pev - the PE analyzer toolkit - ChangeLog

Legend:
+ Added feature
* Improved/changed feature
- Bug fixed
! Known issue / missing feature

pev 0.50 - June 25, 2012
 + pescan: new tool to search for suspicious things in PE files including TLS callbacks
 - Fixed erroneuous ord numbers in functions imported without name
 + readpe can now show imported functions with --imports or -i switch.
 - Fixed two bugs with fake TLS callbacks in petls (thanks to Qualys guys for reporting)
 * MEW packer detection in packid (Rodrigo Rubira <rbranco at qualys.com>)
 * Improved pev tools Makefile (Gabriel Barbosa <gbarbsa at qualys.com>)
 + pesec: find security features in PE files.
 + pedis: disassemble functions and sections (Tiago Zaniquelli <ztiago at gmail.com>).
 + readpe: show PE headers and sections information (most of obsolete pev binary).
 + pepack: detect fake EP (Wagner Barongello <wagner at barongello.com).
 + rva2ofs and ofs2rva: convert from rva to raw file offset and vice-versa.
 + Output in monospaced text and csv in most programs.
 + libpe: xmalloc trick and fixes (Rodrigo Rubira <rbranco at qualys.com>).
 ! Missing valid XML and HTML output formats.
 + Released libpe 1.0 to support our programs.
 * pev now is a collection of binaries and a library to work with PE executables.
 ! Missing documentation
 ! pedis shows arguments of jumps and calls as relative positions.

pev 0.40 - August 7, 2011
 + PE32+ support. Now pev can handle 64-bits executables.
 + Variable data directories support (no more fixed in 16).
 + Added more human-readable fields, like subsystem and section characteristics.
 + Added TLS callback functions detection in every PE section.
 + Added "-r" option to show resource items at first level.
 + ASLR and DEP identification.
 * Improved function to get machine type (thanks to Gabriel Duarte).
 * Date format in COFF header similar to RFC 2822.
 * Compatible with PE/COFF specification v8.2.

pev 0.31 - May 11, 2011
 + Added human-readable machine types in COFF output.
 + Added characteristics flags in COFF output.
 - Fixed warning with Linux 32-bits boxes when compiling.
 - Now pev compiles in OSX without any changes (thanks to Gustavo Roberto).

pev 0.30 - February 20, 2011
 + Added option "-d" to show the DOS header.
 + Added option "-c" to show the COFF header.
 + Added option "-o" to show the Option (PE) header.
 + Added option "-s" to show executable sections.
 + Added option "-a" to show all information.
 * Improved memory use.
 * Now pev shows the Product Version with option "-p".
 
pev 0.22 - January 9, 2011
 + Added manpage.
 * Improved Makefile.
 ! Plans to read more PE informations.
 ! Does not support PE32+ files.

pev 0.2 - December 26, 2011
 * Improved search algorithm.
 - Fixed bug compiling in MS-Windows platform.

pev 0.1 - December 12, 2010
   Initial release.
