Stud_PE The Portable Executables Viewer/Editor (32/64 bit PE files)
view/edit PE basic Header information (DOS also):
    -header structures to hexeditor;
view/edit Section Table:
    - add new section;
view/edit Directory Table:
    -Import/Export Table viewer;
    -Import adder;
    -Resource viewer/editor (save/replace ico/cur/bmp);
Pe Scanner (PEiD sig database):
    -400 packers/protectors/compilers;
Task viewer/dumper/killer;
PEHeader/Binary file compare;
RVA to RAW to RVA;
Drag'nDrop shell menu integration;
Basic HexEditor;
Process regions' dumper/viewer/editor;
________________________________________________________
System requirements: Pentium 166, 16Mb RAM
OS:WinAll

What's new in latest release:
2.6.0.7 - 11 mar 2012
-added support for drag&drop under w7,vista on 64bit OS's; there is a bug with "x86" in IShellLink::GetPath for 32bit app running on 64bit OS;
-found some import's names with the lenght greater than 500 chars! see adobe CS5, the imports from the boost libs; fixed the buffers to support such situations aaaand...
-fixed a security issue, related to the size of import/export functions' names; "The vulnerability is caused due to a boundary error when parsing the names of functions exported by an analysed portable executable. This can be exploited to cause a stack-based buffer overflow by tricking a user into processing a specially crafted ".dll" or ".exe" file." (http://secunia.com/advisories/39130)
-fixed 3 bugs reported by snailz; unhandled situations when no pe file was loaded;
-it seems that TLS dir size is ignored by windows, so let Stud_Pe buttons enabled on 0 size image data dirs; (http://waleedassar.blogspot.com/2012/03/ollydbg-v201-and-tls-callbacks.html)
-bugfix in hexeditor; when exploring large pe sections/data (MB), at the end of the VScoll, the program was stuck in an endless paint;

2.6.0.6 - 27 feb 2012
-switched the project from vc6 to VC8; just for your information about 60 Errors and 600 warnings after project conversion; take care, those secure crt fixups drived me crazy, errors may have slept through:); if so, please report and I'll try to fix them;
- unfortunatelly VC8 breaks the w95 compatibility (shlwapi.dll appears at imports due to mfc AddToRecentFileList which links that dll, not known to w95 os; aslo IsDebuggerPresent not present in w95 but linked by vc8 ...and who knows which other functions);
-fixed a gpf reported on program exit; ...more inside nfo.txt

2.6.0.5 - 31 oct 2009 [download the last version supporting w95]
-added Basic Headers tree View to theHexeditor's History; it was causing some problems if not added;
-option to mark more than one block of data inside hexeditor;
-hexeditor supports now editing ascii column; also selection is reflected in ascii column; with this another todo job ended :)

2.6.0.4 - 26 oct 2009
-added some colours to the disassembler window;
-you can jump into calls/jmps in disassembler window (added also a history back-fwd); jmp on double mouse click works only for files loaded into Stud_PE; if you try this on chunks of mem viewed from procs list it won't jmp; also, in this case it will disassemble as 32bit inst since I don't know how Procs list acts under 64bit OS; mostly it won't work since LPVOID of Read/WriteProcmem are 8 bytes on 64bit OS.
-Dump/Edit process memory regions; from Tab Procs you can view memory regions of a certain running process; you can hex/view it and edit it there; Patch Mem will write it directly into the process' memory; this should work on 32bit OS.

2.6.0.3 - 24 oct 2009
-the small dissassambler from hexeditor works now for 64bit(PE+) files too;
-fixed dissappeared options Tab, and a bug with the ImageBase static ctrl :P
-added an option to disable autoscan for file signatures; if you are not interested in this feature why waste some CPU time;
-add new import works now for 64bit(PE+) files too;
-removed the worning with virtual sizes in Sections Tab->Analyze since it doesn't do anything good;
-On Tab Sections, menu Analyze, it will search if any entry from Optional Header Data Directory points to selected section;
-"ExtraDat" shown in Sections will be market as "Certificate" if OptionalHeaderDataDirectory[4] points to it. If you delete this Certificate Section, be sure to null also the RVA and size in OptionalHeaderDataDirectory[4];
-addImport, add section, TLS viewer, works now for 64bit apps;
-Jmp to VA in hexeditor supports up to 8bytes selection if a PE+ file is loaded;
-added some copy&paste menu functionality to edit controls showing header's data;

2.6.0.1 - 21 oct 2009
-added support for 64 bit PE files (PE+ format); although it isn't finished you can do with it most of the things which works on 32bit pe files; what do I need to fix for x64? tls,addimports,jmp va, perhaps a small dissassambler for rightclick menu in hexview to support x64 architecture; and other things which I couldn't test since I'm still on a 32bit machine :)
-added map file parser for "Virtual to Raw offset convertor"; if you open a PE sample.exe and the sample.map exist in the same dir, you will see the function/var in which address points; it should work for vc6-vc8 linker generated map files;

2.4.0.1 - 02 apr 2008
-fixed a bug with imported functions name lenght;
-added external signature verifier; writed a note about signatures;
-fixed RVA2RAW for UPACK which has EP inside PE HEADER; now imports are shown fine;
-added basic disassembler from hexeditor right click menu;
-fixed showing which export is in fact a forwarder to other dll; like HeapAlloc in kernel.dll;
-added process memory dumper/viewer; right click on the process you want to inspect; you can use dissasambler (from right click menu inside the hexeditor) to see how the code looks at certain VA; the difference from other (dumpers LordPE, ProcDump, PETools) is that it can dump/view code blocks protected with PAGE_GUARD or NOACCESS flags.

2.2.0.5 - 19 mar 2006
-Open Folder option in Procs list;
-fixed dos header word array - 10x TQN;
-fixed showing wrong signature searching time on PEs with EP 0 - 10x marciano;
-removed a validity check..some packed with asprot files didn't show any res dir;
-it now shows the forwarder exports;
-TLS table editor/viewer;
-new option in hexeditor :select up to 4 bytes the from menu -> GoToRAW GoToRVA GoToVA;
-option to view what is the virtual address of slected byte in hexeditor;
-"Mark Sel"ection inside hexeditor;
-"History" of recent Blocks of data viewed inside hexeditor;
-it will see imports like upack imports (names inside header);
   
2.1.0.1 - 19 mar 2005
-unlocked scrollbars on "sections" tabpage;
-fixed a bug,not showing some sections characteristics flags on win98;
-icons are showed now in "Procs" list om win98 too;
-fixed cursor position on RVA to RAW edit controls;
-a little windows arrangement when "Basic tree view";
-fixed a bug when operating on PEs with DOS stub modified...Stud_PE was showing DOS instead PE; Show more...
-fixed a bug when EP of loaded exe was in the last few bytes of a section;
-fixed a bug inside scanning engine -> crash when scanning some files;
-more bugfixes in Resource TabPage;
-options to decompile dialog resources;
Remember! : press Esc to close dialogs generated from resources;
-some dialog windows won't be created from resources;select decompile options;
it seems to be a strange behaviour because if you check that,the dialogs will be now visible;
-fixed a bug on "Dump section" on Tab "Sections";
-some changes in "Headers" tab;support for Characteristics field;
-new option in HexEditor,view current location relative to file offset,not only to start of data loaded in hexeditor;
-Relocations viewer;
-"GoHex" option in Virtual2Raw window;you can navigate in hexeditor to a speciffic raw offset from there,just select "File Offset";
-small fix on Add NewSection;highRVA is searched for new section;
-chunck support (at the eof) when add/delete new section;
-"Delete Section" option on tab "Sections";
-tab "Sections" will show now extra data (if) found at the end of the file;
-fixed adding/deleting sections on packed exe files, in which sections are not aligned in rawdata order (like petite does);
also chunck data on these exes is preserved after adding/deleting sections;
-CheckSum calculator for corresponding header field;
-SizeOfHeaders direct editbox + compare real/header;option to enlarge SizeofHeaders,rawsize of each section is automatically increased;
(note: the max SizeOfHeaders is 0x1000)
-"Delete Section" will delete also ExtraDat..if selected;
-"GoTo Export Section" option in tab "Functions";
-delete section by the (file.aligned)->rawsize...to delete the entire section,for sections where raw is non_aligned to file alignment;
-fixed a bug when saving exports dir size;
-"GoTo Function Start" on exported functions (0x500 bytes from function start);
-Plugin support based on PEiD sdk;so Stud_PE plugins will be supported by PEiD also;
-the plugins dir must be named "Plugins" inside Stud_PE root dir;
Note: to use PEiD plugins you must enable "Identify as PEiD" option;