《2024Windows安全工具手册.docx》由会员分享,可在线阅读,更多相关《2024Windows安全工具手册.docx(42页珍藏版)》请在优知文库上搜索。
1、WindOWS安全工具锦集PE工具%PEiDPEiD是一款著名的PE侦壳工具,可以检测PE常见的一些壳,但是目前已经无法从官网获得:iPEiDv.95File:Q檄EXEInfoPE这是一个PE侦壳工具,PEiD的加强版,可以查看EXE/D1.1.文件编译器信息、是否加壳、入口点地址、输出表/输入表等等PE信息:Diagnose*1.amerInfb-HdpHint-Unpackinfo一,Scan/tExeinfoPE-ver.0.0.5.6by-1044+78sign2019.04.10-File:EntryPoin=ileOffcet.inkerInfice,J,:I口:IjSubsys
2、temPEFieSize:Overlay:下载地址:http:/www.exeinfo.xn.pl/与DetectItEasyDetectItEaSy是开源的PE侦壳工具,支持跨平台使用,有WindoWs、1.inux.MacOS多个可用版本:,M3etectItEasy1.01Filename:.ScanScriptsPlugins1.ogBOptionsAboutMiiiiiiiiiiiiiIiiBaoiOMD%深信服千里目安鳏室。CFFExplorer一款优秀的PE32&PE64编辑工具,使用CFFEXPlorer查看和编辑PE文件是极其方便的,并且它完全支持.NET文件格式:3CFFE
3、xplorerVlllIuciodallaCFileSettings?陵40IscografiacompleteIuciodalla-dtcografiacom-PropertyValueIPIetdFileNameFileTypeC:Users30537AppData1.ocalTempBNZ.5d882d4d146ab32.1)DosHeader国NtHeaders1国RteHeaderMSiJOptionalHeaderUDataDIreCtofleS卜JSectionHeaders国uJExportDirectory口ImportDrectoUPXUtilHyPortableExecu
4、table32FileInfoMicrosoftVisualC+8FileSize6.25MB(6549824bytes)PESize207KB(211968bytes)CreatedMonday12August2019,16.04.29ModifiedMonday05August2019,19.49.21AccessedMonday23September2019,10.26.26MD5D6D388E0883F8CFEA196BA1C8FB32043SHA-1EC69A9B5D7DA3085C2BBC852BA590F64757EDEBFPropertyValueEmptyNoaddition
5、alinfoavailable深信服千里目安全实验室檄StudyPEStUdyPE是一个PE32&PE64查看分析集成工具,具有强大的PE结构处理分析功能,但其查壳方面的功能略显薄弱:.StudyPE+(86)1.09beta0Iudodalla-discografiacompleta.exe调试/反编译工具。OIIyDbgRing3级调试器,支持插件扩展功能,唯一不足的是OD是一个32位调试器,不支持调试64位程序。官方给出的原版程序是无插件的,有需要的童鞋可以在吾爱破解论坛自行搜索:jfOlIyDbg-Iuciodalla-discografiacompleta.exe-CPU-maint
6、hread,moduleIUCiO_dICFileViewDebugOptionsWindowHelp-TfilX同UX上IjlIUil到/四里I9j因回回;旦I三U0041D98B$E885630008CA1.1.Iucioda.0423D15RPOiGtQrG(FPlB41D99000410995.E978FEFFFFS8BFFJMPlucio.da.041D80DMOUEDUEDIECX7621116200000000kerel32.Bas041D9970041D998.55.8BECPUSHEBPMOUEBP,ESPEDXEBX041D98B7FFDE00012FF8C012FF94l
7、ucio_da.Mo0041D99O0041D99B.56.8D4508PUSHESI1.EflEOXrDWORDPTRSS:CEBP+8ESPFRP041D99E.50PUSHEOXArglE041D99F8BF1MOUESUECXEllI00000000041D9A1.E882FCFFFFCO1.1.Iucioda.41D6281.lucio_d0041D9A6.C70638B2420MOUDWORDPTRDS:CESI,Iucioda.042B23:EIP041D98Blucio-da.Mc041D9AC41D9fiE041D9AF041D9B0041D9B33BC6.SE50I.C20
8、400.C7138B2420MOUEQXrESIPOPESIPOPEBPRETN4MOUDWORDPTRDSxCECXlr1.ucio_da.42B23?7介ZAPCQl019ES0023CS01BSS0023DS02332bit0(FFFF32bit0(FFFF32bit(FFFF32bit0(FFFF32bit7FFDFNU1.1.041D9B9.E937FDFFFFJMPIucioda.41D6F5T0D00GS00041D9BE8BFFMOUEDI,EDI0041D9C041D9C1.55.8BECPUSHEBPMOUEBPrESP1.astErrERRCIR_SUCCES041D9C
9、3.56PUSHESIEF1.00000246(NO,NB,E,BE,0041D9C4041D9C6.8BF1.C70638B2420HoUESIECXMOUDWORDPTRDSstESIJ,1.ucio.da.0042B23CI1_1_AAA4C/1.1.STSTlenpty0.0enpty0.000423D15=lucida.00423D15ST2empty0.0ST3enty.0SI4enpty0.STSenpty.0AddressHedumpASCIIG12FF8H762111747FFDE000012FFD47737B3F57FFDE007775B4BD000000000000000
10、07FFDE00yy00000000000000000000临唐黎RETURNtokwRETURNtont043000004300800430010043018004302004300280043005O04303801143C411004300480U4300SU04300580B24202E3F41575F45584968Q6420076933F4380917E25Al2C12El00F2CO4F68R6420。292945454629292901111050003452415254440DD0E8917CZD032B074IF8A09COC8815FFFFFFFF064646460946
11、46462929290146464645.7AW4RAR_EXlTh.?V?CW2?JNt逐.0h.FFF)EE.FFFF)ktFFFEuuu0012FF94012FF988012FF9C012FFfi0012FFfl40012FFA812FFRC0012FFB012FFB4012FFB8Analysinglucio_da:800heuristicalprocedures,519callstoknown,525callstoguessedfunctionsPaused强WinDbg支持WindoWS平台,用户态和内核态的调试器,有图形界面和命令行两种调试方式。其强大的内核调试功能收获了众多的追
12、捧者:FileEditViewDebugWindowHelpI瞄即国党蕤加科干介IM(DE)R回口比国口口因其)拨IAA圜Xommand*1* Syabolloadingmaybeunreliablewithoutasymbolsearchpath* Use.symfitohavethedebuggerchooseasymbolpath.* Aftersettingyoursymbolpathzuse.reloadtorefreshsymbolIoc*3ExecutablesearchMod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:Mod1.oad:0040000077320000761c000075510000740900007633000077500000757d0000774f00007594000075770000758a0000766d000076580000759e0000766200007
免费区 