pev – the PE analysis toolkit

pev is a multiplatform PE analysis toolkit that includes tools to retrieve and parsing information about Windows PE files.


Features :
libpe
– supports PE32 and PE32+ (64-bits) files
– written in pure C, compatible with ISO C99
– implements PE handling functions from scratch, so we don’t need Windows API

core (all pev tools)
– text and csv output, making pev tools highly scriptable

readpe
– parse all PE file headers
– show information about PE sections
– show data directories
– list imported functions

pepack
– detecs MEW packer onlypacker detection

pedis
– disassembly entire functions
– disassembly entire sections
– supports Intel and AT&T syntax

pescan
– alert zero sized sections
– alert sections with non-printable characters in name
– alert PE with no sections
– find TLS callbacks functions and fake TLS
– detect fake entrypoint (out of code section)
– detect DOS stub modification

pesec
– detect presence of ASLR and DEP/NX bits
– detect SEH capable binary
– detect stack cookies / canary for MVS 2010 (experimental)

rva2ofs and ofs2rva
– converts from RVA to raw file offset and vice-versa

 Download In here | Read more Right Here

Advertisements