![]() ![]() The Libraries and Imports tabs show you the DLLs and other support files required by your program, and the functions it's using. (Malware will usually employ various tricks to hide this kind of information, but it's still worth a try.) Is it digitally signed, for instance? Targeted at 32 or 64-bit processors? Does it need administrative permission? And there are details about ASLR, DEP, SafeSEH, resources and more.Ĭlicking the Strings tab will then reveal any embedded text strings in the program - function names, paths, prompts, web addresses and more - which can be a useful way to figure out what it's doing. A detailed report appears almost immediately, and the first Indicators tab delivers plenty of useful information. Getting started, for instance, is as easy as dragging and dropping a program onto PeStudio. The program is aimed squarely at developers and Windows experts, but don't let that put you off - there are features here which everyone can use and understand. ![]() whether some sections are compressed, and more.PeStudio is a free and portable tool which uses static analysis (and other techniques) to help you discover more about suspicious applications.whether Structured Exception Handling - SEH Windows security mechanism is used. ![]() whether the Address Space Layout Randomization (ASLR) Windows security mechanism is used.whether the Data Execution Prevention (DEP) Windows security mechanism is used.Obsolete Functions that are exported and imported by an application.all functions that are forwarded to other libraries. ![]() all functions (also anonymous) that are exported by an application.all functions that are imported by an application.all libraries that are used by an application.PeStudio shows you much more details, like: How do you verify whether an application is 64-bit capable or if the Data Execution Prevention (DEP) or the Address Space Layout Randomization (ASLR) features are used? Do you want to be sure whether your application uses functions that have been recognized as obsolete, and thus presents a potential security risk for your customer's infrastructure?Īll these questions, and many more, can be answered easily with PeStudio! With PeStudio, you can inspect and thus validate any 32-bit or 64-bit application (*.exe, *.dll, *.cpl, *.ocx, *.ax, *.sys. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |