/qiew

Home of Qiew - Reverse engineering tool

Primary LanguagePythonGNU General Public License v2.0GPL-2.0

Qiew - Hex/File format viewer

Portable Executable (PE) file viewer

Designed to be useful for reverse engineering malware.

features:

  • highlights strings/calls/mz-pe very useful in malware analysis.
  • PE info, able to jump to sections, entry point, overlay, etc.
  • disassembler + referenced strings, API calls
  • "highlight all" for current text selection.

see wiki for key functions

This program is licensed under GPLv2.

Releases/Binaries

Binaries available for Windows AMD64, built with cx_Freeze

Installation from sources

Install Terminus font, for Windows users download from here. For Debian/Ubuntu users: sudo apt-get install xfonts-terminus

If you have a C compiler run

pip install -r requirements.txt

Otherwise run

pip install yapsy pefile pyperclip pyaes ply pyelftools androguard PyQt5

and manually install Capstone.

If you develop in a virtualenv on Windows, you need to copy the python3.dll to your virtual env, as only python36.dll is copied automatically.

Available plugins

  • PE

  • bootsector

  • ELF

  • APK

  • NTFS

Binary view mode

binview

Hex view mode

hexview

Disassembly view mode

disasmview disasmview

Powered by: Python3, Qt5, Terminus font, pefile, Capstone

see wiki