bearparser - Portable Executable parsing library (from PE-bear)

  •        3

Portable Executable parsing library (from PE-bear)

https://github.com/hasherezade/bearparser

Tags
Implementation
License
Platform

   




Related Projects

pev - The PE file analysis toolkit

  •    C

pev is a full-featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries. Please check the online documentation for more details.

gonzales-pe - CSS parser with support of preprocessors

  •    Javascript

Gonzales PE is a CSS parser which plays nicely with preprocessors. Currently those are supported: SCSS, Sass, LESS. Try out Gonzales PE online: Gonzales PE Playground. The different type of tree nodes can be found in docs/node-types.md.

pev

  •    C

pev is a multiplatform PE analysis toolkit that includes tools to retrieve and parsing information about Windows PE files.

yapep

  •    

yaPEp: Yet another PE Parser yaPEp is a Portable Executable (PE) parsing tool written in C to dump and display PE related information such as exports, imports, debug information, and other PE header information.


Multiplatform GTK Docking Panel in MONO

  •    

This is an open source project to develop a multiplatform dock-panel library in Gtk for Mono.

libtins - High-level, multiplatform C++ network packet sniffing and crafting library.

  •    C++

libtins is a high-level, multiplatform C++ network packet sniffing and crafting library. Its main purpose is to provide the C++ developer an easy, efficient, platform and endianess-independent way to create tools which need to send, receive and manipulate specially crafted packets.

pe-sieve - Scans a given process

  •    C++

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

Registry Editor PE

  •    

Registry Editor PE is a plugin for Bart's PE Builder which allows for easy editing of remote registry hives and user profiles. A user booting from a Bart's PE CD can easily make changes to the Windows registry without having to boot into Windows.

Amber - Reflective PE packer.

  •    Assembly

amber is a reflective PE packer for bypassing security products and mitigations. It can pack regularly compiled PE files into reflective payloads that can load and execute itself like a shellcode. It enables stealthy in-memory payload deployment that can be used to bypass anti-virus, firewall, IDS, IPS products and application white-listing mitigations. If you want to learn more about the packing methodology used inside amber check out below. For more detail about usage, installation and how to decrease detection rate check out WIKI. Developed By Ege Balc─▒ from INVICTUS/PRODAFT.

Simplecsv - CSV parser for Java, based on the OpenCSV

  •    Java

A simple library for parsing CSV in Java, based on the OpenCSV library. After trying unsuccessfully to fix some of the key bugs in OpenCSV, I concluded that the core of the library -- the CSVParser -- was too complicated a patchwork to salvage. I decided to rewrite it. That effort led to forking the project entirely, with the primary intent of simplifying the parser code, but keeping it fast and generally in the spirit of the OpenCSV library.

TagSoup - HTML/XML parser for Haskell

  •    Haskell

TagSoup is a library for parsing HTML/XML. It supports the HTML 5 specification, and can be used to parse either well-formed XML, or unstructured and malformed HTML from the web. The library also provides useful functions to extract information from an HTML document, making it ideal for screen-scraping.

ReflectiveDLLInjection - Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process

  •    C

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) file loader. It can then govern, with minimal interaction with the host system and process, how it will load and interact with the host. Injection works from Windows NT4 up to and including Windows 8, running on x86, x64 and ARM where applicable.

neotoma - Erlang library and packrat parser-generator for parsing expression grammars.

  •    Erlang

Neotoma is a packrat parser-generator for Erlang for Parsing Expression Grammars (PEGs). It consists of a parsing-combinator library with memoization routines, a parser for PEGs, and a utility to generate parsers from PEGs. It is inspired by treetop, a Ruby library with similar aims, and parsec, the parser-combinator library for Haskell. Neotoma is licensed under the MIT License (see LICENSE).

AngleSharp - The ultimate angle brackets parser library parsing HTML5, MathML, SVG and CSS to construct a DOM based on the official W3C specifications

  •    CSharp

AngleSharp is a .NET library that gives you the ability to parse angle bracket based hyper-texts like HTML, SVG, and MathML. XML without validation is also supported by the library. An important aspect of AngleSharp is that CSS can also be parsed. The included parser is built upon the official W3C specification. This produces a perfectly portable HTML5 DOM representation of the given source code and ensures compatibility with results in evergreen browsers. Also standard DOM features such as querySelector or querySelectorAll work for tree traversal.

csscomb.js - CSS coding style formatter

  •    Javascript

CSScomb is a coding style formatter for CSS. You can easily write your own configuration to make your style sheets beautiful and consistent. The main feature is sorting properties in a specific order. It was inspired by @miripiruni's PHP-based tool of the same name. This is the new JavaScript version, based on the powerful CSS parser Gonzales PE.

EXT C++ Library

  •    C++

The EXT Library is set of various useful classes, templates and macros that extend functionality provided by ISO C++ (ext sub-library), standard C and C++ library (lib), to abstract parts of Windows API (win) and access PE file resources (res).

lark - A modern parsing library for Python, implementing Earley & LALR(1) and an easy interface

  •    Python

Beginners: Lark is not just another parser. It can parse any grammar you throw at it, no matter how complicated or ambiguous, and do so efficiently. It also constructs a parse-tree for you, without additional code on your part. Experts: Lark lets you choose between Earley and LALR(1), to trade-off power and speed. It also contains a CYK parser and experimental features such as a contextual-lexer.

Opencsv - Easy-to-use CSV (comma-separated values) parser library for Java

  •    Java

Opencsv is an easy-to-use CSV (comma-separated values) parser library for Java. Opencsv supports all the basic CSV-type things like Arbitrary numbers of values per line, Ignoring commas in quoted elements, Configurable separator and quote characters and lot more.

Texe

  •    

Texe is a PE import and export viewer. You can use it to analyze PE files. Texe exports the report in the form of html document with extension .html preceded by the pe file name given.