PE iDentifier v 0.95 (PEiD) October 29, 2008Posted by reversengineering in DETECTOR, TOOLS.
“PEiD v0.95 is now available for download.
PEiD 0.95 got released to stall for the comming 1.0 version and to show that we are still alive.
If you have any questions visit the forum: PEiD Forum”
PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 470 different signatures in PE files.
PEiD is special in some aspects when compared to other identifiers already out there!
1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown files.
4. Shell integration, Command line support, Always on top and Drag’n'Drop capabilities.
5. Multiple file and directory scanning with recursion.
6. Task viewer and controller.
7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
8. Extra scanning techniques used for even better detections.
9. Heuristic Scanning options.
10. New PE details, Imports, Exports and TLS viewers
11. New built in quick disassembler.
12. New built in hex viewer.
13. External signature interface which can be updated by the user.
There are 3 different and unique scanning modes in PEiD.
The *Normal Mode* scans the PE files at their Entry Point for all documented signatures. This is what all other identifiers also do.
The *Deep Mode* scans the PE file’s Entry Point containing section for all the documented signatures. This ensures detection of around 80% of modified and scrambled files.
The *Hardcore Mode* does a complete scan of the entire PE file for the documented signatures. You should use this mode as a last option as the small signatures often tend to occur a lot in many files and so erroneous outputs may result.
The scanner’s inbuilt scanning techniques have error control methods which generally ensure correct outputs even if the last mode is chosen. The first two methods produce almost instantaneous outputs but the last method is a bit slow due to obvious reasons!
Snaker, Qwerton, Jibz