PE Tools - portable executable (PE) manipulation toolkit.
PE Tools lets you actively research PE files and processes.
Process Viewerand PE filesEditor,Dumper,Rebuilder,Comparator,Analyzerare included. PE Tools is an oldschool reverse engineering tool with a long history since2002. PE Tools was initially inspired by LordPE (yoda).
- PE and DOS Headers Editor
- PE Sections Editor
- PE Directory Viewer and Editor
- Export Directory Editor
- Import Directory Editor
- Resource Directory Viewer
- Exception Directory Viewer
- Relocation Directory Viewer
- Debug Directory Viewer
- TLS Directory Editor
- Load Config Directory Editor
- Bound Directory Editor
- Virtual Address
- Relative Virtual Address
- Raw File Offset
- Side-by-side comparison of headers and characteristics of two PE files
- Show basic process information
- Show process modules
- Running process dumper
- Full Dump
- Partial Dump
- Region Dump
Dumper Server (accessible via Dumper Server SDK)
- Dump Fixer
- Relocation Wiper
- Resource Directory Rebuilder
- PE file Validation
- Imports Binder
- ImageBase Changer
- Signature analysis of PE files
- Packer detection
- HEX Editor available in:
Section Editorvia section context menu- Every
Data DirectoryinDirectory Editor
PE ToolsPlugin SDKavailable
Complete PE Tools v1.9 announces:
- Entropy Viewer available in:
- Main
PE Editordialog Section Editorvia section context menuFile Comparedialog for both compared files
- Main
- diStorm
v3.3.4 - Shows
jmp / calldirection
IMAGE_LOAD_CONFIG_DIRECTORYsupport- Additional Load Config Directory values and size support (non-standard sizes)
- 192 DPI supported
DPImodes supported and tested:96,120,144,192- Graphics redrawn:
- Main Application Icon
- Logo
- Toolbar icons
See HISTORY
- Latest tested Operating System: Windows 10
- Supported Windows versions: Windows 10, Windows 8.1, Windows 8, Windows 7
- Minimal Operating System: Windows XP
- Administrative rights for
SeDebugPrivilege - macOS supported via Wine (tested Wine 3.4, 3.0, 2.16)
- ReactOS natively supported (tested ReactOS 0.4.7)
- No large files support (over 4 GB)
- No ARM disassembler support (ARM architecture supported by Windows 10 Mobile, Windows RT, Windows Phone, Windows IoT Core, Windows Embedded Compact)
throw std::exception(“PE Tools source code is not available”);- If you want to add some features, write ready-to-use snippet (C/C++) and post it in Issues
-
Win64version - File
OverlayAnalyzer and Extractor -
AuthenticodeViewer -
RichSignature Editor -
RelocationsChecker - Enhance
DebugDirectory Remover: remove debug section if empty - Corkami binaries testing and support
-
.NET DirectoryViewer -
External Toolssupport (preliminary list): -
Structures Exportto readable formats likeJSON/YAML -
Cryptotools (hash,decryption/decryption) -
ARMdisassembler (far-far-away)
| File | Description | Lang |
|---|---|---|
PETools.exe |
main PE Tools executable | |
HEdit.dll |
Hex-editor | |
RebPE.dll |
PE Rebuilder | |
Signs.txt |
PEiD signatures for PE Sniffer | |
ReadMe_EN.md |
ReadMe | EN |
WhatsNew_EN.md |
What's New | EN |
WhatsNew_RU.md |
What's New | RU |
petools.sha1 |
Checksums SHA-1 |
See LICENSE
- NEOx [uinC] - versions up to
1.5, 2002-2006 - Jupiter - versions from
1.5, 2007-2018 - PainteR - versions from
1.8, 2017-2018 - EvilsInterrupt aka NtVisigoth - versions from
1.5, 2012-2014
- yoda (author of LordPE): original HEdit32 component
Feel free to contact via Twitter @petoolse.
