加壳脱壳

关注公众号 jb51net

关闭
 PEiD 0.95 全插件汉化绿色版 加壳探测软件(支持x64)

PEiD 0.95 全插件汉化绿色版 加壳探测软件(支持x64)

热门排行

简介

PEiD专业的查壳软件哦! 几乎可以侦测出所有的壳,其数量已超过470 种PE 文档 的加壳类型和签名。PEiD能检测大多数编译语言.、病毒和加密的壳,它主要利用查特征串搜索来完成识别工作的,各种开发语言都有固定的启动代码部分,利用这点可识别是何种语言编译的,被加壳程序处理过的程序,在壳里会留下相关加壳软件的信息,利用这点就可识别是保种壳所加密的,它提供了一个扩展接口文件userdb.txt ,用启可以自定义一些特征码,这样可以识别出新的文件类型,签名的制作可以用插件Add Signature来完成!

所有插件:

本汉化版为全插件版,是目前网络中最完美的版本,插件是特别全面的,又为广大的脱壳爱好者提供了好工具啦!

advanced_scan.dll AntiSPack.dll
crc32.dll Easy Screen 1.3.0.dll
eCrap.dll eCrapOepVerify.dll
EPScan.dll ExtOverlay.dll
ExtractOverlay.dll FC.DLL
FileInfo.dll FixCRC.DLL
FNE.dll frant.dll
FSG v1.33脱壳.dll GenOEP.dll
GUID.dll hh.dll
HideCapt.dll HideCapt2.dll
IDToText.DLL Imploder.DLL
ImpREC.dll kanal.dll
Morphine.DLL oepscan.dll
ohfixer_v01.dll Overlay1.0.dll
Overlay1.0汉化.dll Oversaver.dll
PackUPX.DLL Patch_Maker_0.5.0.dll
PE2HTML.dll PE2HTML.exe
PEExtract.DLL PEiDBundle.DLL
PESniffer4PEiD.ASM PESniffer4PEiD.DLL
PlgLdr.dll PluginEx.dll
pluzina.dll pluzina1.dll
pluzina4.dll pluziny.nfo
QuickChSum.dll RebuildPE.dll
RelocRebuilder.dll s.bat
s.txt SecFix.dll
SecTool.DLL Sendspy.dll
StringViewer.dll unbero.dll
UnCDS_SS.DLL undef.dll
UnFakeNinja.DLL unfsg.dll
UnitsBrowser.dll UnPPP.DLL
UnRCrypt.DLL UnRPolyCrypt.DLL
UnUPolyX.dll UNUPX.DLL
unupx2.dll UnUPXShit.dll
UPXI.dll UPXScramb.dll
uupx.dll VerA.dll
VerA.txt xInfo.DLL
XNResourceEditor_Plugin.DLL XP.dll
YPP.DLL ypp.ini
ZDRx.dll [[-=About PEiD =-]]
PEiD怎么用?
PEiD最常用的插件就是脱壳,PEiD的插件里有个通用脱壳器,能脱大部分的壳,如果脱壳后import表损害,还可以自动调用ImportREC修复import表,点击"=>"打开插件列表,如图:

根据插件列表,还可以专门针对一些壳脱壳,效果比通用脱壳器会好

点击EP后的>可以展开Section块列表:

再在Section块表上右击鼠标,可以看到以下菜单选项:

点击搜索全0处,会把所有块中全0的区块搜出来,这样我们可以在这些代码上加自己想加的code,非常方便:



直接用winhex改就行了,

命令行参数

PEiD now fully supports commandline parameters.
peid -time// Show statistics before quitting 显示信息
peid -r// Recurse through subdirectories  扫描子目录
peid -nr// Don't scan subdirectories even if its set 不扫描子目录
peid -hard// Scan files in Hardcore Mode 采用核心扫描模式
peid -deep// Scan files in Deep Mode  采用深度扫描模式
peid -norm// Scan files in Normal Mode 采用正常扫描模式
peid <file1> <file2> <dir1> <dir2>
You can combine one or more of the parameters.
For example.
peid -hard -time -r c:\windows\system32
peid -time -deep c:\windows\system32\*.dll

PEID的扫描模式:

正常扫描模式:可在PE文档的入口点扫描所有记录的签名
深度扫描模式:可深度扫描所有记录的签名,这种模式要比上一种的扫描范围更广,更深入
核心扫描模式:可完整的扫描整个PE文档,但相对有点慢
版本更新说明

0.7 Beta -> First public release.
0.8 Public->Added support for 40 more packers. OEP finding module. Task viewing/control module.
GUI changes. General signature bug fixes. Multiple File and Directory Scanning module.
0.9 Recode->Completely recoded from scratch.  New Plugin Interface which lets you use extra features.
Added more than 130 new signatures. Fixed many detections and general bugs.
0.91 Reborn-> Recoded everything again. New faster and better scanning engine. New internal signature system.
 MFS v0.02 now supports Recursive Scanning. Commandline Parser now updated and more powerful.
Detections fine tuned and newer detections added. Very basic Heuristic scanning.
0.92 Classic->Added support for external database, independent of internal signatures. Added PE details lister.
Added Import, Export, TLS and Section viewers. Added Disassembler. Added Hex Viewer.
Added ability to use plugins from Multiscan window. Added exporting of Multiscan results.
Added ability to abort MultiScan without loosing results.
Added ability to show process icons in Task Viewer.
Added ability to show modules under a process in Task Viewer. Added some more detections.
0.93 Elixir->Added sorting of Plugin menu items. Submenus are created based on subfolders in the directory.
Added Brizo disassembler core. Added some more detections.
Fixed documented and undocumented vulnerability issues.
Fixed some general bugs.
Removed mismatch mode scanner which needs further improvements.
0.94 Flux->Too much is new to remember.
MFS, Task Viewer and Disassembler windows maximizable.
New smaller and lighter disassembler core CADT.
New KANAL 2.90 with much more detections and export features.
Added loads of new signatures. Thanks to all the external signature collections online.
String References integrated into disassembler.
Fixed documented and undocumented crashes.
Fixed some general bugs.
0.95 Phoenix->Fixed some crashing bugs.
   Minor Core update.
   Crash Fix in Securom detection.

方便破解软件的朋友,好的情况下我们需要知道,软件用什么加壳,我们再想法破解,修改等操作
PEiD 可以探测大多数的 PE 文件封包器、加密器和编译器。当前可以探测 600 多个不同签名。
PEiD 是最强大的一个查壳工具。

汉化包中包含了绝大多数插件。
注:探壳工具及插件有可能被一些杀毒软件误报毒,故压缩包加上解压密码:www.jb51.net
部分插件不支持Win7,Win7启动程序后会出错,可以将plugins目录改名或者删除,使用不带插件的汉化程序。

peid0.95_en_x64 是绿色的没有插件的版本,支持x64的系统。

大家还下载了