readpe

Displays information about PE files.

TLDR

Display all information about a PE file

$ readpe [path/to/executable]

Display all the headers present in a PE file

$ readpe --all-headers [path/to/executable]

Display all the sections present in a PE file

$ readpe --all-sections [path/to/executable]

Display a specific header from a PE file

$ readpe --header [dos|coff|optional] [path/to/executable]

List all imported functions

$ readpe --imports [path/to/executable]

List all exported functions

$ readpe --exports [path/to/executable]

DESCRIPTION

readpe can read and display all PE file headers, fields and values. It's part of pev, the PE file analysis toolkit.

pefile is a PE32/PE32+ executable or dynamic linked library file.

OPTIONS

-A, --all: Full output (default).
-H, --all-headers: Show all PE headers.
-S, --all-sections: Show PE section headers.
-f, --format <text|csv|xml|html>: Change output format (default: text).
-d, --dirs: Show data directories.
-h, --header <dos|coff|optional>: Show specific header. It can be used multiple times.
-i, --imports: Show imported functions.
-e, --exports: Show exported functions.
-V, --version: Show version.
--help: Show this help.

EXAMPLES

Display the Optional file header of putty.exe:

$ readpe -h optional putty.exe

Display data directories and exported functions of cards.dll:

$ readpe -de cards.dll

Display all possible information about svchost.exe file:

$ readpe svchost.exe

REPORTING BUGS

Please, check the latest development code and report at https://github.com/merces/pev/issues

Copyright (C) 2013 - 2020 pev authors. License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.txt>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.