├── ExStudPE_Visual_Tools_v1_6_4_Beta3_Rev2020.7z ├── README.md ├── images ├── a1.png └── a2.png ├── patch_lib └── ExStudPE_s.lib └── plugin_src ├── ExStudPE插件示例程式.cpp ├── ExStudPE插件示例程式.dsp ├── ExStudPE插件示例程式.dsw ├── ExStudPE插件示例程式.h ├── ExStudPE插件示例程式.sln ├── ExStudPE插件示例程式.vcproj ├── ReadMe.txt ├── StdAfx.cpp └── StdAfx.h /ExStudPE_Visual_Tools_v1_6_4_Beta3_Rev2020.7z: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/ExStudPE_Visual_Tools_v1_6_4_Beta3_Rev2020.7z -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ExStudPE Visual Tools 使用说明 2 | 3 | ## ~ 强大的PE/PE64/NE/LE/COFF/LIB/ELF 格式分析、调试、编辑工具 ~ 4 | 5 | 6 | ExStudPE Visual Tools 是一个扩展StudPE、LordPE等软件的用于PE(32位)、PE+(64位)、NE、Elf(32位)、Coff、Lib格式 7 | 二进制可执行目标文件(*.exe、*.dll、*.ocx、*.so、*.lib、*.obj、*.exp等)的分析、调试、十六进制编辑工具。 8 | 9 | 利用此工具可以方便的查找给定PE文件的一些常用的信息,如导入表、导出表、重定位表、资源、消息表、版本信息、PE附加数据等等。 10 | 11 | 同时可以方便地实现给定程序代码的反汇编功能,同时提供了快速定位的有效解决方案。 12 | 同时本程序也具有十六进制编辑器的基本功能。 13 | 另外,本程序集成了对于目标文件的简单的调试功能(包括虚拟机调试与实体机调试), 14 | 使用方便。特别适合于专业的PE分析研发人员使用。 15 | 16 | 17 | 18 | 不仅如此,新版本还增加了许多其他附加特性及插件,使用最新版本将会获得更好的操作体验。 19 | 20 | 21 | 22 | 本程序包括ANSI与Unicode两种版本,推荐使用稳定的Unicode版本。其运行界面大致如下所示: 23 | 24 | ![ExStudPE Visual Tools](https://github.com/tankaishuai/ExStudPE_Visual_Tools/blob/master/images/a1.png) 25 | 26 | 27 | 28 | 29 | 30 | # 基本信息: 31 | 32 | 当前版本:v1.6.4 Beta3 33 | 34 | 运行环境:WinXP / Vista / Win7 / Win8 / Win10 35 | 36 | 附加说明: 37 | 38 | (1)关于文件数据的查找方式: 39 | 40 | 直接十六进制方式查找:如:4D 12 37 (以一个空格隔开各个数据位) 41 | 42 | Ansi字符串查找:如:"VS_VERSIONINFO" 43 | 44 | Unicode字符串查找:如:L"VS_VERSIONINFO" 45 | 46 | 47 | 48 | (2)本程序提供了对于目标文件的简单调试功能,如果虚拟机能够正常成功加载,记住以下快捷键是很有必要的: 49 | 50 | F1:显示系统帮助信息 Ctrl+F1:显示本程序帮助文件 51 | 52 | F2:切换断点 Ctrl+F2:删除所有断点 53 | 54 | F3:设置函数断点 Ctrl+F3:清除函数断点 55 | 56 | F4:设置内存断点 Ctrl+F4:清除内存断点 57 | 58 | F5:刷新调试窗口 Ctrl+F5:显示/隐藏调试窗口 59 | 60 | F6:运行至目标位置 Ctrl+F6:运行至目标位置(带断点) 61 | 62 | F7:单步步入 Ctrl+F7:跳出至调用位置 63 | 64 | F8:单步步过 Ctrl+F8:运行至结束 65 | 66 | F9:运行至断点 Ctrl+F9:中断当前调试 67 | 68 | F11:加载扩展模块 Ctrl+F11:调试参数配置 69 | 70 | F12:显示调试帮助信息 Ctrl+F12:显示本程序帮助文件 71 | 72 | 73 | 74 | 如果虚拟机加载失败,本程序仅仅只是简单尝试运行目标程序而已。 75 | 76 | ![ExStudPE Visual Tools](https://github.com/tankaishuai/ExStudPE_Visual_Tools/blob/master/images/a2.png) 77 | 78 | 79 | -------------------------------------------------------------------------------- /images/a1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/images/a1.png -------------------------------------------------------------------------------- /images/a2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/images/a2.png -------------------------------------------------------------------------------- /patch_lib/ExStudPE_s.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/patch_lib/ExStudPE_s.lib -------------------------------------------------------------------------------- /plugin_src/ExStudPE插件示例程式.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/plugin_src/ExStudPE插件示例程式.cpp -------------------------------------------------------------------------------- /plugin_src/ExStudPE插件示例程式.dsp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/plugin_src/ExStudPE插件示例程式.dsp -------------------------------------------------------------------------------- /plugin_src/ExStudPE插件示例程式.dsw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/plugin_src/ExStudPE插件示例程式.dsw -------------------------------------------------------------------------------- /plugin_src/ExStudPE插件示例程式.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/plugin_src/ExStudPE插件示例程式.h -------------------------------------------------------------------------------- /plugin_src/ExStudPE插件示例程式.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 10.00 3 | # Visual Studio 2008 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ExStudPE插件示例程式", "ExStudPE插件示例程式.vcproj", "{4957D1F3-9C9F-4904-86C7-C4030B76C9BD}" 5 | EndProject 6 | Global 7 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 8 | Debug Unicode|Win32 = Debug Unicode|Win32 9 | Release Unicode|Win32 = Release Unicode|Win32 10 | EndGlobalSection 11 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 12 | {4957D1F3-9C9F-4904-86C7-C4030B76C9BD}.Debug Unicode|Win32.ActiveCfg = Debug Unicode|Win32 13 | {4957D1F3-9C9F-4904-86C7-C4030B76C9BD}.Debug Unicode|Win32.Build.0 = Debug Unicode|Win32 14 | {4957D1F3-9C9F-4904-86C7-C4030B76C9BD}.Release Unicode|Win32.ActiveCfg = Release Unicode|Win32 15 | {4957D1F3-9C9F-4904-86C7-C4030B76C9BD}.Release Unicode|Win32.Build.0 = Release Unicode|Win32 16 | EndGlobalSection 17 | GlobalSection(SolutionProperties) = preSolution 18 | HideSolutionNode = FALSE 19 | EndGlobalSection 20 | EndGlobal 21 | -------------------------------------------------------------------------------- /plugin_src/ExStudPE插件示例程式.vcproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/plugin_src/ExStudPE插件示例程式.vcproj -------------------------------------------------------------------------------- /plugin_src/ReadMe.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/plugin_src/ReadMe.txt -------------------------------------------------------------------------------- /plugin_src/StdAfx.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/tankaishuai/ExStudPE_Visual_Tools/229ae40f643f1fa4894fb104eaf25b5d1a54716c/plugin_src/StdAfx.cpp -------------------------------------------------------------------------------- /plugin_src/StdAfx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #if !defined(AFX_STDAFX_H__6DED42B4_7BBA_427E_BAB1_A24C1BF54D31__INCLUDED_) 7 | #define AFX_STDAFX_H__6DED42B4_7BBA_427E_BAB1_A24C1BF54D31__INCLUDED_ 8 | 9 | #if _MSC_VER > 1000 10 | #pragma once 11 | #endif // _MSC_VER > 1000 12 | 13 | 14 | // Insert your headers here 15 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers 16 | 17 | #include 18 | 19 | // TODO: reference additional headers your program requires here 20 | 21 | //{{AFX_INSERT_LOCATION}} 22 | // Microsoft Visual C++ will insert additional declarations immediately before the previous line. 23 | 24 | #endif // !defined(AFX_STDAFX_H__6DED42B4_7BBA_427E_BAB1_A24C1BF54D31__INCLUDED_) 25 | --------------------------------------------------------------------------------