Portable Executable
pe-parse
Minimal, security-focused parser for Portable Executable files built to survive malicious or malformed inputs.
View on GitHub
trailofbits/pe-parse
Best for
Toolchains that need reliable PE introspection as a foundation.
Surface
Portable Executable
Catalog group
Inspect operating systems and endpoint surfaces
Repository
trailofbits/pe-parse
From the README
pe-parse is a principled, lightweight parser for Windows portable executable files. It was created to assist in compiled program analysis, potentially of programs of unknown origins. This means that it should be resistant to malformed or maliciously crafted PE files, and it should support questions that analysis software would ask of an executable program container.Read the full README on GitHub ↗
Related tools · Inspect operating systems and endpoint surfaces
- Linuxevents eBPF-based monitoring without shipping kernel headers or a stack of environment-specific bytecode artifacts.
- ebpfpub Monitors system and library calls across multiple kernel versions with minimal runtime dependencies.
- ebpf-verifier Research prototype for running the eBPF verifier outside the live kernel to make cross-version testing practical.
- winchecksec Static inspection of Windows binaries for mitigations like DEP, ASLR, and code integrity.
- osquery-extensions Collection of Trail of Bits extensions that expand what osquery can inspect and expose.