PPEE - Professional PE Explorer

Forum for announcements and questions about tools and software.

PPEE - Professional PE Explorer

Postby PPEE » Sat May 13, 2017 12:45 pm

PPEE (puppy) is a Professional PE file Explorer for reversers, malware researchers and those who want to statically inspect PE files in more detail.

Puppy is robust against malformed and crafted PE files which makes it handy for reversers, malware researchers and those who want to inspect PE files in more details. All directories in a PE file including Export, Import, Resource, Exception, Certificate(Relies on Windows API), Base Relocation, Debug, TLS, Load Config, Bound Import, IAT, Delay Import and CLR(.Net) are supported.

A companion plugin is also provided to query the file in the well-known malware repositories and take one-click technical information about the file such as its size, entropy, attributes, hashes, version info and so on.

Features:
    Both PE32 and PE64 support
    Virustotal and OPSWAT's Metadefender query report
    Statically analyze windows native and .Net executables
    Robust Parsing of exe, dll, sys, scr, drv, cpl, ocx and more
    Edit almost every data structure
    Easily dump sections, resources and .Net assembly directories
    Entropy and MD5 calculation of the sections and resource items
    View strings including URL, Registry, Suspicious, ... embedded in files
    Extract artifacts remained in PE file
    Anomaly detection
    Right-click for Copy, Search in web, Whois and dump
    Built in hex editor
    Explorer context menu integration
    Descriptive information for data members
    Refresh, Save and Save as menu commands
    Drag and drop support
    List view columns can sort data in an appropriate way
    Open file from command line
    Checksum validation
    Plugin enabled

Puppy is free and tries to be small, fast, nimble and friendly as your puppy!
I hope you'll enjoy it. Any suggestion is appreciated.

Website: https://www.mzrst.com/
Screenshots: https://www.mzrst.com/#gallery
Blog: https://www.mzrst.com/blog/
PPEE
 
Posts: 6
Joined: Sat May 13, 2017 12:12 pm
Reputation point: 2

Re: PPEE - Professional PE Explorer

Postby Buster_BSA » Sun May 14, 2017 1:31 am

Thanks for contributing this tool!
User avatar
Buster_BSA
 
Posts: 390
Joined: Mon Mar 22, 2010 6:42 am
Reputation point: 35

Re: PPEE - Professional PE Explorer

Postby PPEE » Sun May 14, 2017 2:55 am

You're welcome, I'll be happy if I could add any missing feature to PPEE.
PPEE
 
Posts: 6
Joined: Sat May 13, 2017 12:12 pm
Reputation point: 2

Re: PPEE - Professional PE Explorer

Postby x9p » Thu Jun 08, 2017 2:50 am

Really nice tool. The small size of it is also great, as well the possibility to write plugins on our own.

The entropy calculation of each resource entry is very handy, as we known lots of malware use it to hide packed code in there.

The Hex Editor also is very nice. Simple but nice, if it improves in the future will save time analyzing malware, switching tools all the time. Nowadays I still prefer Hex Workshop from bpsoft.

Some additions I find interesting would be:

-Under DIRECTORY_ENTRY_BASERELOC add the number of items of the relocation table, in the right side of "BlockSize"
-Shell Integration under Help menu (I believe its not working), to be able to right click an EXE/DLL and open directly on PPEE

Keep the good work buddy.
x9p
 
Posts: 1
Joined: Tue May 30, 2017 5:16 am
Reputation point: 0

Re: PPEE - Professional PE Explorer

Postby PPEE » Fri Jun 09, 2017 2:34 pm

Thanks for your response.
For the shell integration to be added/removed, you should only once, run PPEE as administrator and click the "Shell integration" from help menu.
For the number of items of the relocation table, it'll be considered in the next versions.
PPEE
 
Posts: 6
Joined: Sat May 13, 2017 12:12 pm
Reputation point: 2

Re: PPEE - Professional PE Explorer

Postby PPEE » Wed Jun 28, 2017 8:42 pm

New version (1.09) released
What's new:
    Yara rules supported(New plugin)
    Application manifest item added to Treeview
    Resource type detection added
    Treeview tooltips added
    Rearrange Debug Dir. items
    Show file size in binary unit(FileInfo plugin)
    Major Bugfixes
https://www.mzrst.com/
PPEE
 
Posts: 6
Joined: Sat May 13, 2017 12:12 pm
Reputation point: 2

Re: PPEE - Professional PE Explorer

Postby Antieverything » Fri Sep 01, 2017 12:12 am

Hi
Nice tool, thx.
You fixed crashes with non PE file format, but there is some crashes with invalid PE header files
--> example <--
Antieverything
 
Posts: 1
Joined: Sun Jun 25, 2017 12:43 am
Reputation point: 0

Re: PPEE - Professional PE Explorer

Postby PPEE » Tue Sep 05, 2017 11:52 am

Antieverything wrote:Hi
Nice tool, thx.
You fixed crashes with non PE file format, but there is some crashes with invalid PE header files
--> example <--

Thanks for your report ;) I'll fix it ASAP.
PPEE
 
Posts: 6
Joined: Sat May 13, 2017 12:12 pm
Reputation point: 2

Re: PPEE - Professional PE Explorer

Postby PPEE » Tue Sep 05, 2017 12:37 pm

Fixed it, the problem was with IsBadReadPtr itself https://blogs.msdn.microsoft.com/oldnew ... 7/?p=29563
The binary will be available in the next version.
PPEE
 
Posts: 6
Joined: Sat May 13, 2017 12:12 pm
Reputation point: 2


Return to Tools/Software

Who is online

Users browsing this forum: No registered users and 2 guests

cron