Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   9211 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PEDIS(1)							      PEDIS(1)

NAME
       pedis - disassemble PE sections and functions

SYNOPSIS
       pedis [OPTIONS]...  pefile

DESCRIPTION
       pedis  is a PE disassembler using libudis86 library. It can disassembly
       entire sections, functions or any file position you want.  It's part of
       pev, the PE file analysis toolkit.

       pefile is a PE32/PE32+ executable or dynamic linked library file.

OPTIONS
       --att  set AT&T assembly syntax (default is Intel).

       -e, --entrypoint
	      disassembly  at  PE entrypoint (EP), until RET/LEAVE instruction
	      appears.

       -f, --format <text|csv|xml|html>
	      change output format (default is text).

       -m, --mode <16|32|64>
	      set disassembly mode to 16, 32 or 64-bits (default: auto).

       -i <number>
	      number of instructions to disassemble.

       -n <number>
	      number of bytes (lenght) to disassemble.

       -o, --offset <offset>
	      disassemble at specified offset, either in decimal or  hexadeci‐
	      mal format (prefixed with 0x).

       -r, --rva <rva>
	      disassemble  at  specified RVA, either in decimal or hexadecimal
	      format (prefixed with 0x).

       -s, --section <name>
	      disassemble specific PE section.

       -V, --version
	      show program version and exit.

       --help show help.

EXAMPLES
       Disassemble at RVA 0x4c4df of putty.exe:

	      $ pedis -r 0x4c4df putty.exe

       Disassembly the entrypoint of a 64-bit PE32+ wordpad.exe:

	      $ pedis -m 64 --entrypoint putty.exe

       Disassembly in 16-bits mode, starting from offset  0x40,	 32  bytes  of
       code from game.exe:

	      $ pedis -m 16 -o 0x40 -n 32 game.exe

REPORTING BUGS
       Please,	 check	 the   latest	development   code   and   report   at
       https://github.com/merces/pev/issues

COPYRIGHT
       Copyright © 2017 pev authors. License GPLv2+:  GNU  GPL	version	 2  or
       later  <https://www.gnu.org/licenses/gpl-2.0.txt>.   This is free soft‐
       ware: you are free to change and redistribute it. There is NO WARRANTY,
       to the extent permitted by law.

								      PEDIS(1)

Vote for polarhome