pev - The PE file analysis toolkit

  •        1

pev is a full-featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries. Please check the online documentation for more details.

http://pev.sf.net
https://github.com/merces/pev

Tags
Implementation
License
Platform

   




Related Projects

Triton - Triton is a Dynamic Binary Analysis (DBA) framework


Triton is a dynamic binary analysis (DBA) framework. It provides internal components like a Dynamic Symbolic Execution (DSE) engine, a Taint engine, AST representations of the x86 and the x86-64 instructions set semantics, SMT simplification passes, an SMT Solver Interface and, the last but not least, Python bindings. Based on these components, you are able to build program analysis tools, automate reverse engineering and perform software verification. As Triton is still a young project, please, don't blame us if it is not yet reliable. Open issues or pull requests are always better than troll =).

pev


pev is a multiplatform PE analysis toolkit that includes tools to retrieve and parsing information about Windows PE files.

SWFREtools - SWF file reverse engineering tools


The SWFRETools are a collection of tools built for vulnerability analysis of the Adobe Flash player and for malware analysis of malicious SWF files. The tools are partly written in Java and partly in Python and are licensed under the GPL 2.0 license. Flash Dissector is a GUI tool that allows you to inspect SWF files on a binary level. When you open a SWF file in Flash Dissector you have the ability to look through the structures defined in the SWF file in a hex editor and in a structure viewer. This makes it easy to understand what bytes of a SWF file hold what functionality.

Androl4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis


AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis.

ROPgadget - This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation


This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. Since the version 5, ROPgadget has a new core which is written in Python using Capstone disassembly framework for the gadgets search engine - The older version can be found in the Archives directory but it will not be maintained. If you want to use ROPgadget, you have to install Capstone first.


gef - GEF - GDB Enhanced Features for exploit devs & reversers


GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. It has full support for both Python2 and Python3 indifferently (as more and more distros start pushing gdb compiled with Python3 support).

Apktool - A tool for reverse engineering Android apk files


This is the repository for Apktool. If you are looking for the Apktool website. Click here. It is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc.

ngrev - Tool for reverse engineering of Angular applications


Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers and directives. The tool performs static code analysis which means that you don't have to run your application in order to use it.Your application needs to be compatible with the Angular's AoT compiler (i.e. you should be able to compile it with ngc).

ScratchABit - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API


ScratchABit is an interactive incremental disassembler with data/control flow analysis capabilities. ScratchABit is dedicated to the efforts of the OpenSource reverse engineering community (reverse engineering to produce OpenSource drivers/firmware for hardware not properly supported by vendors, for hardware and software interoperability, for security research). ScratchABit supports well-known in the community IDAPython API to write disassembly/extension modules.

openreil - Open source library that implements translator and tools for REIL (Reverse Engineering Intermediate Language)


OpenREIL is open source library that implements translator and tools for REIL (Reverse Engineering Intermediate Language). However, after Zynamics was acquired by Google they abandoned BinNavi, so, I decided to develop my own implementation of REIL. I made it relatively small and portable in comparison with original, the translator itself is just a single library written in C++, it can be statically linked with any program for static or dynamic code analysis. The higher level API of OpenREIL is written in Python, so, it can be easily utilized in plugins and scripts for your favourite reverse engineering tool (almost all modern debuggers and disassemblers has Python bindings).

Boomerang - Decompiler of Machine Code Programs


After a program has been thrown into the world in binary form, it can boomerang back as source code. The Boomerang reverse engineering framework is the first general native executable decompiler available to the public.

Div/er


(Diver is in the process of being moved to GitHub. Please find us at https://github.com/thechiselgroup/Diver. Support requests amp; messages sent here may never be seen.) Dynamic Interactive Views For Reverse Engineering. Div/er is a set of Eclipse Plugins that aid developers in understanding software. It uses dynamic analysis and reverse engineering to offer views and filters that aid comprehension and discovery.

WebSploit Framework


WebSploit Framework

codavaj - javadoc in reverse


codavaj - javadoc in reverse. A seemingly useless reverse engineering tool to transform HTML javadoc into java source file skeletons - or a reflection api-like internal representation.

beye


BEYE (Binary EYE) is a free, portable, advanced file viewer with built-in editor for binary, hexadecimal and disassembler modes. It contains a highlight AVR/Java/i86-AMD64/ARM-XScale/PPC-64 and other disassembler, full preview of MZ,NE,PE,ELF and other.

paimei - A reverse engineering framework written in Python.


PaiMei, is a reverse engineering framework consisting of multiple extensible components. The framework can essentially be thought of as a reverse engineer's swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as fuzzer assistance, code coverage tracking, data flow tracking and more. See docs\index.html for further details.

Green - Create UML diagram from code


green is a LIVE round-tripping editor, meaning that it supports both software engineering and reverse engineering. You can use green to create a UML class diagram from code, or to generate code by drawing a class diagram. green supports exporting files to both jpg and gif format, so that you can share you diagrams without any issues!

Zero Wine Malware Analysis Tool


Zero Wine is a malware's behavior analysis tool. Just upload your suspicious PE file (windows executable) through the web interface and let it analyze the behaviour of the process.

mcsema - Framework for lifting x86, amd64, and aarch64 program binaries to LLVM bitcode


McSema is an executable lifter. It translates ("lifts") executable binaries from native machine code to LLVM bitcode. LLVM bitcode is an intermediate representation form of a program that was originally created for the retargetable LLVM compiler, but which is also very useful for performing program analysis methods that would not be possible to perform on an executable binary directly. McSema enables analysts to find and retroactively harden binary programs against security bugs, independently validate vendor source code, and generate application tests with high code coverage. McSema isn’t just for static analysis. The lifted LLVM bitcode can also be fuzzed with libFuzzer, an LLVM-based instrumented fuzzer that would otherwise require the target source code. The lifted bitcode can even be compiled back into a runnable program! This is a procedure known as static binary rewriting, binary translation, or binary recompilation.