PEView
PEView is a powerful freeware GUI executable-dumping tool. It allows for a
good GUI visualization of all important PE data structures, and also provides
a raw view that shows the raw bytes of a chosen area in a file. Figure 4.13
shows a typical PEview screen. PEView can be downloaded free of charge at
http://www.magma.ca/~wjr.
PEBrowse Professional
PEBrowse Professional is an excellent PE-dumping tool that can also be used
as a disassembler (the name may sound familiar from our earlier discussion on
debuggers—this not the same product, PEBrowse Professional doesn’t pro-
vide any live debugging capabilities). PEBrowse Professional is capable of
dumping all PE-related headers both as raw data and as structured header
information. In addition to its PE dumping abilities, PEBrowse also includes a
solid disassembler and a function tree view on the executable. Figure 4.14
shows PEBrowse Professional’s view of an executable that includes disassem-
bled code and a function tree window.
Figure 4.13 A typical PEview screen for ntkrnlpa.exe.
Reversing Tools 137