Tool for analyzing PE files on the Windows platform. This application is currently in beta and aims to provide insights into executable files, helping users understand their structure and behavior. Additional features will be added in future updates as the project evolves. Feedback from early users will be invaluable for improving the application and adding new functionalities.

Features

Below are the current features of Driver Sentinel, organized by PE analysis sections:

General PE Section

Displays basic metadata about the driver, such as file path, size, creation/modification timestamps, and version information. Provides a quick overview of the file.

Certificate

Shows information about the driver’s digital signature, including signer, issuer, and validity period. Helps verify authenticity and integrity of the driver.

Imports

Lists all imported functions and DLL dependencies, helping to trace external API calls and understand functionality.
Additionally, it provides detailed information about the specific functions used by the PE, allowing deeper analysis of its behavior and capabilities.

Strings

Extracts and displays ASCII and Unicode strings embedded in the driver. Useful for identifying paths, messages, or indicators of suspicious behavior.

DOS Header

Displays the MS-DOS header at the beginning of the file, which contains legacy structure information and alignment details.

Optional Header

Shows fields from the optional header, including entry point, image base, subsystem type, and memory alignment. Critical for understanding execution context.

Assembly

Enables low-level inspection of machine code directly from the driver. Allows analysis of instructions and behavior of the binary.

Rich Header

Decodes and presents the hidden “Rich Header,” inserted by the compiler toolchain, revealing information about the build environment.

Debug Info

Parses debug-related data directories, which can contain symbol tables and debugging information useful for reverse engineering.

Exception

Analyzes exception handling structures defined in the PE file, helping to understand how runtime errors are managed.

Relocation

Lists relocation entries used during driver loading to fix addresses. Important for analyzing how the binary adapts to memory layout.

Resources

Displays embedded resources, such as icons, version information, and other non-executable data. Useful for identifying branding and metadata.

File Header

Shows the COFF file header information including machine type, number of sections, characteristics, and timestamp. Essential for understanding the PE file layout.

Note: The Imports and Strings sections can be exported to various formats such as TXT, PDF, CSV, and JSON.