14 thg 3, 2012

Stud_PE v2.6.0.8 [13-3-2012]

Stud_PE v2.6.0.8 Release date 13-3-2012.

 - add new section;
 view/edit Directory Table:
  -Import/Export Table viewer;
  -Import adder;
  -Resource viewer/editor (save/replace ico/cur/bmp);

 Pe Scanner (PEiD sig database):
  -400 packers/protectors/compilers;

  Task viewer/dumper/killer;
 PEHeader/Binary file compare;
 RVA to RAW to RVA;
 Drag'nDrop shell menu integration;
 Basic HexEditor;
 Process regions' dumper/viewer/editor;  

Download link: http://www.cgsoftlabs.ro

- added back, the support for w95; added installer; 
- fixed the cursor not showing over rollup control and "Plugins" menu not showing on on w9x;
- added support for drag&drop under w7,vista on 64bit OS's; there is a bug with "x86" in IShellLink::GetPath for 32bit app running on 64bit OS;
- bugfix in hexeditor; when exploring large pe sections/data (MB), at the end of the VScoll, the program was stuck in an endless paint;
- fixed 3 bugs reported by snailz; unhandled situations when no pe file was loaded;
- fixed a security issue, related to the size of import/export functions' names; "The vulnerability is caused due to a boundary error when parsing the names of functions exported by an analysed portable executable. This can be exploited to cause a stack-based buffer overflow by tricking a user into processing a specially crafted ".dll" or ".exe" file." (secunia.com/advisories/39130)
- found some import's names with the lenght greater than 500 chars! see adobe CS5, the imports from the boost libs; fixed the buffers to support such situations aaaand...
- it seems that TLS dir size is ignored by windows, so let Stud_Pe buttons enabled on 0 size image data dirs; (waleedassar.blogspot.com/2012/03/ollydbg-v201-and-tls-callbacks.html).
- added support for showing imported functions for 64bit apps; also did some small changes in there like notifying about bound imports if FirstThunk is choosed; fixed a bug related to splitter for imports window;
- fixed a cursor problem on older OS, the hand cursor (the one over the tabs)...flickering also on property pages.
- fixed a gpf reported on program exit;
- fixed a small bug in Disassembler's hex column, not showing full OPcode hex data.
- fixed a small bug in disassembler's history;
- fixed a small bug in TLS window, not showing correctly the number of TLS Calbacks functions for x64 pe targets;
- switched the project from vc6 to VC8; just for your information about 60 Errors and 600 warnings after project conversion; take care, those secure crt fixups drived me crazy, errors may have slept through; if so, please report and I'll try to fix them.
- the dialog colour was changed due to the fact that SetDialogBkColor it's no more supported in vc8 libs.
- unfortunatelly VC8 breaks the w95 compatibility (shlwapi.dll appears at imports due to mfc AddToRecentFileList which links that dll, not known to w95 os; aslo IsDebuggerPresent not present in w95 but linked by vc8 ...and who knows which other functins);
- updated the aboutbox;
-reloc window will show in which function/data a specific relocation points("In function" column); also it will show which data/function relocates ("Refers"); this works only if you have the map file for a certain pe.exe (pe.map present in the same dir as pe.exe); should work on 32bit and will be fixed for 64 as soon as I'll have a map sample for a 64bit file; 


Không có nhận xét nào:

Đăng nhận xét