Changelog : PEAnatomist

0.2.11108.2330 (2022-11-08)

PEAnatomist.exe SHA256: 3224ED65CA61E6B182A012F349E28D8FD6BAB775DFE532104CDD3920D42C5D22

11106.1711: Fixed an error in determining RVA of the PE COFF-symbol table entries made by VS4-6 and some versions of GNU toolsets

0.2.10913.2121 (2022-09-13)

PEAnatomist.exe SHA256: D55E8C7470B274A1E163246A261DBD1685E649469E613D21FC233CFDAA03DA51

10810.0106: Updated list of sections and values of Ready2Run header flags from dotnet 7
10814.0154: Fixed signature enumeration error in ImportSections table for Ready2Run and NGEN

0.2.10712.2124 (2022-07-12)

PEAnatomist.exe SHA256: 600284707FF9DD0C8FC28381D367BE61506007ADE54864FEFD128A1C912784EB

10701.2342: A rare error of out-of-border reading was eliminated during recognition of the exception handler kind in some PE files
10703.0012: The error of out-of-border access in some distorted PE has been eliminated for the IMAGE_DIRECTORY_ENTRY_DEBUG parsing
10703.0047: The error of out-of-border access in some distorted PE has been eliminated for the dotnet metadata header handling

0.2.11.25 (2022-05-18)

PEAnatomist.exe SHA256: 6914FA121D929AE39272B02FF6DF78687E8328FEE9E255BC06A165C78C59B599

250C.008: Fixed bug with enumeration of IMAGE_DYNAMIC_RELOCATION_FUNCTION_OVERRIDE symbol in DVRT table
2511.024: Added separate page for IMAGE_DYNAMIC_RELOCATION_FUNCTION_OVERRIDE symbol content in DVRT table (backport from 0.3.10516.1931)

0.2.10.17 (2022-04-16)

PEAnatomist.exe SHA256: D472B4D5B37AEF14307A332FFDCB30864150D7BB11579AB5E3B3A514F9E60668

240B.003: Fixed error displaying data from UnwindInfo CxxFH3 tables for ARM7
240C.005: Fixed CodeView symbols S_DEFRANGE_CONSTVAL_ON_ENTRY and S_DEFRANGE_GLOBALSYM_ON_ENTRY from VS2022 17.2Pre3
2410.012: Fixed leak of GDI objects when using more than one ListView column setup dialog at the same time

0.2.9.5 (2022-03-15)

PEAnatomist.exe SHA256: 6DBD896E26DF22EF551C0FD316F349B5C302DEE9E13092313635B561E58BBEAE

230F.004: Fixed entropy graph drawing error on Windows 7 and newer

0.2.8.61 (2022-03-05)

PEAnatomist.exe SHA256: 095D3E8151A717F1F2EE76B4738A00AEA40840DA1FB368C69E6C2A22642480D6

2109.002: Clarified description of Rich signature elements corresponding to VS 2017-2022 versions (e.g. 16.11.~8~)
210D.005: Added display of information about IMAGE_DEBUG_TYPE_BBT (Basic Block Transformation): tool used and version of MS Vulcan DLL
210D.007: Fixed CORCOMPILE_HEADER header parsing error for .NetFramework 4.6 - 4.6.2 (the structure layout is different)
2113.015: Fixed program hang during import table parsing in some specific PEs in rare cases
2113.018: Listview column widths are reset to default if rendered columns are manually set to zero width
2113.019: Added a column with the value of the function length to the list of ExceptionsData x64 (PE, HybridPE, OBJ) (enabled by default instead of the "End Address" column)
220A.025: Added support for IMAGE_FILE_MACHINE_POWERPCBE (Xbox 360) in PE, OBJ and MSVC CxxIL parser
220B.029: Fixed error parsing MSVC CxxIL symbols for VS2008 and higher if compilation was done with the isTypedIL flag forcibly disabled
220C.030: Fixed error displaying Rich signature in some PEs with a modified DOS stub (regression starting 0.2.6)
220C.038: Added support for IMAGE_REL_BASED_HIGHADJ and description for corresponding target address
220D.044: Fixed a number of minor errors in the string tokenizer of the program settings file
2210.047: Fixed section enumeration error in OBJ files in rare cases (DEC Alpha)
2217.060: Added a page describing the contents of IMAGE_DEBUG_TYPE_BBT

0.2.7.129 (2022-01-03)

PEAnatomist.exe SHA256: C9BA28BEA386B62E6C406B0DF44C944B02DAED157D849FB7D07BF2781EE255D3

1B16.009: Fixed bug in RVA description for delayed import
1B1A.010: Fixed bug with scaling delta value in IMAGE_DYNAMIC_RELOCATION_ARM64X
1C01.011: Removed handling of irrelevant command line parameter "-pe"
1C01.012: An instance of the program will not start after a message about an unknown file format if it is loaded from the command line
1C01.016: Eliminate starting a new instance of the application in the case of an unknown file format on the command line if the limitation for one instance is enabled
1C04.041: Slightly updated appearance of the entropy graph
1C04.049: Fixed a number of inaccuracies in the drawing of the entropy graph and the tooltip contents
1C04.050: Accelerated search with selection of all found lines in some cases
1C08.066: Added calculation of entropy by "sliding window" with configurable block overlap for the graph
1C08.067: Fixed behavior during TabStop navigation on some tabs of the program settings dialog
1C09.068: Fixed IMAGE_LOAD_CONFIG_DIRECTORY parsing error on some files created by linker from VS2002 pre-release versions
1C0A.073: Fixed RT_VERSION parsing error for resources created by some versions of RC/CVTRES from VS98-2003
1C13.078: Added optional display of the second line on the entropy graph with values calculated without block overlap, if the corresponding mode is enabled
1C15.083: Fixed error in processing the exception table for emulated architecture code in hybrid PE (ARM64EC)
1C15.085: Added collection of information about exception handlers (x64, ARM64) for describing RVA in emulated architecture code in hybrid PE (ARM64EC, ARM64X)
1C15.093: Added a page describing WoW thunks in hybrid PE (ARM64EC, ARM64X)
1C1A.101: All selected lines retain their state after sorting virtual lists, previously only the first of the selected lines was
1C1D.120: Added multiple saving to file for resources from PE and records from LIB
1C1E.125: Fixed a minor error in resolving an Apiset host in very rare cases (if the data for resolving in an external library was corrupted)
2101.128: Fixed error reading .NET metadata in some PE due to incorrect address alignment

0.2.6.126 (2021-11-08)

PEAnatomist.exe SHA256: C31A62F8473A37F5D0B5C0120A19A2E210F0B78D6FBCBF05BC7F6E4589D7C532

181C.002: Fixed a bug with splitting long records from the ListView header into multiple lines when copying to the clipboard with column justify
190B.010: Fixed parsing of delayed import table for some compressed PE files
190B.011: Fixed token description error in .NET VTableFixups table
190F.012: Register names and CodeView symbols (S_HYBRIDRANGE) from VS 16.11 and 17.0Preview4 have been updated
1910.016: Changed display order of Rich-signature records
1910.018: Clarified interpretation of some build numbers from Rich signature (WCE Platform Builder)
1A05.045: Corrected sorting of ExceptionsData tables for ARM Thumb and ARM64 in PE and OBJ, slightly accelerated sorting of other tables
1A0D.060: Expanded dataset for describing CoffGroups in the IMAGE_DEBUG_TYPE_POGO table
1A10.070: Fixed a bug with parsing the import table for some modified PE (Mal: Kelios)
1A11.073: Fixed a bug with detecting invalid resources in compressed PE
1A15.086: Fixed a bug with displaying the name of the FramePointer register in the S_FRAMEPROC CodeView symbols for ARM64 and ARM64EC
1A1D.097: Slightly simplified the procedure for enumerating PE resources
1A1E.102: Fixed OOB reading of .NET VTableFixups table in some cases
1B06.121: Numerous minor fixes and minor optimizations
1B08.125: Updated the CodeView symbol (S_SOURCELINK) from VS 17.1Preview1 and the IMAGE_LOAD_CONFIG_DIRECTORY structure (22478+)

0.2.5.267 (2021-08-25)

PEAnatomist.exe SHA256: F759677D747651D4C6242A3F04EAFE2476FDEAD77A4B62DDBD93DE38971A579F

161B.008: Added display of the full path to records in LIB files, long paths are limited to the file name and the initial part of the path
161B.013: Added parsing of ECSYMBOLS record in LIB files (ARM64EC specific symbols)
161C.015: Fixed bug with saving LIB file entries with invalid characters in the default filename
161C.016: Updated some ARM64EC related structures from WDK 22000
1708.038: Added description of IMAGE_IMPORT_CONTROL_TRANSFER_DYNAMIC_RELOCATION elements with index 0x7FFFF in the DynamicData Relocationss
170F.069: Slightly sped up ListView sorting
170F.070: Fixed sorting of the READYTORUN_IMPORT_SECTION list (for R2R and NGEN)
1713.088: The number of recent files became customizable
1714.091: Fixed IP2StateMap enumeration error for MSVC __CxxFrameHandler4 (regression in 0.2.3)
1717.100: Added support for Cxx20Modules in MSVC ILStore (CxxIL) parser and display of corresponding global symbols
171B.106: Hiding a sorted column resets the ListView sort
171C.113: Added optional loading of the last opened file, unless otherwise specified when starting the program
171E.116: Added a submenu for copying individual columns to the clipboard if the ListView context menu was called from the keyboard
171F.124: Added list sorting submenu to ListView context menu
171F.127: Fixed a positioning error of the ListView context menu keyboard-called for the non-visible row
1801.128: Fixed calculation of the allocated memory size for copying to the clipboard from ListView in case of adding a list header
1801.129: Fixed line-by-line copying of the contents of the LoadConfig GFID table to the clipboard if the "XFG-hash" column is populated
1803.142: Fixed error validating ListView settings, which could lead to the inability to display a hidden column
1805.157: The error of copying a separate ListView column to the clipboard, leading to program crash due to possible buffer overflow, has been fixed
1806.160: Fixed a bug with displaying the list of COFF symbols in PE and OBJ in the presence of long symbol names (more than 1000 characters)
1808.175: Added a dialog for configuring ListView columns (show/hide, order) instead of the header context menu
1808.182: Added the ListView header context menu for copying an entire column regardless of the selected rows
1808.183: ListView header context menu command processing moved to WM_MENUCOMMAND
1809.193: Added control of the columns order from the keyboard (CTRL + DOWN/UP/HOME/END) and using drag-n-drop in the ListView column settings dialog
180B.198: Fixed error displaying additional COFF symbols for COMDAT sections in OBJ files if there is a second additional symbol
180F.207: Significantly speeded up the construction of the ExceptionsData table in OBJ files
1811.209: Fixed a bug with displaying long section names in the section table of OBJ files
1811.211: Fixed a bug with indexing COMDAT sections with long names in OBJ files (the data in the ExceptionsData table could not be fully enumerated)
1812.215: Added check of Reproducible PE file timestamp for hash value
1813.220: Added the ability to search only in the selected rows of the ListView to search in several iterations by a set of criteria
1813.223: Fixed the error of incomplete copying of rows from the ListView to the clipboard if the content of at least one cell was longer than 1000 characters
1813.230: Small optimization of memory consumption while copying rows from ListView to clipboard with column justify
1817.261: Added configurable splitting of long ListView cells into multiple lines when copying to the clipboard with column justify

0.2.4.42 (2021-06-08)

PEAnatomist.exe SHA256: 92BB453000C526D799F8417C95812831D57DA8E54206C7DFE4F76BFE8F748B49

150F.001: Added unwinding code for ARM64 Pointer Authentication extension instructions (InsiderPreview 21382)
1511.003: Added a column with the unwind chain depth in the x64 ExceptionsData table (hidden by default)
1511.004: Fixed a bug with enabling ListView columns hidden by default after restarting the program (regression from version 0.2.0)
1516.013: Fixed crash during parsing of corrupted COFF symbol table in PE files
1517.015: Fixed the old error of displaying the "Security" tab for PE files in some cases
1518.016: Fixed error in validation of program window position settings if opposite sides of the window go beyond the desktop (regression from version 0.2.0)
151B.021: Added entropy plotting
151B.025: Added entropy calculation settings for plotting and plot display settings
1601.032: Added a hint about the fileoffset and the corresponding section under the cursor on the entropy plot
1604.033: The last active tab of the settings dialog is restored after reopening
1608.040: Added optional labels for section boundaries on the entropy plot

0.2.3.76 (2021-05-09)

PEAnatomist.exe SHA256: 6D7AE0FB725B07E4C264ED79854556A3D270824307F421521BB22FE0A668236C

1319.000: Fixed the Statusbar value of the focused line for an empty ListView in certain situations
131A.001: The possible freeze of the program after the search resumed, if the contents of the list have been changed
131B.007: Added definition of the function beginning and its description on the LoadConfig GuardEHContinuations tab for x64
131B.008: Fixed displaying the type index in the CodeView types table in OBJ files if PCH is used (regression of version 0.2.2)
140B.011: Optimized display of status information from ListView for very large lists
140B.014: Added display of additional Function (.bf, .ef) and FunctionSym symbols in the COFF symbol table of OBJ files
140C.015: Fixed erroneous display of INT value in CFG IAT table if import is performed by ordinal (regression of version 0.2.2)
140D.017: Added XFGHASHMAP parsing in LIB files
140F.022: Added collection of information about exception handlers (x64, ARM, ARM Thumb, ARM64, IA64) and COFF symbols for describing RVA in PE files
1410.025: Accelerated display of COFF symbol table in PE files, added display of some additional symbol records
1411.029: A 'Column' drop-down list in a searching dialog is disabled if only fulltext search is available (i.e. only one search option)
1413.031: Added export of GFID bitmap to file
1415.032: Fixed a bug with parsing the resource table in PE files if IMAGE_RESOURCE_DATA_ENTRY is placed at the end of the table
1416.038: Added optional display of full paths in the recent files list, long paths are limited to the file name and the initial part of the path
1416.039: Changed the format of the main window title, the name of the loaded file is displayed first now
1417.045: Eliminated redundant work with the menu when loading files and generating a list of recent files
1418.046: Added OS shell notification about file associations changing
1419.049: Added optional tooltip with description of RVA calculated in FLC (disabled by default)
141A.053: Added definition of the function beginning and its description on the LoadConfig GuardEHContinuations tab for ARM64 (InsiderPreview 21364)
141B.055: Fixed error displaying multiple values of the "Translation" key in RT_VERSION resources
141B.057: Added a column with functions description in the ExceptionsData table for all supported architectures (for x64, ARM Thumb and ARM64, some columns are now hidden by default)
1505.059: Fixed error displaying SEH Scope on the ExceptionsData page for ARM7/ARM LE in some cases
1507.060: Added a separate tab for the ARM64 unwind chain on the ExceptionsData page
1507.072: Added recognition of some types of exception handlers for all supported architectures
1507.073: Added a column with the type of exception handlers in the ExceptionsData table, the column with the handler's RVA is hidden by default
1508.074: Fixed a rare error filling information from the export table for the RVA description

0.2.2.58 (2021-03-25)

PEAnatomist.exe SHA256: DB32FA0BDB8D056E216FD2D0C6266FC1616068D72C1035CC0B9D0B8FF37E70D8

1305.000: Fixed display of the CodeView type name in the description if the type index is not specified
1307.001: Fixed error displaying manifest text from PE resources in rare cases
1307.003: Added support for IA64, MIPS and Hitachi SH4 architectures in the CxxIL parser
1308.006: Fixed CxxIL parsing error for MSVC from VS2008Beta1
1309.007: Fixed infinite parsing of IMAGE_DIRECTORY_ENTRY_BASERELOC table in rare cases
1309.008: Fixed error of IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG display for some files created by linker versions below 6.0
1309.010: Fixed possible erroneous OBJ file recognition (regression of version 0.2.1)
130D.019: Cleaning and optimization of the parser for the ARM Thumb and ARM64 unwind codes
130F.022: Added a textual description of the epilogue execution condition for ARM Thumb unwind codes
130F.023: Fixed error displaying the epilogue execution condition for ARM Thumb unwind codes if the epilogue is specified as the only one (flag E)
130F.028: Added calculation of the epilogue beginning for the ARM Thumb and ARM64 unwind codes, if the epilogue is specified as the only one (flag E)
1311.029: Fixed light error in defining VS2017-2019 minor version in Rich signature (regression of version 0.2.1)
1311.030: Fixed error displaying values from IMAGE_DELAYLOAD_DESCRIPTOR.UnloadInformationTableRVA in the delayed import table
1312.044: Fixed the mechanism for filling information for the description of RVA in PE, added detection of new information
1312.045: Accelerated display of the GFID table
1313.046: Simplified procedure for loading some files
1315.051: The storage of information for the description of RVA in PE files has been transferred to a hash table, the search time for the description for RVA has been significantly reduced
1318.053: Ctrl+Insert can be used along with Ctrl+C to copy information from the ListView to the clipboard
1318.057: The set of status information from the ListView has been expanded, there are: focused row number, total count of rows, count of selected rows

0.2.1.125 (2021-03-04)

PEAnatomist.exe SHA256: BC52CBE85FD779878F0E06624C2BF8A2A4995EBBBD381A400385AE01620B531A

110B.009: Significant improvement to the MSVC ILStore (CxxIL) symbols parser and increased compatibility with different VS versions
1111.027: Decoding of local symbols table (.cil$sy) of MSVC ILStore (CxxIL) format in OBJ files
1117.033: Displaying the line number of the beginning of the function in the source file in the description of symbols MSVC ILStore (CxxIL)
1117.034: Fixed display of source file names in MSVC ILStore (CxxIL) symbols descriptions for VS 2002 and 2003 versions (encoding is not UTF8)
1118.035: Fixed decoding of LF_POINTER in CodeView and MSVC ILStore (CxxIL) type tables if the described type is a pointer to a class member
1119.036: Changed the names of some keys in the configuration file for portability in future versions
111B.039: Fixed display of CodeView type description in MSVC ILStore (CxxIL) tables, if debug information is moved to PDB
111C.046: Fixed error displaying the incorrect name in the description of a CodeView type referenced by another type or symbol (in rare cases)
1201.071: Accelerated access to sections and their data in OBJ files
1205.081: Added support for ExtendedObj files (a.k.a. BIGOBJ, obj files with more than 0xFEFF sections)
1207.094: For some types of CodeView debug information, a more detailed description is available (for example, for LF_POINTER, LF_MODIFIER, LF_ARRAY and LF_BITFIELD, the description of the type to which they refer and some properties are displayed)
120C.110: Clarified interpretation of data from Rich signature
121B.116: The program license was changed from MIT to Freeware (the text of the License Agreement is located in the "Readme" file)
1303.122: Fixed a bug with parsing version information from the resources section in some cases
1304.123: Fixed error getting a member name for LIB archives created by BSD-compatible toolkit
1304.124: Support for ARM64EC in OBJ files

0.2.0.370 (2021-01-04)

PEAnatomist.exe SHA256: 8E6D8EF4D5691A8FFC22377C45FC00E3CE90FD7F47E1F8D2CDBA914885477BEF

Minor optimization and cleaning of list sorting code
Background color of resource properties dialog and hexview changed to standard for the used control
Cleaning headers, unifying declared data types, dividing code into independent modules
Fix display error for the symbols CV_COMPILESYM and CV_COMPILESYM3
Update register names and CodeView symbols from VS 16.8 and 16.9Preview
Add display of the COFF symbol referenced by the CLR token in the COFF symbol table
Add display of CLR token in CodeView symbols
Fix error displaying RT_STRING resource as text in rare cases
Fix error in defining COFF-symbol of exception handler in x64 OBJ-files
The used data types from CoreCLR 5 have been updated
Fix a crash when displaying the contents of the metadata tables of some obfuscated or compressed .NET files
Change .NET metadata streams description - stream RVA is displayed now
Fix matching RVA to offset for some alignment and section parameter combinations in PE files compiled by MinGW
Fix displaying a DelayImport table with incorrect content (regression starting 0.1.8)
Fix matching RVA to offset in case of forced loading of PE without sections
Add .NET Vtable Fixups display
Fix a rare error with displaying the name of some Codeview types in the pivot table (an incorrect name could be displayed if in fact it was of zero length)
Add decoding of MSVC ILStore symbol table (.cil$gl) in OBJ files (x86, x64, ARMThumb, ARM64) for VS16.8
Change the appearance of the main window in the absence of a loaded file
Add description for selected symbol in the MSVC ILStore symbol table
Add correction of indexes in the MSVC ILStore table of types in case of using PCH
Add description of types by their index in all supported MSVC ILStore tables
Add description of MSVC ILStore symbols referenced by selected symbol from table .cil$gl
Add parsing of CHPE configuration header and DynamicDataRelocations table for hybrid x64-over-ARM64 images (arm64x) from InsiderPreview 21277
Add x64 ExceptionsData table for hybrid x64-over-ARM64 images (arm64x)
Add parsing of ARM64 unwind codes for SIMD registers
Fix detection of the ARM64 unwind chain
New view of the settings dialog, division of settings into new categories
Add formatting settings for text copied to the clipboard from program tables
Fix error reading CodeView C13 subsections in some cases (most often it appeared on CodeView created by early versions of tools from VS2002 and VS2003)
Add search settings: remembering the last query and saving the selected starting position of the search
Add search options for text: match only from the beginning of a string, inversion of search results (i.e. search for strings where the desired text is absent)
Fix error displaying the "Parent Offset" parameter in the CodeView symbols S_DEFRANGE_REGISTER_REL and S_DEFRANGE_REGISTER_REL_INDIR
Fix error of reading MSVC ILStore type table when there are nested tables
Add support for decoding MSVC ILStore symbol table for all public versions of VisualStudio (7-16.9Preview2)
Add the ability to select all found lines for text search
Prevent unclosed search dialog from being used after destroying its associated ListView
Configuration file format has been changed to text view

PEAnatomist