An interactive web-based toolkit designed to bridge the gap between theoretical documentation and practical analysis of binary formats and system memory layouts.
This tool serves as an interactive visual map of a Windows PE file's exact byte structure — showing both how it's laid out on disk and how that layout maps into memory once loaded. It is designed specifically for malware analysts, reverse engineers, and cybersecurity students.
To keep the toolkit lightweight and 100% offline-ready, it is distributed as standalone HTML files separated by language. No installation, no internet connection, and no external dependencies required — even the fonts are bundled directly into the file.
- Interactive Byte & Position Mapping
Click on any structural member to instantly highlight its corresponding bytes in the hex view while simultaneously revealing its exact location and offset within the header hierarchy. - Header Hierarchy & Interconnectedness
Visually demonstrates how PE headers are sequenced and interconnected, helping users understand the relationships and pointers between various structural elements. - Air-Gapped Sandbox Friendly
Perfect for isolated malware analysis environments. Just drop the single HTML file into any browser.
Select and download the standalone version that fits your language preference inside the PE-Format directory:
📂 interactive-binary-structures
└── 📂 PE-Format
├── 📄 pe-explorer_EN.html <-- English Version (Default)
└── 📄 pe-explorer_CS.html <-- Czech Version (Čeština)
The official release, detailed background, and technical insights behind this tool are published on my blog.
👉 Read the full article and download the tools on Proteqtum's Blog (also available in Czech)
Contributions, bug reports, and feature suggestions are welcome! If you want to help translate the tool's built-in language file (the I18N object) into another language (such as German), feel free to open a Pull Request or submit an Issue.
Developed by Proteqtum.