PEKS

Current release is 1.13c (19991013) and you can get it here and here is the signature.

What's this?

Some people really love debugging applications.
Unfortunately sometimes you have to debug binary code, since you cannot find your original source code (remember: reverse engineering other people's code is not very polite).

Well, you get the work done with your tools but there's a problem: you have just patched the binary file, but now it needs a new checksum.
For ordinary PE files, this is not required, but NT family operating systems need that every kernel mode executable (like drivers) have its checksum verified, or they will stop with a blue dump.

Here comes PEKS.

From a command prompt, start it with peks filename and it will give you the checksum of the file, and the one got from the PE header structure.

If you need to change it, just start peks filename new_checksum and it will set the new checksum into the PE structure. Remember to use the exadecimal format for the new checksum. Remember you have to check it another time to view the change!

Examples:

peks c:\winnt\notepad.exe (shows current notepad.exe status)
peks c:\winnt\system32\drivers\afd.sys 12abc34 (sets the checksum to 0x12abc34)
for %f in (*.bin) do peks %f 0 (sets to 0 the checksum of *.bin files in current dir)

Attention!
DO NOT change the checksum of a device driver if you don't know exactly what you're doing. This may render your system unbootable!

This tool is FREE software. You should not pay for it

This tool is provided as is, without any kind of implicit or explicit warranty. You can distribute and must obtain it for free. If you publish it on your site, don't forget a link to this page.

If you find it useful, you're encouraged to donate a little money with paypal. Sending 1 to 5 Euro will help in developing this and other tools. If you don't donate, you can still use the program without limitations and get assistance by the forum

www.gorlani.com and all of its contents are (c) by Marcello Gorlani