blackberry / pe_tree
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports.
☆1,304Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for pe_tree
- Windows kernel and user mode emulation.☆1,516Updated 7 months ago
- Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories☆1,106Updated 4 years ago
- Diaphora, the most advanced Free and Open Source program diffing tool.☆3,662Updated 2 months ago
- A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.☆1,279Updated 5 months ago
- PE-bear (builds only)☆769Updated last year
- pefile is a Python module to read and work with PE (Portable Executable) files☆1,880Updated 2 months ago
- IDA Pro utilities from FLARE team☆2,240Updated 3 weeks ago
- A Coverage Explorer for Reverse Engineers☆2,258Updated 4 months ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,104Updated 2 weeks ago
- FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.☆3,264Updated this week
- Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free…☆1,691Updated last month
- Reverse engineering framework in Python☆3,501Updated 3 months ago
- A Trace Explorer for Reverse Engineers☆1,328Updated last year
- Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…☆2,035Updated 2 weeks ago
- Set of tools to analyze Windows sandboxes for exposed attack surface.☆2,074Updated 3 weeks ago
- A curated list of awesome Ghidra materials☆1,174Updated 3 years ago
- ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja…☆2,038Updated 8 months ago
- Export disassemblies into Protocol Buffers☆1,045Updated 2 weeks ago
- Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)☆2,177Updated 3 weeks ago
- PE file viewer/editor for Windows, Linux and MacOS.☆992Updated this week
- Adversary tradecraft detection, protection, and hunting☆2,210Updated this week
- Hex-Rays Decompiler plugin for better code navigation☆2,407Updated 2 months ago
- Portable Executable parsing library (from PE-bear)☆648Updated 2 months ago
- Virtual Machine Introspection, Tracing & Debugging☆558Updated 2 years ago
- Scripts for the Ghidra software reverse engineering suite.☆1,036Updated 4 years ago
- AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,anal…☆1,089Updated 3 years ago
- Hook system calls, context switches, page faults and more.☆2,423Updated last year
- ☆779Updated 3 years ago