forked from mentebinaria/readpe
-
Notifications
You must be signed in to change notification settings - Fork 1
the PE file analysis toolkit
License
stipmonster/pev
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
__ \ _ \ \ \ /
| | __/ \ \ /
.__/ \___| \_/
_|
the PE file analysis toolkit v0.60
1. What is pev
2. OS support
3. Pre-requisites
4. Building and installing
4.1. Installing all tools (Linux and OS X)
4.2. Building libpe only
4.3. Building a particular tool
4.4. Building in Windows (via Cygwin)
5. Included programs
6. Contribute
7. Bugs
1. What is pev
pev is a PE file analysis toolkit that includes some
nice programs to work with PE files in many systems
It can be useful for programmers, security analysts
and forensic investigators. It's licensed under
GPLv3+ terms.
2. OS support
This version is tested in Linux (x86 and x86-64),
OSX systems and Windows under Cygwin (http://www.cygwin.com).
If you'rerunning pev tools sucessfully in other environments,
please let us know.
3. Pre-requisites
libssl (pehash only)
libpcre (pestr only)
libc
gcc
make
4. Building and installing
4.1. Installing all tools (Linux and OS X)
To compile and install libpe and all pev tools:
$ make
# make install
4.2. Building libpe only
To build only libpe, go to lib/libpe dir and
use the Makefile provided:
$ cd lib/libpe
$ make
# make install
Set PREFIX and/or DEST if needed.
4.3. Building a particular tool
If you want to build a particular tool, you
can use the Makefile in src/ dir:
$ cd src/
$ make pesec
The commmand above will build only pesec binary
but *you need to compile libpe first* (section 4.2).
4.4. Building in Windows (via Cygwin)
Under Cygwin, you'll need to install the following packages
in order to compile pev:
* gcc
* binutils
* make
* libpcre-dev (pestr)
* openssl-devel (pehash)
* zip
Compile with:
$ make
Build a zip package with all tools and required libraries with:
$ make zip
You can't call another targets (like make install)
in Cygwin environment.
4.5. Building in Mac OS X
Under Mac OS X, you'll need to install the following packages
in order to compile pev:
* libpcre
We recommend using one of the following package managers to
install this package:
* MacPorts - http://www.macports.org
* Homebrew - http://mxcl.github.com/homebrew
For MacPorts, install the dependency and compile pev with:
$ sudo port install pcre
$ make CFLAGS="-I/opt/local/include"
For Homebrew, install the dependency and compile pev with:
$ sudo brew install pcre
$ make CFLAGS="-I/usr/local/include"
NOTE: The paths above may change depending on how you installed the
package manager.
5. Included tools
* pehash - calculate PE file hashes
* pedis - PE disassembler
* pepack - packer detector
* pescan - search for suspicious things in PE files, including TLS callbacks
* pesec - check security features in PE files
* pestr - search for unicode and ascii strings in PE files
* readpe - show PE file headers, sections and more
* rva2ofs - convert RVA to raw file offsets
* ofs2rva - convert raw file offsets to RVA
6. Contributing
The development version is available at https://github.com/merces/pev
We are always needing some help. If you want to contribute, subscribe
to pev-devel mailing list at
https://lists.sourceforge.net/lists/listinfo/pev-devel
7. Bugs
Please, report bugs at https://github.com/merces/pev/issues
About
the PE file analysis toolkit
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- C 94.6%
- Python 4.5%
- Other 0.9%