhaps can fix?)
1st when you have an upx'ed exe and click on Export/Import it turns on the display of "File Corrupted" which is just wrong
2nd this is a bug that was present in PEViewer 2 and FileInfo plugin too:
https://ibb.co/3ssbsMz as you can see, it clearly correctly identifies the exe as 64bit but claims the Target OS to be 32bit (which
I hope u mayhaps can fix?)
Hoecker sie sind raus!
Re: PE Viewer 3.0
This is correct information. Take a look at the Resouces tab, select Version from the tree at th left and then look at the VS_FIXEDFILEINFO information. There you'll see the File OS flags. For totalcmd64.exe it's listed as Windows NT, 32-bit Windows even though it's also clearly a PE AMD64 executable.Sir_SiLvA wrote: ↑2023-06-19, 09:18 UTC2nd this is a bug that was present in PEViewer 2 and FileInfo plugin too:
https://ibb.co/3ssbsMz as you can see, it clearly correctly identifies the exe as 64bit but claims the Target OS to be 32bit (which I hope u mayhaps can fix?)
As this is a very old data structure it doesn't know anything about 64-bit or even other architectures like ARM: https://learn.microsoft.com/en-us/windows/win32/api/verrsrc/ns-verrsrc-vs_fixedfileinfo (dwFileOS)
Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64
Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64
Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
Re: PE Viewer 3.0
Not handle c# detail in info exe.
This are visible in compiled file on right clicking it and looking to the properties of the file.
This are visible in compiled file on right clicking it and looking to the properties of the file.
Re: PE Viewer 3.0
In version "PE Viewer" 3.0.3:
1)
2)
3)
1)
Replaced with a detailed description of the error.when you have an upx'ed exe and click on Export/Import it turns on the display of "File Corrupted" which is just wrong
2)
Yes, there are no flags for the 64-bit OS in the VS_FIXEDFILEINFO structure.this is a bug that was present in PEViewer 2 and FileInfo plugin too
3)
Fixed.Not handle c# detail in info exe.