Man page - pedis(1)

Packages contains this manual

Package: readpe
apt-get install readpe

Manuals in package:

Documentations in package:

readpe

Manual

PEDIS

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
EXAMPLES
REPORTING BUGS
SEE ALSO
COPYRIGHT

NAME

pedis - disassemble PE sections and functions

SYNOPSIS

pedis [OPTIONS]... pefile

DESCRIPTION

pedis is a PE disassembler relyng on udis86 library. It can disassembly entire sections, functions or any file position you want. It’s part of pev, the PE file analysis toolkit.

pefile is a PE32/PE32+ executable or dynamic linked library file.

OPTIONS

--att

Set AT&T assembly syntax (default: Intel).

-e , --entrypoint

Disassemble the entire entrypoint function.

-f , --format <text|csv|xml|html>

Change output format (default: text).

-m , --mode <16|32|64>

Disassembly mode (default: auto).

-i <number>

Number of instructions to disassemble.

-n <number>

Number of bytes to disassemble.

-o , --offset <offset>

Disassemble at specified offset, either in decimal or hexadecimal format (prefixed with 0x).

-r , --rva <rva>

Disassemble at specified RVA, either in decimal or hexadecimal format (prefixed with 0x).

-s , --section <name>

Disassemble en entire section given.

-V , --version

Show version.

--help

Show this help.

EXAMPLES

Disassemble RVA 0x4c4df from putty.exe :

$ pedis -r 0x4c4df putty.exe

Disassembly the entrypoint of a 64-bit PE32+ wordpad.exe :

$ pedis -m 64 --entrypoint putty.exe

Disassembly in 16-bits mode, starting from offset 0x40, 32 bytes of code from game.exe :

$ pedis -m 16 -o 0x40 -n 32 game.exe

REPORTING BUGS

Please, check the latest development code and report at https://github.com/mentebinaria/readpe/issues

COPYRIGHT

Copyright (C) 2012 - 2020 pev authors. License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.txt>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.