Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Portable Executable reversing tool with a friendly GUI

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

The BEST DLL Injector Library.

PE file viewer/editor for Windows, Linux and MacOS.

Principled, lightweight C/C++ PE parser

PE-bear (builds only)

Vox language compiler. AOT / JIT / Linker. Zero dependencies

A ⚡ lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.

Persistent IAT hooking application - based on bearparser

A bunch of parsers for PE and PDB formats in C++

flat assembler g - adaptable assembly engine

Library for parsing internal structures of PE32/PE32+ binary files.

PE32 (x86) and PE32+ (x64) binaries analysis tool, resources viewer/extractor.

SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.

Python implementation of the Packed Executable iDentifier (PEiD)

A neural approach to malware detection in portable executables

Cross-platform library for parsing and building PE\PE+ formats

Small visualizator for PE files

Docker image gathering packers and tools for making datasets of packed executables and training machine learning models for packing detection