A Small Collection of PE Tools

Hmily

A Small Collection of PE Tools


From:EXETOOLS

by:comrade

PE Tools

---

On this page, you will find a collection of various tools I made over years to deal with portable executables and Windows processes.Download
petools.rar (22 KB)
The tools are released under the BSD license.
Source code is included. To recompile the files, you will need FASM (at least v1.67.26) and the additional include files from this page. Inject ToolInject is a tool that injects a DLL into a running process. Its command-line usage is as follows:

• Inject C:\hook.dll into pid 1234: inject.exe 1234 C:\hook.dll
• Inject C:\hook.dll into process notepad.exe (if multiple notepads are running, then whichever one is picked is undefined): inject.exe -p *notepad.exe C:\hook.dll
• Inject C:\hook.dll into running process C:\myprogram.exe: inject.exe -p C:\myprogram.exe C:\hook.dll
• Inject C:\hook.dll into process with a window named "Untitled - Notepad": inject.exe -w "Untitled - Notepad" C:\hook.dll
• Inject C:\hook.dll into process with a window class Notepad: inject.exe -c Notepad C:\hook.dll

Note that in all uses, you should specify the full path to the injected DLL.
Loader ToolLoader is a tool that injects a DLL before launching a process. Its command-line usage is as follows:

• Load notepad.exe and inject C:\hook.dll into it: loader.exe notepad.exe C:\hook.dll

Note that you should specify the full path to the injected DLL.
Patch ToolPatch is a tool that adds a new section to the executable. The new section becomes the new entrypoint, and contains code to load a particular DLL, and then jump back to the original entrypoint. This can be used to create static patches that behave similar to the Loader tool.
The tool's command-line usage is as follows:

• Patch original.exe to load C:\hook.dll before execution; save the patched executable to patched.exe: patch.exe original.exe patched.exe C:\hook.dll

Reimport Tool
Reimport is a tool that redirects certain entries of an executable's import table to another DLL. For example, running reimport.exe game.exe newgame.exe nocd.dll kernel32.dll::GetDriveTypeA kernel32.dll::CreateFileA kernel32.dll::GetVolumeInformation will create a copy of game.exe into newgame.exe, with the above 3 API functions rerouted to nocd.dll, instead of kernel32.dll. That means newgame.exe would import GetDriveTypeA, CreateFileA, and GetVolumeInformation from nocd.dll instead of kernel32.dll

Available on my website:

http://comrade.ownz.com/projects/petools.html