How do you verify whether an application is 64-bit capable or if the Data Execution Prevention (DEP) or the Address Space Layout Randomization (ASLR) features are used? Do you want to be sure whether your application uses functions that have been recognized as obsolete, and thus presents a potential security risk for your customer´s infrastructure?
All these questions, and many more, can be answered easily with PeStudio!
With PeStudio, you can inspect any 32-bit or 64-bit application (*.exe, *.dll, *.cpl, ocx, *.ax, *.sys, ...) WITHOUT starting it!
PeStudio shows you much more details, like:
- all libraries that are used by an application.
- all functions that are imported by an application.
- all functions (also anonymous) that are exported by an application.
- all functions that are forwarded to other libraries.
- Obsolete Functions that are exported and imported by an application
- whether the Data Execution Prevention (DEP) Windows security mechanism is used.
- whether the Address Space Layout Randomization (ASLR) Windows security mechanism is used.
- whether Structured Exception Handling - SEH Windows security mechanism is used
- whether some sections are compressed, and more...
What's New in version 3.32:
- IAT size estimation for Evidences adjusted
- Show Obsolete Imported functions as Evidence
- Show Obsolete Exported functions as Evidence
- Show usage of HTTP functions as Evidence
- Show usage of RAS functions as Evidence
- Show usage of Winsock functions as Evidence
No comments:
Post a Comment