readpe

We have hosted the application readpe in order to run this application in our online workstations with Wine or directly.

Quick description about readpe:

readpe (formerly known as pev) is a multiplatform toolkit to work with PE (Portable Executable) binaries. Its main goal is to provide feature-rich tools for properly analyze binaries with a strong focus on suspicious ones.

Features:

• Based on own PE library, called libpe
• Support for PE32 and PE32+ (64-bit) files
• Formatted output in text, CSV, HTML, and XML
• pesec: check security features in PE files, extract certificates, and more
• readpe: parse PE headers, sections, imports and exports
• pescan: detect TLS callback functions, DOS stub modification, suspicious sections and more
• pedis: disassembly a PE file section or function with support for Intel and AT&T syntax
• Include tools to convert RVA from file offset and vice-versa
• pehash: calculate PE file hashes including imphash and ssdeep
• pepack: detect whether an executable is packed or not
• pestr: search for hardcoded Unicode and ASCII strings simultaneously in PE files
• peres: show and extract PE file resources

Audience: Auditors, Developers, Security Professionals.
User interface: Command-line.
Programming Language: C.
Categories: