0.2.11511.1500 (2023-03-11)

PEAnatomist.exe SHA256: 711E6A387A897577BC5EE529CE9C9F19B6ED90DB52C744323E1CA3FC749113D7

  • 11421.2151: Fixed CORCOMPILE_VERSION_INFO header parsing error for dotNet 4.5x prerelease versions
  • 11424.2009: Fixed VolatileMetadata parsing in OBJ files for non-ComDat sections
  • 11426.1706: Fixed a minor error in defining the RVA of the EH function in the IMAGE_LOAD_CONFIG_DIRECTORY.SEHandlerTable table
  • 11503.2140: Updated IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS flag values (WinBuild 25309)
  • 11508.2051: Added generation and parsing of Export (ported from 0.3.10130.2242), Import and DelayImport tables for emulated architecture in hybrid PE files (ARM64X)
  • 11509.1914: Fixed copying to clipboard of "RVA of replacing functions" in the DVRT FunctionOverride table
  • 11510.2023: Added a description for RVA of the corresponding fields from export tables (prefix hE), imports (hI, hIT prefixes) and delayed imports (hDI, hDIT) for emulated architecture in hybrid PE-files (ARM64x)
  • 11511.1343: Information of the forwarded exports was put into a separate column in the export table

0.2.11401.0000 (2023-02-01)

PEAnatomist.exe SHA256: BEC12C16AA079FBE53566E35B7B9E5A51AF2B7C14F99EE1B10AF7567433FEA59

  • 11327.0029: Fixed bug with listing records in dotNet VTableFixups table
  • 11330.1923: Fixed handling of WM_CANCELMODE in some dialogs
  • 11331.2034: Fixed determining of Cpp EH RVA in IMAGE_LOAD_CONFIG_DIRECTORY.SEHandlerTable table in some cases

0.2.11322.0120 (2023-01-22)

PEAnatomist.exe SHA256: 80CCF7AF5ACB6B0CDD3A33681AB6B7C6E5FFC2B8CE811E5BF102EEFB20BF09A2

  • 11322.0056: Fixed a crash when processing the export table header (0.2.11320.1732 regression)

0.2.11320.1732 (2023-01-20)

PEAnatomist.exe SHA256: 2BB7A448883912BE16964699C4C4AF777DF7FE2751B20DE770AEBA59169683F6

  • 11307.1257: Fixed lack of response to ListView search hotkeys in PE resources and UnwindInfo tables for x64 and ARM64
  • 11307.1722: Fixed a possible out-of-bounds read when defining a COMDAT-associated section in OBJ files
  • 11311.1535: Corrected RVA description error in the first version DVRT table for IMAGE_DYNAMIC_RELOCATION_GUARD_RF_PROLOGUE and IMAGE_DYNAMIC_RELOCATION_GUARD_RF_EPILOGUE symbols
  • 11311.1803: Added early DVRT parsing (without RFG, IMAGE_LOAD_CONFIG_DIRECTORY.DynamicValueRelocTable, WinBuild before 14965)
  • 11311.2120: Added analysis of DVRT of the second version
  • 11314.2122: Added CORCOMPILE_HEADER header parsing for the following dotNet NGEN versions that have differences in the specified structure: 1.0, 1.2, 2.0, 2.0Sp2, 4.0, 4.5, 4.52, 4.6, 4.7
  • 11315.2148: Added parsing of the CORCOMPILE_VERSION_INFO header for the following dotNet NGEN versions that have differences in the specified structure: 1.0, 1.1, 1.2, 2.0, 2.0Sp2, 4.0, 4.52
  • 11317.0045: Added parsing of dotNet metadata tables from CORCOMPILE_HEADER and READYTORUN_HEADER headers

0.2.11303.2054 (2023-01-03)

PEAnatomist.exe SHA256: F35CB92704771736819E72D48B1D7F90CBF364E3E32E5585D27A3061039D4829

  • 11303.1816: Added the ability to backward search in the ListView

0.2.11302.1901 (2023-01-02)

PEAnatomist.exe SHA256: D203C8DA68888373E665C8B18209011C16906D27CF71D86C8347538F4D6BC2F9

  • 11114.1307: The inaccuracy in the analysis of the Ready2Run header 4.0 and newer is eliminated - the option for NativeAOT was erroneously displayed
  • 11121.2018: Fixed error of reading the contents of the dotNet metadata tables for some distorted PE
  • 11121.2142: Fixed an error in determining the COFF symbol of exception handler for ARM Thumb and ARM64 OBJ-files, if data for more than one function have been grouped in one xdata section
  • 11127.2148: The description of the version numbers of tools from some pre-released VS2002-VS2013 in the Rich signature has been updated and specified
  • 11204.0101: Added recognition of GS-compatible exception handlers for ARM7
  • 11204.0135: Fixed the analysis of unwind data for ARM7 in the case of zero-length functions
  • 11204.0147: Fixed error describing functions in the exceptions table for ARM7
  • 11204.1730: Fixed an error of reading the addresses of the Catch-blocks in the CxxFrameHandler3 handler for ARM7 and IA64
  • 11207.1736: Added a column with a COMDAT-associated section in the OBJ-file section table
  • 11208.1902: Added a column with the section number of the relocated symbol in the section relocations table for OBJ
  • 11208.2042: Added VolatileMetadata tab for OBJ files
  • 11212.2113: Added definition of the name of the corresponding function COFF symbol instead of label (MSVC) or section (Cygwin) COFF symbols in the exceptions table for OBJ
  • 11216.2143: Updated view of the tab with an unwind information of CxxFH3 in PE for x64, ARM7, ARM Thumb, ARM64 and IA64
  • 11217.1647: Added search dialog responsiveness to decimal and hexadecimal (prefixed with 0x) forms of searched non-text values
  • 11220.2111: Added separate list of dotNet metadata streams
  • 11220.2346: Added separate list of Ready2Run header sections
  • 11221.0002: Added file offset column to specified structure field for lists displaying some PE headers
  • 11226.0135: Added recognition of a number of Cpp exception handlers in the IMAGE_LOAD_CONFIG_DIRECTORY.SEHandlerTable for x86
  • 11227.1950: Added parsing of FuncInfo3 structures for matching entries in the IMAGE_LOAD_CONFIG_DIRECTORY.SEHandlerTable
  • 11302.1422: ListView sorting algorithm changed to MergeSort instead of QuickSort

0.2.11108.2330 (2022-11-08)

PEAnatomist.exe SHA256: 3224ED65CA61E6B182A012F349E28D8FD6BAB775DFE532104CDD3920D42C5D22

  • 11106.1711: Fixed an error in determining RVA of the PE COFF-symbol table entries made by VS4-6 and some versions of GNU toolsets

0.2.10913.2121 (2022-09-13)

PEAnatomist.exe SHA256: D55E8C7470B274A1E163246A261DBD1685E649469E613D21FC233CFDAA03DA51

  • 10810.0106: Updated list of sections and values of Ready2Run header flags from dotnet 7
  • 10814.0154: Fixed signature enumeration error in ImportSections table for Ready2Run and NGEN

0.2.10712.2124 (2022-07-12)

PEAnatomist.exe SHA256: 600284707FF9DD0C8FC28381D367BE61506007ADE54864FEFD128A1C912784EB

  • 10701.2342: A rare error of out-of-border reading was eliminated during recognition of the exception handler kind in some PE files
  • 10703.0012: The error of out-of-border access in some distorted PE has been eliminated for the IMAGE_DIRECTORY_ENTRY_DEBUG parsing
  • 10703.0047: The error of out-of-border access in some distorted PE has been eliminated for the dotnet metadata header handling

0.2.11.25 (2022-05-18)

PEAnatomist.exe SHA256: 6914FA121D929AE39272B02FF6DF78687E8328FEE9E255BC06A165C78C59B599

  • 250C.008: Fixed bug with enumeration of IMAGE_DYNAMIC_RELOCATION_FUNCTION_OVERRIDE symbol in DVRT table
  • 2511.024: Added separate page for IMAGE_DYNAMIC_RELOCATION_FUNCTION_OVERRIDE symbol content in DVRT table (backport from 0.3.10516.1931)

0.2.10.17 (2022-04-16)

PEAnatomist.exe SHA256: D472B4D5B37AEF14307A332FFDCB30864150D7BB11579AB5E3B3A514F9E60668

  • 240B.003: Fixed error displaying data from UnwindInfo CxxFH3 tables for ARM7
  • 240C.005: Fixed CodeView symbols S_DEFRANGE_CONSTVAL_ON_ENTRY and S_DEFRANGE_GLOBALSYM_ON_ENTRY from VS2022 17.2Pre3
  • 2410.012: Fixed leak of GDI objects when using more than one ListView column setup dialog at the same time

0.2.9.5 (2022-03-15)

PEAnatomist.exe SHA256: 6DBD896E26DF22EF551C0FD316F349B5C302DEE9E13092313635B561E58BBEAE

  • 230F.004: Fixed entropy graph drawing error on Windows 7 and newer

0.2.8.61 (2022-03-05)

PEAnatomist.exe SHA256: 095D3E8151A717F1F2EE76B4738A00AEA40840DA1FB368C69E6C2A22642480D6

  • 2109.002: Clarified description of Rich signature elements corresponding to VS 2017-2022 versions (e.g. 16.11.~8~)
  • 210D.005: Added display of information about IMAGE_DEBUG_TYPE_BBT (Basic Block Transformation): tool used and version of MS Vulcan DLL
  • 210D.007: Fixed CORCOMPILE_HEADER header parsing error for .NetFramework 4.6 - 4.6.2 (the structure layout is different)
  • 2113.015: Fixed program hang during import table parsing in some specific PEs in rare cases
  • 2113.018: Listview column widths are reset to default if rendered columns are manually set to zero width
  • 2113.019: Added a column with the value of the function length to the list of ExceptionsData x64 (PE, HybridPE, OBJ) (enabled by default instead of the "End Address" column)
  • 220A.025: Added support for IMAGE_FILE_MACHINE_POWERPCBE (Xbox 360) in PE, OBJ and MSVC CxxIL parser
  • 220B.029: Fixed error parsing MSVC CxxIL symbols for VS2008 and higher if compilation was done with the isTypedIL flag forcibly disabled
  • 220C.030: Fixed error displaying Rich signature in some PEs with a modified DOS stub (regression starting 0.2.6)
  • 220C.038: Added support for IMAGE_REL_BASED_HIGHADJ and description for corresponding target address
  • 220D.044: Fixed a number of minor errors in the string tokenizer of the program settings file
  • 2210.047: Fixed section enumeration error in OBJ files in rare cases (DEC Alpha)
  • 2217.060: Added a page describing the contents of IMAGE_DEBUG_TYPE_BBT

0.2.7.129 (2022-01-03)

PEAnatomist.exe SHA256: C9BA28BEA386B62E6C406B0DF44C944B02DAED157D849FB7D07BF2781EE255D3

  • 1B16.009: Fixed bug in RVA description for delayed import
  • 1B1A.010: Fixed bug with scaling delta value in IMAGE_DYNAMIC_RELOCATION_ARM64X
  • 1C01.011: Removed handling of irrelevant command line parameter "-pe"
  • 1C01.012: An instance of the program will not start after a message about an unknown file format if it is loaded from the command line
  • 1C01.016: Eliminate starting a new instance of the application in the case of an unknown file format on the command line if the limitation for one instance is enabled
  • 1C04.041: Slightly updated appearance of the entropy graph
  • 1C04.049: Fixed a number of inaccuracies in the drawing of the entropy graph and the tooltip contents
  • 1C04.050: Accelerated search with selection of all found lines in some cases
  • 1C08.066: Added calculation of entropy by "sliding window" with configurable block overlap for the graph
  • 1C08.067: Fixed behavior during TabStop navigation on some tabs of the program settings dialog
  • 1C09.068: Fixed IMAGE_LOAD_CONFIG_DIRECTORY parsing error on some files created by linker from VS2002 pre-release versions
  • 1C0A.073: Fixed RT_VERSION parsing error for resources created by some versions of RC/CVTRES from VS98-2003
  • 1C13.078: Added optional display of the second line on the entropy graph with values calculated without block overlap, if the corresponding mode is enabled
  • 1C15.083: Fixed error in processing the exception table for emulated architecture code in hybrid PE (ARM64EC)
  • 1C15.085: Added collection of information about exception handlers (x64, ARM64) for describing RVA in emulated architecture code in hybrid PE (ARM64EC, ARM64X)
  • 1C15.093: Added a page describing WoW thunks in hybrid PE (ARM64EC, ARM64X)
  • 1C1A.101: All selected lines retain their state after sorting virtual lists, previously only the first of the selected lines was
  • 1C1D.120: Added multiple saving to file for resources from PE and records from LIB
  • 1C1E.125: Fixed a minor error in resolving an Apiset host in very rare cases (if the data for resolving in an external library was corrupted)
  • 2101.128: Fixed error reading .NET metadata in some PE due to incorrect address alignment

0.2.6.126 (2021-11-08)

PEAnatomist.exe SHA256: C31A62F8473A37F5D0B5C0120A19A2E210F0B78D6FBCBF05BC7F6E4589D7C532

  • 181C.002: Fixed a bug with splitting long records from the ListView header into multiple lines when copying to the clipboard with column justify
  • 190B.010: Fixed parsing of delayed import table for some compressed PE files
  • 190B.011: Fixed token description error in .NET VTableFixups table
  • 190F.012: Register names and CodeView symbols (S_HYBRIDRANGE) from VS 16.11 and 17.0Preview4 have been updated
  • 1910.016: Changed display order of Rich-signature records
  • 1910.018: Clarified interpretation of some build numbers from Rich signature (WCE Platform Builder)
  • 1A05.045: Corrected sorting of ExceptionsData tables for ARM Thumb and ARM64 in PE and OBJ, slightly accelerated sorting of other tables
  • 1A0D.060: Expanded dataset for describing CoffGroups in the IMAGE_DEBUG_TYPE_POGO table
  • 1A10.070: Fixed a bug with parsing the import table for some modified PE (Mal: Kelios)
  • 1A11.073: Fixed a bug with detecting invalid resources in compressed PE
  • 1A15.086: Fixed a bug with displaying the name of the FramePointer register in the S_FRAMEPROC CodeView symbols for ARM64 and ARM64EC
  • 1A1D.097: Slightly simplified the procedure for enumerating PE resources
  • 1A1E.102: Fixed OOB reading of .NET VTableFixups table in some cases
  • 1B06.121: Numerous minor fixes and minor optimizations
  • 1B08.125: Updated the CodeView symbol (S_SOURCELINK) from VS 17.1Preview1 and the IMAGE_LOAD_CONFIG_DIRECTORY structure (22478+)

0.2.5.267 (2021-08-25)

PEAnatomist.exe SHA256: F759677D747651D4C6242A3F04EAFE2476FDEAD77A4B62DDBD93DE38971A579F

  • 161B.008: Added display of the full path to records in LIB files, long paths are limited to the file name and the initial part of the path
  • 161B.013: Added parsing of ECSYMBOLS record in LIB files (ARM64EC specific symbols)
  • 161C.015: Fixed bug with saving LIB file entries with invalid characters in the default filename
  • 161C.016: Updated some ARM64EC related structures from WDK 22000
  • 1708.038: Added description of IMAGE_IMPORT_CONTROL_TRANSFER_DYNAMIC_RELOCATION elements with index 0x7FFFF in the DynamicData Relocationss
  • 170F.069: Slightly sped up ListView sorting
  • 170F.070: Fixed sorting of the READYTORUN_IMPORT_SECTION list (for R2R and NGEN)
  • 1713.088: The number of recent files became customizable
  • 1714.091: Fixed IP2StateMap enumeration error for MSVC __CxxFrameHandler4 (regression in 0.2.3)
  • 1717.100: Added support for Cxx20Modules in MSVC ILStore (CxxIL) parser and display of corresponding global symbols
  • 171B.106: Hiding a sorted column resets the ListView sort
  • 171C.113: Added optional loading of the last opened file, unless otherwise specified when starting the program
  • 171E.116: Added a submenu for copying individual columns to the clipboard if the ListView context menu was called from the keyboard
  • 171F.124: Added list sorting submenu to ListView context menu
  • 171F.127: Fixed a positioning error of the ListView context menu keyboard-called for the non-visible row
  • 1801.128: Fixed calculation of the allocated memory size for copying to the clipboard from ListView in case of adding a list header
  • 1801.129: Fixed line-by-line copying of the contents of the LoadConfig GFID table to the clipboard if the "XFG-hash" column is populated
  • 1803.142: Fixed error validating ListView settings, which could lead to the inability to display a hidden column
  • 1805.157: The error of copying a separate ListView column to the clipboard, leading to program crash due to possible buffer overflow, has been fixed
  • 1806.160: Fixed a bug with displaying the list of COFF symbols in PE and OBJ in the presence of long symbol names (more than 1000 characters)
  • 1808.175: Added a dialog for configuring ListView columns (show/hide, order) instead of the header context menu
  • 1808.182: Added the ListView header context menu for copying an entire column regardless of the selected rows
  • 1808.183: ListView header context menu command processing moved to WM_MENUCOMMAND
  • 1809.193: Added control of the columns order from the keyboard (CTRL + DOWN/UP/HOME/END) and using drag-n-drop in the ListView column settings dialog
  • 180B.198: Fixed error displaying additional COFF symbols for COMDAT sections in OBJ files if there is a second additional symbol
  • 180F.207: Significantly speeded up the construction of the ExceptionsData table in OBJ files
  • 1811.209: Fixed a bug with displaying long section names in the section table of OBJ files
  • 1811.211: Fixed a bug with indexing COMDAT sections with long names in OBJ files (the data in the ExceptionsData table could not be fully enumerated)
  • 1812.215: Added check of Reproducible PE file timestamp for hash value
  • 1813.220: Added the ability to search only in the selected rows of the ListView to search in several iterations by a set of criteria
  • 1813.223: Fixed the error of incomplete copying of rows from the ListView to the clipboard if the content of at least one cell was longer than 1000 characters
  • 1813.230: Small optimization of memory consumption while copying rows from ListView to clipboard with column justify
  • 1817.261: Added configurable splitting of long ListView cells into multiple lines when copying to the clipboard with column justify

0.2.4.42 (2021-06-08)

PEAnatomist.exe SHA256: 92BB453000C526D799F8417C95812831D57DA8E54206C7DFE4F76BFE8F748B49

  • 150F.001: Added unwinding code for ARM64 Pointer Authentication extension instructions (InsiderPreview 21382)
  • 1511.003: Added a column with the unwind chain depth in the x64 ExceptionsData table (hidden by default)
  • 1511.004: Fixed a bug with enabling ListView columns hidden by default after restarting the program (regression from version 0.2.0)
  • 1516.013: Fixed crash during parsing of corrupted COFF symbol table in PE files
  • 1517.015: Fixed the old error of displaying the "Security" tab for PE files in some cases
  • 1518.016: Fixed error in validation of program window position settings if opposite sides of the window go beyond the desktop (regression from version 0.2.0)
  • 151B.021: Added entropy plotting
  • 151B.025: Added entropy calculation settings for plotting and plot display settings
  • 1601.032: Added a hint about the fileoffset and the corresponding section under the cursor on the entropy plot
  • 1604.033: The last active tab of the settings dialog is restored after reopening
  • 1608.040: Added optional labels for section boundaries on the entropy plot

0.2.3.76 (2021-05-09)

PEAnatomist.exe SHA256: 6D7AE0FB725B07E4C264ED79854556A3D270824307F421521BB22FE0A668236C

  • 1319.000: Fixed the Statusbar value of the focused line for an empty ListView in certain situations
  • 131A.001: The possible freeze of the program after the search resumed, if the contents of the list have been changed
  • 131B.007: Added definition of the function beginning and its description on the LoadConfig GuardEHContinuations tab for x64
  • 131B.008: Fixed displaying the type index in the CodeView types table in OBJ files if PCH is used (regression of version 0.2.2)
  • 140B.011: Optimized display of status information from ListView for very large lists
  • 140B.014: Added display of additional Function (.bf, .ef) and FunctionSym symbols in the COFF symbol table of OBJ files
  • 140C.015: Fixed erroneous display of INT value in CFG IAT table if import is performed by ordinal (regression of version 0.2.2)
  • 140D.017: Added XFGHASHMAP parsing in LIB files
  • 140F.022: Added collection of information about exception handlers (x64, ARM, ARM Thumb, ARM64, IA64) and COFF symbols for describing RVA in PE files
  • 1410.025: Accelerated display of COFF symbol table in PE files, added display of some additional symbol records
  • 1411.029: A 'Column' drop-down list in a searching dialog is disabled if only fulltext search is available (i.e. only one search option)
  • 1413.031: Added export of GFID bitmap to file
  • 1415.032: Fixed a bug with parsing the resource table in PE files if IMAGE_RESOURCE_DATA_ENTRY is placed at the end of the table
  • 1416.038: Added optional display of full paths in the recent files list, long paths are limited to the file name and the initial part of the path
  • 1416.039: Changed the format of the main window title, the name of the loaded file is displayed first now
  • 1417.045: Eliminated redundant work with the menu when loading files and generating a list of recent files
  • 1418.046: Added OS shell notification about file associations changing
  • 1419.049: Added optional tooltip with description of RVA calculated in FLC (disabled by default)
  • 141A.053: Added definition of the function beginning and its description on the LoadConfig GuardEHContinuations tab for ARM64 (InsiderPreview 21364)
  • 141B.055: Fixed error displaying multiple values of the "Translation" key in RT_VERSION resources
  • 141B.057: Added a column with functions description in the ExceptionsData table for all supported architectures (for x64, ARM Thumb and ARM64, some columns are now hidden by default)
  • 1505.059: Fixed error displaying SEH Scope on the ExceptionsData page for ARM7/ARM LE in some cases
  • 1507.060: Added a separate tab for the ARM64 unwind chain on the ExceptionsData page
  • 1507.072: Added recognition of some types of exception handlers for all supported architectures
  • 1507.073: Added a column with the type of exception handlers in the ExceptionsData table, the column with the handler's RVA is hidden by default
  • 1508.074: Fixed a rare error filling information from the export table for the RVA description

0.2.2.58 (2021-03-25)

PEAnatomist.exe SHA256: DB32FA0BDB8D056E216FD2D0C6266FC1616068D72C1035CC0B9D0B8FF37E70D8

  • 1305.000: Fixed display of the CodeView type name in the description if the type index is not specified
  • 1307.001: Fixed error displaying manifest text from PE resources in rare cases
  • 1307.003: Added support for IA64, MIPS and Hitachi SH4 architectures in the CxxIL parser
  • 1308.006: Fixed CxxIL parsing error for MSVC from VS2008Beta1
  • 1309.007: Fixed infinite parsing of IMAGE_DIRECTORY_ENTRY_BASERELOC table in rare cases
  • 1309.008: Fixed error of IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG display for some files created by linker versions below 6.0
  • 1309.010: Fixed possible erroneous OBJ file recognition (regression of version 0.2.1)
  • 130D.019: Cleaning and optimization of the parser for the ARM Thumb and ARM64 unwind codes
  • 130F.022: Added a textual description of the epilogue execution condition for ARM Thumb unwind codes
  • 130F.023: Fixed error displaying the epilogue execution condition for ARM Thumb unwind codes if the epilogue is specified as the only one (flag E)
  • 130F.028: Added calculation of the epilogue beginning for the ARM Thumb and ARM64 unwind codes, if the epilogue is specified as the only one (flag E)
  • 1311.029: Fixed light error in defining VS2017-2019 minor version in Rich signature (regression of version 0.2.1)
  • 1311.030: Fixed error displaying values from IMAGE_DELAYLOAD_DESCRIPTOR.UnloadInformationTableRVA in the delayed import table
  • 1312.044: Fixed the mechanism for filling information for the description of RVA in PE, added detection of new information
  • 1312.045: Accelerated display of the GFID table
  • 1313.046: Simplified procedure for loading some files
  • 1315.051: The storage of information for the description of RVA in PE files has been transferred to a hash table, the search time for the description for RVA has been significantly reduced
  • 1318.053: Ctrl+Insert can be used along with Ctrl+C to copy information from the ListView to the clipboard
  • 1318.057: The set of status information from the ListView has been expanded, there are: focused row number, total count of rows, count of selected rows

0.2.1.125 (2021-03-04)

PEAnatomist.exe SHA256: BC52CBE85FD779878F0E06624C2BF8A2A4995EBBBD381A400385AE01620B531A

  • 110B.009: Significant improvement to the MSVC ILStore (CxxIL) symbols parser and increased compatibility with different VS versions
  • 1111.027: Decoding of local symbols table (.cil$sy) of MSVC ILStore (CxxIL) format in OBJ files
  • 1117.033: Displaying the line number of the beginning of the function in the source file in the description of symbols MSVC ILStore (CxxIL)
  • 1117.034: Fixed display of source file names in MSVC ILStore (CxxIL) symbols descriptions for VS 2002 and 2003 versions (encoding is not UTF8)
  • 1118.035: Fixed decoding of LF_POINTER in CodeView and MSVC ILStore (CxxIL) type tables if the described type is a pointer to a class member
  • 1119.036: Changed the names of some keys in the configuration file for portability in future versions
  • 111B.039: Fixed display of CodeView type description in MSVC ILStore (CxxIL) tables, if debug information is moved to PDB
  • 111C.046: Fixed error displaying the incorrect name in the description of a CodeView type referenced by another type or symbol (in rare cases)
  • 1201.071: Accelerated access to sections and their data in OBJ files
  • 1205.081: Added support for ExtendedObj files (a.k.a. BIGOBJ, obj files with more than 0xFEFF sections)
  • 1207.094: For some types of CodeView debug information, a more detailed description is available (for example, for LF_POINTER, LF_MODIFIER, LF_ARRAY and LF_BITFIELD, the description of the type to which they refer and some properties are displayed)
  • 120C.110: Clarified interpretation of data from Rich signature
  • 121B.116: The program license was changed from MIT to Freeware (the text of the License Agreement is located in the "Readme" file)
  • 1303.122: Fixed a bug with parsing version information from the resources section in some cases
  • 1304.123: Fixed error getting a member name for LIB archives created by BSD-compatible toolkit
  • 1304.124: Support for ARM64EC in OBJ files

0.2.0.370 (2021-01-04)

PEAnatomist.exe SHA256: 8E6D8EF4D5691A8FFC22377C45FC00E3CE90FD7F47E1F8D2CDBA914885477BEF

  • Minor optimization and cleaning of list sorting code
  • Background color of resource properties dialog and hexview changed to standard for the used control
  • Cleaning headers, unifying declared data types, dividing code into independent modules
  • Fix display error for the symbols CV_COMPILESYM and CV_COMPILESYM3
  • Update register names and CodeView symbols from VS 16.8 and 16.9Preview
  • Add display of the COFF symbol referenced by the CLR token in the COFF symbol table
  • Add display of CLR token in CodeView symbols
  • Fix error displaying RT_STRING resource as text in rare cases
  • Fix error in defining COFF-symbol of exception handler in x64 OBJ-files
  • The used data types from CoreCLR 5 have been updated
  • Fix a crash when displaying the contents of the metadata tables of some obfuscated or compressed .NET files
  • Change .NET metadata streams description - stream RVA is displayed now
  • Fix matching RVA to offset for some alignment and section parameter combinations in PE files compiled by MinGW
  • Fix displaying a DelayImport table with incorrect content (regression starting 0.1.8)
  • Fix matching RVA to offset in case of forced loading of PE without sections
  • Add .NET Vtable Fixups display
  • Fix a rare error with displaying the name of some Codeview types in the pivot table (an incorrect name could be displayed if in fact it was of zero length)
  • Add decoding of MSVC ILStore symbol table (.cil$gl) in OBJ files (x86, x64, ARMThumb, ARM64) for VS16.8
  • Change the appearance of the main window in the absence of a loaded file
  • Add description for selected symbol in the MSVC ILStore symbol table
  • Add correction of indexes in the MSVC ILStore table of types in case of using PCH
  • Add description of types by their index in all supported MSVC ILStore tables
  • Add description of MSVC ILStore symbols referenced by selected symbol from table .cil$gl
  • Add parsing of CHPE configuration header and DynamicDataRelocations table for hybrid x64-over-ARM64 images (arm64x) from InsiderPreview 21277
  • Add x64 ExceptionsData table for hybrid x64-over-ARM64 images (arm64x)
  • Add parsing of ARM64 unwind codes for SIMD registers
  • Fix detection of the ARM64 unwind chain
  • New view of the settings dialog, division of settings into new categories
  • Add formatting settings for text copied to the clipboard from program tables
  • Fix error reading CodeView C13 subsections in some cases (most often it appeared on CodeView created by early versions of tools from VS2002 and VS2003)
  • Add search settings: remembering the last query and saving the selected starting position of the search
  • Add search options for text: match only from the beginning of a string, inversion of search results (i.e. search for strings where the desired text is absent)
  • Fix error displaying the "Parent Offset" parameter in the CodeView symbols S_DEFRANGE_REGISTER_REL and S_DEFRANGE_REGISTER_REL_INDIR
  • Fix error of reading MSVC ILStore type table when there are nested tables
  • Add support for decoding MSVC ILStore symbol table for all public versions of VisualStudio (7-16.9Preview2)
  • Add the ability to select all found lines for text search
  • Prevent unclosed search dialog from being used after destroying its associated ListView
  • Configuration file format has been changed to text view

Releases list