Anyone using PeStudio by Winitor?

@Marc: The new version is working beautifully. I'll send any more crashes to you directly as you asked. Thanks!

 

I haven't tried Winitor yet, but I am thinking about trying it.

When you say crashes, are you talking about program crashes which would be normally considered to be 'minor' or are do you mean PC crashes (i.e., BSOD's)? I don't want to have my PC crash.

 

PeStudio is all that crashes. Nothing to worry about.

 

Thank you.

 

@0strodamus: good news. Thanks for the feed-back.

 

I sent some files to an email, files cause crashes Pestudio.

Thanks

 

@ELWIS1: yes, I got them. Thank you so much for helping me to make PeStudio better. Currently working on a new (resizeable) UI.

 

@ELWIS1: PeStudio 7.34 is now available and fixes the crash with the files you sent me. Can you please confirm it works for you? Thanks!

 

awesome. thanks.

 

Hello Marc,
It still crashing when I analyze several files, at different time.

Thank you.

 

@alphascorpii: could explain what the scenario and send me the files that cause the crash? thanks!

 

I checked different files with different sizes, more than 2MB, with one instance of PeStudio.

The crash occurs at random time, Sorry! I can't reproduce it OnDemand.

This is crash message:

Windows 7 32bit

 

@alphascorpii: which version of PeStudio are you using? Does anyone else having this kind of issue?

 

Latest version PeStudio 7.34

 

Hello,
I'm finally able to reproduce the crash as follows:
Download the tool: Norton Power Eraser.
http://liveupdate.symantec.com/upgrade/NPE/1033/NPE.exe
Launch one instance of PeStudio and Drug & Drop NPE about 60 times to cause the crash.

Another feedbacks:
Try to analyse OllyDbg.
http://www.ollydbg.de/odbg201h.zip
PeStudio can't retrieves Libraries and Imports information.

Also, the same behavior with any executable packed with FSG 2 packer. no Libraries and Imports information.

Indicators tab:
PeStudio displays duplicate string:
The count (0) of imported Library is Suspicious
The count (0) of imported Library is Suspicious

 

@alphascorpii: thank you very much for these details.

 

@alphascorpii: PeStudio 7.35 is now available to correct the missing imports.

 

I want to start doing some active testing of PeStudio. What types of files should I test with PeStudio?

 

The issue with OllyDbg has been fixed. But the second issue related to FSG 2.0 packer remains unfixed. PeStudio was unable to retrieve imports information from packed files.

FSG 2.0:

Code:

http://cracking.z0ro.com/Reverse-Engineering/Packers-Crypters-Protectors/FSG%202.0/FSG%202.0.rar

 

@Marc,

thanks for correction.

Although I still have the same problem, but in other files.

This problem also, version 7,35.

Microsoft Visual C++ Runtime Library
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.

 

@alphascorpii: thanks. Yes I know, still working on FSG 2.0 issue.

 

@ELWIS1: could you please send me these files?

 

@alphascorpii: PeStudio 7.36 is now available and handles files packed with FSG. Can you please confirms it works for you? Thanks!

 

YES, confirmed.

Also 7.36 can now handle files packed with Upack.

Indicators of trust don't display the note "The image is Obfuscated (encrypted, compressed)" for images packed with FSG 2.0

 

@alphascorpii: thanks. Yes I know, indicators will be updated.