home      products      solutions     news     downloads     order     support     about us

 Deutsch  

For your convenience, a list of frequently asked questions is provided below. Please be sure to review this list, as it is very possible that your question has already been answered here. If the solution you seek is not here, please feel free to contact our easy going Technical Support.

Also note that another important source of information is the extensive Help system that has been provided with PE Explorer. The Help system is well-organized and very easy to use. Moreover, by taking a few moments to review the help, you will better familiarize yourself with the program and learn more about all the features available.

General

• PE Explorer fails if I use it to examine itself. Is this intentional?
• Is this a developer tool, or is this something a general computer user would use?
• What is the difference between the trial version and the full version?
• It claims to be an editor, yet doesn't let me edit the program code. Why?
• How can I change something in an EXE or DLL file?
• I couldn't even open a single dll file. All that popped up when I opened it was a whole bunch of numbers.
• What is a PE file... Am I likely to have one on my PC? And if so would I want to explore it?

File Open

• I got an immediate error of something like "This file is likely damaged, packed or compressed". What can I do?
• When I try to put my DLL back I get the following error: Can't create new image file, the original file has been probably packed. Any hints?
• What are packers?
• I got an immediate error of something like "Incompatible" and "of type NE". What is a "NE" type file?
• Will the PE Explorer work with NE and other 16-bit files?
• If PE Explorer doesn't work on NE type files, do you have a product that does?
• PE Explorer doesn't work with .Net files, why?
• PE Explorer says it has some internal error and hence opening in SAFE MODE. Why?

File Save

• Why the original file size is increased after a simple "Save as..." operation?

Resource Editor

• How can I get started editing PE file resources?
• How do I export all resources, edit them and import them back?
• It seems to only handle regular Win32 resources. Do you have a version that handles .NET resources in managed assemblies?
• How can I edit resources from the command line?
• I need a command-line tool to change the Icon in an exe file. Do you have that?

Export Viewer

• How do I get parameters on function exports?

Disassembler

• What is a disassembler?
• Is true decompilation possible?
• It spits the results out in assembly format, which I don't understand at all. Do you have other products/plug-ins that can spit it out in English?
• I have just run the disasembler on an exe file and want to change some code in it. But how do I put it back into an aplication format like it was?
• Why couldn't be the disassembler slightly more usable (a list of API functions etc)?
• What are the benefits of the disassembler if all it gives you just an unreadable assembly format?

Plug-ins

• How can I write my own custom plug-in for PE Explorer?

Q: PE Explorer fails if I use it to examine itself. Is this intentional?

Yes. It was our intent.

Q: Is this a developer tool, or is this something a general computer user would use?

Everyone can benefit from this software. Being an affordable developer tool, PE Explorer makes every person who is interested in looking inside of Windows programs a potential buyer. The program is an easy-to-use tool for all users, but some functions require advanced programming knowledge to comprehend. Using PE Explorer assumes some basic knowledge of the internal structures of PE files.

See also: Reviews and User testimonials.

Q: What is the difference between the trial version and the full version?

Your evaluation copy of PE Explorer is almost a full-featured release. This means that the same capabilities available in the registered software are present in the non-registered software. This allows you to try out all the basic features in PE Explorer to confirm that they work to your satisfaction.

Some minor functions are disabled until PE Explorer is registered: the "Save all resources at once", "Remove relocations", "Remove debug information", and "Save disassembly" menu commands do not work in trial mode. It is also limited to the number of days you can use the software. Register to remove these limitations.

See also: How to Order

Q: It claims to be an editor, yet doesn't let me edit the program code. Why?

PE Explorer is not a binary editor. PE Explorer edits the internal structure of PE files, including resources. If you want to edit the program code, you need a hex editor, such as Flex HEX editor. But you will not be able to modify the actual code in any way.

Q: How can I change something in an EXE or DLL file?

EXE and DLL files are not plain ASCII files that you can easily edit. You cannot simply open up an .EXE like a text file and start editing. Opening an EXE file is equivalent to opening the television box to look at the circuitry inside, instead of using your remote to change the channels.

DLLs are a part of the program that runs on it. It is not intended to be editable by users. If you want to change something in an EXE or DLL file, you may be able to do this by changing its resources with Resource Editor. This way, you can change the interface of the program in that EXE file and make a change to icons, images, or text. You may also want to translate a program to your native language.

If you want to edit a compiled EXE or DLL file, you can also use a hex editor, such as Flex HEX editor to change tiny parts of an EXE or DLL. But you should have basic knowledge and skills in hex editing binaries.

Q: I couldn't even open a single dll file. All that popped up when I opened it was a whole bunch of numbers.

That's what dll's are all about. If you expect to see a comics inside, forget it. PE Explorer provides the most useful representation of the data. What you do need is a good understanding of programming functions, and at a minimum the ability to read and understand those numbers.

Q: What is a PE file... I heard of them but thought my OS couldn't run them? Am I likely to have one on my PC? And if so would I want to explore it?

"PE" in this context stands for "Portable Executable", the file format used by EXEs, DLLs, ActiveX controls, and other executable files on 32-bit Windows. The term "Portable Executable" was chosen because the intent was to have a common file format for all flavors of Windows, on all supported CPUs.

A PE file is a 32-bit executable developed by Microsoft for NT (and W9x) platform. The other notable executable types that run on MS platforms are "MZ" (DOS), "NE" and "LE" - but those 16-bit formats are obsolete (but they will still run). Open an exe file in a hex editor and the first two values in the file will be 'MZ' - yes the DOS header is still there. Scan down 128 bytes and you should find the values 'PE' - this is where the PE format takes over.

For greater detail download PE Explorer and consult the extensive Help system that has been provided with PE Explorer. The Help system is well-organized and very easy to use. Moreover, by taking a few moments to review the help, you will better familiarize yourself with the program and learn more about all the features available.

Not all PE files have the 'exe' extension. Other notable PE files have the extensions "dll", "scr", "sys", "cpl" and "ocx", and even "msstyles" featured in Windows XP. Also note that not all PE files will run on their own - dll's for example. PE files that run on their own include exe, scr and cpl.

More detailed information can be found in the Microsoft Developer Journal article, February 2002: An In-Depth Look into the Win32 Portable Executable File Format by Matt Pietrek.

Let us know if you have any questions

See also: How to Order     Download A 30 Day Trial Version

Q: I got an immediate error of something like "This file is likely damaged, packed or compressed". What can I do?

Nothing. This is not viewed as a bug. We are not going to defeat the security attempts of other software authors. PE Explorer unpacks only files compressed with UPX and Upack using the Plug-In subsystem.

Q: When I try to put my DLL back I get the following error: Can't create new image file, the original file has been probably packed. Any hints?

Please be advised that your dll might be really packed! Our software unpacks only files compressed with UPX and Upack. So if your dll was packed by any other third party packer, you have to unpack it before modifying. Otherwise the chances are you can't create a new image file.

Q: What are packers?

Packers are utilities that compress Windows portable executables (EXE, DLL, etc) significantly while leaving them 100% functional. They alter executables to include a decryptor routine that is first executed. The result is a smaller executable overall with one extra section inside, and that section is executed on startup to decompress, and the executable runs as normal. Most of packers encrypt data and resources and protect exe files from reverse engineering.

Q: I got an immediate error of something like "Incompatible" and "of type NE". What is a "NE" type file?

PE Explorer works with PE files only. A NE (or "New Executable") file is a 16-bit application intended to run on Windows® 3.xx.

Q: Will the PE Explorer work with NE and other 16-bit files?

No. The NE format is obsolete.

Q: If PE Explorer doesn't work on NE type files, do you have a product that does?

No. At any rate, knowledge of 16-bit format makes less sense especially since the 64 bit processors have hit the market.

Q: PE Explorer doesn't work with .Net files, why?

PE Explorer (at least, the current version) does not support for .Net assemblies. It is designed to work with pure win32 unmanaged PE files.

Q: Your tool says it has some internal error and hence opening in SAFE MODE. Why?

If opening a file produces an error, PE Explorer opens that file in Safe mode. While in Safe mode, the data that caused the error can not be operated on. This does not guarantee that the excluded file data is error free, but in many cases allows you to work with damaged files (e.g. compressed files). For example, if the Import section follows the Resource section, you normally cannot open such a file in a binary analyzer. PE Explorer provides a solution by enabling you to to work with damaged/packed/crypted files and examine the inner workings of applications and dll's.

Q: If I open an executable with PE Explorer and then go to SaveAs and save the executable under a different name WITHOUT making ANY changes to it, and then I compare the two files with a hex editor, there are MANY changes to the file. Why are there changes even though I didn't make any?

PE Explorer provides two functions that are automatically performed when opening a file: unpacking files compressed with UPX using the Plug-In subsystem, and error checking.

If your target file was packed with UPX or Upack, it was unpacked automatically and saved unpacked. PE Explorer does not re-pack the previously packed files. That is why the original file size is increased. Check out the logfile for details.

The next thing PE Explorer does is re-compiling the file resources according to the MS PE file specification. That may also be the reason why the original file size is changed after a simple "Save as..." operation.

If you don't want any changes to be made, just do not save.

Q: How can I get started editing PE file resources?

This page: Resource Tuner Tutorials covers some of the most popular features of the Resource Editor. Find out how Resource Tuner can help you have a personal touch on your favorite applications.

Q: How do I export all resources, edit them and import them back?

The current version of the Resource Editor has no import feature. We recognize the potential value of this feature, but this will be available only in version 2.

Q: It seems to only handle regular Win32 resources. Do you have a version that handles .NET resources in managed assemblies?

No. Or not yet.

Q: How can I edit resources from the command line?

Resource Tuner Console, a command line batch processing version of the resource editor is available for download.    More on RT Console...

Q: I need a command-line tool to change the Icon in an exe file. Do you have that?

Yes, we have Resource Tuner Console. Since there may be more than one icon in an exe file, the tool supports Icon resource files (files with a .ICO extension) that contain one or more images which may be at different pixel sizes and/or color depths. If an .ico file contains more than one image, the whole icon set will be added or changed (depending on the EditMode and ChangeMode settings) at once. RTC accepts input from a script file. Sample scripts can be found within the Resource Tuner Console package.

Q: How do I get parameters on function exports? I have the function name, but that is near useless unless I can figure out the parameters.

If you don't have the source code and API documentation, the machine code is all there is. PE Explorer provides a Disassembler. There is only one way to figure out the parameters: run the disassembler and read the disassembly output. This task of reverse engineering the interface cannot be automated, sorry.

PE Explorer comes bundled with descriptions for 39 various libraries, including the core Windows operating system libraries (eg. KERNEL32, GDI32, USER32, SHELL32, WSOCK32), key graphics libraries (DDRAW, OPENGL32) and more. But PE Explorer is unable to provide description sets for all libraries or functions ever written by humankind.

Q: What is a disassembler?

A disassembler is a computer program which translates machine language into assembly language, performing the inverse operation to that of an assembler. A dissasembler differs from a decompiler, which targets a high level language rather than assembly language. Disassembly, the output of a disassembler, is often formatted for human-readability rather than suitability for input to an assembler, making it principly a reverse-engineering tool. Though this may not do you any good unless you know assembler already.

Q: Is true decompilation possible?

No, of course not. Fully automated decompilation is not possible - no decompiler could exactly reproduce the original source code.

Well, we hate to burst your illusions but PE Explorer does not decompile code. It disassembles code, which is the task of converting machine code into assembler, but it does not generate C or C++ code from the disassembled output. Which is a task of great difficulty.

Q: It spits the results out in assembly format, which I don't understand at all. Do you have other products/plug-ins that can spit it out in English?

Obviously, source language syntax no longer exists in the executable, much information is lost when a program is compiled. The names of functions, variables, comments and labels in the code will all be lost after compilation. It would be very difficult for a decompiler to interpret the series of machine language instructions (ASM) that exist in an executable file and decide what the original source instruction was.

Q: I have just run the disasembler on an exe file and want to change some code in it. But how do I put it back into an aplication format like it was?

Results generated by the PE Explorer disassembler are for comparison purposes only. The generated output cannot be recompiled as is and has not been optimized for memory and processor usage.

If you want to edit a compiled EXE or DLL file, you need a hex editor, such as Flex HEX editor to change tiny parts of an EXE or DLL.

Q: Why couldn't be the disassembler slightly more usable (a list of API functions etc)?

It will be - in future versions. The "what-to-do" list is mile long and seems to be endless.

Q: What are the benefits of the disassembler if all it gives you just an unreadable assembly format?

The disassembly listing uses Intel mnemonics. A familiarity with Intel mnemonics helps with reading the listings. A solid grasp of the PE file format also helps. A description of the format can be found in the PE Explorer help. PE Explorer unfolds each header, section and table found in the current pe file to reveal the values stored inside those structures.

The PE Explorer disassembler provides addititional processing for the section header data of a PE file. The disassembler translates the binary machine language digits that form the PE file into assembly language instructions and displays the results as a best approximation of how the original instructions might have appeared to the person who wrote them. The interpretation introduces imprecision just as a letter written in English then translated into Chinese and then translated back into English might contain errors.

The PE Explorer disassembler handles common variants by default and can be set to handle uncommon variants as well. The benefit of having the disassembly listing is proportional to one's grasp of assembly language.

A description of Intel mnemonics, cpu architectures and assembly language in general can be found elsewhere: www.intel.com

Q: How can I write my own custom plug-in for PE Explorer?

See the PE Explorer help for the plug-in API.   More on plug-ins...

For maximum editing and inspecting power, purchase a PE Explorer Personal license now for $129. A Business license is available for $229.95. When you utilize all the different tools PE Explorer integrates, you will agree that this is definitely an awesome price. PE Explorer is a bargain with its many features! It will save you hours of time and it’s easy to use!

Download a 30 day trial version of PE Explorer     How to Order