jump to navigation

PE iDentifier v 0.95 (PEiD) October 29, 2008

Posted by reversengineering in DETECTOR, TOOLS.

from http://www.peid.info
“PEiD v0.95 is now available for download.
PEiD 0.95 got released to stall for the comming 1.0 version and to show that we are still alive.
If you have any questions visit the forum: PEiD Forum”
PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 470 different signatures in PE files.

PEiD is special in some aspects when compared to other identifiers already out there!

1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown files.
4. Shell integration, Command line support, Always on top and Drag’n’Drop capabilities.
5. Multiple file and directory scanning with recursion.
6. Task viewer and controller.
7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
8. Extra scanning techniques used for even better detections.
9. Heuristic Scanning options.
10. New PE details, Imports, Exports and TLS viewers
11. New built in quick disassembler.
12. New built in hex viewer.
13. External signature interface which can be updated by the user.

There are 3 different and unique scanning modes in PEiD.

The *Normal Mode* scans the PE files at their Entry Point for all documented signatures. This is what all other identifiers also do.

The *Deep Mode* scans the PE file’s Entry Point containing section for all the documented signatures. This ensures detection of around 80% of modified and scrambled files.

The *Hardcore Mode* does a complete scan of the entire PE file for the documented signatures. You should use this mode as a last option as the small signatures often tend to occur a lot in many files and so erroneous outputs may result.

The scanner’s inbuilt scanning techniques have error control methods which generally ensure correct outputs even if the last mode is chosen. The first two methods produce almost instantaneous outputs but the last method is a bit slow due to obvious reasons!


Snaker, Qwerton, Jibz



About these ads


1. Zero Wine | PenTestIT - February 26, 2009

[…] PE iDentifier v 0.95 (PEiD) « Reverse Engineering b10g | REM […]

2. vvu5 - December 17, 2009


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 45 other followers

%d bloggers like this: