search

hasherezade / pe-bear

Portable Executable reversing tool with a friendly GUI
https://hshrzd.wordpress.com/pe-bear/
GNU General Public License v2.0
2.74k stars 168 forks source link
bearparser malware-analysis multiplatform pe-analyzer pe-analyzer-gui pe-editor pe-file pe-format

readme

PE-bear

PE-bear logo

Build status Codacy Badge License: GPL v2 Last Commit

GitHub release Github All Releases Github Latest Release

PE-bear is a multiplatform reversing tool for PE files. Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.

Signatures for PE-bear:

Builds

📦 ⚙️ Download the latest release.

Windows Packaging

Available also via Chocolatey

Available also via Scoop

Test Builds

🧪 Fresh test builds (ahead of the official release) can be downloaded from the AppVeyor build server. They are created on each commit to the main branch. You can download them by clicking on the build version, then choosing the tab Artifacts. WARNING: those builds may be unstable.

An archive of old releases is available here: https://github.com/hasherezade/pe-bear-releases

Available releases

The Linux build requires appropriate version of Qt to be installed.

The Windows build with vs13 suffix(built with Visual Studio 2013) has no external dependencies.

The Windows build with vs19 suffix (built with Visual Studio 2019) requires the redistributable package for Visual Studio 2015 - 2022.

The Windows build with vs10 suffix is built with Qt4 (legacy) - in contrast to the other builds that are with Qt5 (recommended). It is prepared for the purpose of backward compatibility with old versions of Windows (i.e. XP), and may be lacking some of the features.

How to build

Requires:

Clone

Use recursive clone to get the repo together with submodules:

git clone --recursive https://github.com/hasherezade/pe-bear.git

Building on Windows

Use CMake to generate a Visual Studio project. Open in Visual Studio and build.

Building on Linux and MacOS

To build it on Linux or MacOS you can use the given scripts:

To generate the .app bundle on MacOS you can use:

If you like PE-bear, you can support it by buying the merch 🐻