PE editing - CFF Explorer

The CFF Explorer was designed to make PE editing as easy as possible, but without losing sight on the portable executable's internal structure. This application includes a series of tools which might help not only reverse engineers but also programmers. It offers a multi-file environment and a switchable interface. 

Also, it's the first PE editor with full support for the .NET file format. With this tool you can easily edit metadata's fields and flags. If you're programming something that has to do with .NET metadata, you will need this tool. The resource viewer supports .NET image formats like icons, bitmaps, pngs. You'll be able to analyze .NET files without having to install the .NET framework, this tool has its own functions to access the .NET format. 



Useful links:

- How to write a CFF Explorer Extension 
- CFF Explorer Scripting Language Documentation (v2)
- CFF Explorer Scripting Language Documentation (v1) 
- CFF Explorer Extensions Repository 


Features: 

ºProcess Viewer
ºDrivers Viewer
ºWindows Viewer
ºPE and Memory Dumper
ºFull support for PE32/64
ºSpecial fields description and modification (.NET supported)
ºPE Utilities
ºPE Rebuilder (with Realigner, IT Binder, Reloc Remover, Strong Name Signature Remover, Image Base Changer)
ºView and modification of .NET internal structures
ºResource Editor (full support for Windows Vista icons)
ºSupport in the Resource Editor for .NET resources (dumpable as well)
ºHex Editor
ºImport Adder
ºPE integrity checks
ºExtension support
ºVisual Studio Extensions Wizard
ºPowerful scripting language
ºDependency Walker
ºQuick Disassembler (x86, x64, MSIL)
ºName Unmangler
ºExtension support
ºFile Scanner
ºDirectory Scanner
ºDeep Scan method
ºRecursive Scan method
ºMultiple results
ºReport generation
ºSignatures Manager
ºSignatures Updater
ºSignatures Collisions Checker
ºSignatures Retriever

Download CFF Explorer