dsadasdsadasdasPE iDentifier v0.95 (2008.10.

21) by snaker, Qwerton, Jibz & xineo

hP
-----------------------------------------------------PEiD detects most common packers, cryptors and compilers for PE files. It can cu
rrently detect more than 600 different signatures in PE files.
PEiD is special in some aspects when compared to other identifiers already out t
here!
1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown file
s.
4. Shell integration, Command line support, Always on top and Drag'n'Drop capabi
lities.
5. Multiple file and directory scanning with recursion.
6. Task viewer and controller.
7. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
8. Extra scanning techniques used for even better detections.
9. Heuristic Scanning options.
10. New PE details, Imports, Exports and TLS viewers
11. New built in quick disassembler.
12. New built in hex viewer.
13. External signature interface which can be updated by the user.
There are 3 different and unique scanning modes in PEiD.
The *Normal Mode* scans the PE files at their Entry Point for all documented sig
natures. This is what all other identifiers also do.
The *Deep Mode* scans the PE file's Entry Point containing section for all the d
ocumented signatures. This ensures detection of around 80% of modified and scram
bled files.
The *Hardcore Mode* does a complete scan of the entire PE file for the documente
d signatures. You should use this mode as a last option as the small signatures
often tend to occur a lot in many files and so erroneous outputs may result.
The scanner's inbuilt scanning techniques have error control methods which gener
ally ensure correct outputs even if the last mode is chosen. The first two metho
ds produce almost instantaneous outputs but the last method is a bit slow due to
obvious reasons!
Command line Options
-------------------PEiD now fully supports commandline parameters.
peid
peid
peid
peid
peid
peid

-time
-r
-nr
-hard
-deep
-norm

//
//
//
//
//
//

Show statistics before quitting

Recurse through subdirectories
Don't scan subdirectories even if its set
Scan files in Hardcore Mode
Scan files in Deep Mode
Scan files in Normal Mode

peid <file1> <file2> <dir1> <dir2>

You can combine one or more of the parameters.

For example.
peid -hard -time -r c:\windows\system32
peid -time -deep c:\windows\system32\*.dll
Task Viewing / Control Module
----------------------------You can scan currently running tasks with PEiD. The files are scanned from memor
y. Processes can also be terminated. You can also optionally dump a module and s
can the dumped image. You can also view all dependant modules of the processes.
Multiple File Scan Module
------------------------You can scan multiple files at one go with PEiD. Just drag and drop the files on
the PEiD main dialog and the Multiple File Scan Dialog will popup displaying th
e results. You can keep dragging and dropping files onto this dialog as well. It
also offers you to choose from the different scanning modes and optionally load
a single file in PEiD. It allows you to skip the non PE files so that the list
looks clean. You can also scan the contents of a directory choosing files of cus
tom extension if required. MFS v0.02 now supports recursive directory scanning.
Disassembler Module
------------------You can have a quick disassembly of the file loaded in PEiD. Double click to fol
low JMPs and CALLs and use the Back button to trace back to the original positio
ns. You can copy disassembled output to the clipboard. A new CADT core with cust
om String Reference Finder has been cooked up.
CADT is coded by Ms-Rem.
Hex Viewer Module
------------------You can have a quick hex view of the file loaded in PEiD. A modified version of
16Edit by y0da is used for this purpose.
We intend to update the signatures quite often to keep pace with this ever evolv
ing scene :)
Please report bugs, ideas, new signatures or packer info to:
pusher -> sir.pusher(at)gmail(dot)com ( Administration / Coder )
snaker -> snaker(at)myrealbox(dot)com
Jibz
-> peid(at)ibsensoftware(dot)com
Qwerton -> qwaci(at)gmx(dot)net
ALL SUGGESTIONS, IDEAS, BUG REPORTS AND CRITICS ARE WELCOME.
History

------0.7 Beta

->

First public release.

0.8 Public
->
Added support for 40 more packers. OEP finding module. T
ask viewing/control module.
GUI changes. General signature bug fixes. Multiple File
and Directory Scanning module.
0.9 Recode
->
Completely recoded from scratch. New Plugin Interface w
hich lets you use extra features.
Added more than 130 new signatures. Fixed many detection
s and general bugs.
0.91 Reborn
->
Recoded everything again. New faster and better scanning
engine. New internal signature system.
MFS v0.02 now supports Recursive Scanning. Commandline P
arser now updated and more powerful.
Detections fine tuned and newer detections added. Very b
asic Heuristic scanning.
0.92 Classic
->
Added support for external database, independent of inte
rnal signatures. Added PE details lister.
Added Import, Export, TLS and Section viewers. Added Dis
assembler. Added Hex Viewer.
Added ability to use plugins from Multiscan window. Adde
d exporting of Multiscan results.
Added ability to abort MultiScan without loosing results
.
Added ability to show process icons in Task Viewer.
Added ability to show modules under a process in Task Vi
ewer. Added some more detections.
0.93 Elixir
->
Added sorting of Plugin menu items. Submenus are created
based on subfolders in the directory.
Added Brizo disassembler core. Added some more detection
s.
Fixed documented and undocumented vulnerability issues.
Fixed some general bugs.
Removed mismatch mode scanner which needs further improv
ements.
0.94 Flux

->

Too much is new to remember.

MFS, Task Viewer and Disassembler windows maximizable.
New smaller and lighter disassembler core CADT.
New KANAL 2.90 with much more detections and export feat

ures.
Added loads of new signatures. Thanks to all the externa
l signature collections online.
String References integrated into disassembler.
Fixed documented and undocumented crashes.
Fixed some general bugs.
0.95 Phoenix

Greets
------

->

Fixed some crashing bugs.

Minor Core update.

Qwerton, Jibz, CHRiST0PH, uno, DAEMON, MackT, VAG, SAC, Gamumba, SnowP and all t
he rest at uG, Michael Hering, tE!, pusher, {igNo}, Maxx, CoDE, BaND, Snacker, s
kamer, HypnZ, ParaBytes, Clansman, BuLLeT, Devine9, innuendo, Corby, cokine, AiR
W0lF, fxfighter, GodsJiva, Carpathia, _death, artik, r!sc, NoodleSPA, SiR_dReaM,
CHoRDLeSS, NeOXQuiCk, un4Giv3n, RZX, 7xS, LibX and all who helped with PEiD :)
snaker, Jibz, cokine, Iczelion, Clansman, Z-Wing, Unknown One/TMG, PeeWee, DnNuk
e, sinny/BAFH, all the other nice people in CiA, uG and all of you who helped us
develope PEiD. Thanks.
snaker, Qwerton, DAEMON, VaG, Parabytes, bse, f0dder, Stone, Michael Hering, Icz
elion, Steve Hutchesson, Eugene Suslikov, and everybody in #unpacking and #compr
ession.
Qwerton
- Hope you get time someday again, was nice working with you :)
Jibz
- You rock evil friend. Thanks for all your help. It's a pleasur
e working with you. Hope things work out!
Michael Hering - FILE INFO is still the absolute best. Your suggestions rock :)
uG2oo6
- Delicious Slumber!
MackT
- Thanks for all your help and for ImpREC of course ;)
Unknown One
- Spend more time with us :)
BaND
- Thanks for all your testing and help.
pusher
- Thanks for your help and all the testing and the constant enco
uragment ;)
Maxx
- Thanks for the encouragment, your code and suggestions should
be added next time :)
Kaparo & Aaron - Thanks for your sites :)
BoB
- Thanks for taking over the PEiD project, and the contribution.
We would also like to thank the *few* people who sent us their comments and feed
back about PEiD.
Also greetings to everyone who has supported PEiD till date. Without you this ne
w release would never be possible.
You can check out the PEiD homepage at http://www.peid.info and the PEiD Forums
at http://www.peid.info/forum
snaker, Qwerton, Jibz & xineohP Productions
-2008-