v2.0 GUI

README.md

@@ -1,101 +1,81 @@
-# 🔍 EXE File Analyzer
+# EXE File Analyzer
 
 [![GitHub](https://img.shields.io/badge/GitHub-piplarsson-blue)](https://github.com/piplarsson)
-[![Version](https://img.shields.io/badge/Version-1.0.0-green)]()
-[![Python](https://img.shields.io/badge/Python-3.6+-yellow)](https://www.python.org/)
+[![Version](https://img.shields.io/badge/Version-2.0.0-green)]()
+[![Python](https://img.shields.io/badge/Python-3.8+-yellow)](https://www.python.org/)
 [![Platform](https://img.shields.io/badge/Platform-Windows-blue)]()
 [![License](https://img.shields.io/badge/License-MIT-red)](LICENSE)
 
-A powerful Python tool for analyzing Windows executable files (.exe) to detect programming languages, compilers, and extract detailed metadata.
+A Python GUI tool for static analysis of Windows PE files. Extracts metadata, detects compilers and packers, and displays extracted strings from the target executable.
 
-## ✨ Features
+## Features
 
-- **Language & Compiler Detection**: Identifies C++, C#/.NET, Python, Go, Rust, Delphi, and more
-- **Hash Calculation**: MD5, SHA1, and SHA256 checksums
-- **Section Analysis**: Entropy calculation and characteristic analysis
-- **Packer Detection**: Identifies UPX, ASPack, Themida, and other packers/protectors
-- **Import/Export Analysis**: Lists all imported DLLs and exported functions
-- **Resource Extraction**: Analyzes embedded resources (icons, versions, manifests, etc.)
-- **String Extraction**: Finds URLs, file paths, registry keys, and interesting keywords
-- **Anomaly Detection**: Identifies suspicious characteristics
-- **Digital Signature Check**: Verifies if the file is digitally signed
+- **Language & Compiler Detection** — Identifies Visual C++, C#/.NET, Python, Go, Rust, Delphi, MinGW/GCC, AutoIt, Java, Electron, and Qt, with version specifics where determinable
+- **Hash Calculation** — MD5, SHA1, and SHA256 checksums
+- **Section Analysis** — Per-section entropy, raw/virtual sizes, flags, and MD5; high-entropy sections are highlighted
+- **Packer & Protector Detection** — Signature-based detection of UPX, ASPack, Themida, VMProtect, and others
+- **Import Analysis** — Lists all imported DLLs and their functions; click a DLL to inspect its imports
+- **Export Analysis** — Full list of exported function names
+- **Resource Extraction** — Embedded resource types with item counts and total sizes
+- **String Extraction** — All ASCII and UTF-16 strings extracted and categorised (URLs, paths, registry keys, emails, keywords); filterable by text and category
+- **Anomaly Detection** — Flags suspicious PE properties such as zeroed timestamps, unusual section names, and entry points outside `.text`
+- **Digital Signature Check** — Indicates whether the file carries an Authenticode signature
 
-## 📋 Requirements
+## Requirements
 
-- Python 3.6 or higher
-- Windows OS (for analyzing Windows executables)
+- Python 3.8 or higher
+- `pefile` (see `requirements.txt`)
+- `tkinter` (included with the standard Python Windows installer)
 
-## 🚀 Installation
+## Installation
 
-1. Clone the repository:
 ```bash
 git clone https://github.com/piplarsson/exe-file-analyzer.git
 cd exe-file-analyzer
-```
-
-2. Install dependencies:
-```bash
 pip install -r requirements.txt
 ```
 
-## 💻 Usage
+## Usage
 
-### Command Line
-```bash
-python exe_analyzer.py path/to/your/file.exe
-```
+Launch the GUI:
 
-### Interactive Mode
 ```bash
 python exe_analyzer.py
-# Then enter the path when prompted
 ```
 
-## 📊 Example Output
+Optionally pass a file path as an argument to pre-populate the path field:
 
-The analyzer provides detailed information in a formatted console output:
-
-- Basic file information (size, hashes, compile time)
-- Detected programming language/compiler
-- PE sections with entropy analysis
-- Imported DLLs and functions
-- Embedded resources
-- Extracted strings (URLs, paths, registry keys)
-- Potential anomalies
-
-## 🔧 Supported Languages/Compilers
+```bash
+python exe_analyzer.py C:\path\to\target.exe
+```
 
-- **Visual C++** (all versions from 6.0 to 2022)
-- **C#/.NET Framework** (all versions)
-- **Python** (PyInstaller, py2exe)
-- **Go**
-- **Rust**
-- **Delphi/Borland**
-- **MinGW/GCC**
-- **AutoIt**
-- **Java/JAR**
-- **Electron/Node.js**
-- **Qt Framework**
+Use the **Browse** button or type the path directly, then click **Analyze**. Results appear across the tabbed interface once analysis completes.
 
-## 📦 Download Pre-built Binary
+## Interface
 
-If you don't want to install Python, you can download the standalone .exe version from the [Releases](https://github.com/piplarsson/exe-file-analyzer/releases) page.
+| Tab | Contents |
+|---|---|
+| Overview | File metadata, hashes, compile timestamp, architecture, language/compiler, packer detection, version resource, digital signature |
+| Strings | All extracted strings with category filter and text search |
+| Imports | DLL list with per-DLL function view |
+| Exports | Exported function names |
+| Sections | PE section details with entropy highlighting |
+| Resources | Embedded resource types, counts, and sizes |
+| Anomalies | Suspicious PE characteristics |
 
-## 🤝 Contributing
+## Supported Compilers / Runtimes
 
-Contributions are welcome! Feel free to:
-- Report bugs
-- Suggest new features
-- Submit pull requests
+Visual C++ (6.0 – 2022), C#/.NET Framework, Python (PyInstaller, py2exe), Go, Rust, Delphi/Borland, MinGW/GCC, AutoIt, NSIS, Java/JAR, Electron/Node.js, Qt Framework
 
-## 📝 License
+## License
 
-This project is open source. Feel free to use and modify as needed.
+MIT — see [LICENSE](LICENSE) for details.
 
-## 👨‍💻 Author
+## Author
 
 Created by **Piplarsson**
+Modified by **SparksSkywere**
 
 ---
 
-**Note**: This tool is for educational and analysis purposes. Always respect software licenses and copyrights when analyzing executable files.
+This tool is intended for educational and research purposes. Always ensure you have appropriate authorisation before analysing third-party software.