A BOF to parse the imports of a provided PE-file, optionally extracting symbols on a per-dll basis.

View pe coff files with browsers.

A header-only C++ library for accessing files in COFF binary format. (Including Windows PE/PE+ formats)

Portable Executable Explorer

A utility tool to create export definitions from a provided PE Image.

WinDbg debugger extension library providing various tools to analyse, dump and fix (restore) Microsoft Portable Executable files for both 32 (PE) and 64-bit (PE+) platforms.

Portable Executable parser for Windows. Supports both 32-bit and 64-bit executables and dynamic-link libraries

Cross-platform library for parsing and building PE\PE+ formats

PE/MZ Header Parser :: A crossplatform Windows PE/MS-DOS MZ Header Parser : Powered by @pay1oad-repo

Library for parsing internal structures of PE32/PE32+ binary files.

PE32 (x86) and PE32+ (x64) binaries analysis tool, resources viewer/extractor.

The PE file analysis toolkit

Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks

Print compiler information stored in Rich Header of PE executables.

This is a simple tool to remove the "Rich" header from binaries (EXE or DLL files) created by M$ development tools.

A ⚡ lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.

Discover TimeDateStamps In PE File

PE File Blessing - To continue or not to continue

Code that allows running another windows PE in the same address space as the host process.

A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original entrypoint.

converter of DMD CodeView/DWARF debug information to PDB files

PoC for hiding PE exports

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

Converts PE into a shellcode

Proof of concept implementation of in-memory PE Loader based on ReflectiveDLLInjection Technique

A Windows PE format file loader

Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports.