{"id":13440821,"url":"https://github.com/petoolse/petools","last_synced_at":"2025-03-20T10:32:48.314Z","repository":{"id":37663719,"uuid":"102133147","full_name":"petoolse/petools","owner":"petoolse","description":"PE Tools - Portable executable (PE) manipulation toolkit","archived":false,"fork":false,"pushed_at":"2018-04-04T23:59:59.000Z","size":354,"stargazers_count":974,"open_issues_count":5,"forks_count":130,"subscribers_count":48,"default_branch":"master","last_synced_at":"2024-06-21T18:00:51.802Z","etag":null,"topics":["analysis","disassembler","dumper","entropy","hex-editor","pefile","rebuilder","resources"],"latest_commit_sha":null,"homepage":"https://petoolse.github.io/petools","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/petoolse.png","metadata":{"files":{"readme":"README.md","changelog":"HISTORY.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-09-01T16:37:50.000Z","updated_at":"2024-06-21T15:12:49.000Z","dependencies_parsed_at":"2022-07-12T16:42:34.003Z","dependency_job_id":null,"html_url":"https://github.com/petoolse/petools","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/petoolse%2Fpetools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/petoolse%2Fpetools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/petoolse%2Fpetools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/petoolse%2Fpetools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/petoolse","download_url":"https://codeload.github.com/petoolse/petools/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":213299358,"owners_count":15566609,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","disassembler","dumper","entropy","hex-editor","pefile","rebuilder","resources"],"created_at":"2024-07-31T03:01:26.642Z","updated_at":"2024-10-28T00:30:44.167Z","avatar_url":"https://github.com/petoolse.png","language":null,"funding_links":[],"categories":["HarmonyOS","Others",":wrench: Tools","🔧 Packages"],"sub_categories":["Windows Manager","Before 2000","⚡ Editing"],"readme":"![](https://petoolse.github.io/petools/img/petools-logo-blue-128.png)\n\n**PE Tools** - [portable executable](https://en.wikipedia.org/wiki/Portable_Executable) (PE) manipulation toolkit.\n\n## Table of contents\n\n- [Description](#description)\n- [Features](#features)\n    - [PE Editor](#pe-editor)\n    - [File Location Calculator](#file-location-calculator-flc)\n    - [PE Files Comparator](#pe-files-comparator)\n    - [Process Viewer and Manager](#process-viewer-and-manager)\n    - [PE Dumper](#pe-dumper)\n    - [PE Rebuilder](#pe-rebuilder)\n    - [PE Sniffer](#pe-sniffer)\n- [System Requirements](system-requirements)\n- [Limitations](#limitations)\n- [To do](#to-do)\n- [What's new](#whats-new-in-recent-major-releases)\n- [Creators](#creators)\n- [Contacts](#contacts)\n\n\n## Description\n\n\u003e **PE Tools** lets you actively *research* PE files and processes.\n\u003e `Process Viewer` and PE files `Editor`, `Dumper`, `Rebuilder`, `Comparator`, `Analyzer` are included.\n\u003e **PE Tools** is an *oldschool reverse engineering tool* with a long history since `2002`.\n\u003e PE Tools was initially inspired by LordPE (yoda).\n\n## Features\n\n### PE Editor\n\n- PE and DOS Headers **Editor**\n- PE Sections **Editor**\n- PE Directory _Viewer_ and **Editor**\n- Export Directory **Editor**\n- Import Directory **Editor**\n- Resource Directory _Viewer_\n- Exception Directory _Viewer_\n- Relocation Directory _Viewer_\n- Debug Directory _Viewer_\n- TLS Directory **Editor**\n- Load Config Directory **Editor**\n- Bound Directory **Editor**\n\n### File Location Calculator (FLC)\n\n- Virtual Address\n- Relative Virtual Address\n- Raw File Offset\n\n## PE Files Comparator\n\n- Side-by-side comparison of headers and characteristics of two PE files\n\n## Process Viewer and Manager\n\n- Show basic process information\n- Show process modules\n\n## PE Dumper\n\n- Running process dumper\n    - Full Dump\n    - Partial Dump\n    - Region Dump\n- ~~Dumper Server (accessible via Dumper Server SDK)~~\n\n## PE Rebuilder\n\n- Dump Fixer\n- Relocation Wiper\n- Resource Directory Rebuilder\n- PE file Validation\n- Imports Binder\n- ImageBase Changer\n\n## PE Sniffer\n\n- Signature analysis of PE files\n- Packer detection\n\n## HEX Editor\n\n- HEX Editor available in:\n    - `Section Editor` via section context menu\n    - Every `Data Directory` in `Directory Editor`\n\n## Plugins\n\n- ~~PE Tools `Plugin SDK` available~~\n\n## What's new in recent major releases\n\n### PE Tools v1.9\n\nComplete PE Tools v1.9 announces:\n- [PE Tools v1.9 announce in English](https://petoolse.github.io/petools/Announce-EN)\n- [PE Tools v1.9 announce in Russian](https://petoolse.github.io/petools/Announce-RU)\n\n\n#### Entropy View\n![](https://petoolse.github.io/petools/screens/PETools-Screens-Entropy.gif)\n- Entropy Viewer available in:\n    - Main `PE Editor` dialog\n    - `Section Editor` via section context menu\n    - `File Compare` dialog for both compared files\n\n#### 64-bit Disassembler\n![](https://petoolse.github.io/petools/screens/PETools-Screen-Disasm-diStorm.png)\n- [diStorm](https://github.com/gdabah/distorm) `v3.3.4`\n- Shows `jmp / call` direction\n\n#### Load Config Directory Editor\n\n- `IMAGE_LOAD_CONFIG_DIRECTORY` support\n- Additional Load Config Directory values and size support (non-standard sizes)\n\n#### High-DPI display modes support\n\n- 192 DPI supported\n- `DPI` modes supported and tested: `96`, `120`, `144`, `192`\n- Graphics redrawn:\n    - Main Application Icon\n    - Logo\n    - Toolbar icons\n\n\n#### Bug-fixes and minor changes\n\nSee [HISTORY](https://petoolse.github.io/petools/HISTORY)\n\n\n## System Requirements\n\n- Latest tested Operating System: [Windows 10](https://en.wikipedia.org/wiki/Windows_10)\n- Supported Windows versions: [Windows 10](https://en.wikipedia.org/wiki/Windows_10), [Windows 8.1](https://en.wikipedia.org/wiki/Windows_8.1), [Windows 8](https://en.wikipedia.org/wiki/Windows_8), [Windows 7](https://en.wikipedia.org/wiki/Windows_7)\n- Minimal Operating System: [Windows XP](https://en.wikipedia.org/wiki/Windows_XP)\n- Administrative rights for `SeDebugPrivilege`\n- macOS supported via [Wine](https://www.winehq.org) (tested Wine 3.4, 3.0, 2.16)\n- [ReactOS](https://www.reactos.org) natively supported (tested ReactOS 0.4.7)\n\n\n## Limitations\n\n- No [large files support](https://en.wikipedia.org/wiki/Large_file_support) (over 4 GB)\n- No [ARM disassembler](https://en.wikipedia.org/wiki/ARM_architecture#Operating_system_support) support (ARM architecture supported by [Windows 10 Mobile](https://en.wikipedia.org/wiki/Windows_10_Mobile), [Windows RT](https://en.wikipedia.org/wiki/Windows_RT), [Windows Phone](https://en.wikipedia.org/wiki/Windows_Phone), [Windows IoT Core](https://en.wikipedia.org/wiki/Windows_IoT#Core), [Windows Embedded Compact](https://en.wikipedia.org/wiki/Windows_Embedded_Compact))\n\n## Source code\n\n```C++\nthrow std::exception(“​PE Tools source code is not available”);\n```\n- If you want to add some features, write ready-to-use snippet (C/C++) and post it in [Issues](https://github.com/petoolse/petools/issues)\n\n## To do\n\n- [ ] `Win64` version\n- [ ] File `Overlay` Analyzer and Extractor\n- [ ] `Authenticode` Viewer\n- [x] `Rich` Signature Editor\n- [ ] `Relocations` Checker\n- [ ] Enhance `Debug` Directory Remover: remove debug section if empty\n- [ ] [Corkami](https://github.com/corkami/pocs/tree/master/PE/bin) binaries testing and support\n- [ ] `.NET Directory` Viewer\n- [ ] `External Tools` support (preliminary list):\n    - [ ] [x64dbg](https://x64dbg.com)\n    - [ ] [Scylla Imports Reconstruction](https://github.com/NtQuery/Scylla)\n    - [ ] [Hiew](http://hiew.ru)\n    - [ ] [r2](https://github.com/radare/radare2)\n    - [ ] [Resource Hacker](http://www.angusj.com/resourcehacker)\n- [ ] `Structures Export` to readable formats like `JSON` / `YAML`\n- [ ] `Crypto` tools (`hash`, `decryption` / `decryption`)\n- [ ] `ARM` disassembler (far-far-away)\n\n## Distribution\n\n| File             | Description                    | Lang |\n|:-----------------|:-------------------------------|:-----|\n| `PETools.exe`    | main PE Tools executable       |\n| `HEdit.dll`      | Hex-editor                     |\n| `RebPE.dll`      | PE Rebuilder                   |\n| `Signs.txt`      | PEiD signatures for PE Sniffer |\n| `ReadMe_EN.md`   | ReadMe                         | EN\n| `WhatsNew_EN.md` | What's New                     | EN\n| `WhatsNew_RU.md` | What's New                     | RU\n| `petools.sha1`   | Checksums SHA-1                |\n\n\n## DOWNLOAD\n\n- [github.com/petoolse/petools/releases](https://github.com/petoolse/petools/releases)\n\n\n## Licensing\n\nSee [LICENSE](LICENSE)\n\n\n## Creators\n\n### PE Tools\n\n- NEOx [[uinC](http://uinc.ru/files/neox/PE_Tools.shtml)] - versions up to `1.5`, 2002-2006\n- [Jupiter](https://github.com/upiter) - versions from `1.5`, 2007-2018\n- PainteR - versions from `1.8`, 2017-2018\n- [EvilsInterrupt](https://bitbucket.org/sys_dev/) aka [NtVisigoth](http://ntvisigoth.blogspot.com) - versions from `1.5`, 2012-2014\n\n\n### Additional modules\n\n- yoda (author of LordPE): original HEdit32 component\n\n\n## Contacts\n\nFeel free to contact via Twitter [@petoolse](https://twitter.com/petoolse).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpetoolse%2Fpetools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpetoolse%2Fpetools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpetoolse%2Fpetools/lists"}