Clone this repo:
  1. 95b6541 Update version to 2021.5.24 by Ero Carrera · 3 weeks ago upstream/master upstream/v2021.5.24
  2. d876b4e Update test_data.tar.bz2.enc by Ero Carrera · 3 weeks ago
  3. de77a93 Fixes for issue #322, #321, and #318 by Ero Carrera · 3 weeks ago
  4. 9dea8ee Update .travis.yml by Ero Carrera · 5 weeks ago upstream/v2021.5.13
  5. 55de5aa Update LICENSE by Ero Carrera · 5 weeks ago

pefile

MasterDevelop
Build StatusBuild Status
Coverage StatusCoverage Status

pefile is a multi-platform Python module to parse and work with Portable Executable (PE) files. Most of the information contained in the PE file headers is accessible, as well as all the sections' details and data.

The structures defined in the Windows header files will be accessible as attributes in the PE instance. The naming of fields/attributes will try to adhere to the naming scheme in those headers. Only shortcuts added for convenience will depart from that convention.

pefile requires some basic understanding of the layout of a PE file — with it, it's possible to explore nearly every single feature of the PE file format.

Installation

To install pefile through pip:

pip3 install pefile

Features

Some of the tasks that pefile makes possible are:

Please, refer to Usage Examples for some code snippets that demonstrate how to use pefile.

Here are a few examples of what a dump produced with pefile looks like for different types of files:

To work with authenticated binaries, including Authenticode signatures, please check the project verify-sigs.

pefile runs in several pipelines scanning hundreds of thousands of new PE files every day, and, while not perfect, it has grown to be pretty robust over time. That being said, small glitches are found now and then. If you bump into a PE that does not appear to be processed correctly, do report it, please! It will help make pefile a tiny bit more powerful.

Dependencies

pefile is self-contained. The module has no dependencies; it is endianness independent; and it works on OS X, Windows, and Linux.

Recent changes

Prompted by the move to GitHub, the need to support Python 3 in addition to resolving a slew of pending issues (some having to do with the old versioning scheme), pefile has changed its version number scheme and from now on it will be using the release date as its version.

Projects and products using pefile

Additional resources

PDFs of posters depicting the PE file format:

The following links provide detailed information about the PE format and its structures.