PEiD
Jump to navigation
Jump to search
Description
- PEiD detects most common packers, cryptors and compilers for PE files.
- It can currently detect more than 470 different signatures in PE files.
- It seems that the official website (www.peid.info) has been discontinued. Hence, the tool is no longer available from the official website but it still hosted on other sites.
Installation
PEiD
- Go to http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml
- Download PEiD-0.95-20081103.zip.
- Uncompress the archive. You should have a similar tree:
. ├── external.txt ├── PEiD.exe ├── plugins │ ├── GenOEP.dll │ ├── ImpREC.dll │ ├── kanal.dll │ ├── kanal.htm │ └── ZDRx.dll ├── pluginsdk │ ├── C++ │ │ ├── defs.h │ │ └── null.c │ ├── Delphi │ │ └── Sample.dpr │ ├── MASM │ │ ├── compile.bat │ │ ├── masm_plugin.asm │ │ └── masm_plugin.def │ ├── PowerBASIC │ │ └── PEiD_Plugin.bas │ └── readme.txt ├── readme.txt └── userdb.txt
Signatures
Update your signatures (initial file is empty). Replace the initial userdb.txt file with one of these files:
- http://handlers.sans.org/jclausing/userdb.txt
- http://reverse-engineering-scripts.googlecode.com/files/UserDB.TXT
- http://research.pandasecurity.com/blogs/images/userdb.txt
Interface
Main interface
Section Viewer
PE disassembler
PE details
Extra information
Menu
Screenshot
Generic OEP Finder
In some cases, PEiD can find the Original Entry Point (OEP) of a packed executable:
Krypto Analyzer
