nprobert/windows_tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
windows_tools/static/PeStudio/changelog.txt

136 lines
5.7 KiB
Plaintext
Raw Permalink Blame History

File: changelog.txt
Project: pestudio
Author: Marc Ochsenmeier
Email info@winitor.com
Web: www.winitor.com
Copyright (C) 2009-2015, Marc Ochsenmeier
Version 8.50
. Fixed a bug when handling exported functions of 54bit executables
Version 8.49
. Added detection of Windows builtin services
. Fixed a bug when handling strings
. Leveraged Indicators for embedded files
Version 8.48
. Extended Thresholds
. Extended Indicators
. Show virustotal score for Overlay (when available)
. Fixed an issue in the Debug detection
. Fixed an issue in imported symbols by ordinal for 64bit files
Version 8.47
. Added computation of Imports Hash (imphash)
. Added detection of strings embedded in non-PE files
. Extended detection of processor types
. Fixed a hangup
. Updated AV list
Version 8.46
. Added new thresholds
. Extended detection
. Fixed a crash with malformed files
. Corrected duplicates during collection of functions statistics
Version 8.00 to 8.45
. Added Virustotal aging and submission date
. Extended Languages detection and mapping
. Added PeID Signature detection of Executable embedded in Resources
. Added PeID Signature detection of Executable embedded in Overlay
. Added XML-based detection of PeID Signatures
. Added XML-based detection of OIDs
. Added XML-based detection of useragent
. Extented blacklists
. Added detection of references to Firefox API
. Added MD5 Blacklist for a file and its Resources
. Extended detection of Overlay
. Extended validation of Sections
. Resolve OpenSSL ordinals API to User friendly names
. Added Blacklist of MD5 dedicated to the Overlay
. Extended detection of files embedded in Resources
. Added detection of Regular Expressions and Threshold
. Cache Virustotal scores when Internet connection drops
. Fixed a bug when handling the imports of some images
. Added Functions Groups classification
. Resources with unknown Signature and containing only text are now tagged as Text
. Fixed a bug when handling the Characteristics of the FileHeader
. Added MD5, SHA1 and Virustotal Score for Overlay
. Fixed a bug when handling the <PreferedVirustotalEngine>
. Fixed a bug when handling the virustotal Engines
. Added Thresholds for DOS Stub and Header size
. Added Thresholds for Blacklisted Imported Libs and Blacklisted functions number
. Added Thresholds for Blacklisted Strings count
. Added Thresholds for Blacklisted Exported Functions count
Version 6.00 to 7.00
. Added Dump of Indicators
. Added Dump of Manifest
. Added Context menu for Certificates
. Added Dump of Certificates
. Raw discovery of fundamental characteristics of the Certificate(s) embedded in the Image
. Handle non-printable characters in XML report
. Added more Indicators specific to the location of the Entry Point
. Added more details (offset and size) for each file Cave detected
. Show the name of the section BaseOfCode is located in
. Fixed reporting of the Libraries in the XML report
. Simplified Indicators XML file
. Added Indicators specific for First and Last Sections
. Take virtual Section into account when pointing the overlay
. Fixed detection of MPRESS under 64bit
Version 6.00
. Fixed a bug by reading Symbols
. Extended Indicators for Embedded Resources
. Corrected missing Dependencies for some types of images
. Renamed *.XML files to PeStudio*.XML
. Interfaces to PeParser (PeParser.h and PeParser.lib) are now part of the Package.
. Added Indexing of String
. Added Detection of duplicated Section Names
. Allow Strings length choice for filtering at the UI
. Show Strings at the UI
. Added Strings count in output XML
. Detect Section-less images and added in Indicators.XML
. Correct Address Offset of reported Strings
Version 5.00
. The Strings contained in the file analysed can now be exported to the output XML file
. Added validation Check of AddressOfEntryPoint field
. Custom Resources are shown in orange colour
. Corrected handling of Certificate Directory
. Corrected colouring of Indicators
. When handling a resources only images, some validity checks are different
. Enhanced detection of device driver images
. renamed parameters for command prompt (see Prompt support description above)
. Added detection of CAB, PDF, RIFF, GIF, PNG files
. Added detection of "requireAdministrator" Execution Level from the Manifest
. Added Command Prompt support (see Prompt support description above)
. Added "The image exports XY Symbols" as new Indicator
. Added more obsolete functions in the WindowsFunctionsDeprecated.xml file (delivered with this project)
Version 1.0 to 4.0
. Now fully support 64bit Images on 32bit Platform
. Show Resources Languages
. Show Type of Debug information (NB09, NB10, NB11, RSDS )
. Show imported Functions of missing libraries
. Show total number of Bytes available in Caves
. Show Gaps in Exported Symbols collection
. Show Section Name the Base of Data belongs to
. Added OptionalHeader to XML report
. Added detection of duplicated Sections names
. Added detection of Code-less images
. Added detection of Section containing the Entry point
. Corrected filtering of Obsolete Imported Functions
. Corrected Imported Symbols for 64bit images
. Corrected Page-able Section Flag
. Corrected detection of msstyles "Resources Only" Images
. Corrected a crash that takes place when switching between Tree and list View in Resources Tab
. Added Detection of Image Obfuscation (encryption, compression) as Evidence
. Un-decorate function names
. Support Manifest dependentAssembly.
. support Side-by-Side libraries.
. Support Forwarded Functions
. Filtering Obsolete Functions
. Enumeration of Implicit dependencies and other general information
Reference in New Issue View Git Blame Copy Permalink