From Collaborative RCE Tool Library

Jump to: navigation, search

dELTA EXE Analyzer

Tool name: dELTA EXE Analyzer
Rating: 0.0 (0 votes)
Author: dELTA                        
Website: http://www.woodmann.com/forum/showthread.php?t=5264
Current version: 1.0
Last updated: 2001
Direct D/L link: Locally archived copy
License type: Free
Description: Back in 2001 I wrote my own exe analyzer just for fun, while looking into the MZ and PE format. I never released it to anyone, but since it contains quite cool cave finding and cave analysis abilities, which I have never seen in any other program, I'll upload it here now for anyone to play with. You can also feel free to distribute it to anyone or upload it anywhere, I don't care.

But note that the program is just my own little ugly dirty hack, so I won't support it, the GUI isn't exactly the most beautiful, and I won't guarantee it won't crash and so on, but it has been quite stable while I have played around with it anyway.

It analyzes quite many aspects of the executable file, but one extra interesting and unique feature is the bunch of tools under "Extended executable info (PE)" ---> "File anatomy & offsets". It will give you details of all section padding areas (caves), and it will also automatically find any area inside the executable file which does not belong to any section (I actually found an alignment bug in a compiler/linker with this tool, which left a 512 byte block of null-bytes between two sections in the middle of the compiled file, ready to be exploited as a mega-size cave :)), including any data which is appended after the last section of the file. Quite useful sometimes. But the really juicy stuff will be found when you select a section in the box to the right and click "Show detailed map". It will the give you a graphical overview on the screen, of each and every single byte in that section. You can even click inside the graphic map to select any area and see what it is (click and hold down the mouse button and drag the mouse over the map for extra fun). This is very cool for "getting a feel" for how a certain linker/packer/whatever builds its sections, and also for finding "micro caves", consisting only of a few bytes, in the middle of a section! You can choose to display an analysis map of the free space or the used space of the selected section by clicking the radiobuttons on the upper right of the map.
Related URLs: No related URLs have been submitted for this tool yet


Screenshot:
Screenshot of DELTA EXE Analyzer


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Needs New Category  (3)