LibPE - Open Source Executable Editing

[AngraMainyu]

LibPE is a managed library for reverse engineering and interoperating with Windows executables. Currently, LibPE supports reading virtually all of the structures within .exe files and will, at the full release, support modification, signature detection and memory editing, making it well-suited for standalone trainers and the like.

[MentaL]

[jMerliN]

The interesting stuff happens at run time within the Ldr and undocumented windows structures (for instance, what if the game stores something in TLS, are you really going to search for TIB blocks and guess which one belongs to the proper thread?) as well as heaps managed both by Ntdll and cstdlib (etc). I don't know how much use modifying an exe or searching/modifying memory is going to be. Unless you're talking about a disassembler and an analyzer that supports inserting/removing code and other such features, and that's one hell of a project, properly analyzing jumps done with very simple register manipulation is something no disassembler on the market can do properly, for instance.

[bloodyuki]

The interesting stuff happens at run time within the Ldr and undocumented windows structures (for instance, what if the game stores something in TLS, are you really going to search for TIB blocks and guess which one belongs to the proper thread?) as well as heaps managed both by Ntdll and cstdlib (etc). I don't know how much use modifying an exe or searching/modifying memory is going to be. Unless you're talking about a disassembler and an analyzer that supports inserting/removing code and other such features, and that's one hell of a project, properly analyzing jumps done with very simple register manipulation is something no disassembler on the market can do properly, for instance.

That's a really good point here. I doubt that he will go that far. As it seems so far it's a helper library for SIMPLE modifications and not a full blown disassembler.