Explore PE files in memory or on disk



  • Our rating
Sending
User Rating 4.25 (20 votes)
Adlice PEViewer (RogueKillerPE) is a PE parsing tool, able to show internal structure of executable files.

It's able to read either the memory image (process module) or the disk image (filesystem) of a given executable.
Choose your plan
  •    Registration
    If machine registration is available
  •    Machines
    Number of machines allowed to register
  •    Custom plans
    If custom plans are available (Ex: company)
  •    Analysis
    Parse PE files
  •    Software Limitation
    Limitation applied to the use of the software
  •    Support
    Get support for your questions or feedback
  •    Automatic Updates
    Update the software with one click
  •    Themes
    Customize the software appearance using built-in themes

Personal

$55/year
  • 5
    You can register up to 5 machines with your license.
  • Special plans available for companies.
  • No limitation

Free

$0
  • 5 analysis
    Nag windows every 5 analysis
  • Public Forum.
  • Manual Updates.

IconAdlice PEViewer Download
AuthorAdlice Software
Version1.33.1
Download6,281
Category,
File Size21.68 MB
LicenseFreemium
Operating SystemWindows XP, Vista, 7, 8, 8.1, 10. 32/64 bits
Tags   analysis     editor     malware     parser     pe     portable executable     research  
 

Screenshots

 

Description and Review

 
PEViewer is a FREE (with Premium version) software able to parse and display advanced information regarding PE files, as well as offering 3rd party analysis to classify malware and goodware files.

 

Features:

  • Open PE from file, and read disk image.
  • Open PE from process, and read memory or disk image.
  • Open file from command line.
  • Drag and drop support.
  • Explorer context menu integration.
  • Process general information (pid, parent, ...)
  • File general information (attributes, size, ...)
  • Process module general information (address, size, ...)
  • A bunch of hashes (MD5, SHA1, SHA256, ...)
  • Process memory pages, with ability to dump.
  • Injected pages detection, non-readable pages detection.
  • Ability to dump injected pages to file.
  • Hex code, with ability to search (hex values, or string ANSI/UNICODE).
  • Assembly code, with ability to navigate.
  • PE Headers (MZ, PE, Optional, ...)
  • RunPE detection, shows which header fields are modified.
  • Checksum validation.
  • PE Sections, with ability to watch hex code and dump to file.
  • PE Debug, with ability to watch hex code and dump to file.
  • PE Imports, with ability to watch APIs assembly code (memory only).
  • PE Exports, with ability to watch APIs assembly code.
  • Hooks detection in imports/exports (table and inline hooks).
  • PE Resources. Able to parse all well known types and display them accordingly (strings, version information, icons, ...)
  • Ability to scan resources, sections, debug on VirusTotal.
  • Executable files detection in resources.
  • Ability to watch hex code of resources.
  • Ability to dump resources to file.
  • PDB path detection.
  • Strings scanner, with classification (Registry, files, ...)
  • Ability to dump all strings (by category or not) to file.
  • Digital Signature parsing (embedded only).
  • Bright or dark theme (Premium).
  • Samples Comparator (Premium).
  • Sample Scoring.
  • Maliciousness Indicators.
  • VirusTotal full information.

 

User guide

Please refer to the general documentation.

 
Download
FileAction
setup.exe (Installer 32/64 bits)Download 
RogueKillerPE.exe (32 bits)Download 
RogueKillerPE64.exe (64 bits)Download