petools
petools copied to clipboard
PE Tools - Portable executable (PE) manipulation toolkit
PE Tools - portable executable (PE) manipulation toolkit.
Table of contents
- Description
-
Features
- PE Editor
- File Location Calculator
- PE Files Comparator
- Process Viewer and Manager
- PE Dumper
- PE Rebuilder
- PE Sniffer
- System Requirements
- Limitations
- To do
- What's new
- Creators
- Contacts
Description
PE Tools lets you actively research PE files and processes.
Process Viewer
and PE filesEditor
,Dumper
,Rebuilder
,Comparator
,Analyzer
are included. PE Tools is an oldschool reverse engineering tool with a long history since2002
. PE Tools was initially inspired by LordPE (yoda).
Features
PE Editor
- PE and DOS Headers Editor
- PE Sections Editor
- PE Directory Viewer and Editor
- Export Directory Editor
- Import Directory Editor
- Resource Directory Viewer
- Exception Directory Viewer
- Relocation Directory Viewer
- Debug Directory Viewer
- TLS Directory Editor
- Load Config Directory Editor
- Bound Directory Editor
File Location Calculator (FLC)
- Virtual Address
- Relative Virtual Address
- Raw File Offset
PE Files Comparator
- Side-by-side comparison of headers and characteristics of two PE files
Process Viewer and Manager
- Show basic process information
- Show process modules
PE Dumper
- Running process dumper
- Full Dump
- Partial Dump
- Region Dump
- ~~Dumper Server (accessible via Dumper Server SDK)~~
PE Rebuilder
- Dump Fixer
- Relocation Wiper
- Resource Directory Rebuilder
- PE file Validation
- Imports Binder
- ImageBase Changer
PE Sniffer
- Signature analysis of PE files
- Packer detection
HEX Editor
- HEX Editor available in:
-
Section Editor
via section context menu - Every
Data Directory
inDirectory Editor
-
Plugins
- ~~PE Tools
Plugin SDK
available~~
What's new in recent major releases
PE Tools v1.9
Complete PE Tools v1.9 announces:
Entropy View
- Entropy Viewer available in:
- Main
PE Editor
dialog -
Section Editor
via section context menu -
File Compare
dialog for both compared files
- Main
64-bit Disassembler
-
diStorm
v3.3.4
- Shows
jmp / call
direction
Load Config Directory Editor
-
IMAGE_LOAD_CONFIG_DIRECTORY
support - Additional Load Config Directory values and size support (non-standard sizes)
High-DPI display modes support
- 192 DPI supported
-
DPI
modes supported and tested:96
,120
,144
,192
- Graphics redrawn:
- Main Application Icon
- Logo
- Toolbar icons
Bug-fixes and minor changes
See HISTORY
System Requirements
- Latest tested Operating System: Windows 10
- Supported Windows versions: Windows 10, Windows 8.1, Windows 8, Windows 7
- Minimal Operating System: Windows XP
- Administrative rights for
SeDebugPrivilege
- macOS supported via Wine (tested Wine 3.4, 3.0, 2.16)
- ReactOS natively supported (tested ReactOS 0.4.7)
Limitations
- No large files support (over 4 GB)
- No ARM disassembler support (ARM architecture supported by Windows 10 Mobile, Windows RT, Windows Phone, Windows IoT Core, Windows Embedded Compact)
Source code
throw std::exception(“PE Tools source code is not available”);
- If you want to add some features, write ready-to-use snippet (C/C++) and post it in Issues
To do
- [ ]
Win64
version - [ ] File
Overlay
Analyzer and Extractor - [ ]
Authenticode
Viewer - [x]
Rich
Signature Editor - [ ]
Relocations
Checker - [ ] Enhance
Debug
Directory Remover: remove debug section if empty - [ ] Corkami binaries testing and support
- [ ]
.NET Directory
Viewer - [ ]
External Tools
support (preliminary list):- [ ] x64dbg
- [ ] Scylla Imports Reconstruction
- [ ] Hiew
- [ ] r2
- [ ] Resource Hacker
- [ ]
Structures Export
to readable formats likeJSON
/YAML
- [ ]
Crypto
tools (hash
,decryption
/decryption
) - [ ]
ARM
disassembler (far-far-away)
Distribution
File | Description | Lang |
---|---|---|
PETools.exe |
main PE Tools executable | |
HEdit.dll |
Hex-editor | |
RebPE.dll |
PE Rebuilder | |
Signs.txt |
PEiD signatures for PE Sniffer | |
ReadMe_EN.md |
ReadMe | EN |
WhatsNew_EN.md |
What's New | EN |
WhatsNew_RU.md |
What's New | RU |
petools.sha1 |
Checksums SHA-1 |
DOWNLOAD
Licensing
See LICENSE
Creators
PE Tools
- NEOx [uinC] - versions up to
1.5
, 2002-2006 -
Jupiter - versions from
1.5
, 2007-2018 - PainteR - versions from
1.8
, 2017-2018 -
EvilsInterrupt aka NtVisigoth - versions from
1.5
, 2012-2014
Additional modules
- yoda (author of LordPE): original HEdit32 component
Contacts
Feel free to contact via Twitter @petoolse.