Need help with petools?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

petoolse
493 Stars 90 Forks MIT License 12 Commits 5 Opened issues

Description

PE Tools - Portable executable (PE) manipulation toolkit

Services available

!
?

Need anything else?

Contributors list

PE Tools - portable executable (PE) manipulation toolkit.

Table of contents

Description

PE Tools lets you actively research PE files and processes.

Process Viewer
and PE files
Editor
,
Dumper
,
Rebuilder
,
Comparator
,
Analyzer
are included. PE Tools is an oldschool reverse engineering tool with a long history since
2002
. PE Tools was initially inspired by LordPE (yoda).

Features

PE Editor

  • PE and DOS Headers Editor
  • PE Sections Editor
  • PE Directory Viewer and Editor
  • Export Directory Editor
  • Import Directory Editor
  • Resource Directory Viewer
  • Exception Directory Viewer
  • Relocation Directory Viewer
  • Debug Directory Viewer
  • TLS Directory Editor
  • Load Config Directory Editor
  • Bound Directory Editor

File Location Calculator (FLC)

  • Virtual Address
  • Relative Virtual Address
  • Raw File Offset

PE Files Comparator

  • Side-by-side comparison of headers and characteristics of two PE files

Process Viewer and Manager

  • Show basic process information
  • Show process modules

PE Dumper

  • Running process dumper
    • Full Dump
    • Partial Dump
    • Region Dump
  • ~~Dumper Server (accessible via Dumper Server SDK)~~

PE Rebuilder

  • Dump Fixer
  • Relocation Wiper
  • Resource Directory Rebuilder
  • PE file Validation
  • Imports Binder
  • ImageBase Changer

PE Sniffer

  • Signature analysis of PE files
  • Packer detection

HEX Editor

  • HEX Editor available in:
    • Section Editor
      via section context menu
    • Every
      Data Directory
      in
      Directory Editor

Plugins

  • ~~PE Tools
    Plugin SDK
    available~~

What's new in recent major releases

PE Tools v1.9

Complete PE Tools v1.9 announces: - PE Tools v1.9 announce in English - PE Tools v1.9 announce in Russian

Entropy View

- Entropy Viewer available in: - Main

PE Editor
dialog -
Section Editor
via section context menu -
File Compare
dialog for both compared files

64-bit Disassembler

- diStorm

v3.3.4
- Shows
jmp / call
direction

Load Config Directory Editor

  • IMAGE_LOAD_CONFIG_DIRECTORY
    support
  • Additional Load Config Directory values and size support (non-standard sizes)

High-DPI display modes support

  • 192 DPI supported
  • DPI
    modes supported and tested:
    96
    ,
    120
    ,
    144
    ,
    192
  • Graphics redrawn:
    • Main Application Icon
    • Logo
    • Toolbar icons

Bug-fixes and minor changes

See HISTORY

System Requirements

Limitations

Source code

throw std::exception(“​PE Tools source code is not available”);
  • If you want to add some features, write ready-to-use snippet (C/C++) and post it in Issues

To do

  • [ ]
    Win64
    version
  • [ ] File
    Overlay
    Analyzer and Extractor
  • [ ]
    Authenticode
    Viewer
  • [x]
    Rich
    Signature Editor
  • [ ]
    Relocations
    Checker
  • [ ] Enhance
    Debug
    Directory Remover: remove debug section if empty
  • [ ] Corkami binaries testing and support
  • [ ]
    .NET Directory
    Viewer
  • [ ]
    External Tools
    support (preliminary list):
  • [ ]
    Structures Export
    to readable formats like
    JSON
    /
    YAML
  • [ ]
    Crypto
    tools (
    hash
    ,
    decryption
    /
    decryption
    )
  • [ ]
    ARM
    disassembler (far-far-away)

Distribution

| File | Description | Lang | |:-----------------|:-------------------------------|:-----| |

PETools.exe
| main PE Tools executable | |
HEdit.dll
| Hex-editor | |
RebPE.dll
| PE Rebuilder | |
Signs.txt
| PEiD signatures for PE Sniffer | |
ReadMe_EN.md
| ReadMe | EN |
WhatsNew_EN.md
| What's New | EN |
WhatsNew_RU.md
| What's New | RU |
petools.sha1
| Checksums SHA-1 |

DOWNLOAD

Licensing

See LICENSE

Creators

PE Tools

  • NEOx [uinC] - versions up to
    1.5
    , 2002-2006
  • Jupiter - versions from
    1.5
    , 2007-2018
  • PainteR - versions from
    1.8
    , 2017-2018
  • EvilsInterrupt aka NtVisigoth - versions from
    1.5
    , 2012-2014

Additional modules

  • yoda (author of LordPE): original HEdit32 component

Contacts

Feel free to contact via Twitter @petoolse.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.