Softpedia >Windows >Programming >File Editors >Stud_PE >  Changelog

Stud_PE Changelog

What's new in Stud_PE 2.6.0.7

Mar 13, 2012
  • added support for drag&drop under w7,vista on 64bit OS's; there is a bug with "x86" in IShellLink::GetPath for 32bit app running on 64bit OS
  • found some import's names with the lenght greater than 500 chars! see adobe CS5, the imports from the boost libs
  • fixed the buffers to support such situations
  • fixed a security issue, related to the size of import/export functions' names "The vulnerability is caused due to a boundary error when parsing the names of functions exported by an analysed portable executable. This can be exploited to cause a stack-based buffer overflow by tricking a user into processing a specially crafted ".dll" or ".exe" file."
  • fixed 3 bugs reported by snailz; unhandled situations when no pe file was loaded
  • it seems that TLS dir size is ignored by windows, so let Stud_Pe buttons enabled on 0 size image data dirs
  • bugfix in hexeditor; when exploring large pe sections/data (MB), at the end of the VScoll, the program was stuck in an endless paint

New in Stud_PE 2.6.0.6 (Mar 2, 2012)

  • switched the project from vc6 to VC8; just for your information about 60 Errors and 600 warnings after project conversion; take care, those secure crt fixups drived me crazy, errors may have slept through:); if so, please report and I'll try to fix them;
  • unfortunatelly VC8 breaks the w95 compatibility (shlwapi.dll appears at imports due to mfc AddToRecentFileList which links that dll, not known to w95 os; aslo IsDebuggerPresent not present in w95 but linked by vc8 ...and who knows which other functins);
  • fixed a gpf reported on program exit;

New in Stud_PE 2.6.0.5 (Mar 2, 2012)

  • added Basic Headers tree View to theHexeditor's History; it was causing some problems if not added;
  • option to mark more than one block of data inside hexeditor;
  • hexeditor supports now editing ascii column; also selection is reflected in ascii column; with this another todo job ended :)

New in Stud_PE 2.6.0.4 (Mar 2, 2012)

  • added some colours to the disassembler window;
  • you can jump into calls/jmps in disassembler window (added also a history back-fwd); jmp on double mouse click works only for files loaded into Stud_PE; if you try this on chunks of mem viewed from procs list it won't jmp; also, in this case it will disassemble as 32bit inst since I don't know how Procs list acts under 64bit OS; mostly it won't work since LPVOID of Read/WriteProcmem are 8 bytes on 64bit OS.
  • Dump/Edit process memory regions; from Tab Procs you can view memory regions of a certain running process; you can hex/view it and edit it there; Patch Mem will write it directly into the process' memory; this should work on 32bit OS.

New in Stud_PE 2.6.0.3 (Mar 2, 2012)

  • the small dissassambler from hexeditor works now for 64bit(PE+) files too;
  • fixed dissappeared options Tab, and a bug with the ImageBase static ctrl :P
  • added an option to disable autoscan for file signatures; if you are not interested in this feature why waste some CPU time;
  • add new import works now for 64bit(PE+) files too;
  • removed the worning with virtual sizes in Sections Tab->Analyze since it doesn't do anything good;
  • On Tab Sections, menu Analyze, it will search if any entry from Optional Header Data Directory points to selected section;
  • "ExtraDat" shown in Sections will be market as "Certificate" if OptionalHeaderDataDirectory[4] points to it. If you delete this Certificate Section, be sure to null also the RVA and size in OptionalHeaderDataDirectory[4];
  • addImport, add section, TLS viewer, works now for 64bit apps;
  • Jmp to VA in hexeditor supports up to 8bytes selection if a PE+ file is loaded;
  • added some copy&paste menu functionality to edit controls showing header's data;

New in Stud_PE 2.6.0.1 (Mar 2, 2012)

  • Added support for 64 bit PE files (PE+ format); although it isn't finished you can do with it most of the things which works on 32bit pe files; what do I need to fix for x64? tls,addimports,jmp va, perhaps a small dissassambler for rightclick menu in hexview to support x64 architecture; and other things which I couldn't test since I'm still on a 32bit machine :)
  • Added map file parser for "Virtual to Raw offset convertor"; if you open a PE sample.exe and the sample.map exist in the same dir, you will see the function/var in which address points; it should work for vc6-vc8 linker generated map files;

New in Stud_PE 2.4.0.1 (Jun 25, 2008)

  • Fixed a bug with imported functions name lenght;
  • Added external signature verifier; writed a note about signatures;
  • Fixed RVA2RAW for UPACK which has EP inside PE HEADER; now imports are shown fine;
  • Added basic disassembler from hexeditor right click menu;
  • Fixed showing which export is in fact a forwarder to other dll; like HeapAlloc in kernel.dll;
  • Added process memory dumper/viewer; right click on the process you want to inspect; you can
  • use dissasambler (from right click menu inside the hexeditor) to see how the code looks at
  • certain VA; the difference from other (dumpers LordPE, ProcDump, PETools) is that it can dump/view code blocks protected with PAGE_GUARD or NOACCESS flags.