PE iDentifier 0.9 by snaker & Qwerton
-------------------------------------

PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 430 different signatures in PE files.

PEiD is special in some aspects when compared to other identifiers already out there!

1. It has a superb GUI and the interface is really intuitive and simple.
2. Detection rates are amongst the best given by any other identifier.
3. Special scanning modes for *advanced* detections of modified and unknown files.
4. Shell integration, Command line support, Always on top and Drag'n'Drop capabilities.
5. Multiple file and directory scanning.
6. Task viewer and controller.
7. New Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
8. New Extra scanning techniques used for even better detections.


There are 3 different and unique scanning modes in PEiD.

The *Default Method* scans the PE files at their Entry Point for all documented signatures. This is what all other identifiers also do.

The *Hardcore Method 1* scans the PE file's Entry Point containing section for all the documented signatures. This ensures detection of around 80% of modified and scrambled files.

The *Hardcore Method 2* does a complete scan of the entire PE file for the documented signatures. You should use this mode as a last option as the small signatures often tend to occur a lot in many files and so erroneous outputs may result.

The scanner's inbuilt scanning techniques have error control methods which generally ensure correct outputs even if the last mode is chosen. The first two methods produce almost instantaneous outputs but the last method is a bit slow due to obvious reasons!


Command line Options
--------------------

You can now issue some basic command line options in PEiD.

peid -options
peid -mfs
peid -task
peid -about

The above bring up the respective dialogs on startup immediately.

peid <filename/dirname>

For scanning the files you want at startup.

Some more command line options are for advanced users only ;)


Task Viewing / Control Module
-----------------------------

You can scan currently running tasks with PEiD. The files are scanned from the memory. Processes can also be terminated. You can also optionally dump a module and scan the dumped image.


Multiple File Scan Module
-------------------------

You can scan multiple files at one go with PEiD. Just drag and drop the files on the PEiD main dialog and the Multiple File Scan Dialog will popup displaying the results. You can keep dragging and droping files onto this dialog as well. It also offers you to choose from the different scanning modes and optionally load a single file in PEiD. It allows you to skip the non PE files so that the list looks clean. You can also scan the contents of a directory choosing files of custom extension if required.



We intend to update the signatures quite often to keep pace with this ever evolving scene :)


Please report bugs, ideas, new signatures or packer info to snaker -> snaker@myrealbox.com
Qwerton can be reached at -> qwaci@gmx.net

ALL SUGGESTIONS, IDEAS, BUG REPORTS AND CRITICS ARE WELCOME.


History
-------

0.7 Beta 	-> 	First public release.

0.8 Public	->	Added suport for 40 more packers. OEP finding module. Task viewing/control module.
			GUI changes. General signature bug fixes. Multiple File and Directory Scanning module.

0.9 Recode	->	Completely recoded from scratch.  New Plugin Interface which lets you use extra features.
			Added more than 130 new signatures. Fixed many detections and general bugs.


Greets
------

Qwerton, Asha, CHRiST0PH, uno, DAEMON, MackT, VAG, SAC, Gamumba, SnowP and all the rest at UG2003, Michael Hering, tE!, pusher, CoDE, BaND, Snacker,  skamer, HypnZ, ParaBytes, Clansman, BuL-Let, innuendo, Corby, cokine, AiRW0lF, fxfighter, GodsJiva, Carpathia, DEATH, artik, r!sc, NoodleSPA, SiR_dReaM, CHoRDLeSS, JaCK, p0tHEAD, XasX and all at TNT! and all who helped with PEiD :)

snaker, cokine, Iczelion, Clansman, Z-Wing, Unknown One/TMG, PeeWee, DnNuke, sinny/BAFH, all the other nice people in CiA, UG2003 and all of you who helped us develope PEiD. Thanks!


Qwerton		- Hope you get time someday again, was nice working with you :)
Michael Hering	- FILE INFO is still the absolute best. Your suggestions rock :)
VAG		- Thanks for the suggestions and lots of new detections ;)
uG2oo3		- Lets rock in 2003. Yehaaaaw!
MackT		- Thanks for all your help and for ImpREC ofcourse ;)
Unknown One	- Spend more time with us :)
BaND		- Thanks for all your testing and help.
Kaparo & Aaron	- Thanks for your sites :)


We would also like to thank the *few* people who sent us their comments and feedback about PEiD 0.7 Beta and v0.8 Public. 
Also greetings to everyone who has supported PEiD till date. Without you this new release would never be possible.


You can check out the PEiD homepage at http://www.mesa-sys.com/~snaker/peid


snaker & Qwerton Productions
	-2003-
