Query on MSDN is not work correctly, query wrong function
A forum for reverse engineering, OS internals and malware analysis
@xanax: thank for this notification! Yes, I noticed that. PeStudio is currently going under a redesign (new resizeable UI, loading several files, etc..). Please be patient while preparing this important update.
PeStudio has been updated on http://www.winitor.com.
It now has a new resizeable User Interface. Enjoy!
It now has a new resizeable User Interface. Enjoy!
@xanax: Query MSDN is now working correctly.
Some suggestions since this looks visually better than CFF ))
Dont ever automatically querry interwebz for anything! But thats just me...
In the file description, add 'created, modified, accessed'.
Showing filesize rounded up, like this:
Size 4.60 MB (4821057 bytes)
DOS Header
Ctrl-C doesnt work for copying stuff. Everywehre, I think.
It would be nice to be able to copy cells separately and not the whole line. Again, everywhere.
Also, adding file offset would be not bad, imo. Again, everywhere.
Generally, being able to select which columns get displayed would be a good feature, maybe, if they get crowded. Again, everywhere.
Its nice that you added the 'details' column. It a great way to quickly help your memory.
File Header
Decoding machine would be nice.
And maybe highlighting the 'true' parts in the 'characteristics', as bold font maybe...
Did I mentions that the Details are a good feature? )
Optional Header
Typo? There is a space after section: .text in AddressOfEntrpoint but none in BaseOfCode
AddressOfEntryPoint,0x00233CD0,section: .text
BaseOfCode,0x00001000,section:.text
BaseOfData,0x00001000,section:.text
Are general editing capabilities planned in the future?
Section Headers
Sweet, it even shows the cave left in the sections.
Imported Libraries
This should be connected to Imported Symbols, no?
So that I could quickly see what is being imported from ws2_32.dll, or seomthing. I know the dll name is in the Imported Symbols window but its a pain in the ass to scroll around looking for it...
Maybe double clicking on a dll in the Imported Libraries view would jump to the Imported Symbols view at the proper location?
Not all Resources field are parsed right now, right?
Also, Debug info, also not everyting.
And finally, like in CFF, it would nice to break out 'child windows' and look at file header and optional header at the same time.
Good fucking job on this. Unsere Jungs schlafen nich... Flink wie Windhunde )))
Dont ever automatically querry interwebz for anything! But thats just me...
In the file description, add 'created, modified, accessed'.
Showing filesize rounded up, like this:
Size 4.60 MB (4821057 bytes)
DOS Header
Ctrl-C doesnt work for copying stuff. Everywehre, I think.
It would be nice to be able to copy cells separately and not the whole line. Again, everywhere.
Also, adding file offset would be not bad, imo. Again, everywhere.
Generally, being able to select which columns get displayed would be a good feature, maybe, if they get crowded. Again, everywhere.
Its nice that you added the 'details' column. It a great way to quickly help your memory.
File Header
Decoding machine would be nice.
And maybe highlighting the 'true' parts in the 'characteristics', as bold font maybe...
Did I mentions that the Details are a good feature? )
Optional Header
Typo? There is a space after section: .text in AddressOfEntrpoint but none in BaseOfCode
AddressOfEntryPoint,0x00233CD0,section: .text
BaseOfCode,0x00001000,section:.text
BaseOfData,0x00001000,section:.text
Are general editing capabilities planned in the future?
Section Headers
Sweet, it even shows the cave left in the sections.
Imported Libraries
This should be connected to Imported Symbols, no?
So that I could quickly see what is being imported from ws2_32.dll, or seomthing. I know the dll name is in the Imported Symbols window but its a pain in the ass to scroll around looking for it...
Maybe double clicking on a dll in the Imported Libraries view would jump to the Imported Symbols view at the proper location?
Not all Resources field are parsed right now, right?
Also, Debug info, also not everyting.
And finally, like in CFF, it would nice to break out 'child windows' and look at file header and optional header at the same time.
Good fucking job on this. Unsere Jungs schlafen nich... Flink wie Windhunde )))
I just figured out that one can disable the VirusTotal query in the xml file.
Why cant I see my post immediately? Pre-moderation?
Why cant I see my post immediately? Pre-moderation?
bantempmail wrote:Why cant I see my post immediately? Pre-moderation?for new users yes, it's for avoid spam.
@bantempmail: to disable the query to VT, edit the PeStudioVirusTotal.xml file and set <EnableLookup>0</EnableLookup> like shown below.
<xml version="1.0" encoding="utf-8">
<Settings version="1.1">
<!-- 1: Enable Lookup to VirusTotal (show VirustTotal at UI and place section in XML file)
0: Disable Lookup to VirusTotal (hide VirustTotal from UI and remove section from XML file)
-->
<EnableLookup>0</EnableLookup>
</Settings>
</xml>
<xml version="1.0" encoding="utf-8">
<Settings version="1.1">
<!-- 1: Enable Lookup to VirusTotal (show VirustTotal at UI and place section in XML file)
0: Disable Lookup to VirusTotal (hide VirustTotal from UI and remove section from XML file)
-->
<EnableLookup>0</EnableLookup>
</Settings>
</xml>
@bantempmail: thanks for your (long) inputs and suggestions! I'll have a look at these.
PeStudio on Twitter: https://twitter.com/ochsenmeier
PeStudio on Twitter: https://twitter.com/ochsenmeier
@bantempmail:
PeStudio 7.53 is now available.
Ctrl-C is now working for copying stuff, Everywehre.
Ctrl-A is now working for selecting collections, Everywehre.
Optional Header typo has been corrected.
Can you provide a sample where resources and/or debug details are missing?
Editing capabilities planned in the future? Yes.
PeStudio 7.53 is now available.
Ctrl-C is now working for copying stuff, Everywehre.
Ctrl-A is now working for selecting collections, Everywehre.
Optional Header typo has been corrected.
Can you provide a sample where resources and/or debug details are missing?
Editing capabilities planned in the future? Yes.