Home of Qiew - Reverse engineering tool
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
first_proto
plugins
wiki
.gitignore
Banners.py
BinViewMode.py
DataModel.py
DisasmViewMode.py
FileFormat.py
HexViewMode.py
LICENSE
README
README.md
TextDecorators.py
TextSelection.py
UnpackPlugin.py
ViewMode.py
annotation.ui
buildsetup.py
cemu.py
dropper.ui
qiew.py
requirements.txt
search.ui
unpack.ui

README.md

Qiew - Hex/File format viewer

Portable Executable (PE) file viewer

Designed to be useful for reverse engineering malware.

features:

  • highlights strings/calls/mz-pe very useful in malware analysis.
  • PE info, able to jump to sections, entry point, overlay, etc.
  • disassembler + referenced strings, API calls
  • "highlight all" for current text selection.

see wiki for key functions

This program is licensed under GPLv2.

Releases/Binaries

Binaries available for Windows AMD64, built with cx_Freeze

Installation from sources

Install Terminus font, for Windows users download from here. For Debian/Ubuntu users: sudo apt-get install xfonts-terminus

If you have a C compiler run

pip install -r requirements.txt

Otherwise run

pip install yapsy pefile pyperclip pyaes ply pyelftools androguard PyQt5

and manually install Capstone.

If you develop in a virtualenv on Windows, you need to copy the python3.dll to your virtual env, as only python36.dll is copied automatically.

Available plugins

  • PE

  • bootsector

  • ELF

  • APK

Binary view mode

binview

Hex view mode

hexview

Disassembly view mode

disasmview disasmview

Powered by: Python3, Qt5, Terminus font, pefile, Capstone

see wiki