PE-bear – version 0.1.8 avaliable!

This time I added some of the features requested by users (i.e drag-n-drop), and tried to fix disturbing bugs (like not removing keys from registry). Thanks for all your e-mails and ideas! I know that many things are waiting for improvement, but please, be patient! Next week a new bundle of features is coming.

P.S. Please don’t send me proposals of some illegal jobs, like cracking software etc. I will not be responding, but just ignoring them.

Links to download are (as usual) here: https://hshrzd.wordpress.com/pe-bear/

Changelog

Special thanks for help in debugging goes to (in chronological order):

  •  Karcrack (finding bug#2, extensive black box testing)
  •  Sfires (code review helpful in resolving some tricky handlers issue)

Major Fixes:
[bug#1] In adding to Explorer: problem with removing paths from windows registry
[bug#2] In GUI: unwanted refreshing (periodical blinking) on some Windows configurations
[bug#3] Invalid Exports parsing
[bug#4] Not showing Imports when ImportsSize == 0

Major Features:
[feat#1] Refactored presentation of ExportsTable
[feat#2] Added TLS Table
[feat#3] Opening multiple files by Drag-n-Drop

+ internal refactoring, optimization etc.

+ tested on big set of malware (> 2000 samples, including malformed) – never hanged (but if you find any sample on which it hangs, please send me and the hotfix will be next day)

Screenshots

PE-bear opens without problems even malformed PE-files, on which many other popular PE viewers hangs. Below: CoST from corkami

PE-bear handles even malformed PE files, on which other popular PE viewers crash

exports

TLS

About hasherezade

Programmer and researcher, interested in InfoSec.
This entry was posted in PE-bear. Bookmark the permalink.

One Response to PE-bear – version 0.1.8 avaliable!

  1. A.S.L says:

    A.S.L tu był 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s