Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
-
Updated
Nov 6, 2024 - C++
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Portable Executable reversing tool with a friendly GUI
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
The BEST DLL Injector Library.
PE file viewer/editor for Windows, Linux and MacOS.
Principled, lightweight C/C++ PE parser
A ⚡ lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
Persistent IAT hooking application - based on bearparser
A bunch of parsers for PE and PDB formats in C++
flat assembler g - adaptable assembly engine
Library for parsing internal structures of PE32/PE32+ binary files.
PE32 (x86) and PE32+ (x64) binaries analysis tool, resources viewer/extractor.
SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.
Python implementation of the Packed Executable iDentifier (PEiD)
A neural approach to malware detection in portable executables
Cross-platform library for parsing and building PE\PE+ formats
Small visualizator for PE files
Docker image gathering packers and tools for making datasets of packed executables and training machine learning models for packing detection
Add a description, image, and links to the pe-format topic page so that developers can more easily learn about it.
To associate your repository with the pe-format topic, visit your repo's landing page and select "manage topics."