English Doc
Penguin is a PE file analysis project developed during learning. Unlike CFF and other PE analysis tools, Penguin's primary goal is to be a "cross-platform," "easy-to-use," and "large-file-targeted" PE analysis tool.
To handle large file parsing, Penguin does not use common PE parsing libraries or Windows' built-in WinAPI. Instead, it implements its own parsing logic. While this logic is not yet fully complete and may encounter errors with uncommon PE files, it addresses memory efficiency differently. Common PE parsers load the entire file into memory, leading to high memory usage when processing multiple files or large binaries—even after releasing memory post-parsing, high peaks persist, demanding robust hardware for servers or concurrent environments. Penguin, however, uses a sequential read-write approach with key information logging: Read DOS header → Convert to structured data → Release DOS header → Read DOS-SUB info → …. Though involving multiple I/O operations, this avoids excessive memory consumption. Combined with Rust's Tokio async runtime, this issue is further mitigated.
Penguin’s logic is intuitive, making it easy to learn via icons and prompts.
• Top Bar: Functions like Open, Save, Tools, and Help.
• File List Area: Select files and manage file locks.
• Dashboard: Displays file details and allows modifying import/export tables.
• Basic Info Area: Shows core file metadata.
As noted in the principles, Penguin minimizes memory usage via sequential I/O and key data logging. To prevent unintended modifications when editing import/export tables, Penguin uses a file lock mechanism. A locked file displays a lock icon next to its name in the file list.
With a lock active, edits made in the dashboard can be saved via File → Save; otherwise, modifications fail. Saving also generates a .bak file (the pre-edit backup) for rollback. Locked files may be unreadable or unmodifiable by other programs—right-click the filename to unlock. Once the icon disappears, the file is accessible. Conversely, right-click to relock.
Note: Penguin may encounter errors when re-reading files modified by other programs post-unlock. Fixes will be added in future updates.
Currently, the CLI is unstable and in early development.
_____ _
| __ \ (_)
| |__) |__ _ __ __ _ _ _ _ _ __
| ___/ _ \ '_ \ / _` | | | | | '_ \
| | | __/ | | | (_| | |_| | | | | |
|_| \___|_| |_|\__, |\__,_|_|_| |_|
__/ |
|___/
Usage: Penguin.exe <FILE_PATH> <COMMAND>
Commands:
serde Serialize PE to TOML or JSON
info Print PE info to console
resource Extract resources from PE
help Show this message or subcommand help
Arguments:
<FILE_PATH> Path to the target PE file
Options:
-h, --help Show help
-V, --version Show version
This section covers future updates. Currently, Penguin supports highlighting dangerous functions—you can customize these via a generated TOML file (accessed through Settings). Add entries to the TOML to define new dangerous functions.
This feature is planned for future updates.