PE Explorer download PE Explorer header
Heaventools

overview    news    downloads    purchase    f.a.q.    support    partners    about us   

FREQUENTLY ASKED QUESTIONS  

 

Click here for Resource Editor for Visual Basic Localization screenshots

LEARN MORE ABOUT
PE EXPLORER

Resource Editor
XP Manifest Wizard
Section Editor
File Repair
Easy Disassembler
Plug-ins
Exports Viewer
Syntax Lookup
Dependency Scanner
Unmangle Feature
User Testimonials

STAY UP-TO-DATE!

See what's new
in version 1.99

TRY IT NOW!

Download a 30 day
trial version

BUY IT ON-LINE!

Ordering information

FEEDBACK

Your comments are
welcome!

RECOMMEND US!

Like this tool?
Tell a friend!
Find your answer

Q: What is a PE file... Am I likely to have one on my PC? And if so would I want to explore it?
A: "PE" stands for "portable executable". The term "Portable Executable" was chosen because the intent was to have a common file format for all flavors of Windows, on all supported CPUs. A PE file is a 32 bit executable developed by Microsoft for NT (and W9x). The other notable executable types that run on MS platforms are "MZ" (DOS), "NE" and "LE" - but those formats are obsolete (but they will still run). Open an exe file in a hex editor or binary viewer and the first two values in the file will be 'MZ' - yes the DOS header is still there. Scan down 128 bytes and you should find the values 'PE' - this is where the PE format takes over. (For greater detail download PE Explorer and consult the help file.)

Not all PE files have the 'exe' extension. Other notable PE files have the extensions "dll", "scr", "sys", "cpl" and "ocx", and even "msstyles" featured in Windows XP. Also note that not all PE files will run on their own - dll's for example. PE files that run on their own include exe, scr and cpl.

More detailed information can be found in the Microsoft Developer Journal article, February 2002: An In-Depth Look into the Win32 Portable Executable File Format by Matt Pietrek.

Q: Is this a developer tool, or is this something a general computer user would use to fix broken applications?
A: Both. Using PE Explorer assumes some basic knowledge of the internal structures of PE files. However, anyone can play with the file resources and learn a lot from it. Learn more from User testimonials.

Q: How does PE Explorer compare to competing technologies?
A: PE Explorer is the only product in its class, and cannot be reasonably compared to other development tools. Most developers already have utilities that overlap in functionality with PE Explorer, but this one is developing into a sort of multiple-use tool.

Q: Will the PE Explorer work with NE and other 16-bit files?
A: No. The NE format is obsolete.

Q: I got an immediate error of something like "Incompatible" and "of type NE". What is a "NE" type file?
A: A NE (or "new executable") file is a 16-bit application intended to run on Windows® 3.xx.

Q: If PE Explorer doesn't work on NE type files, do you have a product that does?
A: No. At any rate, knowledge of 16-bit format makes less sense especially since the 64 bit processors have hit the market.

Q: I got an error of something like "This file is likely damaged, packed or compressed". What can I do?
A: Nothing. This is not viewed as a bug. We are not going to defeat the security attempts of other software authors. PE Explorer unpacks only files compressed with UPX using the Plug-In subsystem.

Q: What are packers?
A: Packers are utilities that compress Windows portable executables (EXE, DLL, etc) significantly while leaving them 100% functional. Most of them encrypt data and resources and protect exe files from reverse engineering.

Q: Is true decompilation possible?
A: No, of course not. Fully automated decompilation is not possible - no decompiler could exactly reproduce the original source code.

Well, we hate to burst your illusions but PE Explorer does not decompile code. It disassembles code, which is the task of converting machine code into assembler, but it does not generate C or C++ code from the disassembled output. Which is a task of great difficulty.

Q: It spits the results out in assembly format, which I don't understand at all. Do you have other products/plug-ins that can spit it out in English?
A: Obviously, source language syntax no longer exists in the executable. It would be very difficult for a decompiler to interpret the series of machine language instructions (ASM) that exist in an executable file and decide what the original source instruction was.

Q: I have just run the disasembler on an exe file and want to change some code in it. But how do I put it back into an aplication format like it was?
A: Results generated by the PE Explorer disassembler are for comparison purposes only. The generated output can not be recompiled as is and has not been optimized for memory and processor usage.

Q: Why couldn't be the disassembler slightly more usable (a list of API functions, support for .pdb and .dbg files, etc)?
A: It will be - in future versions. The "what-to-do" list is mile long and seems to be endless.

Q: What are the benefits of the disassembler if all it gives you just an unreadable assembly format?
A: The disassembly listing uses Intel mnemonics. A familiarity with Intel mnemonics helps with reading the listings. A solid grasp of the PE file format also helps. A description of the format can be found in the PE Explorer help. PE Explorer unfolds each header, section and table found in the current pe file to reveal the values stored inside those structures.

The PE Explorer disassembler provides addititional processing for the section header data of a PE file. The disassembler translates the binary machine language digits that form the PE file into assembly language instructions and displays the results as a best approximation of how the original instructions might have appeared to the person who wrote them. The interpretation introduces imprecision just as a letter written in English then translated into Russian and then translated back into English might contain errors.

The PE Explorer disassembler handles common variants by default and can be set to handle uncommon variants as well. The benefit of having the disassembly listing is proportional to one's grasp of assembly language.

A description of Intel mnemonics, cpu architectures and assembly language in general can be found elsewhere: www.intel.com

Q: Why not include the declaration syntax for Visual Basic, too?
A: Just a question of time. You might want to help us: just send us a dozen of VB library descriptions that follow the VB declaration syntax and use data types appropriate to VB.

Q: What about a command line version?
A: Maybe later. At least, we were thinking of a command line version of the resource editor.

Q: How can I write my own custom plug-in for PE Explorer?
A: See the PE Explorer help for the plug-in API.   More on plug-ins...

 

Should you have any questions, please don't hesitate to use our Feedback Form. We appreciate all of your comments and feedback, anything you can share.

 

  

[overview]   [news]   [screenshots]   [downloads]   [purchase]   [f.a.q.]    [support]    [sitemap]
 
 
Copyright © 2000-2008 Heaventools Software. All rights reserved.
Privacy Policy | Terms of Use | Contact us
Get your free 30-day trial!