pestudio v8.60 Updated

billon on 21 May 2017
  • 3MB (uncompressed)
  • Released on 20 May 2017
  • Suggested by joby_toss

pestudio shows details about applications and other system files (.exe, .dll, .cpl, ocx, .ax, .sys, etc.) without starting them including:

  • Libraries that are used by an application
  • Functions that are imported by an application
  • Functions (also anonymous) that are exported by an application
  • All functions that are forwarded to other libraries
  • Obsolete Functions that are exported and imported by an application
  • If Data Execution Prevention (DEP) Windows security mechanism is used
  • If Address Space Layout Randomization (ASLR) Windows security mechanism is used
  • If Windows security mechanism Structured Exception Handling (SEH) is used
  • Whether some sections are compressed

pestudio standard lacks some features of pro version, see comparison here (PDF file!).

Category:
System Requirements: Win2K / WinXP / Vista / Win7 / Win8 / Win10
Writes settings to: None
Stealth: ? Yes
Unicode support: Yes
License: Freeware
How to extract: Download the ZIP package and extract to a folder of your choice. Delete AddToShell.reg and RemoveFromShell.reg. Launch pestudio.exe.
Similar/alternative apps: PPEE
What's new? Added:
  • Detection of Control Flow Guard (CFG).
  • Details for Virustotal view.

76 comments on pestudio  The Portable Freeware Collection Latest Entries Feed

Lyx 2010-08-28 15:59

Doesn't launch here. Error-Dialog "The ordinal 7138 could not be located in the dynamic link library mfc90u.dll". This is a plain WinXP SP3 install that was kept very clean. I also tried downloading an mfc90u.dll version from the web and putting it in the app dir - no change.

Too bad, because this app looked VERY interesting.

Lyx 2010-08-28 16:08

P.S.: Apparently, the app will only launch if the MSVC9 update from 2008 is installed. Available here: http://www.microsoft.com/downloads/details.aspx?FamilyID=d5692ce4-adad-4000-abfe-64628a267ef0&displaylang=en

joby_toss 2010-08-28 18:33

Thank you, Lyx! Sorry about that! Noted!

Lyx 2010-08-28 23:34

Cool. Its kinda funny when an app that is about dynamic linking, is affected by DLL-hell :)

marc ochsenmeier 2010-08-29 02:21

Hi guys, sorry about that. I forgot to deliver these MSVC9 redistribuables! Next version will correct this. BTW, this has nothing to do with DLL-hell :-)

Hope you will enjoy the next version.

Lyx 2010-08-30 05:15

It was DLL-hell in my case, because i did already have that library installed - just not in the required version. Such situations were the main reason why MS began to store such libraries no longer centrally in system32, but instead in seperate directories, "to reduce DLL-hell."

Anyways, thank you for this great application. Looking forward to the next version.

mox 2010-08-30 16:42

PeStudio has been Updated to Version 3.15 and now can start without the Visual Studio libraries. I just tried it on a clean Windows XP SP3 box and it runs.

Lyx 2010-08-31 12:08

Feature proposal: Define binary that is to be opened via commandline parameter. That way, one could integrate calling this nice app into filemanagers (i just tried calling it from total commander via pestudio.exe %1, and noticed that this doesn't work).

Emil 2010-09-04 10:28

Opening BitComet.exe it crashes. When it can open BitComet.exe than it crashes at clicking on the Imported Libraries or Imported Functions.
Please help. Thanks

marc ochsenmeier 2010-09-21 08:46

PeStudio is still under development. It will soon provide command line parameters. It will also support more compressed files. Yes PeStudio (still) crashes when inspecting BitComet (which is compressed using PECompat). Thanks for your comments!

Baas 2010-09-21 11:03

@marc ochsenmeier
Thanks for PeStudio. Can you add a changelog with each new version? Cheers.

marc ochsenmeier 2010-09-21 12:11

@Bass Changelog. Of course I can. Cheers.

TT 2010-09-21 13:11

GUI is too large to work with Netbooks (1024x600). Any way to resize it?

marc ochsenmeier 2010-09-21 17:25

This feature it planned, thanks to be patient. At this point, I have set the focus on the programmatic interface (the parser - peparser.dll). The UI, which is 'only' a client application consuming the parser, will be changed in the next...days. Please tell me why you use PeStudio, what kind of features you like...and what you are missing. Thanks.

marc ochsenmeier 2010-09-27 15:53

Version 3.22 has been made available (with a changelog). Logfile is now XML based. Debug info and certificate are detected.

navinbhai 2010-10-03 22:24

What a program! Daily update? Even what is updated is not known.

Andrew Lee 2010-10-18 00:19

@navinbhai: The changelog is located within the app ZIP file. It would be better if the changelog is published on the website instead.

stormal 2010-10-27 13:16

PeStudio ver. 3.34 / Windows 7 x64: PeStudio GUI opens successfully but selected components fail to open.

0_o
~~~

mox 2010-11-05 09:04

PeStudio 3.37 now supports a command line parameter:
e.g. pestudio.exe c:\windows\notepad.exe

mox 2010-11-06 09:58

PeStudio 3.38 now supports command line parameter like: pestudio.exe %1 and pestudio.exe "%1"

Checker 2010-11-07 08:01

@ mox: See "what's new" ;-)

Danny 2010-11-12 15:32

Darn, it still crashes when I try to open MS-DOS files. :P

mox 2010-11-14 17:20

@ Danny: thanks for using PeStudio! Please provide more info - e.g: platform, file analyzed. Thanks. I have just tried PeStudio 3.40 on W7 32-bit, with tree.com.

mox 2010-11-15 08:18

for any question, problem, you can directly mail to me, the developer, at info@winitor.net. Thanks.

Quijote 2011-01-12 22:32

I tried the application with some .exe on Windows Xp and everytime the program has a runtime error...
instead it works perfectly on Windows Vista...

pe00 2011-11-20 10:04

PeStudio 3.47 has been released. It is now faster than ever..

V3.45

pe00 2011-11-20 10:05

Download URL of PeStudio is now www.winitor.com

V3.45

Magibon 2011-11-20 11:46

very cool app.
this looks to be very useful :)

Thanks for the suggestion !

V3.47

pe00 2011-11-22 12:00

PeStudio 3.47 has a bug when filtering the Libraries. This will be corrected very soon. Thanks.

V3.47

pe00 2011-11-30 23:28

PeStudio 3.51 has just been released on www.winitor.com

V3.50

pe00 2011-12-01 08:42

I just noticed that the PeStudio351.zip package is damaged on www.winitor.com! This will be corrected today. The previous version is still available at http://www.winitor.com/tools/PeStudio350.zip

Sorry about this inconvenience!

V3.50

pe00 2011-12-01 08:48

The PeStudio351.zip package is now working!

V3.50

prizm1 2011-12-02 01:37

The download button downloads v3.50 instead of v3.51

V3.51

I am Baas 2011-12-02 04:06

@prizm1
Thank you. Fixed.

V3.51

Ruby 2011-12-07 04:58

Modified Download link to remove version dependency; now points to - Index of /tools - where you can choose the most recent and some previous versions

V3.52

Magibon 2013-04-05 10:15

The developer actually listens to users! You can now dump the reports into XML file :)

Would be nice if we could just highlight, and copy into clipboard... but the XML dump is better than nothing.

Thank you developer.

v6.40

marc ochsenmeier 2013-04-06 15:35

@Magibon: thanks for your input. Highlight and copy to the clipboard are on my todo list. I'll implement these features.

v6.40

marc ochsenmeier 2013-04-06 15:45

Want to be in the loop when an update of PeStudio takes place? Follow me on Twitter! https://twitter.com/ochsenmeier

v6.40

Ascend4nt 2013-04-08 08:45

Win7 x64, this program has never worked for me. I just posted about this prob at http://www.portablefreeware.com/forums/viewtopic.php?p=63325#p63325

v6.50

JayXon 2013-06-14 11:18

There is the permalink to download the latest version. http://www.winitor.com/tools/PeStudio/Current/PeStudio.zip

v6.98

Checker 2013-06-14 16:09

@JayXon: Thanks ... download link changed.

v6.99

Ruby 2013-06-15 19:55

Is that 'Current' permalink to a stable or beta?
The homepage currently has PeStudio 7.00 listed.

PeStudio693.zip 06-Jun-2013 01:48 385K
PeStudio694.zip 06-Jun-2013 12:42 385K
PeStudio695.zip 07-Jun-2013 10:01 386K
PeStudio696.zip 09-Jun-2013 21:07 382K
PeStudio697.zip 11-Jun-2013 09:51 381K
PeStudio698.zip 13-Jun-2013 01:09 382K
PeStudio699.zip 14-Jun-2013 15:28 383K
PeStudio700.zip 15-Jun-2013 11:10 382K

v6.99

marc ochsenmeier 2013-06-17 08:49

@Ruby: the 'Current' directory will always point to the lastest version of PeStudio.

v7.01

bzl333 2013-07-23 19:02

resizable GUI would be feature i'd like.

(trying to run this on a netbook)

v7.03

Ascend4nt 2013-08-01 23:46

Regarding my previous post - it seems there is a registry entry for a Borland Database Engine file, specifically 'idr20009.dll', which wasn't pointing to the right location. I'm not sure if PEStudio loads it or some other driver on my system, but its now working.

v7.30

__philippe 2013-09-03 08:29

PEstudio V741:
The typeface used in the Manifest section looks a tad overblown ...;-)

__philippe

v7.41

__philippe 2013-09-26 13:46

PEstudio V7.52:

The command prompt usage "Pestudio file:-typical.exe" is broken again as of version V7.52.
(It was working fine from V7.31 up to V7.49)

__philippe

v7.52

__philippe 2013-09-30 18:07

PEstudio V7.54:

Two (undocumented but welcome) bug fixes have been applied:

1. Command-prompt usage is functioning correctly again.
2. Silly oversized typeface in Manifest section has been cut back to reasonable size.

@Marc: Pourvu que cela dure, ..;-)...let's keep our fingers crossed !

Cheers,

__philippe

v7.54

Midas 2013-10-09 09:36

Screenshot was outdated; corrected.

v7.60

Magibon 2013-10-28 12:41

@ philippe
really like what you have done to the interface :)

thanks for your efforts.

v7.68

__philippe 2013-10-28 14:35

@ Magibon

Thanks, but...let's render unto Caesar what belongs to Marc Ochsenmeier...;-)
I am only a mere commentator...;-)

Cheers,

__philippe

v7.68

marc ochsenmeier 2013-12-08 18:10

@__philippe:

Thanks for the compliments!

Cheers,
Marc Ochsenmeier

v7.89

Emka 2013-12-14 16:25

v7.93 is out, can't find a changelog

v7.89

guinness 2013-12-14 16:45

Why not just edit the entry?

v7.89

Emka 2013-12-14 16:47

I thought it would have been nicer with a changelog, that's why I first posted a comment.

v7.93

__philippe 2013-12-14 17:08

A ChangeLog.txt file is included within each release of PeStudio, 1st file in the zip package.

v7.93

Special 2014-02-17 13:52

It's at v8.09 as of this writing.

This program is really quite amazing for what it does, I just wish it was easier to make sense of what a lot of what it says, if the dev is reading this, maybe you could add a context menu for google searching things, like right click> google search > kernal32.dll, or wsock32.dll for people wanting to look these things up easier. And would it be possible to have it expand on some of the features it lists, like many programs will say "The Image modifies the Windows registry" but it would be nice what its doing, if possible.

One additional thing I'd like to see is a way for it to remember the window size and location with some sort of setting.ini

v8.08

Checker 2014-02-17 16:19

@ Special: Thanks ... and updated.

v8.09

__philippe 2014-03-24 10:58

PEstudio v8.13:

The command prompt usage "Pestudio file:-typical.exe" is broken again as of version v8.13...:-(
(It was working fine in previous v8.11)

__philippe

v8.13

__philippe 2014-03-28 09:39

Straight from the horse's mouth (Marc's, actually...;-)

PEStudio Version 8.16 (28-MAR-2014)
. Fixed a bug when invoking PeStudio.exe from the prompt with a file

"Tested and Found True" by yours truly...;-)

Cheers,

__philippe

v8.15

billon 2014-07-06 01:21

> ... v8.30

v8.26

Checker 2014-07-06 09:42

@ billon: Thanks ... and updated ;)

v8.30

__philippe 2015-05-04 10:10

PEstudio v8.49 released as of 03-MAY-2015

v8.48

Checker 2015-05-04 19:27

@ __philippe: Thanks ... and updated ;)

v8.49

I am Baas 2015-05-06 04:49

PEstudio v8.50 is available.

v8.49

Checker 2015-05-06 19:38

@ I am Baas: Thanks ... and updated ;)

v8.50

__philippe 2015-08-18 09:42

PEstudio v8.51 released as of 17-AUG-2015

v8.50

Checker 2015-08-18 18:34

@__philippe: Thanks ... and updated ;)

v8.51

__philippe 2016-04-05 09:58

PEstudio v8.52 released as of 04-APR-2016

Changelog:
. Differentiate between standard and professional (pro) versions of pestudio
. Added deletion of overlay
. Added computation of entropy
. Added detection of TLS Callback functions
. Show more details about sections
. Fixed bugs and crash

Unfortunately, the command prompt usage "Pestudio file:-typical.exe" is broken again in this latest version...:-( (It was working fine in previous v8.51)

Marc has been notified.

v8.51

__philippe 2016-05-06 19:22

PEstudio v8.53 released as of 06-MAY-2016

Changelog:

. Added indicators
. Show overlay strings numbers
. Detect duplicated exported symbols
. Enhanced unicode strings detection
. Show strings location map with colors
. Differentiate URLs referenced in the certificate
. Fixed bugs

Thankfully, the command prompt usage "Pestudio file:-typical.exe" is working
again correctly in this latest version...:-)

BTW, the PEstudio.zip file directory structure has been slightly modified;
used to be a flat structure, now includes a \pestudio\xml\ hierarchy.

v8.51

__philippe 2016-05-08 08:21

PEstudio v8.54 released as of 07-MAY-2016

Changelog
. fixed bug with libraries

v8.51

__philippe 2017-02-27 00:07

PEstudio 8.56 released as of 26-FEB-2017

Besides the "New in this Version" changelog entries,
here are some observed cosmetic diffs for selected v8.56 screens compared to v8.55

v8.56 Fields labels Added (A) Renamed(R)

Initial summary screen:
(R) file-version:
(R) file-description:
(A) compiler-stamp:
(A) debugger-stamp:

Dos-Stub screen:
(A) file-ratio

File-Header screen:
(R) compiler-stamp
(R) number-of-symbols

Optional-header screen:
(R) linker version

v8.56

__philippe 2017-04-11 11:20

Pestudio v8.57 (PE link date 09-APR-2017) - Released 10-APR-2017

Changelog :

. Extend translations
. Extend Exports handling
. Extend Imports handling
. Extend signatures
. Clean and Extend indicators
. Show first bytes of entrypoint
. Show first bytes of overlay
. Show dos-stub message

v8.56

__philippe 2017-04-21 18:19

PEstudio v8.58 released 21-APR-2017

Changelog :
• Fixed a crash with some 64bit executables
• Added detection of missing libraries
• Populated status-bar information : (following specifics from my own observations)
  - SHA1 hash value
  - cpu-type
  - file-type
  - subsystem (GUI/Console)
  - entry-point address
  - run-time library signature

v8.57

__philippe 2017-05-01 18:18

PEstudio v8.59 released 01-MAY-2017

Changelog :
• Show first bytes (hex) of resources
• Show first bytes (hex and text) of file
• Handle empty entry-point
• Extended Indicators

v8.58

__philippe 2017-05-21 20:21

PEstudio v8.60 released 20-MAY-2017

Changelog :
. Add detection of Control Flow Guard (CFG)
. Add details for Vir*stotal view

v8.59

Post your comment