Search the Community
Showing results for tags 'viewing'.
-
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro to dump in-memory PE files and reconstruct imports. Features Standalone application and IDAPython plugin Supports Windows/Linux/Mac Rainbow PE ratio map: High-level overview of PE structures, size and file location Allows for fast visual comparison of PE samples Displays the following PE headers in a tree view: MZ header DOS stub Rich headers NT/File/Optional headers Data directories Sections Imports Exports Debug information Load config TLS Resources Version information Certificates Overlay Extract and save data from: DOS stub Sections Resources Certificates Overlay Send data to CyberChef VirusTotal search of: File hashes PDB path Timestamps Section hash/name Import hash/name Export name Resource hash Certificate serial Standalone application; Double-click VA/RVA to disassemble with capstone Hex-dump data IDAPython plugin: Easy navigation of PE file structures Double-click VA/RVA to view in IDA-view/hex-view Search IDB for in-memory PE files; Reconstruct imports (IAT + IDT) Dump reconstructed PE files Automatically comment PE file structures in IDB Automatically label IAT offsets in IDB [hide][Hidden Content]]