-
-
[转帖]Pev 0.70 by Fernando Mercês
-
发表于: 2014-1-3 13:19
-
Pev 0.70 by Fernando Mercês
Pev is a multiplatform PE analysis toolkit that includes tools to retrieve and parsing information about Windows PE files.
* pehash - calculate PE file hashes
* pedis - PE disassembler
* pepack - packer detector
* pescan - search for suspicious things in PE files, including TLS callbacks
* pesec - check security features in PE files
* pestr - search for unicode and ascii strings in PE files
* readpe - show PE file headers, sections and more
* rva2ofs - convert RVA to raw file offsets
* ofs2rva - convert raw file offsets to RVA
The main points are:
- No need for Windows API. We use our own PE library called libpe.
- Tested on Windows, Linux and OS X.
- Support for 32 and 64-bit PE files.
- Written entirely in C, using C99 standard. So, it's multiplatform.
- Fully scriptable. All pev tools uses CLI and produces outputs in clear text and CSV (HTML, XML and JSON in development).
a4eK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4m8W2N6W2)9J5k6i4y4G2N6i4u0U0k6h3k6G2M7X3N6W2i4K6u0W2L8X3g2@1i4K6u0r3
|
|
|---|---|
