Locked PE Tree - Python module for viewing Portable Executable

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports.

Features

    Standalone application and IDAPython plugin
    Supports Windows/Linux/Mac
    Rainbow PE ratio map:
        High-level overview of PE structures, size and file location
        Allows for fast visual comparison of PE samples
    Displays the following PE headers in a tree view:
        MZ header
        DOS stub
        Rich headers
        NT/File/Optional headers
        Data directories
        Sections
        Imports
        Exports
        Debug information
        Load config
        TLS
        Resources
        Version information
        Certificates
        Overlay
    Extract and save data from:
        DOS stub
        Sections
        Resources
        Certificates
        Overlay
    Send data to CyberChef
    VirusTotal search of:
        File hashes
        PDB path
        Timestamps
        Section hash/name
        Import hash/name
        Export name
        Resource hash
        Certificate serial
    Standalone application;
        Double-click VA/RVA to disassemble with capstone
        Hex-dump data
    IDAPython plugin:
        Easy navigation of PE file structures
        Double-click VA/RVA to view in IDA-view/hex-view
        Search IDB for in-memory PE files;
            Reconstruct imports (IAT + IDT)
            Dump reconstructed PE files
            Automatically comment PE file structures in IDB
            Automatically label IAT offsets in IDB

This is the hidden content, please

• Sign In
• or
• Sign Up