Понятно, что пользовать программы достаточно умный человек. Reversing Engineering привлекает далеко не простых глупых людей, но тем неменее нужно бы решить проблему с этим warning-ом. Возможно дописать мини-инструкцию куда-либо с описанием почему оно появляется и чем грозит, если грозит, пользователю? Если ничего нельзя сделать, то пояснить как пользователю это поправить у себя в системе

Sorry to bother, but do you have any Idea on how to calculate the entry point of a PE Executable. Since the source code is unavailable I have no idea on how petools does it and was wondering you could tell me.

Section Add - Virtual Address Alignment

Info

Incorrect calculation of Virtual Address while adding new section.

Details

Example with PETools.exe. Adding section, getting wrong values.

How to reproduce:

• Open PETools.exe in PE Tools (not running copy, sure).
• Open Section Editor -> Add Section

Two last sections details after adding new section

Previous section:

New section:

Source to fix

• SectionsDlg.cpp
  • CreateSectionsDlg
  • AddNewSection
  • AddSection_File
  • AddSection_FillZero
  • AddSection_HeaderOnly

See https://www.virustotal.com/#/file/8fd1a1cc1a253fd58693c181895d392ba20fc2a638aaecbc2e8f5d004db8fc27/detection
Why is this?

What is this new version doing that would cause half the world's AVs to flag it, and make Chrome refuse to download it with no option to continue at own risk?

https://www.virustotal.com/gui/file/2198c71f1bbf4809a1f4af58e0b11aac9c33edfee0be7ef29f6fe798dc7b6e8d/detection

v1.5 only triggers 3 AVs, and isn't flagged by Chrome.

Info

It is not clear why the disassembler shows just 2 bytes decoded
Expectation is to have all the section (or say 1K) to be disassembled

Details

Drop a file onto the tool, go to the Section Editor
Locate .text section (this is a file compiled by MS VS)
Right click - Disassemble Section
just 2 bytes (CC) being disassembled:
http://prntscr.com/jg8go0

is it a known limitation or... ?

At the same time other sections when asked are showing way much more asm lines

I am trying to dump a program that is 64-bit, for some reason it doesn't let me.

I recorded a video of me trying to dump the program which can be viewed here:

Is there anything that I am doing wrong? I am using the latest version from GitHub + the program opens as administrator, so I have no idea what I am doing wrong. Thank you!

By some reason change the DLL Names on Import Directory is not possible with this PE Tools build.
This don't occurs with olders PE Tools versions (tested with v1.5 RC7)

Files used: megatools-1.10.2-win32.zip (3833 kB) , https://megatools.megous.com/

Relocation listing interrupted when VirtualAddress is zero

Description

When IMAGE_BASE_RELOCATION.VirtualAddress is equal to zero, PE Tools interrupts listing of relocations. But Windows PE loader checks only address range (OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress.Size).

Discovery

Reported by ntldr

Why is this project being hosted on GitHub without its sources being available? Have you ever considered making it open? What is the point of hosting proprietary software on Git?

Info

Once you add a new dll into Import Section the existing "Digital Signatures" tab stops to show in File Properties

Details

Open up your exe with Digital Signature present
go to Directories -> Import Directory
Right click on dll list, click "Add Imports..."
Fill in

• new section name
• Dll name
• API name

click OK
Save your file

open up File properties in explorer - "DIgital SIgnatures" section is gone.

Here is a visual comparison of added section data (left) and old certificate data that was corrupted (right)

http://prntscr.com/jbcdnf

Tool used - http://prntscr.com/jbcee0

I downloaded PE Tools v1.9.762.2018, which was the latest release in this github repository, and extracted the 7z archive with WinRAR. When I tried to run it, avast warned me that it was a PUP. I put the exe file into virustotal, and got back bad results:
Virustotal Scan

The "File Alignment" Setting under "PE Rebuilder" in the preferences does not change the file alignment on the executable while rebuilding. It seems that the file alignment is defaulted to 1024 (400 in hex), regardless of the setting.