From Collaborative RCE Tool Library
CFF Explorer Extensions
| Tool name: | Ultimate Aspacker Unpacker |
| ||
|---|---|---|---|---|
| Author: | Pnluck | |||
| Website: | http://quequero.org/Category:Pn | |||
| Current version: | ||||
| Last updated: | ||||
| Direct D/L link: | http://quequero.org/uicwiki/images/Uau_rar.zip | |||
| License type: | Openware / Freeware | |||
| Description: | The Ultimate Aspacker Unpacker is an Aspack 2.12 offline unpacker extension for the CFF Explorer which supports any kind of PE file. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Header Pack Script |
| ||
|---|---|---|---|---|
| Author: | Daniel Pistelli | |||
| Website: | http://ntcore.com | |||
| Current version: | 1.0.0.1 | |||
| Last updated: | ||||
| Direct D/L link: | http://ntcore.com/Files/richsign/HeaderPack.cff | |||
| License type: | Freeware/Open | |||
| Description: | This neat little script does the following: -- packs the dos header + PE header + section headers -- removes useless things like the Rich Signature -- removes linker references inside the PE header -- strips the debug information (if any) from the PE -- if it's a .NET, removes Strong Name Signature -- updates checksum The header produced by this script comes, as I said, without DOS stub: I don't think it will be missing in 2008. The most efficient way to use this script is to execute it automatically after every linking. The PE header could be packed even more (for example one could reduce the data directory entries), but this goes beyond what I wanted to do: I just wanted my executables to be garbage clean. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | PE Validator Script |
| ||
|---|---|---|---|---|
| Author: | Daniel Pistelli | |||
| Website: | http://ntcore.com/ | |||
| Current version: | 1.0.0.1 | |||
| Last updated: | ||||
| Direct D/L link: | http://ntcore.com/Files/PEValidator.cff | |||
| License type: | Freeware/Open | |||
| Description: | A simple script for the CFF Explorer which detects some of the most common PE integrity problems. Some of the things checked by this script: -- check CRC32 (useful for drivers) -- check number of rva and sizes -- check image size -- check sections -- check that EP is valid -- check that EP is in code -- check that the EP section is executable -- check data directories RVAs -- check whether the API IsDebuggerPresent is imported | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | QuickUnpack CFF Explorer Extension |
| ||
|---|---|---|---|---|
| Author: | Shub-nigurrath | |||
| Website: | http://arteam.accessroot.com/releases.html | |||
| Current version: | 1.0 | |||
| Last updated: | January 24, 2008 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free | |||
| Description: | Extension for CFF Explorer. This is an adaptation of the already released QuickUnpack DLL (http://www.woodmann.com/collaborative/tools/index.php/QuickUnpack_DLL), which is in turn based on the original QUnpack sources (by FEUERRADER of AHTeam). | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Resource Tweaker |
| ||
|---|---|---|---|---|
| Author: | Daniel Pistelli | |||
| Website: | http://ntcore.com/restweaker.php | |||
| Current version: | 1.0.0.1 | |||
| Last updated: | ||||
| Direct D/L link: | http://ntcore.com/Files/ResourceTweaker.zip | |||
| License type: | Freeware | |||
| Description: | Resource Tweaker is an extension for the CFF Explorer, which makes it possible for older resource editors such as Resource Hacker to edit PE64 files (you can edit all non-x86 PEs). Win32 resources haven't changed much (what changed are bitmaps, icons, cursors which can be edited with the CFF Explorer), although the PE format has. It doens't make much sense to reinvent the wheel, since, through this extension, you can keep using your favourite resource editor. This extension works 100%. | |||
| Also listed in: | (Not listed in any other category) | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
