Jump to content
Tuts 4 You

pev - a PE analysis toolkit


mentebinaria

Recommended Posts

Posted

Hello guys!

I'd like to share with you an open source project to make PE analysis called pev -- [u]http://pev.sourceforge.net

It's a multiplatform toolkit with some tools to work with PE files. Actually we have the following tools:

* pehash - calculate PE file hashes

* pedis - PE disassembler

* pepack - packer detector

* pescan - search for suspicious things in PE files, including TLS callbacks

* pesec - check security features in PE files

* pestr - search for unicode and ascii strings in PE files

* readpe - show PE file headers, sections and more

* rva2ofs - convert RVA to raw file offsets

* ofs2rva - convert raw file offsets to RVA

The main points are:

- No need for Windows API. We use our own PE library called libpe.

- Tested on Windows, Linux and OS X.

- Support for 32 and 64-bit PE files.

- Written entirely in C, using C99 standard. So, it's multiplatform.

- Fully scriptable. All pev tools uses CLI and produces outputs in clear text and CSV (HTML, XML and JSON in development).

Your ideas, suggestions and comments will be very helpful to improve the existent tools, write new tools etc. I'll really appreciate if you can test it and send me feedbacks.

We also need help with many tasks, including non-programming tasks, so if you have some free time and want to contribute, please let me know.

Thank you!

  • Like 2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...