Your selected file is below.
Scroll down.



Processed through Paypal
No account required.


Donate Bitcoin to this wallet:
1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm
Donate Ethereum to this wallet:
0x40E56922F43637224935CDC35e2c96E0392A8505
Donate Litecoin to this wallet:
LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL

  Please buy our over-priced stuff here.  


Facebook Follow @GeekOnTheLoose




 Home » OlderGeeks.com Freeware Downloads » Programming, Coding & Software Development » pelook v1.65   
File - Download pelook v1.65
Description

Always scroll to the bottom of the page for the download link.
We don't believe in fake/misleading download buttons and tricks. The link is always in the same place.



pelook v1.65

Pelook is a comprehensive information tool for 32 and 64 bit Windows EXE, DLL, driver and OBJ files (PE/COFF images). This tool is suitable for reverse engineers or anyone needing to delve into the internals of Windows PE files. At first glance, pelook may seem a lot like Microsoft's dumpbin tool, however you'll find it has many additional features and doesn't have the unnecessary verbosity of dumpbin. Rather than blindly dumping fields from the various headers and sections that comprise a PE image, pelook creates an intelligent report of the most useful information in the most compact form possible without sacrificing readibility. Why shouldn't you be able to see the target architecture, dependency DLLs, section list, loader flags, supported .NET framework and version resource all within the same screenful of information and all within the same tool?

Pelook was originally written for the virtual memory map display and pointer to image-file-offset conversions; two features I always needed but never found in other PE dumping tools. Pelook combines the most widely used features in these popular tools in addition to other useful features:

Dumpbin - Microsoft's PE/COFF header dump tool
Depends - Microsoft's Dependency Walker imports/exports tool
filever - Microsoft's version information resource dump tool
clrver - Microsoft's CLR version tool (determine .NET Framework version needed for an EXE)

Some of pelook's features are:

Support for both 32-bit and 64-bit Windows modules (PE32 and PE32+, a.k.a. PE64)
Dump COFF and section headers (Portable Executable/OBJ files)
Dump Data Directory table
Dump Debug Directory Summary (recognition of Microsoft and Borland debug)
Dump import and delay-import dependency DLLs and associated functions (or just a DLL name list in quiet mode)
Resolve full paths to dependency DLLs similar to the Windows loader search
Dump export table
Dump resource tree
Dump initial bytes of entry point or disassemble them; for disassembly feature, download disasmdump and place both executables in same directory
Dump version resource block with the standard entries (or just basic versioning in quiet mode)
Dump exception function table in PE64 images (.pdata section)
Detect and display CLR (.NET) header with versioning information and framework dependencies without needing to run the program (the clrver utility requires this); pelook also has no .NET dependencies
Display module's virtual memory map (pointers and image-file offsets, invaluable for manual hex editing); NOTE: if you want to see RVAs instead of pointers, override the load base with zero (i.e. -b 0)
Easily see memory access attributes for each section (Helps to answer, "Why am I getting an AV when patching code to write to a particular section")
Convert between pointer addresses and image-file offsets right from the command line (useful alongside debugging and hex editing)
The ability to override the preferred load base, affecting the output of pointers, virtual memory layout and exported function entry-points; invaluable for ASLR debugging
Decoding of timestamps and composition of bit flags as well as other named constants using "trimmed" SDK identifiers (e.g. decoding OS, subsystem, characteristics, etc.)
Recognition of EOF data (data at the end of PE image file that is not loaded into virtual memory by the Windows loader)
Automatic calculation and verification of checksum
Import table shows IAT slot column where loader stores runtime address (helpful for setting debugger breakpoints or API hooking)
Display base relocations: pointers, file offsets and target section
Support for parsing and dumping the undocumented Microsoft "Rich" header
Detection of Microsoft toolsets as far back as 1998: Visual C++ (>=6.0) and MASM (>=6.13); also view @comp.id (compiler id) and @feat.00 values within OBJ files
Unlike most PE tools, pelook supports x86 and x64 COFF OBJ files, in addition to correctly identifying all major 16-bit "MZ" image header formats (e.g. plain DOS, Windows LE, etc.)
Minimal ELF detection (Unix/Linux)
Summary analysis of the DOS header and stub

Requires MSVC runtime dependency

2019-05-02 1.65 -added load config directory support for Win32 and Win64 binaries (and -f cmdline option)
-added SafeSEH and /GS security checks detection (Win32 only)














Continue below to download this file.


Downloads Views Developer Last Update Version Size Type Rank
1,526 2,384 BYTE* <img src="https://www.oldergeeks.com/downloads/gallery/thumbs/pelook1_th.png"border="0"> Dec 12, 2019 - 12:36 1.65 43KB ZIP 5/5, out of 15 Votes.
File Tags
pelook  v1.65  
      
Whoa! Slow down there, Speedy.
Read this and then continue to the download.

Like seeing no ads? No misleading/fake download buttons?
We like it too! This site has been kept alive for 10 years
because of people just like you who download and donate.
No one is stopping you from downloading without donating
but the site runs on the "Honor System". If your momma
raised you to be honorable, make a donation and download
'til ya turn blue. Make your momma proud!

Thank you! -Randy & Deanna (The Older Geeks)

Monthly operating costs = $560
Donations for August = Goal met!
Donations over our monthly goal
are set aside for future upgrades.

Processed securely through Paypal.
When you donate, it will say "Home Computer Repair LLC".
This is our computer store account.
Or...

Or...
Donate Bitcoin: 1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm
Donate Ethereum: 0x40E56922F43637224935CDC35e2c96E0392A8505
Donate Litecoin:LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL
Or...
Just send a check to our computer store payable to Home Computer Repair LLC.
Our address: Home Computer Repair LLC, 208 E. Water St. Mount Vernon, MO 65712

Recent Super Donors ($50+)
Thanks, Bill
Thanks, Joachim
Thanks, Neal
Thanks, Steven

Recent Donors
Thanks, John
Thanks, Antonia
Thanks, Christopher
Thanks, Don
Thanks, Alex
Thanks, Tim
Thanks, Lee
Thanks, Graham
Thanks, Janet
Thanks, Christian

   →→ Download Now ←← - Click to Rate File -
Like this download? Share it on Twitter →


Copyright (c) 2020