Home of Qiew - Reverse engineering tool
Python
Switch branches/tags
Clone or download
Latest commit 39159bb Jul 2, 2018
Permalink
Failed to load latest commit information.
first_proto PE view: Python 3 conversion in progress. PyQt5 conversion in progress. Jul 16, 2017
plugins Removed unnecessary local import. Jul 1, 2018
wiki changed pics Sep 21, 2015
.gitignore updated Sep 21, 2015
Banners.py PE view: Python 3 conversion in progress. PyQt5 conversion in progress. Jul 16, 2017
BinViewMode.py Function needs a byte, not a char or string Jul 17, 2017
DataModel.py handle PermissionError instead of Exception Jul 21, 2017
DisasmViewMode.py modified text selection height, looks nicer Jul 19, 2017
FileFormat.py Python 3 changes (floordiv instead div, py slot changes) Jul 16, 2017
HexViewMode.py Function needs a byte, not a char or string Jul 17, 2017
LICENSE added GPL license Jul 19, 2015
README readme file Jul 19, 2015
README.md updated Aug 13, 2017
TextDecorators.py PE view: Python 3 conversion in progress. PyQt5 conversion in progress. Jul 16, 2017
TextSelection.py floordiv instead of div Jul 19, 2017
UnpackPlugin.py fixed QValidator. Qt5 has a lot of changed apis :( Jul 21, 2017
ViewMode.py Python 3 conversion. PyQt5 conversion in progress (PyQt5.QtWidgets, u… Jul 16, 2017
annotation.ui added color column for annotation Oct 9, 2015
buildsetup.py modified build script Sep 22, 2015
cemu.py PE view: Python 3 conversion in progress. PyQt5 conversion in progress. Jul 16, 2017
dropper.ui cx_freez setup script. dropper user interface Oct 20, 2014
qiew.py requires py3 Aug 13, 2017
requirements.txt Python 3 conversion. PyQt5 conversion in progress (PyQt5.QtWidgets, u… Jul 16, 2017
search.ui forgot search.ui Jul 20, 2015
unpack.ui added enc/dec files +ui Jul 25, 2015

README.md

Qiew - Hex/File format viewer

Portable Executable (PE) file viewer

Designed to be useful for reverse engineering malware.

features:

  • highlights strings/calls/mz-pe very useful in malware analysis.
  • PE info, able to jump to sections, entry point, overlay, etc.
  • disassembler + referenced strings, API calls
  • "highlight all" for current text selection.

see wiki for key functions

This program is licensed under GPLv2.

Releases/Binaries

Binaries available for Windows AMD64, built with cx_Freeze

Installation from sources

Install Terminus font, for Windows users download from here. For Debian/Ubuntu users: sudo apt-get install xfonts-terminus

If you have a C compiler run

pip install -r requirements.txt

Otherwise run

pip install yapsy pefile pyperclip pyaes ply pyelftools androguard PyQt5

and manually install Capstone.

If you develop in a virtualenv on Windows, you need to copy the python3.dll to your virtual env, as only python36.dll is copied automatically.

Available plugins

  • PE

  • bootsector

  • ELF

  • APK

Binary view mode

binview

Hex view mode

hexview

Disassembly view mode

disasmview disasmview

Powered by: Python3, Qt5, Terminus font, pefile, Capstone

see wiki