|
|
Usage
perdr [options] <executable>
Options are similar to Posix semantic
| -- |
end option (useful if filename start with -) |
| --help |
print help screen |
| -v, --version |
print version |
| -b, --bytes |
show bytes on disassembly |
| -p, --show-priority |
show disassembler priority |
| --raw-dump |
don't disassemble, print only raw bytes |
| --extract-icon-resource |
extract icon into separate files (resicoX.ico) |
| --no-entry-code |
do not assume entry point points to code |
| --disable-3dnow |
disable 3DNow! disassembly (even enhanced) |
| --disable-enh3dnow |
disable enhanced 3DNow! disassembly |
| --disable-pentium3 |
disable Pentium III disassembly |
| --disable-athlon |
disable Athlon disassembly |
| -h, --show-headers |
show short headers |
| -H, --full-headers |
show full headers |
| -i, --show-imports |
show imports |
| --show-relocations |
show relocations |
| -e, --show-exports |
show exports |
| -r, --show-resources |
show resources |
| -R, --raw-resources |
show resources in raw format |
| -c, --show-code |
show code or dump |
| --show-cref |
show call references |
| --show-Uref |
show unconditional jump references |
| --show-Cref |
show conditional jump references |
| --show-refs |
show all references |
This reverse the executable to screen
Priority
| "secure code": |
| entry point |
code executed by entry point |
| safe export |
code executed by known export (not yet implemented) |
| safe heuristics |
code executed by heuristics (very sure code) |
| "not secure": |
| export |
code executed by export (mm.. not all export are code) |
| heuristics |
code executed by heuristics (not very sure, like a single call found) |
| constant |
only a constant in code |
| filler |
only printed for completion |
| none |
this is not code |
| check only |
wow! If you find there is a bug |
Work to do
BUG:
- This program assume that code segment contain only code
- More check
TO DO:
- Data analysis completing
- String checking completing
- More option (no code analysis, some check skipping, etc)
- Resource analysis and dumping
- Relocation analysis and test on data pointers
- Heuristic motor completing
- Some instruction process are incomplete (complex reference)
- Unknown bytes analysis (not only code)
- Print of some type (float or MMX). Now only in raw mode (binary)
|
