Your download link is at the very bottom of the page... always.
Processed through Paypal
No account required.
Donate Bitcoin to this wallet:
Donate Ethereum to this wallet:
Donate Litecoin to this wallet:
|File - Download pelook v1.65|
Always scroll to the bottom of the page for the download link.
We don't believe in fake/misleading download buttons and tricks. The link is always in the same place.
Pelook is a comprehensive information tool for 32 and 64 bit Windows EXE, DLL, driver and OBJ files (PE/COFF images). This tool is suitable for reverse engineers or anyone needing to delve into the internals of Windows PE files. At first glance, pelook may seem a lot like Microsoft's dumpbin tool, however you'll find it has many additional features and doesn't have the unnecessary verbosity of dumpbin. Rather than blindly dumping fields from the various headers and sections that comprise a PE image, pelook creates an intelligent report of the most useful information in the most compact form possible without sacrificing readibility. Why shouldn't you be able to see the target architecture, dependency DLLs, section list, loader flags, supported .NET framework and version resource all within the same screenful of information and all within the same tool?
Pelook was originally written for the virtual memory map display and pointer to image-file-offset conversions; two features I always needed but never found in other PE dumping tools. Pelook combines the most widely used features in these popular tools in addition to other useful features:
Dumpbin - Microsoft's PE/COFF header dump tool
Depends - Microsoft's Dependency Walker imports/exports tool
filever - Microsoft's version information resource dump tool
clrver - Microsoft's CLR version tool (determine .NET Framework version needed for an EXE)
Some of pelook's features are:
Support for both 32-bit and 64-bit Windows modules (PE32 and PE32+, a.k.a. PE64)
Dump COFF and section headers (Portable Executable/OBJ files)
Dump Data Directory table
Dump Debug Directory Summary (recognition of Microsoft and Borland debug)
Dump import and delay-import dependency DLLs and associated functions (or just a DLL name list in quiet mode)
Resolve full paths to dependency DLLs similar to the Windows loader search
Dump export table
Dump resource tree
Dump initial bytes of entry point or disassemble them; for disassembly feature, download disasmdump and place both executables in same directory
Dump version resource block with the standard entries (or just basic versioning in quiet mode)
Dump exception function table in PE64 images (.pdata section)
Detect and display CLR (.NET) header with versioning information and framework dependencies without needing to run the program (the clrver utility requires this); pelook also has no .NET dependencies
Display module's virtual memory map (pointers and image-file offsets, invaluable for manual hex editing); NOTE: if you want to see RVAs instead of pointers, override the load base with zero (i.e. -b 0)
Easily see memory access attributes for each section (Helps to answer, "Why am I getting an AV when patching code to write to a particular section")
Convert between pointer addresses and image-file offsets right from the command line (useful alongside debugging and hex editing)
The ability to override the preferred load base, affecting the output of pointers, virtual memory layout and exported function entry-points; invaluable for ASLR debugging
Decoding of timestamps and composition of bit flags as well as other named constants using "trimmed" SDK identifiers (e.g. decoding OS, subsystem, characteristics, etc.)
Recognition of EOF data (data at the end of PE image file that is not loaded into virtual memory by the Windows loader)
Automatic calculation and verification of checksum
Import table shows IAT slot column where loader stores runtime address (helpful for setting debugger breakpoints or API hooking)
Display base relocations: pointers, file offsets and target section
Support for parsing and dumping the undocumented Microsoft "Rich" header
Detection of Microsoft toolsets as far back as 1998: Visual C++ (>=6.0) and MASM (>=6.13); also view @comp.id (compiler id) and @feat.00 values within OBJ files
Unlike most PE tools, pelook supports x86 and x64 COFF OBJ files, in addition to correctly identifying all major 16-bit "MZ" image header formats (e.g. plain DOS, Windows LE, etc.)
Minimal ELF detection (Unix/Linux)
Summary analysis of the DOS header and stub
Requires MSVC runtime dependency
2019-05-02 1.65 -added load config directory support for Win32 and Win64 binaries (and -f cmdline option)
-added SafeSEH and /GS security checks detection (Win32 only)
Continue below to download this file.
|2,386||3,470||BYTE* <img src="https://www.oldergeeks.com/downloads/gallery/thumbs/pelook1_th.png"border="0">||Dec 12, 2019 - 12:36||1.65||43KB||ZIP||, out of 28 Votes.|
→→ Download Now ←← - Click to Rate File -
Like this download? Share it on Twitter → Tweet