Created by Daniel Pistelli, Explorer Suite is a free suite of tools including a process viewer and a PE editor called CFF Explorer.
The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support etc. First PE editor with support for .NET internal structures.
Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources (who are dumpable as well). The suite is available for x86, x64 and Itanium.
The process viewer makes it possible to view information about your processes and modules. The version information for each PE makes it very easy to identify files. Also, you can dump PEs or memory regions. You can also choose to open a loaded PE with the CFF Explorer. If you're on x64 or Itanium you cannot run a 32bit version of this tool: you have to install the proper version for your processor.
Explorer Suite has been designed to make PE editing as easy as possible without losing sight on the portable executable's internal structure.This application includes a series of tools which might help not only reverse engineers but also programmers. It offers a multi-file environment and a switchable interface.
Also, it's the first PE editor with full support for the .NET file format. With this tool you can easily edit metadata's fields and flags. If you're programming something that has to do with .NET metadata, you will need this tool. The resource viewer supports .NET image formats like icons, bitmaps, pngs. You'll be able to analyze .NET files without having to install the .NET framework, this tool has its own functions to access the .NET format.
Here are some key features of "CFF Explorer":
· Process Viewer
· Windows Viewer
· PE and Memory Dumper
· Full support for PE32/64
· Special fields description and modification (.NET supported)
· PE Utilities
· PE Rebuilder (with Realigner, IT Binder, Reloc Remover, Strong Name Signature
· Remover, Image Base Changer)
· View and modification of .NET internal structures
· Resource Editor (full support for Windows Vista icons)
· Support in the Resource Editor for .NET resources (dumpable as well)
· Hex Editor
· Import Adder
· PE integrity checks
· Extension support
· Visual Studio Extensions Wizard
· Powerful scripting language
· Dependency Walker
· Quick Disassembler (x86, x64)
· Name Unmangler
· Extension support
· File Scanner
· Directory Scanner
· Deep Scan method
· Recursive Scan method
· Multiple results
· Report generation
· Signatures Manager
· Signatures Updater
· Signatures Collisions Checker
· Signatures Retriever
What's New in This Release: [ read full changelog ]
· Fixed a lot of bugs
· Fixed a minor bug in the MetaData tables
· Fixed minor resizing bug on Vista
· General improvements
· Significantly improved the interface
· Improved Resource Editor
· Improved Rebuilder (added checksum update and strip debug directory)
· Improved Data Directories viewer
· Improved Hex Editor
· Improved Sections Dialog (added section's hex view)
· Improved MetaData Tables
· Extended the SDK
· Added powerful very scripting language
· Added documentation for the scripting language
· Added security features for the scripting language
· Added support for generic files
· Added Name Unmangler
· Added Debug Directory
· Added Dependency Walker
· Added Quick Disassembler (x86, x64)
