Qiew - Hex/File format viewer

Portable Executable (PE) file viewer

Designed to be useful for reverse engineering malware.

features:

• highlights strings/calls/mz-pe very useful in malware analysis.
• PE info, able to jump to sections, entry point, overlay, etc.
• disassembler + referenced strings, API calls
• "highlight all" for current text selection.

see wiki for key functions

This program is licensed under GPLv2.

Releases/Binaries

Binaries available for Windows AMD64, built with cx_Freeze

Installation from sources

Install Terminus font, for Windows users download from here. For Debian/Ubuntu users: sudo apt-get install xfonts-terminus

If you have a C compiler run

pip install -r requirements.txt

and install PyQt4.

Otherwise run

pip install yapsy pefile pyperclip pyaes ply pyelftools androguard

and manually install Capstone and PyQt4.

Available plugins

• PE

• bootsector

• ELF

• APK

Binary view mode

Hex view mode

Disassembly view mode

Powered by: Python, Qt4, Terminus font, pefile, Capstone

see wiki