PEiD

From aldeid
Jump to navigation Jump to search

Description

  • PEiD detects most common packers, cryptors and compilers for PE files.
  • It can currently detect more than 470 different signatures in PE files.
  • It seems that the official website (www.peid.info) has been discontinued. Hence, the tool is no longer available from the official website but it still hosted on other sites.

Installation

PEiD

.
├── external.txt
├── PEiD.exe
├── plugins
│   ├── GenOEP.dll
│   ├── ImpREC.dll
│   ├── kanal.dll
│   ├── kanal.htm
│   └── ZDRx.dll
├── pluginsdk
│   ├── C++
│   │   ├── defs.h
│   │   └── null.c
│   ├── Delphi
│   │   └── Sample.dpr
│   ├── MASM
│   │   ├── compile.bat
│   │   ├── masm_plugin.asm
│   │   └── masm_plugin.def
│   ├── PowerBASIC
│   │   └── PEiD_Plugin.bas
│   └── readme.txt
├── readme.txt
└── userdb.txt

Signatures

Update your signatures (initial file is empty). Replace the initial userdb.txt file with one of these files:

Interface

Main interface

Section Viewer

PE disassembler

PE details

Extra information

Menu

Screenshot

Generic OEP Finder

In some cases, PEiD can find the Original Entry Point (OEP) of a packed executable:

Krypto Analyzer

Comments