0.2.4.42 (2021-06-08)

PEAnatomist.exe SHA256: 92BB453000C526D799F8417C95812831D57DA8E54206C7DFE4F76BFE8F748B49

  • 150F.001: Added unwinding code for ARM64 Pointer Authentication extension instructions (InsiderPreview 21382)
  • 1511.003: Added a column with the unwind chain depth in the x64 ExceptionsData table (hidden by default)
  • 1511.004: Fixed a bug with enabling ListView columns hidden by default after restarting the program (regression from version 0.2.0)
  • 1516.013: Fixed crash during parsing of corrupted COFF symbol table in PE files
  • 1517.015: Fixed the old error of displaying the "Security" tab for PE files in some cases
  • 1518.016: Fixed error in validation of program window position settings if opposite sides of the window go beyond the desktop (regression from version 0.2.0)
  • 151B.021: Added entropy plotting
  • 151B.025: Added entropy calculation settings for plotting and plot display settings
  • 1601.032: Added a hint about the fileoffset and the corresponding section under the cursor on the entropy plot
  • 1604.033: The last active tab of the settings dialog is restored after reopening
  • 1608.040: Added optional labels for section boundaries on the entropy plot

0.2.3.76 (2021-05-09)

PEAnatomist.exe SHA256: 6D7AE0FB725B07E4C264ED79854556A3D270824307F421521BB22FE0A668236C

  • 1319.000: Fixed the Statusbar value of the focused line for an empty ListView in certain situations
  • 131A.001: The possible freeze of the program after the search resumed, if the contents of the list have been changed
  • 131B.007: Added definition of the function beginning and its description on the LoadConfig GuardEHContinuations tab for x64
  • 131B.008: Fixed displaying the type index in the CodeView types table in OBJ files if PCH is used (regression of version 0.2.2)
  • 140B.011: Optimized display of status information from ListView for very large lists
  • 140B.014: Added display of additional Function (.bf, .ef) and FunctionSym symbols in the COFF symbol table of OBJ files
  • 140C.015: Fixed erroneous display of INT value in CFG IAT table if import is performed by ordinal (regression of version 0.2.2)
  • 140D.017: Added XFGHASHMAP parsing in LIB files
  • 140F.022: Added collection of information about exception handlers (x64, ARM, ARM Thumb, ARM64, IA64) and COFF symbols for describing RVA in PE files
  • 1410.025: Accelerated display of COFF symbol table in PE files, added display of some additional symbol records
  • 1411.029: A 'Column' drop-down list in a searching dialog is disabled if only fulltext search is available (i.e. only one search option)
  • 1413.031: Added export of GFID bitmap to file
  • 1415.032: Fixed a bug with parsing the resource table in PE files if IMAGE_RESOURCE_DATA_ENTRY is placed at the end of the table
  • 1416.038: Added optional display of full paths in the recent files list, long paths are limited to the file name and the initial part of the path
  • 1416.039: Changed the format of the main window title, the name of the loaded file is displayed first now
  • 1417.045: Eliminated redundant work with the menu when loading files and generating a list of recent files
  • 1418.046: Added OS shell notification about file associations changing
  • 1419.049: Added optional tooltip with description of RVA calculated in FLC (disabled by default)
  • 141A.053: Added definition of the function beginning and its description on the LoadConfig GuardEHContinuations tab for ARM64 (InsiderPreview 21364)
  • 141B.055: Fixed error displaying multiple values of the "Translation" key in RT_VERSION resources
  • 141B.057: Added a column with functions description in the ExceptionsData table for all supported architectures (for x64, ARM Thumb and ARM64, some columns are now hidden by default)
  • 1505.059: Fixed error displaying SEH Scope on the ExceptionsData page for ARM7/ARM LE in some cases
  • 1507.060: Added a separate tab for the ARM64 unwind chain on the ExceptionsData page
  • 1507.072: Added recognition of some types of exception handlers for all supported architectures
  • 1507.073: Added a column with the type of exception handlers in the ExceptionsData table, the column with the handler's RVA is hidden by default
  • 1508.074: Fixed a rare error filling information from the export table for the RVA description

0.2.2.58 (2021-03-25)

PEAnatomist.exe SHA256: DB32FA0BDB8D056E216FD2D0C6266FC1616068D72C1035CC0B9D0B8FF37E70D8

  • 1305.000: Fixed display of the CodeView type name in the description if the type index is not specified
  • 1307.001: Fixed error displaying manifest text from PE resources in rare cases
  • 1307.003: Added support for IA64, MIPS and Hitachi SH4 architectures in the CxxIL parser
  • 1308.006: Fixed CxxIL parsing error for MSVC from VS2008Beta1
  • 1309.007: Fixed infinite parsing of IMAGE_DIRECTORY_ENTRY_BASERELOC table in rare cases
  • 1309.008: Fixed error of IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG display for some files created by linker versions below 6.0
  • 1309.010: Fixed possible erroneous OBJ file recognition (regression of version 0.2.1)
  • 130D.019: Cleaning and optimization of the parser for the ARM Thumb and ARM64 unwind codes
  • 130F.022: Added a textual description of the epilogue execution condition for ARM Thumb unwind codes
  • 130F.023: Fixed error displaying the epilogue execution condition for ARM Thumb unwind codes if the epilogue is specified as the only one (flag E)
  • 130F.028: Added calculation of the epilogue beginning for the ARM Thumb and ARM64 unwind codes, if the epilogue is specified as the only one (flag E)
  • 1311.029: Fixed light error in defining VS2017-2019 minor version in Rich signature (regression of version 0.2.1)
  • 1311.030: Fixed error displaying values from IMAGE_DELAYLOAD_DESCRIPTOR.UnloadInformationTableRVA in the delayed import table
  • 1312.044: Fixed the mechanism for filling information for the description of RVA in PE, added detection of new information
  • 1312.045: Accelerated display of the GFID table
  • 1313.046: Simplified procedure for loading some files
  • 1315.051: The storage of information for the description of RVA in PE files has been transferred to a hash table, the search time for the description for RVA has been significantly reduced
  • 1318.053: Ctrl+Insert can be used along with Ctrl+C to copy information from the ListView to the clipboard
  • 1318.057: The set of status information from the ListView has been expanded, there are: focused row number, total count of rows, count of selected rows

0.2.1.125 (2021-03-04)

PEAnatomist.exe SHA256: BC52CBE85FD779878F0E06624C2BF8A2A4995EBBBD381A400385AE01620B531A

  • 110B.009: Significant improvement to the MSVC ILStore (CxxIL) symbols parser and increased compatibility with different VS versions
  • 1111.027: Decoding of local symbols table (.cil$sy) of MSVC ILStore (CxxIL) format in OBJ files
  • 1117.033: Displaying the line number of the beginning of the function in the source file in the description of symbols MSVC ILStore (CxxIL)
  • 1117.034: Fixed display of source file names in MSVC ILStore (CxxIL) symbols descriptions for VS 2002 and 2003 versions (encoding is not UTF8)
  • 1118.035: Fixed decoding of LF_POINTER in CodeView and MSVC ILStore (CxxIL) type tables if the described type is a pointer to a class member
  • 1119.036: Changed the names of some keys in the configuration file for portability in future versions
  • 111B.039: Fixed display of CodeView type description in MSVC ILStore (CxxIL) tables, if debug information is moved to PDB
  • 111C.046: Fixed error displaying the incorrect name in the description of a CodeView type referenced by another type or symbol (in rare cases)
  • 1201.071: Accelerated access to sections and their data in OBJ files
  • 1205.081: Added support for ExtendedObj files (a.k.a. BIGOBJ, obj files with more than 0xFEFF sections)
  • 1207.094: For some types of CodeView debug information, a more detailed description is available (for example, for LF_POINTER, LF_MODIFIER, LF_ARRAY and LF_BITFIELD, the description of the type to which they refer and some properties are displayed)
  • 120C.110: Clarified interpretation of data from Rich signature
  • 121B.116: The program license was changed from MIT to Freeware (the text of the License Agreement is located in the "Readme" file)
  • 1303.122: Fixed a bug with parsing version information from the resources section in some cases
  • 1304.123: Fixed error getting a member name for LIB archives created by BSD-compatible toolkit
  • 1304.124: Support for ARM64EC in OBJ files

0.2.0.370 (2021-01-04)

PEAnatomist.exe SHA256: 8E6D8EF4D5691A8FFC22377C45FC00E3CE90FD7F47E1F8D2CDBA914885477BEF

  • Minor optimization and cleaning of list sorting code
  • Background color of resource properties dialog and hexview changed to standard for the used control
  • Cleaning headers, unifying declared data types, dividing code into independent modules
  • Fix display error for the symbols CV_COMPILESYM and CV_COMPILESYM3
  • Update register names and CodeView symbols from VS 16.8 and 16.9Preview
  • Add display of the COFF symbol referenced by the CLR token in the COFF symbol table
  • Add display of CLR token in CodeView symbols
  • Fix error displaying RT_STRING resource as text in rare cases
  • Fix error in defining COFF-symbol of exception handler in x64 OBJ-files
  • The used data types from CoreCLR 5 have been updated
  • Fix a crash when displaying the contents of the metadata tables of some obfuscated or compressed .NET files
  • Change .NET metadata streams description - stream RVA is displayed now
  • Fix matching RVA to offset for some alignment and section parameter combinations in PE files compiled by MinGW
  • Fix displaying a DelayImport table with incorrect content (regression starting 0.1.8)
  • Fix matching RVA to offset in case of forced loading of PE without sections
  • Add .NET Vtable Fixups display
  • Fix a rare error with displaying the name of some Codeview types in the pivot table (an incorrect name could be displayed if in fact it was of zero length)
  • Add decoding of MSVC ILStore symbol table (.cil$gl) in OBJ files (x86, x64, ARMThumb, ARM64) for VS16.8
  • Change the appearance of the main window in the absence of a loaded file
  • Add description for selected symbol in the MSVC ILStore symbol table
  • Add correction of indexes in the MSVC ILStore table of types in case of using PCH
  • Add description of types by their index in all supported MSVC ILStore tables
  • Add description of MSVC ILStore symbols referenced by selected symbol from table .cil$gl
  • Add parsing of CHPE configuration header and DynamicDataRelocations table for hybrid x64-over-ARM64 images (arm64x) from InsiderPreview 21277
  • Add x64 ExceptionsData table for hybrid x64-over-ARM64 images (arm64x)
  • Add parsing of ARM64 unwind codes for SIMD registers
  • Fix detection of the ARM64 unwind chain
  • New view of the settings dialog, division of settings into new categories
  • Add formatting settings for text copied to the clipboard from program tables
  • Fix error reading CodeView C13 subsections in some cases (most often it appeared on CodeView created by early versions of tools from VS2002 and VS2003)
  • Add search settings: remembering the last query and saving the selected starting position of the search
  • Add search options for text: match only from the beginning of a string, inversion of search results (i.e. search for strings where the desired text is absent)
  • Fix error displaying the "Parent Offset" parameter in the CodeView symbols S_DEFRANGE_REGISTER_REL and S_DEFRANGE_REGISTER_REL_INDIR
  • Fix error of reading MSVC ILStore type table when there are nested tables
  • Add support for decoding MSVC ILStore symbol table for all public versions of VisualStudio (7-16.9Preview2)
  • Add the ability to select all found lines for text search
  • Prevent unclosed search dialog from being used after destroying its associated ListView
  • Configuration file format has been changed to text view

Releases list