pev is a multiplatform toolkit to work with PE (Portable Executable) binaries. Its main goal is to provide feature-rich tools for proper analyze binaries, specially the suspicious ones.
Go to https://github.com/merces/pev for most up to date code!
- Based on own PE library, called libpe
- Support for PE32 and PE32+ (64-bit) files
- Formatted output in text and CSV (other formats in development)
- pesec: check security features in PE files, extract certificates and more
- readpe: parse PE headers, sections, imports and exports
- pescan: detect TLS callback functions, DOS stub modification, suspicious sections and more
- pedis: disassembly a PE file section or function with support for Intel and AT&T syntax
- Include tools to convert RVA from file offset and vice-versa
- pehash: calculate PE file hashes
- pepack: detect if an executable is packed or not
- pestr: search for hardcoded Unicode and ASCII strings simultaneously in PE files
- peres: show and extract PE file resources