Install Now
pedis - disassemble PE sections and functions
Contents
Copyright
Copyright (C) 2012 - 2020 pev authors. License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.txt>. This is free software: you are free to change and
redistribute it. There is NO WARRANTY, to the extent permitted by law.
PEDIS(1)
Description
pedis is a PE disassembler relyng on udis86 library. It can disassembly entire sections, functions or any
file position you want. It's part of pev, the PE file analysis toolkit.
pefile is a PE32/PE32+ executable or dynamic linked library file.
Examples
Disassemble RVA 0x4c4df from putty.exe:
$ pedis -r 0x4c4df putty.exe
Disassembly the entrypoint of a 64-bit PE32+ wordpad.exe:
$ pedis -m 64 --entrypoint putty.exe
Disassembly in 16-bits mode, starting from offset 0x40, 32 bytes of code from game.exe:
$ pedis -m 16 -o 0x40 -n 32 game.exe
Name
pedis - disassemble PE sections and functions
Options
--att Set AT&T assembly syntax (default: Intel).
-e, --entrypoint
Disassemble the entire entrypoint function.
-f, --format<text|csv|xml|html>
Change output format (default: text).
-m, --mode<16|32|64>
Disassembly mode (default: auto).
-i<number>
Number of instructions to disassemble.
-n<number>
Number of bytes to disassemble.
-o, --offset<offset>
Disassemble at specified offset, either in decimal or hexadecimal format (prefixed with 0x).
-r, --rva<rva>
Disassemble at specified RVA, either in decimal or hexadecimal format (prefixed with 0x).
-s, --section<name>
Disassemble en entire section given.
-V, --version
Show version.
--help Show this help.
Reporting Bugs
Please, check the latest development code and report at https://github.com/mentebinaria/readpe/issues
See Also
ofs2rva(1), pehash(1), peldd(1), pepack(1), peres(1), pescan(1), pesec(1), pestr(1), readpe(1), rva2ofs(1)
Synopsis
pedis [OPTIONS]... pefile
PNG Icons