Processed through Paypal
No account required.

Donate Bitcoin to this wallet:
Donate Ethereum to this wallet:
Donate Litecoin to this wallet:

  Buy our over-priced crap here to support this project.  

Facebook Follow @GeekOnTheLoose

 Home » Freeware Downloads » Programming, Coding & Software Development » pelook 1.58   
File - Download pelook 1.58

Always scroll to the bottom of the page to download files on
We don't believe in fake/misleading download buttons and tricks.

pelook 1.58
Pelook is a comprehensive information tool for 32 and 64 bit Windows EXE, DLL, driver and OBJ files (PE/COFF images). This tool is suitable for reverse engineers or anyone needing to delve into the internals of Windows PE files. At first glance, pelook may seem a lot like Microsoft's dumpbin tool, however you'll find it has many additional features and doesn't have the unnecessary verbosity of dumpbin. Rather than blindly dumping fields from the various headers and sections that comprise a PE image, pelook creates an intelligent report of the most useful information in the most compact form possible without sacrificing readibility. Why shouldn't you be able to see the target architecture, dependency DLLs, section list, loader flags, supported .NET framework and version resource all within the same screenful of information and all within the same tool?

Pelook was originally written for the virtual memory map display and pointer to image-file-offset conversions; two features I always needed but never found in other PE dumping tools. Pelook combines the most widely used features in these popular tools in addition to other useful features:

Dumpbin - Microsoft's PE/COFF header dump tool
Depends - Microsoft's Dependency Walker imports/exports tool
filever - Microsoft's version information resource dump tool
clrver - Microsoft's CLR version tool (determine .NET Framework version needed for an EXE)

Some of pelook's features are:

Support for both 32-bit and 64-bit Windows modules (PE32 and PE32+, a.k.a. PE64)
Dump COFF and section headers (Portable Executable/OBJ files)
Dump Data Directory table
Dump Debug Directory Summary (recognition of Microsoft and Borland debug)
Dump import and delay-import dependency DLLs and associated functions (or just a DLL name list in quiet mode)
Resolve full paths to dependency DLLs similar to the Windows loader search
Dump export table
Dump resource tree
Dump initial bytes of entry point or disassemble them; for disassembly feature, download disasmdump and place both executables in same directory
Dump version resource block with the standard entries (or just basic versioning in quiet mode)
Dump exception function table in PE64 images (.pdata section)
Detect and display CLR (.NET) header with versioning information and framework dependencies without needing to run the program (the clrver utility requires this); pelook also has no .NET dependencies
Display module's virtual memory map (pointers and image-file offsets, invaluable for manual hex editing); NOTE: if you want to see RVAs instead of pointers, override the load base with zero (i.e. -b 0)
Easily see memory access attributes for each section (Helps to answer, "Why am I getting an AV when patching code to write to a particular section")
Convert between pointer addresses and image-file offsets right from the command line (useful alongside debugging and hex editing)
The ability to override the preferred load base, affecting the output of pointers, virtual memory layout and exported function entry-points; invaluable for ASLR debugging
Decoding of timestamps and composition of bit flags as well as other named constants using "trimmed" SDK identifiers (e.g. decoding OS, subsystem, characteristics, etc.)
Recognition of EOF data (data at the end of PE image file that is not loaded into virtual memory by the Windows loader)
Automatic calculation and verification of checksum
Import table shows IAT slot column where loader stores runtime address (helpful for setting debugger breakpoints or API hooking)
Display base relocations: pointers, file offsets and target section
Support for parsing and dumping the undocumented Microsoft "Rich" header
Detection of Microsoft toolsets as far back as 1998: Visual C++ (>=6.0) and MASM (>=6.13); also view (compiler id) and @feat.00 values within OBJ files
Unlike most PE tools, pelook supports x86 and x64 COFF OBJ files, in addition to correctly identifying all major 16-bit "MZ" image header formats (e.g. plain DOS, Windows LE, etc.)
Minimal ELF detection (Unix/Linux)
Summary analysis of the DOS header and stub

Requires MSVC runtime dependency

2018-04-18 1.58 -added signatures for VS.NET 7.0 BETA1 (6.15.9030) and BETA2 (7.00.9254)
-added detection for VS.NET BETAs and latest 7.1 to detect MASM tool directly via the MS "Rich" tool ids;
I still need to fill in the the rest of the toolids for other Visual Studio versions

Continue below to download this file.

Downloads Views Developer Last Update Version Size Type Rank
550 1,005 BYTE* <img src=""border="0"> Sep 20, 2018 - 11:46 1.58 39.9KB ZIP 5/5, out of 11 Votes.
File Tags
pelook  1.58  

Whoa, Speedy. Your download link is below
but ya gotta read this first:

Isn't it like 1996 again? No ads anywhere! No ad income either
so we really need your help to keep this project alive and kickin'.
By making a donation, you help cover the costs of the site and
we get to eat on a daily basis. If we haven't passed out from hunger,
we can add more freeware. See? Win, win!!
Donating takes just a bunch of seconds so please consider it.
Thank you very much! -Randy & Deanna (The Older Geeks)
Missouri, USA

Monthly operating costs = $480
Donations for May = $747
Donations over our monthly goal
are set aside for future upgrades.

Processed securely through Paypal.
No PayPal account required.

Donate Bitcoin:

Donate Ethereum:

Donate Litecoin:

Recent Super Donors ($50+)
Thanks, Robert
Thanks, John
Thanks, John

Recent Donors
Thanks, Buddy's Plant Plus
Thanks, Henry
Thanks, Tim
Thanks, B.
Thanks, Ron
Thanks, Claus
Thanks, Steve
Thanks, Natalie
Thanks, Jerry
Thanks, David

   →→ Download Now ←← - Click to Rate File -
Like? Share this page on Twitter →

Copyright (c) 2019