PEiD

Description

• PEiD detects most common packers, cryptors and compilers for PE files.
• It can currently detect more than 470 different signatures in PE files.
• It seems that the official website (www.peid.info) has been discontinued. Hence, the tool is no longer available from the official website but it still hosted on other sites.

Installation

PEiD

• Go to http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml
• Download PEiD-0.95-20081103.zip.
• Uncompress the archive. You should have a similar tree:

.
├── external.txt
├── PEiD.exe
├── plugins
│   ├── GenOEP.dll
│   ├── ImpREC.dll
│   ├── kanal.dll
│   ├── kanal.htm
│   └── ZDRx.dll
├── pluginsdk
│   ├── C++
│   │   ├── defs.h
│   │   └── null.c
│   ├── Delphi
│   │   └── Sample.dpr
│   ├── MASM
│   │   ├── compile.bat
│   │   ├── masm_plugin.asm
│   │   └── masm_plugin.def
│   ├── PowerBASIC
│   │   └── PEiD_Plugin.bas
│   └── readme.txt
├── readme.txt
└── userdb.txt

Signatures

Update your signatures (initial file is empty). Replace the initial userdb.txt file with one of these files:

• http://handlers.sans.org/jclausing/userdb.txt
• http://reverse-engineering-scripts.googlecode.com/files/UserDB.TXT
• http://research.pandasecurity.com/blogs/images/userdb.txt

Interface

Main interface

Section Viewer

PE disassembler

PE details

Extra information

Menu

Screenshot

Generic OEP Finder

In some cases, PEiD can find the Original Entry Point (OEP) of a packed executable:

Krypto Analyzer

InstallRite lets you install software on one PC, generate an application image file, and clone the application to additional PCs. InstallRite speeds up the process of installing new or upgraded software on multiple machines. InstallRite recreates the installation, along with any configuration changes, system settings, user settings, and preferences. The cloned image files (or 'InstallKits') can be installed from any media, such as a hard drive, network server, CD-ROM, or the Web. InstallRite also includes all of the features of InstallWatch, a utility that accurately documents changes made to your PC when you install/remove software or hardware, or make configuration changes.

BinText is a tiny and portable piece of software developed for programmers who want to extract text from various file types and locate ASCII code, Unicode and Resource strings.

Since installation is not required, you can simply drop the executable file anywhere on the hard drive and run it.

Stud_PE The Portable Executables Viewer/Editor can view/edit PE basic Header information (DOS also).