Skip to content

mtivadar/qiew

Folders and files

NameName
Last commit message
Last commit date

Latest commit

87a3b96 · Mar 12, 2019
Mar 10, 2019
Mar 10, 2019
Sep 21, 2015
Sep 21, 2015
Mar 10, 2019
Jul 16, 2017
Jul 17, 2017
Jul 21, 2017
Jul 19, 2017
Jul 16, 2017
Jul 17, 2017
Jul 19, 2015
Jul 19, 2015
Mar 12, 2019
Jul 16, 2017
Jul 19, 2017
Jul 21, 2017
Jul 16, 2017
Oct 9, 2015
Jul 16, 2017
Oct 20, 2014
Aug 4, 2018
Mar 12, 2019
Jul 16, 2017
Jul 20, 2015
Jul 25, 2015

Repository files navigation

Qiew - Hex/File format viewer

Portable Executable (PE) file viewer

Designed to be useful for reverse engineering malware.

features:

  • highlights strings/calls/mz-pe very useful in malware analysis.
  • PE info, able to jump to sections, entry point, overlay, etc.
  • disassembler + referenced strings, API calls
  • "highlight all" for current text selection.

see wiki for key functions

This program is licensed under GPLv2.

Releases/Binaries

Binaries available for Windows AMD64, built with cx_Freeze

Installation from sources

Install Terminus font, for Windows users download from here. For Debian/Ubuntu users: sudo apt-get install xfonts-terminus

If you have a C compiler run

pip install -r requirements.txt

Otherwise run

pip install yapsy pefile pyperclip pyaes ply pyelftools androguard PyQt5

and manually install Capstone.

If you develop in a virtualenv on Windows, you need to copy the python3.dll to your virtual env, as only python36.dll is copied automatically.

Available plugins

  • PE

  • bootsector

  • ELF

  • APK

  • NTFS

Binary view mode

binview

Hex view mode

hexview

Disassembly view mode

disasmview disasmview

Powered by: Python3, Qt5, Terminus font, pefile, Capstone

see wiki