-
Notifications
You must be signed in to change notification settings - Fork 130
Home
In the past, pev was a command-line tool to extract the PE File Version from PE files. As of version 0.50, pev is a multi-platform toolkit to work with PE (Portable Executable) files. Its main goal is to provide feature-rich tool to analyze binaries, specially suspicious ones.
pev was born back in 2010 from a simple need: a program to find out the version (File Version) of a PE32 file and that could run in Linux. This version number is stored in Resources (.rsrc) section but at the time we've decided to simply search for the string in the whole binary, without any optimization.
Later on we've decided to parse the PE32 file until reach .rsrc section and get the File Version field. In order to do that, we realized we had to parse the entire file and we thought if we could print out all the fields and values we went through as well.
Until version 0.40, pev was an unique program to parse the PE headers and sections (now readpe is responsible for this). In version 0.50 we focused on binary analysis and splitted pev into various programs beyond a library, called libpe. Currently most of pev toolkit programs depends on libpe.