• DFIR Tools
  • TZWorks Windows Portable Executable Viewer (pe_view)

TZWorks Windows Portable Executable Viewer (pe_view)

42

DFIR Tools

Developer
License Type
Free
Malware Analysis
PE

e_view
combines a Portable Executable (PE) parsing engine with that of a viewer. The parsing engine does not use the Windows API to parse the PE structures, so it is compiled and run on other platforms (eg Windows, Linux and Mac OS X).


Some of the more interesting features pe_view provides besides displaying PE structures, are: (a) The ability to compare a target PE file with a collection of other PE files to see how similar or different they are, (b) An extraction option that will allow one to extract desired portions of a PE file for later examination, (c)  Ability to dump strings from any of the PE sections, (d) Ability to histogram any of the PE sections to visually see the statistics of any section, (e) Ability to load any available PEiD signature template and use it to signature a PE file.

User comments

There are no user comments for this listing.