Scroll to navigation

PEDIS(1) General Commands Manual PEDIS(1)

NAME

pedis - disassemble PE sections and functions

SYNOPSIS

pedis [OPTIONS]... pefile

DESCRIPTION

pedis is a PE disassembler relyng on udis86 library. It can disassembly entire sections, functions or any file position you want. It's part of pev, the PE file analysis toolkit.

pefile is a PE32/PE32+ executable or dynamic linked library file.

OPTIONS

Set AT&T assembly syntax (default: Intel).

Disassemble the entire entrypoint function.

Change output format (default: text).

Disassembly mode (default: auto).

Number of instructions to disassemble.

Number of bytes to disassemble.

Disassemble at specified offset, either in decimal or hexadecimal format (prefixed with 0x).

Disassemble at specified RVA, either in decimal or hexadecimal format (prefixed with 0x).

Disassemble en entire section given.

Show version.

Show this help.

EXAMPLES

Disassemble RVA 0x4c4df from putty.exe:

$ pedis -r 0x4c4df putty.exe

Disassembly the entrypoint of a 64-bit PE32+ wordpad.exe:

$ pedis -m 64 --entrypoint putty.exe

Disassembly in 16-bits mode, starting from offset 0x40, 32 bytes of code from game.exe:

$ pedis -m 16 -o 0x40 -n 32 game.exe

REPORTING BUGS

Please, check the latest development code and report at https://github.com/mentebinaria/readpe/issues

SEE ALSO

ofs2rva(1), pehash(1), peldd(1), pepack(1), peres(1), pescan(1), pesec(1), pestr(1), readpe(1), rva2ofs(1)

COPYRIGHT

Copyright (C) 2012 - 2020 pev authors. License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.txt>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.