
         __ \    _ \ \ \   / 
         |   |   __/  \ \ /  
         .__/  \___|   \_/   
        _|
 the PE file analysis toolkit v0.50

1. What is pev
2. OS support
3. Building and installing
 3.1. Installing all tools (Linux and OSX)
 3.2. Building libpe only
 3.3. Building a particular tool
 3.4. Building in Windows (via Cygwin)
4. Included programs
5. Development
6. Bugs

1. What is pev

 pev is a PE file analysis toolkit that includes some
 nice programs to work with PE files in many systems
 It can be useful for programmers, security analysts
 and forensic investigators. It's licensed  under
 GPLv3+ terms.

2. OS support

 This version is tested in Linux (x86 and x86-64),
 OSX systems and Windows under Cygwin (http://www.cygwin.com).
 If you'rerunning pev tools sucessfully in other environments,
 please let  us know.

3. Building and installing

 3.1. Installing all tools (Linux and OSX)

  To compile and install libpe and all pev tools, do the
  following:

  $ ./configure
  $ make
  # make install

  Additionally, you can set a prefix dir by running:

  $ ./configure --prefix=/usr

  Note that libpe will be installed under prefix
  directory too. So you need to ensure that
  PREFIX/lib is in your LD_LIBRARY_PATH environment
  variable before execute of pev programs.

 3.2. Building libpe only

  To build only libpe, go to lib/libpe dir and
  use the Makefile provided:

  $ cd lib/libpe
  $ make
  # make install

  Check PREFIX and DEST variables in Makefile if
  you think you need.

 3.3. Building a particular tool

  If you want to build a particular tool, you
  can use the Makefile in src/ dir:

  $ cd src/
  $ make pesec

  The commmand above will build only pesec binary.

 3.4. Building in Windows (via Cygwin)

  Under Cygwin, you'll need following packages
  in order to compile pev:

  * i686-pc-mingw32-gcc.exe (32-bit system)
  * x86_64-w64-mingw32-gcc (64-bit system)
  * binutils
  * mingw-binutils
  * make
  * sed
  * zip

  Compile with:

  $ ./configure
  $ make

  Build a zip package with libpe.dll and all tools:

  $ make zip

  You can't call other make targets (like make install)
  in Cygwin environment.

4. Included programs

 This pev toolkit version include:

 * readpe   - show PE file headers, sections and more
 * pedis    - PE disassembler
 * pesec    - check security features in PE files
 * pescan   - search for suspicious things in PE files, including TLS callbacks
 * rva2ofs  - convert RVA to raw file offsets
 * ofs2rva  - convert raw file offsets to RVA
 * papack   - packer detector

5. Development

 The development version is available at https://github.com/merces/pev
 We are always needing some help. If you want to contribute, subscribe
 to pev-devel mailing list at
 https://lists.sourceforge.net/lists/listinfo/pev-devel

6. Bugs

 Please, report bugs at https://github.com/merces/pev/issues
