User Rating ( votes)
Comments Rating ( reviews)
Adlice PEViewer (RogueKillerPE) is a PE parsing tool, able to show internal structure of executable files.
It's able to read either the memory image (process module) or the disk image (filesystem) of a given executable.
Nag Window : Every 5 Analysis
Support : Public Forum
Automatic Updates : Manual Only
Nag Window : No nag
Registration : Installed
Machines : 5
Special Plans : Companies
Support : Private, Ticketed
|File Size||21.57 MB|
|Operating System||Windows XP, Vista, 7, 8, 8.1, 10. 32/64 bits|
|Tags||analysis editor malware parser pe portable executable research|
Why buy Premium?
- Privileged support: Easy and Fast support for you, don't hesitate to bother us.
- No nag window: Go faster without the nag window.
- To help us maintaining the software efficient for everyone.
- Open PE from file, and read disk image.
- Open PE from process, and read memory or disk image.
- Open file from command line.
- Drag and drop support.
- Explorer context menu integration.
- Process general information (pid, parent, ...)
- File general information (attributes, size, ...)
- Process module general information (address, size, ...)
- A bunch of hashes (MD5, SHA1, SHA256, ...)
- Process memory pages, with ability to dump.
- Injected pages detection, non-readable pages detection.
- Ability to dump injected pages to file.
- Hex code, with ability to search (hex values, or string ANSI/UNICODE).
- Assembly code, with ability to navigate.
- PE Headers (MZ, PE, Optional, ...)
- RunPE detection, shows which header fields are modified.
- Checksum validation.
- PE Sections, with ability to watch hex code and dump to file.
- PE Debug, with ability to watch hex code and dump to file.
- PE Imports, with ability to watch APIs assembly code (memory only).
- PE Exports, with ability to watch APIs assembly code.
- Hooks detection in imports/exports (table and inline hooks).
- PE Resources. Able to parse all well known types and display them accordingly (strings, version information, icons, ...)
- Ability to scan resources, sections, debug on VirusTotal.
- Executable files detection in resources.
- Ability to watch hex code of resources.
- Ability to dump resources to file.
- PDB path detection.
- Strings scanner, with classification (Registry, files, ...)
- Ability to dump all strings (by category or not) to file.
- Digital Signature parsing (embedded only).
- Bright or dark theme (Premium).
- Samples Comparator (Premium).
- Sample Scoring.
- Maliciousness Indicators.
- Start the tool.
- Drag a file on the interface, or load the process list.
- If you choose a file, there you go.
- If you choose a process, you can inspect a different module by selecting a new one in the modules list.
- If you choose a process, you can toggle disk/image and switch from process memory to disk image and vice-versa.