资源说明：PEiD专业的查壳软件哦！ 几乎可以侦测出所有的壳，其数量已超过470 种PE 文档 的加壳类型和签名。PEiD能检测大多数编译语言.、病毒和加密的壳，它主要利用查特征串搜索来完成识别工作的，各种开发语言都有固定的启动代码部分，利用这点可识别是何种语言编译的，被加壳程序处理过的程序，在壳里会留下相关加壳软件的信息，利用这点就可识别是保种壳所加密的，它提供了一个扩展接口文件userdb.txt ，用启可以自定义一些特征码，这样可以识别出新的文件类型，签名的制作可以用插件Add Signature来完成！ 所有插件： 本汉化版为全插件版，是目前网络中最完美的版本，插件是特别全面的，又为广大的脱壳爱好者提供了好工具啦！ advanced_scan.dll AntiSPack.dll crc32.dll Easy Screen 1.3.0.dll eCrap.dll eCrapOepVerify.dll EPScan.dll ExtOverlay.dll ExtractOverlay.dll FC.DLL FileInfo.dll FixCRC.DLL FNE.dll frant.dll FSG v1.33脱壳.dll GenOEP.dll GUID.dll hh.dll HideCapt.dll HideCapt2.dll IDToText.DLL Imploder.DLL ImpREC.dll kanal.dll Morphine.DLL oepscan.dll ohfixer_v01.dll Overlay1.0.dll Overlay1.0汉化.dll Oversaver.dll PackUPX.DLL Patch_Maker_0.5.0.dll PE2HTML.dll PE2HTML.exe PEExtract.DLL PEiDBundle.DLL PESniffer4PEiD.ASM PESniffer4PEiD.DLL PlgLdr.dll PluginEx.dll pluzina.dll pluzina1.dll pluzina4.dll pluziny.nfo QuickChSum.dll RebuildPE.dll RelocRebuilder.dll s.bat s.txt SecFix.dll SecTool.DLL Sendspy.dll StringViewer.dll unbero.dll UnCDS_SS.DLL undef.dll UnFakeNinja.DLL unfsg.dll UnitsBrowser.dll UnPPP.DLL UnRCrypt.DLL UnRPolyCrypt.DLL UnUPolyX.dll UNUPX.DLL unupx2.dll UnUPXShit.dll UPXI.dll UPXScramb.dll uupx.dll VerA.dll VerA.txt xInfo.DLL XNResourceEditor_Plugin.DLL XP.dll YPP.DLL ypp.ini ZDRx.dll [[-=About PEiD =-]] PEiD怎么用？ PEiD最常用的插件就是脱壳，PEiD的插件里有个通用脱壳器，能脱大部分的壳，如果脱壳后import表损害，还可以自动调用ImportREC修复import表，点击"=>"打开插件列表，如图： 根据插件列表，还可以专门针对一些壳脱壳，效果比通用脱壳器会好 点击EP后的>可以展开Section块列表: 再在Section块表上右击鼠标，可以看到以下菜单选项： 点击搜索全0处，会把所有块中全0的区块搜出来，这样我们可以在这些代码上加自己想加的code，非常方便: 直接用WinHex改就行了, 命令行参数 PEiD now fully supports commandline parameters. peid -time// Show statistics before quitting 显示信息 peid -r// Recurse through subdirectories 扫描子目录 peid -nr// Don't scan subdirectories even if its set 不扫描子目录 peid -hard// Scan files in Hardcore Mode 采用核心扫描模式 peid -deep// Scan files in Deep Mode 采用深度扫描模式 peid -norm// Scan files in Normal Mode 采用正常扫描模式 peid You can combine one or more of the parameters. For example. peid -hard -time -r c:\windows\system32 peid -time -deep c:\windows\system32\*.dll PEID的扫描模式： 正常扫描模式：可在PE文档的入口点扫描所有记录的签名 深度扫描模式：可深度扫描所有记录的签名，这种模式要比上一种的扫描范围更广，更深入 核心扫描模式：可完整的扫描整个PE文档，但相对有点慢 版本更新说明 0.7 Beta -> First public release. 0.8 Public->Added support for 40 more packers. OEP finding module. Task viewing/control module. GUI changes. General signature bug fixes. Multiple File and Directory Scanning module. 0.9 Recode->Completely recoded from scratch. New Plugin Interface which lets you use extra features. Added more than 130 new signatures. Fixed many detections and general bugs. 0.91 Reborn-> Recoded everything again. New faster and better scanning engine. New internal signature system. MFS v0.02 now supports Recursive Scanning. Commandline Parser now updated and more powerful. Detections fine tuned and newer detections added. Very basic Heuristic scanning. 0.92 Classic->Added support for external database, independent of internal signatures. Added PE details lister. Added Import, Export, TLS and Section viewers. Added Disassembler. Added Hex Viewer. Added ability to use plugins from Multiscan window. Added exporting of Multiscan results. Added ability to abort MultiScan without loosing results. Added ability to show process icons in Task Viewer. Added ability to show modules under a process in Task Viewer. Added some more detections. 0.93 Elixir->Added sorting of Plugin menu items. Submenus are created based on subfolders in the directory. Added Brizo disassembler core. Added some more detections. Fixed documented and undocumented vulnerability issues. Fixed some general bugs. Removed mismatch mode scanner which needs further improvements. 0.94 Flux->Too much is new to remember. MFS, Task Viewer and Disassembler windows maximizable. New smaller and lighter disassembler core CADT. New KANAL 2.90 with much more detections and export features. Added loads of new signatures. Thanks to all the external signature collections online. String References integrated into disassembler. Fixed documented and undocumented crashes. Fixed some general bugs. 0.95 Phoenix -> Fixed some crashing bugs. Minor Core update. Crash Fix in Securom detection. 软件标签: PEiD 加壳 脱壳 PEiD是一款著名的查壳工具，其功能强大，几乎可以侦测出所有的壳，其数量已超过470 种PE 文档 的加壳类型和签名。 可能被杀软误报，请加入白名单，自己用的，绝对安全。 经西西小编测试 PEiD 暂时不支持 64位系统下使用，64位下推荐大家使用 http://www.cr173.com/soft/8536.html peid 64位 win7下面报错解决方案: http://www.cr173.com/html/77700_1.html 在64位系统上面只需要将 plugins 目录给改个名，例如改成 cr173 就可以正常运行了。

联系我们：verysource_com

CopyRight © 2008-2022 verySource.Com All Rights reserved.　京ICP备17048824号-1　京公网安备：11010502034788