PEiD

From aldeid
Share/Save/Bookmark
Jump to: navigation, search

Description

  • PEiD detects most common packers, cryptors and compilers for PE files.
  • It can currently detect more than 470 different signatures in PE files.
  • It seems that the official website (www.peid.info) has been discontinued. Hence, the tool is no longer available from the official website but it still hosted on other sites.

Installation

PEiD

.
├── external.txt
├── PEiD.exe
├── plugins
│   ├── GenOEP.dll
│   ├── ImpREC.dll
│   ├── kanal.dll
│   ├── kanal.htm
│   └── ZDRx.dll
├── pluginsdk
│   ├── C++
│   │   ├── defs.h
│   │   └── null.c
│   ├── Delphi
│   │   └── Sample.dpr
│   ├── MASM
│   │   ├── compile.bat
│   │   ├── masm_plugin.asm
│   │   └── masm_plugin.def
│   ├── PowerBASIC
│   │   └── PEiD_Plugin.bas
│   └── readme.txt
├── readme.txt
└── userdb.txt

Signatures

Update your signatures (initial file is empty). Replace the initial userdb.txt file with one of these files:

Interface

Main interface

Peid.png

Section Viewer

Peid-ep-section.png

PE disassembler

Peid-1st-bytes.png

PE details

Peid-subsytem.png

Extra information

Peid-menu-1.png

Menu

Screenshot

Peid-menu-2.png

Generic OEP Finder

In some cases, PEiD can find the Original Entry Point (OEP) of a packed executable:

PEiD-generic-oep-finder.png

Krypto Analyzer

Peid-kanal.png

Comments

blog comments powered by Disqus