FileAlyzer is a tool to analyze files – the name itself was initially just a typo of FileAnalyzer, but after a few days I decided to keep it. FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources structures (like text, graphics, HTML, media and PE).
Using FileAlyzer is as simple as viewing the regular properties of a file – just right-click the file you want to analyze and choose Open in FileAlyzer.
FileAlyzer 2.x is currently only available in English. Users who need the program in another language can still download Version 1.6
- 22.214.171.124(October 14th, 2011)
- Some bug fixes, e.g. to Compatibility tab.
- 126.96.36.199(April 7th, 2011)
- Support for files > 2 GB
- VirusTotal sample analysis integrated
- Problems on reopening files solved
- Opening an already open file will bring existing window to foreground
- GUI is now Unicode
- Hashes tab allows selection of hashes and has been sped up
- 188.8.131.52 (October 16th, 2008) All tabs ported to the new style of version 2.0 and multiple documents interface.
- 184.108.40.206 (August 6th, 2008) Restored support for files > 4 GB (displayed file size; hex viewers are disabled for now), added UPX header information tab
- 1.5.5 (June 8th, 2007) New hex view, improved Authenticode display, support for more archive types (rar, nsis etc.), Works with Windows Vista.
- 1.4 (December 13th, 2005) New version with included ACL editing and plaintext display, search results cleanup with Del key.
- 1.2 rel 3 (July 8th, 2005) Maintenance release including more translations.
- 1.2 rel 2 (June 2005) Maintenance release including more translations.
- 1.2 (March 4th, 2005) CHM contents listing, PE signature scanning, multiple small fixes.
- 1.1i ADS support, display of file security settings.
- 1.1h (September 25th, 2003) improved resourses display, ID3v2 support, cab support, load speedup.
- 1.1g (September 8th, 2003) small fixes, file extensions specified in external file.
- 1.1f (August 12th, 2003) added window size/position saved, DFM decompression, UPX decompression, ELF (linux binary) analysis, export of resources, syntax highlighting for text preview.
- 1.1e (July 29th, 2003) added colored hex dump, hex dump display of resources, multi-lingual version info display, section panel bar.
- 1.1d (July 5th, 2003) added display of import/export tables and creation of text format reports.
- 1.1c improves translation and adds dynamix hex dump width as well as string recognition.
- 1.1b added Setup menu and new languages
- 1.1 added text table (CSV) and database (dBase) format.
What follows is a list of tabs that are shown in FileAlyzer (depending on the file type you open), with a short description.
- General – The initial information FileAlyzer will show is not much different from what the Windows Properties dialog will show you: file name and location, size, date & times, version and attributes. In addition to those, FileAlyzer will show you both the CRC-32 and the Message Digest 5 checksum of the file, too.
- Version – Another important feature that the Windows Properties dialog shows is also implemented in FileAlyzer: for executable files and system libraries, it shows the Version resources if available.
- Resources – Many executable files have so-called resources – bitmaps, icons and text they use, as well as menus, dialogs and whole windows are usually defined in resources. If you don’t know what the purpose of a file is, having a look at its text (see screenshot) or bitmaps may give you an idea.
- PE Header – PE stands for Portable Executable and is a description for the structure of modern Windows (and other platform) files. Nearly all executables and system libraries follow this structure. FileAlyzer can display an insight into this structure on its PE Header tab, showing everything from the target platform to addresses of specific parts of the file.
- Sections – A modern PE file makes clear differences between code (those bytes representing instructions the program will execute), data, resources and other important parts. The Sections tab in FileAlyzer will display the sections contained in the file you analyze. If you want to see the contents of a specific section, just double-click it and FileAlyzer will jump to the beginning of that section on the Hexdump tab.
- New in 1.1d: Import/Export table – Most windows programs will use Windows libraries for basic functionality. Many libraries also export their own functions. FileAlyzer is able to display names of both imported and exported functions of a PE file.
- Hex dump – Are you a byte junkie and want to look at the file content with a hex editor? FileAlyzer has a fast and easy hex viewer with search capability.
New in 1.1c: dynamic width of hex dump depending on window width, and string recognition listing all strings used in a separate list (linked to hex dump).
- Image preview – If the file is a graphic that is supported by Windows, the graphic can be previewed on an Image preview tab in FileAlyzer.
- Text preview – If the file you open in FileAlyzer is a text file of some sort, you may want to view it’s contents, like the classic QuickView from Windows 9x allowed you to. FileAlyzer can display plain text as well as text in the Rich Text Format (files with the extension .rtf).
- INI contents (new in version 1.1) – Previewing an INI file in the text preview is nice, but for a quick overview, a more structures list may be better. So FileAlyzer will show you the sections in one list, with a second list showing the contents of the currently selected section.
- HTML preview – If you want to have a look at a suspicious HTML file, maybe from you Application Data folder (where C2.lop stores 2 such files) or in your Temporary Internet Files, but you do not want to use Internet Explorer (to avoid active contents of the file to be executed), you can also use FileAlyzer. As it uses its own HTML parser instead of IE for this preview, this is much safer.
- Zip preview – If the file in question is a zip file (it does not necessarily need to have the .zip extension as FileAlyzer will detect if it is one), FileAlyzer will display the contents of the zip file and allow you to extract one or more files from it. This function needs the external library UnzDll.dll, which is installed along with FileAlyzer.
- Database preview (new in version 1.1) – If the file is a comma- or tab-separated text file, FileAlyzer will display its contents in grid form. Old dBase databases (.dbf) will be displayed in two lists: one displaying the structure, one the actual contents (small databases will be read completely into memory, larger database entries will be loaded upon access).
- Media preview – If the file is an audio or video file, a tab Media preview will also allow to play back the file. this media preview is still very basic and shouldn’t be taken too serious.
- ID3 tag – FileAlyzer will display ID3 tags in all v1 versions, including ID3v1, ID3v1.1, Lyrics v3 and Lyrics v3.1 ID3 tags are track information used in MP3 audio files.
- RIFF – RIFF is the structure used in WAV (audio) files as well as in AVI (video) files. FileAlyzer is able to display the properties and tree structure of RIFF files. If you double-click an entry in the tree, FileAlyzer will jump to that address on the Hex dump tab.
Only one small thing left: regardless which tab of FileAlyzer you are viewing, the window will show a Jump button that will open an Explorer window with the file currently opened selected.
If you want to use FileAlyzer as the default file viewer for Spybot-S&D, you can start Spybot-S&D in advanced mode, and use the expert settings to configure it as an external viewer for files.
Btw: FileAlyzer doesn’t need to be configured (all you can do is to install and uninstall it), and shouldn’t conflict with any other software.