Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
-
Updated
Apr 7, 2024 - C++
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Portable Executable reversing tool with a friendly GUI
A library for creating, reading and editing PE files and .NET modules.
A bunch of parsers for PE and PDB formats in C++
too busy for that all, furikuri is framework for code protection
PE32 (x86) and PE32+ (x64) binaries analysis tool, resources viewer/extractor.
Library for parsing internal structures of PE32/PE32+ binary files.
Cross-platform library for parsing and building PE\PE+ formats
Library for linking multiple PE\PE + files to one
PE Explorer in C++ (x86 / x64) - PE file parser, retrieve exports and imports
DWARF Explorer - a GUI utility for navigating the DWARF debug information
A scanner that files with compromised or untrusted code signing certificates written in python.
Static file analysis for PE files
Live memory analysis detecting malware IOCs in processes, modules, handles, tokens, threads, .NET assemblies, memory address space and environment variables. Dumps, detects and dissasemble hooks, shellcode, memory regions, modules and processes.
Artificial intelligence malware identifier based on thousands of malware samples
Go package for accessing PE/COFF files.
Lists dependencies of a PE (exe/dll) file
Binary executable tool
Add a description, image, and links to the pe-analyzer topic page so that developers can more easily learn about it.
To associate your repository with the pe-analyzer topic, visit your repo's landing page and select "manage topics."