Packet Edit Studio was designed to combine user-friendly and familiar windows design with powerful data analysis and editing tools. Like any good tool, there is a lot of easy stuff you can do with it out of the box, however along the same lines there are many more powerful features included that take time and skill to master.
Packet Edit Studio consists of two main parts: an executable (the GUI) and a DLL (the target application interface). PEStudio works by injecting the dll into a target process of your choice. The dll then reports information back to the exe as well as performing any data minipulations that the PEStudio application requests (applying scripts).
The two communicate with each other via two shared memory regions. One passes commands to the dll and one passes captured packets back to the PEStudio application.
The Packet Editor Dialog functionality of Packet Edit Studio is achieved by the dll duplicating the socket for the PEStudio application. This way packets never get passed to the dll, only to the PEStudio application.
The scripting system is implimented by passing a list of scripts to apply to a packet stream to the dll. For each WSock call the dll applies each member of the script list to the data passed as an argument in the function call. After all scripts have been run the data is passed to the PEStudio application.
If the operation is on incoming data then the data is edited after the original WSock API function has been called. If the operation is on outgoing data it is edited before the original API is called.