NAME

pedis - disassemble PE sections and functions

SYNOPSIS

pedis [OPTIONS]... pefile

DESCRIPTION

pedis is a PE disassembler using libudis86 library. It can disassembly entire sections, functions or any file position you want. It's part of pev, the PE file analysis toolkit.

pefile is a PE32/PE32+ executable or dynamic linked library file.

OPTIONS

--att: set AT&T assembly syntax (default is Intel).
-e, --entrypoint: disassembly at PE entrypoint (EP), until RET/LEAVE instruction appears.
-f, --format <text|csv|xml|html>: change output format (default is text).
-m, --mode <16|32|64>: set disassembly mode to 16, 32 or 64-bits (default: auto).
-i <number>: number of instructions to disassemble.
-n <number>: number of bytes (lenght) to disassemble.
-o, --offset <offset>: disassemble at specified offset, either in decimal or hexadecimal format (prefixed with 0x).
-r, --rva <rva>: disassemble at specified RVA, either in decimal or hexadecimal format (prefixed with 0x).
-s, --section <name>: disassemble specific PE section.
-V, --version: show program version and exit.
--help: show help.

EXAMPLES

Disassemble at RVA 0x4c4df of putty.exe:

: $ pedis -r 0x4c4df putty.exe

Disassembly the entrypoint of a 64-bit PE32+ wordpad.exe:

: $ pedis -m 64 --entrypoint putty.exe

Disassembly in 16-bits mode, starting from offset 0x40, 32 bytes of code from game.exe:

: $ pedis -m 16 -o 0x40 -n 32 game.exe

REPORTING BUGS

Please, check the latest development code and report at https://github.com/merces/pev/issues

COPYRIGHT

Copyright © 2017 pev authors. License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.txt>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.