PE Viewer 3.0

Discuss and announce Total Commander plugins, addons and other useful tools here, both their usage and their development.

Moderators: Hacker, petermad, Stefan2, white

Post Reply
iteg
Junior Member
Junior Member
Posts: 73
Joined: 2016-07-28, 08:36 UTC

PE Viewer 3.0

Post by *iteg »

Hello, everyone!

I rebuilt the project based on the sources of "PE Viewer 2.0".
For suggestions and errors, post in the current topic.

Plugin posted on sites:
https://wincmd.ru/plugring/PEViewer3.html
http://totalcmd.net/plugring/PEViewer3.html
Last edited by iteg on 2023-06-07, 17:56 UTC, edited 2 times in total.
User avatar
white
Power Member
Power Member
Posts: 4695
Joined: 2003-11-19, 08:16 UTC
Location: Netherlands

Re: PE Viewer 3.0

Post by *white »

Something seems to be missing..
User avatar
AntonyD
Power Member
Power Member
Posts: 1256
Joined: 2006-11-04, 15:30 UTC
Location: Russian Federation

Re: PE Viewer 3.0

Post by *AntonyD »

2iteg
i can only guess, but very probably w/o any link for downloading of your new rebuilt sources we can't add any significant suggestions.
#146217 personal license
User avatar
Gral
Power Member
Power Member
Posts: 1475
Joined: 2005-01-26, 15:12 UTC

Re: PE Viewer 3.0

Post by *Gral »

I guess the plugin is on totalcmd.net...
User avatar
Sir_SiLvA
Power Member
Power Member
Posts: 3311
Joined: 2003-05-06, 11:46 UTC

Re: PE Viewer 3.0

Post by *Sir_SiLvA »

Hey, thanks for taking the time to create this plugin.

I suggest not only to supply a russian.lng2 but also an english.lng2 so that translators have an easier job translating :D


@white and the rest: must be really hard to look at totalcmd.net:
http://totalcmd.net/plugring/PEViewer3.html
Last edited by Sir_SiLvA on 2023-06-05, 17:36 UTC, edited 1 time in total.
Hoecker sie sind raus!
User avatar
AntonyD
Power Member
Power Member
Posts: 1256
Joined: 2006-11-04, 15:30 UTC
Location: Russian Federation

Re: PE Viewer 3.0

Post by *AntonyD »

2Gral
Good point.
http://totalcmd.net/plugring/PEViewer3.html?
So, the initial question imho should be: HOW (and how often) we can get updated for PEid database? Am I correct in assuming that it is stored in UserDB.txt?
And in general - does this base, in principle, have the concept of updating? Maybe someone fills it from time to time. Purely for yourself?
Despite the changed size, the relevance of the database is in doubt. I opened totalcmd64.exe with a plugin and was surprised to find that the compiler definition didn't work! The string Unknown is displayed. Are these 64 bit applications impossible to detect?

Signs.txt - this database looks like was not updated? So we still have only outdated list of such things? And what is stored in it?

What should I do with file 'PEViewer_config.ini.sample'? What options are expected to be supported here? There should also be a complete list of all options that can be found in this file with a description of all options for entering values ​​for these options.

Batch saving of selected resources is very necessary. And accordingly, for this you need to provide this selection. I.e, for example, out of 30 string constants, I need to save 5 of them. I would like to open the "Batch Copy" action from the context menu of the "String" tree-item, which would list all the current resources, and I could check the boxes next to the ones I need. And well, a couple of commonly used checkboxes "select all" / "deselect all". And a Save to... button.
Last edited by AntonyD on 2023-06-06, 08:10 UTC, edited 1 time in total.
#146217 personal license
User avatar
Sir_SiLvA
Power Member
Power Member
Posts: 3311
Joined: 2003-05-06, 11:46 UTC

Re: PE Viewer 3.0

Post by *Sir_SiLvA »

AntonyD wrote: 2023-06-05, 16:07 UTC Signs.txt - this database looks like was not updated? So we still have only outdated list of such things?
You can always update it yourself, plus UserDB.txt was updated from 1832 Signatures to 5588 signatures.
AntonyD wrote: 2023-06-05, 16:07 UTC What should I do with file 'PEViewer_config.ini.sample'? What options are expected to be supported here?
after first run the PEViewer.ini is filled with:

Code: Select all

[PEViewer]
DefaultTab=ctResources
SaveDefaultTab=True
Localization=
AutoDetermineCompiler=True
ImportExportFrame.Splitter1Pos=157
ImportExportFrame.Splitter2Pos=375
ImportExportFrame.UndecorateCPPNames=True
HeadersFrame.Splitter1Pos=172
ResourcesFrame.Splitter1Pos=119
Hoecker sie sind raus!
iteg
Junior Member
Junior Member
Posts: 73
Joined: 2016-07-28, 08:36 UTC

Re: PE Viewer 3.0

Post by *iteg »

1) Plugin posted on sites:
https://wincmd.ru/plugring/PEViewer3.html
http://totalcmd.net/plugring/PEViewer3.html
2) UserDB.txt was taken from the project:
https://github.com/packing-box/peid/tree/main/src/peid
3) Signs.txt not updated.
4) Selective and full resource saving added to the "To Do" list.
5) Adding English.lng2 added to the "To Do" list.
6) Documentation writing added to the "To Do" list.
Hurdet
Power Member
Power Member
Posts: 634
Joined: 2003-05-10, 18:02 UTC

Re: PE Viewer 3.0

Post by *Hurdet »

Possible that not recognize file compiled with Visual Studio 2022 C++?

HeadersFrame.Splitter1Pos=472
ResourcesFrame.Splitter1Pos=419

don't seem to work.
User avatar
AntonyD
Power Member
Power Member
Posts: 1256
Joined: 2006-11-04, 15:30 UTC
Location: Russian Federation

Re: PE Viewer 3.0

Post by *AntonyD »

2iteg
3) Signs.txt not updated.
Is it possible? And Expected? And how does its content intersect with UserDB.txt?
What in which file is more important and useful for the purposes of the plugin?
#146217 personal license
iteg
Junior Member
Junior Member
Posts: 73
Joined: 2016-07-28, 08:36 UTC

Re: PE Viewer 3.0

Post by *iteg »

Possible that not recognize file compiled with Visual Studio 2022 C++?
It is necessary to look for signatures, if any.
HeadersFrame.Splitter1Pos=472
ResourcesFrame.Splitter1Pos=419
The splitter position for HeadersFrame.Splitter1Pos is set automatically to display all sections, but is ignored from the configuration file.
For the ResourcesFrame.Splitter1Pos splitter, I fixed the usage from the configuration file.
Batch saving of selected resources is very necessary.
Implemented in version 3.0.2.
Is it possible? And Expected? And how does its content intersect with UserDB.txt?
What in which file is more important and useful for the purposes of the plugin?
To analyze the compiler, the signature databases of the projects "PETools / PE Sniffer" (Signs.txt) and "PEiD" (UserDB.txt) are used. The two analysis methods use only the search starting from the OEP. The plugin displays search results for these two databases.
Bases can be created manually. A signature search starting with OEP is ineffective (or even the entire file) because some distinctive data may be stored in other sections and very slowly. Well implemented in the project https://github.com/horsicq/Detect-It-Easy when using scripts.
I couldn't find a newer Signs.txt base.
User avatar
Sir_SiLvA
Power Member
Power Member
Posts: 3311
Joined: 2003-05-06, 11:46 UTC

Re: PE Viewer 3.0

Post by *Sir_SiLvA »

Thanks for the update, 2 bugs:

1st when you have an upx'ed exe and click on Export/Import it turns on the display of "File Corrupted" which is just wrong :)

2nd this is a bug that was present in PEViewer 2 and FileInfo plugin too:
https://ibb.co/3ssbsMz as you can see, it clearly correctly identifies the exe as 64bit but claims the Target OS to be 32bit (which
I hope u mayhaps can fix?)
Hoecker sie sind raus!
User avatar
Dalai
Power Member
Power Member
Posts: 9466
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Re: PE Viewer 3.0

Post by *Dalai »

Sir_SiLvA wrote: 2023-06-19, 09:18 UTC2nd this is a bug that was present in PEViewer 2 and FileInfo plugin too:
https://ibb.co/3ssbsMz as you can see, it clearly correctly identifies the exe as 64bit but claims the Target OS to be 32bit (which I hope u mayhaps can fix?)
This is correct information. Take a look at the Resouces tab, select Version from the tree at th left and then look at the VS_FIXEDFILEINFO information. There you'll see the File OS flags. For totalcmd64.exe it's listed as Windows NT, 32-bit Windows even though it's also clearly a PE AMD64 executable.

As this is a very old data structure it doesn't know anything about 64-bit or even other architectures like ARM: https://learn.microsoft.com/en-us/windows/win32/api/verrsrc/ns-verrsrc-vs_fixedfileinfo (dwFileOS)

Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
Hurdet
Power Member
Power Member
Posts: 634
Joined: 2003-05-10, 18:02 UTC

Re: PE Viewer 3.0

Post by *Hurdet »

Not handle c# detail in info exe.
This are visible in compiled file on right clicking it and looking to the properties of the file.
iteg
Junior Member
Junior Member
Posts: 73
Joined: 2016-07-28, 08:36 UTC

Re: PE Viewer 3.0

Post by *iteg »

In version "PE Viewer" 3.0.3:
1)
when you have an upx'ed exe and click on Export/Import it turns on the display of "File Corrupted" which is just wrong :)
Replaced with a detailed description of the error.
2)
this is a bug that was present in PEViewer 2 and FileInfo plugin too
Yes, there are no flags for the 64-bit OS in the VS_FIXEDFILEINFO structure.
3)
Not handle c# detail in info exe.
Fixed.
Post Reply