Skip to content

Latest commit

 

History

History
42 lines (28 loc) · 3.76 KB

README.md

File metadata and controls

42 lines (28 loc) · 3.76 KB

PEFixer Extreme

My personal PE Fixer that allows you to patch a raw PE dump to a fully patched and working PE dump that will help your analysis.

What is a PE file?

In an abstract way, a PE file is a structure that encapsulates information necessary for the loader (NTDLL), also affectionately called the operating system loader, it is he who manages all the information necessary to execute the executable code, this includes references to libraries ( IAT), and for export tables(EAT), manage resources(TLS) among other features, the format is commonly used in .exe(Executable File), DLL(Dynamic-link library) and SYS(Device Driver) and our program was lovingly thought of in each of them.

How can this project help me?

This project can fix a raw file, as an example of usage, think you unpacked a malware or something similar, maybe it works to fix commercial protectors (although not the idea), many times several protectors or packers destroy the PE, or your dump is done wrong, so that's where this software comes in (it doesn't do magic) so don't expect to take a solution like Themida or something and dump the memory, you can have access to some dirty content, but you really need to find a lot of information like IAT and Entrypoint, in addition to taking care of virtualized code (which personally is complex), our project will rebuild a PE so that it is parsable but you need to provide something decent too, or improve and leave this project the way you think is best for you and if you do I really want to see it :)

I want to see it working

I want to collaborate, how can I help?

I am very much appreciated with any contribution no matter how simple, don't be afraid to make a contribution or suggest something, rest assured that you will be answered with the utmost politeness and argumentation to really discuss ideas.

I seek help for the following topics:

  • Localized translation ie you translate from my language to your language providing greater access.
  • Find BUGS and fix.
  • Present and code improvements.
  • Discuss ideas (as humans)

if you meet any of the requirements let's work together, open an issue explain your idea.

Special thanks

AkkoS2 - For testing your RAW files and all support for testing during development.

Joao-Aschenbrenner - By taking care of the UI and all the image design, if you are looking for a good guy with UI he is the right choice.

And thanks to documentation and other people's work like the publication by (Albertini, 2014) that can be seen here , of explaining every detail of the PE header that certainly improved my understanding a lot, no one built knowledge alone!

Finally, if you are an antivirus company and are looking for a reverse engineer, give me an opportunity I believe you would not regret it.

and thank you very much for viewing my repository :)