In this new version of pecheck.py, a tool to analyze PE files, overlay offset calculations are improved when a digital signature is present, and the output has changed slightly:
- the name of the export DLL is included (right before the list of exported functions)
- lists of relocation addresses are dropped
- TLS callbacks are reported
No TLS data:
TLS data present, but no callbacks:
One TLS callback:
pecheck-v0_7_10.zip (https)
MD5: D0C4332B1BD231AA131FBCDCD3BBBA33
SHA256: 0E57A50590D59321CCD0BECE0936CF9523668F86516F56F5B2A21B9DCA9B4788
[…] pecheck.py Version 0.7.10 […]
Pingback by Week 11 – 2020 – This Week In 4n6 — Sunday 15 March 2020 @ 11:31
[…] Tools: pecheck.py. […]
Pingback by pecheck: Carving PE Files – Didier Stevens Videos — Thursday 26 March 2020 @ 14:31
[…] oledump.py, pecheck.py, […]
Pingback by YARA: Ad Hoc Rules – Didier Stevens Videos — Saturday 4 April 2020 @ 13:57