PE Tools - portable executable (PE) manipulation toolkit.

• Description
• Features
  • PE Editor
  • File Location Calculator
  • PE Files Comparator
  • Process Viewer and Manager
  • PE Dumper
  • PE Rebuilder
  • PE Sniffer
• System Requirements
• Limitations
• To do
• What's new
• Creators
• Contacts

PE Tools lets you actively research PE files and processes. Process Viewer and PE files Editor, Dumper, Rebuilder, Comparator, Analyzer are included. PE Tools is an oldschool reverse engineering tool with a long history since 2002. PE Tools was initially inspired by LordPE (yoda).

• PE and DOS Headers Editor
• PE Sections Editor
• PE Directory Viewer and Editor
• Export Directory Editor
• Import Directory Editor
• Resource Directory Viewer
• Exception Directory Viewer
• Relocation Directory Viewer
• Debug Directory Viewer
• TLS Directory Editor
• Load Config Directory Editor
• Bound Directory Editor

• Virtual Address
• Relative Virtual Address
• Raw File Offset

• Side-by-side comparison of headers and characteristics of two PE files

• Show basic process information
• Show process modules

• Running process dumper
  • Full Dump
  • Partial Dump
  • Region Dump
• Dumper Server (accessible via Dumper Server SDK)

• Dump Fixer
• Relocation Wiper
• Resource Directory Rebuilder
• PE file Validation
• Imports Binder
• ImageBase Changer

• Signature analysis of PE files
• Packer detection

• HEX Editor available in:
  • Section Editor via section context menu
  • Every Data Directory in Directory Editor

• PE Tools Plugin SDK available

Complete PE Tools v1.9 announces:

• PE Tools v1.9 announce in English
• PE Tools v1.9 announce in Russian

• Entropy Viewer available in:
  • Main PE Editor dialog
  • Section Editor via section context menu
  • File Compare dialog for both compared files

• diStorm v3.3.4
• Shows jmp / call direction

• IMAGE_LOAD_CONFIG_DIRECTORY support
• Additional Load Config Directory values and size support (non-standard sizes)

• 192 DPI supported
• DPI modes supported and tested: 96, 120, 144, 192
• Graphics redrawn:
  • Main Application Icon
  • Logo
  • Toolbar icons

See HISTORY

• Latest tested Operating System: Windows 10
• Supported Windows versions: Windows 10, Windows 8.1, Windows 8, Windows 7
• Minimal Operating System: Windows XP
• Administrative rights for SeDebugPrivilege
• macOS supported via Wine (tested Wine 3.4, 3.0, 2.16)
• ReactOS natively supported (tested ReactOS 0.4.7)

• No large files support (over 4 GB)
• No ARM disassembler support (ARM architecture supported by Windows 10 Mobile, Windows RT, Windows Phone, Windows IoT Core, Windows Embedded Compact)

throw std::exception(“​PE Tools source code is not available”);

• If you want to add some features, write ready-to-use snippet (C/C++) and post it in Issues

• Win64 version
• File Overlay Analyzer and Extractor
• Authenticode Viewer
• Rich Signature Editor
• Relocations Checker
• Enhance Debug Directory Remover: remove debug section if empty
• Corkami binaries testing and support
• .NET Directory Viewer
• External Tools support (preliminary list):
  • x64dbg
  • Scylla Imports Reconstruction
  • Hiew
  • r2
  • Resource Hacker
• Structures Export to readable formats like JSON / YAML
• Crypto tools (hash, decryption / decryption)
• ARM disassembler (far-far-away)

• github.com/petoolse/petools/releases

See LICENSE

• NEOx [uinC] - versions up to 1.5, 2002-2006
• Jupiter - versions from 1.5, 2007-2018
• PainteR - versions from 1.8, 2017-2018
• EvilsInterrupt aka NtVisigoth - versions from 1.5, 2012-2014

• yoda (author of LordPE): original HEdit32 component

Feel free to contact via Twitter @petoolse.