pe-format

There are 5 repositories under pe-format topic.

• hasherezade / pe-sieve

  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

  pe-formathookingpe-dumperpe-analyzerlibpeconvprocess-analyzerscansanti-malwarepe-sievemalware-analysismemory-forensics
  Language:C++ 2903

• hasherezade / pe-bear

  Portable Executable reversing tool with a friendly GUI

  pe-filepe-formatpe-analyzerpe-analyzer-guipe-editormultiplatformmalware-analysisbearparser
  Language:C++ 2442

• hasherezade / libpeconv

  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

  pe-filepe-formatlibpeconvpe-loadermanual-mapping
  Language:C++ 1053

• guided-hacking / GuidedHacking-Injector

  The BEST DLL Injector Library.

  dll-injectionmanual-mappingshellcode-injectionpe-loaderpe-formatdll-injectdll-injectordllinjectorgame-hackinginjectioninjectorinjector-x64
  Language:C++ 894
• XPEViewer

  horsicq / XPEViewer

  PE file viewer/editor for Windows, Linux and MacOS.

  portable-executablepe-formatreverse-engineeringwindows-systemdisassemblerpehacktoberfesthacktoberfest2023
  Language:C++ 885

• trailofbits / pe-parse

  Principled, lightweight C/C++ PE parser

  pe-formatportable-executablehacktoberfest
  Language:C++ 765

• hasherezade / pe-bear-releases

  PE-bear (builds only)

  pe-analyzerpe-formatpe-editor
  763

• MrSmith33 / vox

  Vox language compiler. AOT / JIT / Linker. Zero dependencies

  jitx86-64codegenpe-formatlinkerddlangcompileramd64ssa-formaotvoxvoxlanglanguageprogramming-language
  Language:D 325

• saferwall / pe

  A :zap: lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.

  pe-fileportable-executablemalwarepecoffpe-malformationsmalware-analysisparsinggogolangparserbinary-analysisreverse-engineeringpe-format
  Language:Go 290

• hasherezade / IAT_patcher

  Persistent IAT hooking application - based on bearparser

  peiathookingmultiplatformiat-hookingpe-filepe-formatbearparser
  Language:C++ 242

• HoShiMin / formatPE

  A bunch of parsers for PE and PDB formats in C++

  cppheader-onlymodern-cpppdbpdb-filespdb-parserpdb-structurepepe-analyzerpe-applicationspe-filepe-formatportable-executablepe-parser
  Language:C++ 212

• tgrysztar / fasmg

  flat assembler g - adaptable assembly engine

  fasmgassemblyx86x86-64macroinstructionsopcodesassemblerexecutable-formatsbinary-formathex-formatpe-formatelf-formatmach-oavx-instructionswasm
  Language:Assembly 195

• jovibor / libpe

  Library for parsing internal structures of PE32/PE32+ binary files.

  binary-analysispe-analyzerpe-filepe-formatportable-executable
  Language:C++ 148

• jovibor / Pepper

  PE32 (x86) and PE32+ (x64) binaries analysis tool, resources viewer/extractor.

  pe-filepe-analyzerpe-formatpe-viewerfiles-viewerpeportable-executablepepperviewerbinary-analysis
  Language:C++ 130

• Fleynaro / SDA

  SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.

  reverse-engineeringtoolgamesanalysisdebuggerdecompilerx86-64disassemblerpe-formatx86static-analysisdynamic-analysis
  Language:C++ 128
• peid

  packing-box / peid

  Python implementation of the Packed Executable iDentifier (PEiD)

  peidpeid-signaturepe-filepe-filespe-formatsignature-detectionpythonentrypointpacking-detectionexecutable-packingmalware-packersmalware-analysismalware-researchbinary-analysisresearch-tools
  Language:Python 120

• jnastarot / enma_pe

  Cross-platform library for parsing and building PE\PE+ formats

  portable-executableexecutable-formatspe-formatpe-analyzerbinary-analysismalware-analysismalware-researchpe32-plusparsing-libraryreverse-engineeringenma-pe
  Language:C++ 74

• hasherezade / pe2pic

  Small visualizator for PE files

  pe-filepe-formatpefilevisualizationmalware-analysis
  Language:Python 66

• jaketae / deep-malware-detection

  A neural approach to malware detection in portable executables

  deep-learningpytorchmalware-detectionmalware-researchpe-filepe-format
  Language:Python 66

• packing-box / docker-packing-box

  Docker image gathering packers and tools for making datasets of packed executables and training machine learning models for packing detection

  docker-imageexecutable-packingmalware-packersresearch-platformpe-formatelf-formatmachine-learningdataset-generationpacking-detectionmalware-analysismalware-researchbinary-analysisresearch-tools
  Language:Python 42
• bintropy

  packing-box / bintropy

  Analysis tool for estimating the likelihood that a binary contains compressed or encrypted bytes

  entropype-filepe-filespe-formatelfelf-formatelf-binariespacking-detectionmach-oliefpythonexecutable-packingmalware-packersmalware-analysismalware-researchbinary-analysisresearch-tools
  Language:Python 38

• hMihaiDavid / hooks

  A DLL that performs IAT hooking

  pe-formatiat-hookingreverse-engineeringdllshooks
  Language:C++ 25

• 0xcpu / RElieve

  RE scripts, snippets (IDA, lief, gdb, etc.)

  reverse-engineeringelf-parserelfliefpe-formatpe-loader
  Language:Python 23

• packing-box / dataset-packed-pe

  Dataset of packed PE samples

  datasetpe-filesupxsamplespe-formatexecutable-packingpe-filemalware-packersmalware-analysisportable-executablemalware-researchbinary-analysis
  Language:Python 23
• pypackerdetect

  packing-box / pypackerdetect

  Packing detection tool for PE files

  detectorpe-filepe-formatpeidentrypointpe-sectionspe-filessignature-detectionpacking-detectionpythonexecutable-packingmalware-packersmalware-analysismalware-researchbinary-analysispeid-signatureresearch-tools
  Language:Python 19

• IsaacMarovitz / pe-parser

  PE Parsing, but blazing fast

  binary-analysiscross-platformparserpepe-formatpe-parserrust
  Language:Rust 18

• jet2jet / pe-library-js

  Provides parsing and generating Portable Executable binaries

  portable-executablepepe-formatjavascriptjavascript-librarynodejs
  Language:TypeScript 12

• Flawww / Relocation-Reconstructor

  Heuristically recover relocations and imports from module memory dumps

  iatimportmemory-dumppepe-formatpe-headerrebuildrelocationsrelocsportable-executablerewindowsreverse-engineering
  Language:C++ 9

• Alon-Regev / VeganVirus

  A Virus to encourage veganism and deter against eating meat.

  api-hookassemblyccode-injectioncppcybersecuritydll-injectiongdi-plushackathonoopoperating-systempe-formatprojectteamworkvisual-studiowinapiwindows
  Language:C++ 7

• phax / gt

  GetTyp/GetType/GT2 - legacy file format detector

  filepeexecommandlinec-plus-plusportable-executablefile-formatpe-formatfile-format-detection
  Language:C++ 6

• jmcph4 / butyl

  Binary executable tool

  binary-analysisexecutablesexecutable-formatspe-filepe-formatpe-analyzerelfelf-binariesmalware-analysismalware-researchreverse-engineeringdoscoff
  Language:Rust 5

• katahiromz / CodeReverse2

  The reverse-engineering tool for Windows executables

  reverse-engineeringdisassemblerdisassemblyx86x86-64windowspe-formatexecutablecxxcxx11
  Language:C++ 5

• AymenSekhri / MalNet

  Machine Learning Malware Detector

  malware-detectormachine-learningkeras-tensorflowpe-format
  Language:Python 4

• fafalone / CheckBitness

  A simple utility to verify an executable is valid and check whether 32bit/64bit

  pe-filepe-formattwinbasicvb6
  Language:Visual Basic 6.0 3

• AnkitaSinha98 / Malware-Prediction

  A Malware Prediction model that predicted if the PE format file is malicious or legitimate.

  malware-predictionpe-format
  Language:Python 2

• fafalone / SetPEImageProps

  Set PE Image Header Properties

  build-toolpe-filepe-formattwinbasicvb6windows
  Language:Visual Basic 6.0 1