PEiD中文版

PEiD中文版是小编分享的最新汉化找壳查壳软件，它能帮助我们找出软件上的加密壳，帮助我们更快破解！软件不仅能查，还能帮助我们脱壳直接看源码，感兴趣的直接来IT猫扑下载吧！

peid查壳工具介绍

PEiD是一款著名的查壳工具，其功能强大，几乎可以侦测出所有的壳，其数量已超过470种PE文档的加壳类型和签名。

现在软件越来越多的加壳了，给破解带来非常大的不便，但是这个软件可以检测出450种壳，非常方便！

增加病毒扫描功能，是目前各类查壳工具中，性能最强的。

另外还可识别出EXE文件是用什么语言编写的，比如：VC++、delphi、vb或Delphi等。支持文件夹批量扫描；

插件增加到5个:GeneralOEP、Kanal1.3，FSGv1.33Unpacker，CRC32(新增加的)，PEiD通用脱壳器Forwinnt2kxp(新增加的)，……功能全部开放！强烈推荐！

新增加WinNT平台下的自动脱壳器插件，可以应对现在大部分的软件脱壳（包括PEiD自身的UPXShit0.06壳）！

所有插件

本汉化版为全插件版，是目前网络中最完美的版本，插件是特别全面的，又为广大的脱壳爱好者提供了好工具啦！

advanced_scan.dll AntiSPack.dll

crc32.dll Easy Screen 1.3.0.dll

eCrap.dll eCrapOepVerify.dll

EPScan.dll ExtOverlay.dll

ExtractOverlay.dll FC.DLL

FileInfo.dll FixCRC.DLL

FNE.dll frant.dll

FSG v1.33脱壳.dll GenOEP.dll

GUID.dll hh.dll

HideCapt.dll HideCapt2.dll

IDToText.DLL Imploder.DLL

ImpREC.dll kanal.dll

Morphine.DLL oepscan.dll

ohfixer_v01.dll Overlay1.0.dll

Overlay1.0汉化.dll Oversaver.dll

PackUPX.DLL Patch_Maker_0.5.0.dll

PE2HTML.dll PE2HTML.exe

PEExtract.DLL PEiDBundle.DLL

PESniffer4PEiD.ASM PESniffer4PEiD.DLL

PlgLdr.dll PluginEx.dll

pluzina.dll pluzina1.dll

pluzina4.dll pluziny.nfo

QuickChSum.dll RebuildPE.dll

RelocRebuilder.dll s.bat

s.txt SecFix.dll

SecTool.DLL Sendspy.dll

StringViewer.dll unbero.dll

UnCDS_SS.DLL undef.dll

UnFakeNinja.DLL unfsg.dll

UnitsBrowser.dll UnPPP.DLL

UnRCrypt.DLL UnRPolyCrypt.DLL

UnUPolyX.dll UNUPX.DLL

unupx2.dll UnUPXShit.dll

UPXI.dll UPXScramb.dll

uupx.dll VerA.dll

VerA.txt xInfo.DLL

XNResourceEditor_Plugin.DLL XP.dll

YPP.DLL ypp.ini

ZDRx.dll [[-=About PEiD =-]]

PEiD怎么用？

PEiD最常用的插件就是脱壳，PEiD的插件里有个通用脱壳器，能脱大部分的壳，如果脱壳后import表损害，还可以自动调用ImportREC修复import表，点击"=>"打开插件列表，如图：

根据插件列表，还可以专门针对一些壳脱壳，效果比通用脱壳器会好

点击EP后的>可以展开Section块列表:

再在Section块表上右击鼠标，可以看到以下菜单选项：

点击搜索全0处，会把所有块中全0的区块搜出来，这样我们可以在这些代码上加自己想加的code，非常方便:

直接用winHex改就行了,

命令行参数

PEiD now fully supports commandline parameters.

peid -time// Show statistics before quitting 显示信息

peid -r// Recurse through subdirectories  扫描子目录

peid -nr// Don't scan subdirectories even if its set 不扫描子目录

peid -hard// Scan files in Hardcore Mode 采用核心扫描模式

peid -deep// Scan files in Deep Mode  采用深度扫描模式

peid -norm// Scan files in Normal Mode 采用正常扫描模式

peid <file1> <file2> <dir1> <dir2>

You can combine one or more of the parameters.

For example.

peid -hard -time -r c:\windows\system32

peid -time -deep c:\windows\system32\*.dll

PEID的扫描模式：

正常扫描模式：可在PE文档的入口点扫描所有记录的签名

深度扫描模式：可深度扫描所有记录的签名，这种模式要比上一种的扫描范围更广，更深入

核心扫描模式：可完整的扫描整个PE文档，但相对有点慢

版本更新说明

0.7 Beta -> First public release.

0.8 Public->Added support for 40 more packers. OEP finding module. Task viewing/control module.

GUI changes. General signature bug fixes. Multiple File and Directory Scanning module.

0.9 Recode->Completely recoded from scratch.  New Plugin Interface which lets you use extra features.

Added more than 130 new signatures. Fixed many detections and general bugs.

0.91 Reborn-> Recoded everything again. New faster and better scanning engine. New internal signature system.

 MFS v0.02 now supports Recursive Scanning. Commandline Parser now updated and more powerful.

Detections fine tuned and newer detections added. Very basic Heuristic scanning.

0.92 Classic->Added support for external database, independent of internal signatures. Added PE details lister.

Added Import, Export, TLS and Section viewers. Added Disassembler. Added Hex Viewer.

Added ability to use plugins from Multiscan window. Added exporting of Multiscan results.

Added ability to abort MultiScan without loosing results.

Added ability to show process icons in Task Viewer.

Added ability to show modules under a process in Task Viewer. Added some more detections.

0.93 Elixir->Added sorting of Plugin menu items. Submenus are created based on subfolders in the directory.

Added Brizo disassembler core. Added some more detections.

Fixed documented and undocumented vulnerability issues.

Fixed some general bugs.

Removed mismatch mode scanner which needs further improvements.

0.94 Flux->Too much is new to remember.

MFS, Task Viewer and Disassembler windows maximizable.

New smaller and lighter disassembler core CADT.

New KANAL 2.90 with much more detections and export features.

Added loads of new signatures. Thanks to all the external signature collections online.

String References integrated into disassembler.

Fixed documented and undocumented crashes.

Fixed some general bugs.

0.95 Phoenix -> Fixed some crashing bugs.

Minor Core update.

Crash Fix in Securom detection.