pev – the PE analysis toolkit

pev is a multiplatform PE analysis toolkit that includes tools to retrieve and parsing information about Windows PE files.

Features :
– supports PE32 and PE32+ (64-bits) files
– written in pure C, compatible with ISO C99
– implements PE handling functions from scratch, so we don’t need Windows API

core (all pev tools)
– text and csv output, making pev tools highly scriptable

– parse all PE file headers
– show information about PE sections
– show data directories
– list imported functions

– detecs MEW packer onlypacker detection

– disassembly entire functions
– disassembly entire sections
– supports Intel and AT&T syntax

– alert zero sized sections
– alert sections with non-printable characters in name
– alert PE with no sections
– find TLS callbacks functions and fake TLS
– detect fake entrypoint (out of code section)
– detect DOS stub modification

– detect presence of ASLR and DEP/NX bits
– detect SEH capable binary
– detect stack cookies / canary for MVS 2010 (experimental)

rva2ofs and ofs2rva
– converts from RVA to raw file offset and vice-versa

 Download In here | Read more Right Here