What's new?

Version 0.1.17.83 (2020-09-10)

PEAnatomist.exe SHA256: BEB515489A0C8DA42DC252F51C1DFCDF886E02A76FB688DFD3F41D3AECF8D9A8
  • Added recognition of the target from a MSI shortcut
  • Fixed a bug with displaying some dialogs from the resources
  • Updated set of CET policy flags and LOAD_CONFIG_DIRECTORY structure from SDK 20201
  • Added display of xFG-hash value in the GFID list
  • Added descriptions of several section groups on the "POGO" page in IMAGE_DEBUG_DIRECTORY
  • Accelerated display of found strings in PE files
  • Added an optional restriction to start the only instance of the program
  • Added a menu for launching a copy of the program with the currently open file
  • Added the ability to open a file from the clipboard
  • Fixed loss of a character in line recognition if a long line was split into several
  • Added string detection settings: recognition threshold and ignoring of strings without a trailing zero
  • Added a dialog for selecting a Section object and opening a mapped file
  • Introduced a limitation of one instance of the resource properties dialog per entry
  • Optimization and clean up of a part of the code for working with ListView

Version 0.1.16.206 (2020-06-26)

Download (141 KB)
PEAnatomist.exe SHA256: B165526D4BEA5820D6ABB8A5D0F1DF292D91C4AE06628564ED4015BEB9BE27E4
  • Slight optimization
  • Fixed an error in determining of a register names in the CodeView symbols description in very rare cases
  • Added the ability to copy entire columns to the clipboard with multiple row selection
  • Added display settings for the FLC panel and status panel
  • The error of scaling the size of the cells of the status bar is fixed
  • Splitter controls have been added in most of tabs
  • Added host resolving for ApiSet libraries in import tables
  • Added selection of an external DLL for determining the ApiSet host in the program settings
  • A partial search has been added to the ExceptionsData table (experimental function)

Version 0.1.15.344 (2020-05-30)

Download (136 KB)
PEAnatomist.exe SHA256: 04D3749A5525C9D49CD0161308510507B886BC64F323ABA2064E987331B3B128
  • Fixed the error in determining the minor version of VS 2017-2019 when decoding the Rich signature (regression 0.1.13 and 0.1.14)
  • Fixed decoding of RT_STRING resources in the presence of incorrect data
  • Added tab with detailed description of PE resource headers
  • Resource tab redone to list without grouping by resource type
  • Fixed sorting of the list of resources
  • The procedure for parsing the resource directory has been changed, new criteria for data correctness have been added
  • Fixed processing of the settings file during the first launch of the program
  • Corrected the behavior of the COFF character parser in the presence of incorrect info about long symbol names
  • Fixed the bug of constructing the context menu for listview in virtual mode
  • Fixed saving the selected file type filter in the "Open file" dialog
  • Fixed incorrect recognition of UTF16 lines in rare cases
  • Added page of detected ANSI and UTF16 lines in PE file
  • Added CodeView Debug Info parsing for OBJ files
  • Added CodeView Debug Symbols parsing for OBJ files
  • Added parsing of CodeView Types for OBJ files
  • Added parsing of new CodeView Debug Symbol records up to S_REGREL32_INDIR_ENCTMP inclusive
  • Added parsing of new CodeView Type leafs up to and including LF_INTERFACE2
  • Added parsing of type information in OBJ files compiled by MSVC with the /GL flag or others in MS ILStore format

Version 0.1.14.26 (2020-04-28)

PEAnatomist.exe SHA256: D53429B432F6F394108264B6ED5D80ECD60E69A94104E9136DD49CCD51614F95
  • Fixed a bug that caused the program to crash when viewing the file header of PE files built by Borland Delphi
  • Minor optimization of internal data structures
  • Added the ability to extract members from LIB files
  • Added file close menu

Version 0.1.13.332 (2020-04-25)

PEAnatomist.exe SHA256: 965F75FB6591C95C2E1F72DCFEF61E1C7DA0E9D72A05E8F2F5401561BC6FA41F
  • Fixed error sorting some lists with a signed-long integers
  • Fixed error displaying the table ExceptionsData in the presence of incorrect data
  • Fixed error displaying the name of the section in the RVA description in some cases
  • Added new description lines for section groups on the POGO page in IMAGE_DEBUG_DIRECTORY
  • Optimization and refactoring of a significant part of the code
  • Added new fields to LOAD_CONFIG_DIRECTORY from SDK 19041 - GuardEHContinuations, and undocumented ones - eXtended CFG (xFG)
  • Added GuardEHContinuations list page
  • Added new feature flags in the GFID list
  • Fixed bug with incorrect line ending when copying to clipboard
  • Fixed error parsing the table of COFF symbols if an incorrect address is specified
  • The icon of the main program window no longer changes to the icon of the file being processed
  • Fixed IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT parsing
  • Added support for OBJ file and LIB file formats
  • Added support for non-COFF OBJ files
  • Added parsing a symbol table for OBJ files
  • Added page for summary information about import library entries in LIB files
  • Added parsing of table of sections and relocations of OBJ files
  • The number of file extensions for integration into the Explorer context menu has been increased
  • Fixed bug with integration into the shell context menu if the file extension was not previously registered in the system

Version 0.1.12.73 (2020-02-13)

PEAnatomist.exe SHA256: 5EF85D7B7A34434547086034F43D5266FB18C22735AB57762610CB5437ECA0F7
  • A context menu integration bug fixed
  • The behavior of the program when loading a new file with open resource properties window is fixed
  • Fixed error displaying descriptions of some characters in the Dyn.Value Relocations table
  • Fixed error parsing ExceptionsData table for ARM Thumb: incorrect information about stored registers in compressed form of UnwindInfo
  • Natural sorting added for several more lists
  • Fixed error populating the Catch Handlers list for UnwindInfo.EHData.CPP_EH4
  • Fixed a bug leading to the slow execution of the "Select All" operation on large lists
  • Some lists with a large number of elements are switched to virtual mode
  • Added navigation through the associated UNWIND_INFO elements of the ExceptionData list for x64

Version 0.1.11.155 (2020-01-30)

PEAnatomist.exe SHA256: E6D41320BB2044F659B8955539B26B06E8297EED02A8F15932619C4CBDE9B1EC
  • Fixed bug when parsing the old version of the delay import table
  • Small optimization of a number-to-string converter
  • Added parsing of Native Import Sections table (ReadyToRun, NGEN)
  • Added parsing of the MethodDef EntryPoints table (ReadyToRun)
  • Minor optimization of settings storage structure
  • Slight list sorting optimization
  • Fixed copying large lists to the clipboard (more than 100,000 lines)
  • Fixed loading error after drag-n-drop shortcut of the investigated file to the program file
  • Updated program settings dialog
  • Added some new settings
  • FLC optimization
  • The mechanism for parsing .NET metadata tables has been redesigned for quick access to any fields, rows, tables
  • Added description of .NET metadata token in some tables

Version 0.1.10.97 (2020-01-10)

PEAnatomist.exe SHA256: F70267636B32CD7F8CE6E566ABAC9D9BE63CFF9BB3F7F2CD19F3249229FD7291
  • Added mapping of redirects to another UNWIND_INFO between managed / unmanaged code in the ExceptionsData table for x64
  • Added parsing of tables and metadata of dotNET

Version 0.1.9.64 (2019-12-27)

PEAnatomist.exe SHA256: B733937AD7F1300C7249FA126FC7354CA0145C2575ABB7ADB3BDF092CBD6CC0A
  • Optimize some internal data formats
  • Fixed way to save settings, now the mechanism uses next rules:
    - if there are no settings files in the program directory and in %appdata%, then the settings file will be created in the program directory;
    - if the program directory doesn't contain the settings file and the directory is not writable, then %appdata% will be used for storing the settings;
    - if there is a valid settings file in the program directory, then this is the only way to read the settings, and the settings also will store here, if the file is writable;
    - if the settings file is already in %appdata%, then it is always used to read/write settings.
  • Directories hidden by decreasing "Number Of RVA And Sizes" values are grayed out if available
  • Improved list sorting

Version 0.1.8.234 (2019-12-20)

PEAnatomist.exe SHA256: 0ED068A7496FACCFB52A27C0EC649D28EE341C55B506072B4A7385E57354AFA4
  • Added description for COFF Groups in the debug information table
  • Updating the interface of the main window using a tree view of the available information
  • New header information pages added: DOS_HEADER, FILE_HEADER, OPTIONAL_HEADER, CHPE_HEADER, VOLATILE_METADATA_HEADER
  • Added parsing IAT table in CHPE for emulated architecture
  • Added construction of a CFG bitmap and its display in a HEX form
  • Added parsing of some specific tables for applications created in Visual Basic 5/6
  • Added file upload log displaying warnings about non-compliance with the PE format (the list of checks will expand)
  • Implemented multiple selection of rows in lists

Version 0.1.7.158 (2019-12-06)

  • Fixed bug with freezing when processing PE signature data
  • Fixed minor bug with a prompt displaying in FLC input fields
  • Fixed minor bugs with LSDA data detection in the ExceptionsData table
  • Fixed display of resource information in dumped PE
  • Optimization of code for work with GUI
  • Added setting for assigning the font used by the shell (changing the setting requires restarting the program)
  • Fixed minor errors when displaying dialog resources of the investigated file
  • Fixed bug with displaying tabs for PE directories for some modified images

Version 0.1.6.260 (2019-11-23)

  • Fixed parsing of import table modified by some packers
  • Added forced cleaning of recent files list
  • Added reaction to the ENTER key in FLC text fields
  • New settings:
    set main window always on top;
    contrast selection of alternating lists background;
    number of bytes displayed in the HEX form in the description in the Base Relocations table;
    restore last opened tab;
    pasting the list header into the data copied to the clipboard;
    use the ESC key to exit the program
  • Display of minor instrument version in RICH signature for VS2017 and higher fixed
  • Fixed incorrect behavior when resizing the main window
  • Deleting file associations fixed
  • FLC editboxes are cleared after loading a new file
  • Fixed the error in displaying the section table if some header fields were nullified
  • Added section naming by number if their name is not specified in the header or does not contain printable characters
  • The mechanism for working with sections and calculating the correspondence of RVA to raw offset has been completely redone
  • Several FLC bugs fixed

Version 0.1.5.46 (2019-11-09)

  • IMAGE_DIRECTORY_ENTRY_IAT table parsing available
  • Symbols description added in Dynamic Value Relocations table
  • Data description added in Volatile Metadata table for x86
  • Minor optimizations of the code prepearing new GUI
  • FuncInfo4 (ExceptionsData table) parsing error fixed, it appears when data layout has optimized
  • FuncInfo4 (ExceptionsData table) with Separated code segments parsing error fixed
  • RVA of instructions for appropriate unwind codes added in table for x64

Version 0.1.4.192 (2019-10-31)

  • ExceptionsData table LSDA headers parsing improved
  • LSDA headers parsing implemented for C Builder 10.2 and newer
  • Commandline keys are not required to open a file
  • Minor error in filename processing fixed
  • Recent files menu available now
  • The program settings file layout modified
  • Any size overlays supported
  • GUI handling optimized
  • Hide unused tabs
  • HighDPI support

Version 0.1.3.2 (2019-10-19)

  • x64 ExceptionsData Table parsing bug fixed

Version 0.1.2.57 (2019-10-18)

  • Taskbar file icon display fixed
  • Crash on unsupported files fixed
  • Files load errors display added
  • Internal data size optimization
  • ExceptionsData Table parsing speed optimization