PEiD汉化版是我共享的全新简体中文版找壳查壳APP，它能帮助我们找到APP上的数据加密壳，协助大家更快破译！APP不但能查，还能帮助我们脱壳直接看源代码，有兴趣的立即来多特软件站免费下载！

软件简介

PEiD是一款知名的查壳工具，其功能齐全，几乎可以探测出全部的壳，其总数已超出470种PE文本文档的免杀种类和签字。

如今APP愈来愈多的免杀了，给破译产生特别大的不方便，可是那个APP可以检验出450种壳，十分便捷！

提升病毒感染扫描作用，是现阶段各种查壳工具中，特性最牛的。

此外还可鉴别出EXE文档是用什么语言撰写的，例如：VC 、delphi、vb或Delphi等。适用文件夹名称大批量扫描；

插件提升到5个:GeneralOEP、Kanal1.3，FSGv1.33Unpacker，CRC32(新提升的)，PEiD通用性脱壳器Forwinnt2kxp(新提升的)，……作用所有对外开放！极力推荐！

新提升WinNT服务平台下的全自动脱壳器插件，可以解决如今绝大多数的APP脱壳（包含PEiD本身的UPXShit0.06壳）！

全部插件

本中文版为全插件版，是现阶段互联网中最完美无缺的版本号，插件是尤其全方位的，又为众多的脱壳发烧友带来了好专用工具啦！

advanced_scan.dll AntiSPack.dll

crc32.dll Easy Screen 1.3.0.dll

eCrap.dll eCrapOepverify.dll

EPScan.dll ExtOverlay.dll

ExtractOverlay.dll FC.DLL

FileInfo.dll FixCRC.DLL

FNE.dll frant.dll

FSG v1.33脱壳.dll GenOEP.dll

GUID.dll hh.dll

HideCapt.dll HideCapt2.dll

IDToText.DLL Imploder.DLL

ImpREC.dll kanal.dll

Morphine.DLL oepscan.dll

ohfixer_v01.dll Overlay1.0.dll

Overlay1.0简体中文版.dll Oversaver.dll

PackUPX.DLL Patch_Maker_0.5.0.dll

PE2HTML.dll PE2HTML.exe

PEExtract.DLL PEiDBundle.DLL

PESniffer4PEiD.ASM PESniffer4PEiD.DLL

PlgLdr.dll PluginEx.dll

pluzina.dll pluzina1.dll

pluzina4.dll pluziny.nfo

QuickChSum.dll RebuildPE.dll

RelocRebuilder.dll s.bat

s.txt SecFix.dll

SecTool.DLL Sendspy.dll

StringViewer.dll unbero.dll

UnCDS_SS.DLL undef.dll

UnFakeNinja.DLL unfsg.dll

UnitsBrowser.dll UnPPP.DLL

UnRCrypt.DLL UnRPolyCrypt.DLL

UnUPolyX.dll UNUPX.DLL

unupx2.dll UnUPXShit.dll

UPXI.dll UPXScramb.dll

uupx.dll VerA.dll

VerA.txt xInfo.DLL

XNResourceEditor_Plugin.DLL XP.dll

YPP.DLL ypp.ini

ZDRx.dll [[-=About PEiD =-]]

PEiD如何使用？

PEiD最常见的插件便是脱壳，PEiD的插件里有一个通用性脱壳器，能脱绝大多数的壳，假如脱壳后import表危害，还能够全自动读取ImportREC修补import表，点一下=开启插件列表，如下图：

依据插件列表，还能够针对一些壳脱壳，实际效果比通用性脱壳器会更好

点一下EP后的可以进行Section块列表:

再在Section块表上右键电脑鼠标，能够看见下列菜单栏选择项：

点击搜索全0处，会把全部块中全0的区块链搜出去，那样我们可以在这种编码上添自身加上的code，十分便捷:

立即用winHex改就可以了,

命令行参数

PEiD now fully supports commandline parameters.

peid -TIMe// Show statistics before quitting 显示

peid -r// Recurse through subdirectories 扫描根目录

peid -nr// Dont scan subdirectories even if its set 不扫描根目录

peid -hard// Scan files in Hardcore Mode 选用关键扫描模式

peid -deep// Scan files in Deep Mode 选用深层扫描模式

peid -norm// Scan files in Normal Mode 选用一切正常扫描模式

peid file1 file2 dir1 dir2

You can combine one or more of the parameters.

For example.

peid -hard -time -r c:\windows\system32

peid -time -deep c:\windows\system32\*.dll

PEID的扫描模式：

一切正常扫描模式：可在PE文本文档的通道点扫描全部纪录的签字

深层扫描模式：可深层扫描全部纪录的签字，这类方式要比上一种的扫描范畴更广，更深层次

关键扫描模式：可详细的扫描全部PE文本文档，但相对性有点儿慢

版本升级表明

0.7 Beta - First public release.

0.8 Public-Added support for 40 more packers. OEP finding module. Task viewing/Control module.

GUI changes. General signature bug fixes. Multiple File and Directory Scanning module.

0.9 Recode-Completely recoded from Scratch. New Plugin Interface which lets you use extra features.

Added more than 130 new signatures. Fixed many detections and general bugs.

0.91 Reborn- Recoded everything again. New faster and better scanning engine. New internal signature system.

MFS v0.02 now supports Recursive Scanning. Commandline Parser now updated and more powerful.

Detections fine tuned and newer detections added. Very basic Heuristic scanning.

0.92 Classic-Added support for external database, independent of internal signatures. Added PE details lister.

Added Import, Export, TLS and Section viewers. Added Disassembler. Added Hex Viewer.

Added ability to use plugins from Multiscan window. Added exporting of Multiscan results.

Added ability to abort MultiScan without loosing results.

Added ability to show process icons in Task Viewer.

Added ability to show modules under a process in Task Viewer. Added some more detections.

0.93 Elixir-Added sorting of Plugin menu items. Submenus are created based on subfolders in the directory.

Added Brizo disassembler core. Added some more detections.

Fixed documented and undocumented vulnerability issues.

Fixed some general bugs.

Removed mismatch mode scanner which needs further improvements.

0.94 Flux-Too much is new to remember.

MFS, Task Viewer and Disassembler windows maximizable.

New smaller and lighter disassembler core CADT.

New KANAL 2.90 with much more detections and export features.

Added loads of new signatures. Thanks to all the external signature collections online.

String References integrated into disassembler.

Fixed documented and undocumented crashes.

Fixed some general bugs.

0.95 Phoenix - Fixed some crashing bugs.

Minor Core update.

Crash Fix in Securom detection.