- add new section;
view/edit Directory Table:-Import/Export Table viewer;
-Import adder;
-Resource viewer/editor (save/replace ico/cur/bmp);
Pe Scanner (PEiD sig database):-400 packers/protectors/compilers;
Task viewer/dumper/killer; PEHeader/Binary file compare; RVA to RAW to RVA; Drag'nDrop shell menu integration; Basic HexEditor; Process regions' dumper/viewer/editor; Download link: http://www.cgsoftlabs.ro
Changelog
2.6.0.8:
- added back, the support for w95; added installer;
- fixed the cursor not showing over rollup control and "Plugins" menu not showing on on w9x;
2.6.0.7:
- added support for drag&drop under w7,vista on 64bit OS's; there is a bug with "x86" in IShellLink::GetPath for 32bit app running on 64bit OS;
- bugfix in hexeditor; when exploring large pe sections/data (MB), at the end of the VScoll, the program was stuck in an endless paint;
- fixed 3 bugs reported by snailz; unhandled situations when no pe file was loaded;
- fixed a security issue, related to the size of import/export functions' names; "The vulnerability is caused due to a boundary error when parsing the names of functions exported by an analysed portable executable. This can be exploited to cause a stack-based buffer overflow by tricking a user into processing a specially crafted ".dll" or ".exe" file." (secunia.com/advisories/39130)
- found some import's names with the lenght greater than 500 chars! see adobe CS5, the imports from the boost libs; fixed the buffers to support such situations aaaand...
- it seems that TLS dir size is ignored by windows, so let Stud_Pe buttons enabled on 0 size image data dirs; (waleedassar.blogspot.com/2012/03/ollydbg-v201-and-tls-callbacks.html).
2.6.0.6:
- added support for showing imported functions for 64bit apps; also did some small changes in there like notifying about bound imports if FirstThunk is choosed; fixed a bug related to splitter for imports window;
- fixed a cursor problem on older OS, the hand cursor (the one over the tabs)...flickering also on property pages.
- fixed a gpf reported on program exit;
- fixed a small bug in Disassembler's hex column, not showing full OPcode hex data.
- fixed a small bug in disassembler's history;
- fixed a small bug in TLS window, not showing correctly the number of TLS Calbacks functions for x64 pe targets;
- switched the project from vc6 to VC8; just for your information about 60 Errors and 600 warnings after project conversion; take care, those secure crt fixups drived me crazy, errors may have slept through
; if so, please report and I'll try to fix them.- the dialog colour was changed due to the fact that SetDialogBkColor it's no more supported in vc8 libs.
- unfortunatelly VC8 breaks the w95 compatibility (shlwapi.dll appears at imports due to mfc AddToRecentFileList which links that dll, not known to w95 os; aslo IsDebuggerPresent not present in w95 but linked by vc8 ...and who knows which other functins);
- updated the aboutbox;
-reloc window will show in which function/data a specific relocation points("In function" column); also it will show which data/function relocates ("Refers"); this works only if you have the map file for a certain pe.exe (pe.map present in the same dir as pe.exe); should work on 32bit and will be fixed for 64 as soon as I'll have a map sample for a 64bit file;
---
Không có nhận xét nào:
Đăng nhận xét