pefile is a Python module to read and work with PE (Portable Executable) files
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
翻译 - Process Ghosting - 一种 PE 注入技术,类似于 Process Doppelgänging,但使用待删除文件而不是事务文件
Golang port of PEFile
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
翻译 - Transacted Hollowing - 一种 PE 注入技术,混合了 ProcessHollowing 和 ProcessDoppelgänging
Extract resources from PE files
Golang port of pefile
A Machine Learning approach for classifying a file as Malicious or Legitimate
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports.
