Called PE Tree, BlackBerry said the free tool was originally created for internal use but it has now been published by the company as an external tool for reverse engineers to have in their arsenals. PE Tree helps reverse engineers to view Portable Executable (PE) files in a tree view using pefile and PyQt5, according to BlackBerrry, thus lowering the bar for dumping and memory reconstruction.
“The device also integrates with Hex-Rays’ IDA Pro decompiler to enable easy navigation of PE structures, as well as in-memory dumping of PE files and import reconstruction; critical in the battle to recognize and stop different strains of malware,” explained BlackBerry. “The threat landscape for cybersecurity continues to evolve and cyber attacks are becoming more sophisticated with the potential to cause greater harm,” said Eric Milam, vice president of research operations, BlackBerry. “As cyber criminals up their game, the cybersecurity community needs new tools in their arsenal to defend and protect organizations and individuals. We’ve created this solution to help the cybersecurity community in this fight, where there are now more than 1 billion pieces of malware with that number continuing to grow by more than 100 million pieces each year.” Crafted in Python, PE Tree supports Windows , Linux, and macOS systems, and can either be installed and run as a standalone application or as an IDAPython plugin. “PE Tree is still under active development, so expect to see new features sometimes,” Tom Bonner, BlackBerry’s Distinguished Risk Researcher, noted in a blog post. “The next major release will focus on supporting rekalling, providing the ability to view and dump processes either from a memory dump or live machine.”