PE File Browser

Ever wondered which DLLs your EXE depends on? Or what technology a given DLL is built with? Is it a native DLL, a .Net DLL, or a .Net Core DLL? If it is .Net technology, which framework does it rely upon?

PE File Browser is a software tool that allows you to view the contents of portable executable files. It’s a PE file viewer for both 32 bit and 64 bit files. All processor architectures are supported, allowing you to examine ARM PE files as well as x86 and x64.

All the information in a PE file is displayed in chunks of related data. Most of these displays relate to specific parts of a PE file. Some of these displays are synthesised to provide you with additional data that is not so readily available from the PE file (for example, the Additional Information, .Net Information and debugging symbols panels).

No more digging around trying to determine if a DLL is built with .Net, and, if so, which version of the CLR is required. That information is displayed in the .Net Information section.

Does the EXE depend on XYZ.DLL? Look at the All Dependent Modules section to find out.

Which functions from the Windows API does the DLL use? Look at the Imported Modules and Functions section to find out.

File Header

This section displays PE file header information.

  • File name
  • PDB name
  • File signature
  • File type
  • Machine type
  • Timestamp
  • Number of symbols
  • Pointer to symbols
  • Number of sections
  • Size of optional header
  • Characteristics

PE File Browser File Header

Optional Header

Information from the PE optional header.

  • Section alignment
  • File alignment
  • OS version
  • Image version
  • Subsystem version
  • Win32 version
  • Size of image
  • Size of headers
  • Subsystem
  • Characteristics
  • Stack size reserve
  • Stack size commit
  • Heap size reserve
  • Heap size commit
  • Loader flags

PE File Browser Optional Header

Optional Header Directories

Information from the PE optional header directories.

  • Export
  • Import
  • Resource
  • Exception
  • Security / Certificate table
  • Base relocation
  • Debug
  • Architecture specific
  • Global pointer
  • Thread local storage
  • Load configuration
  • Bound import
  • Import address table
  • Delay load import table
  • CLR / COM runtime table
  • reserved

For each directory we display

  • Name
  • RVA
  • Address
  • Size

PE File Browser Optional Header Directories

Additional Information

Information about the module entry point and the type of application.

  • Console UI
  • VB6
  • Native module
  • Mixed-mode module
  • Entry point type
  • Module contains code
  • Module contains resources
  • Module only contains resources
  • Uses Win32 service API
  • Uses Visual Leak Detector
  • Uses Address Sanitizer

PE File Browser Additional Information

.Net Information

Information about .Net and the processors this .Net executable will run on.

  • .Net x86 CPU
  • .Net x64 CPU
  • .Net any CPU
  • .Net any CPU 32 bit preferred
  • .Net Core
  • .Net module
  • .Net linked module
  • Native but loads .Net runtime
  • CLR version

PE File Browser .Net Information

.Net Header

Information about .Net Framework and the .Net entry point.

  • Framework version
  • CLR header version
  • Size
  • Flags
  • .Net entry point RVA
  • Metadata
  • Resources
  • Strongname signature
  • Code manager table
  • VTable fixups
  • Export address table jumps
  • Managed native header

PE File Browser .Net Header

.Net MetaData

Information about .Net MetaData.

  • Framework version
  • Metadata version
  • Metadata flags
  • Number of streams

PE File Browser .Net Meta Data

Imported Modules and Functions

The modules the DLL imports and the functions imported from those modules.

PE File Browser Imported Modules And Functions

Delay Loaded Modules

The delay-loaded modules the DLL imports and the functions imported from those modules.

PE File Browser Delay Loaded Modules

All Dependent Modules

All the modules the DLL imports. Any missing DLLs will be displayed in red.

PE File Browser All Dependent Modules

Imported Functions

The functions imported from other DLLs.

PE File Browser Imported Functions

Exported Functions

The exported functions for other DLLs to use.

PE File Browser Exported Functions

Sections / Segments

The sections that are contained within the DLL. For example: data, relocation, resource, code.

  • Segment
  • Name
  • Relocations
  • Line numbers
  • Length
  • Virtual
  • Raw size
  • Characteristics

PE File Browser Sections

Data Bounds

The different readable, readable and writeable, and executable areas in the DLL.

  • Low
  • High
  • Type
  • Initialized
  • Writeable

PE File Browser Data Bounds

Frame Pointer Omission Data

Information about Frame Pointer Omission usage in the DLL.

  • Type. (FPO, Trap, TSS, Non-FPO).
  • RVA
  • Size
  • Locals
  • Params
  • Prolog
  • Registers
  • SEH
  • Uses EBP

PE File Browser FPO Data

x64 Exception Handling Data

Information about the table-based exception handling mechanism used by x64 executables. The data displayed are RUNTIME_FUNCTION data.

This information panel is only displayed for 64 bit executables.

  • Function
  • File name
  • Line number
  • Begin RVA
  • End RVA
  • Unwind RVA
  • Version
  • Flags
  • Prolog
  • Frame register
  • Frame offset
  • Codes
  • Exception RVA

PE File Browser x64 Exception Handling

Version Information

Information from the version resource.

  • Name
  • Value

PE File Browser Version Information


Information from the DLL manifest.

PE File Browser Manifest

Digital Signatures

Information about the digital signatures for the DLL.

  • Name
  • Value

PE File Browser Digital Signatures

Thread Local Storage

Information about thread local storage for the DLL.

  • Name
  • Value
  • Comment

PE File Browser Thread Local Storage


Information about resources stored in the DLL.

  • Name
  • Value

PE File Browser Resources

PDB Symbols

Debugging symbols from the DLL’s PDB file.

  • Name
  • Calling convention
  • Address
  • Size
  • Type
  • Flags
  • Line number
  • File name

PE File Browser PDB Symbols

COFF Symbols

COFF Debugging symbols for the DLL.

  • Name
  • Address
  • Section
  • Type
  • Storage
  • Size
  • Lines
  • File name

PE File Browser COFF Symbols

CodeView Symbols

CodeView Debugging symbols for the DLL.

  • Name
  • Type
  • Address
  • Offset
  • Line number
  • File name

PE File Browser Code View Symbols

STABS Symbols

STABS Debugging symbols for the DLL.

  • Name
  • Address
  • Section
  • Type
  • Storage
  • Size
  • File name

PE File Browser STABS Symbols

Misc Debug Data Symbols

Miscellaneous debug data for the DLL.

  • Name

PE File Browser Misc Debug Data

Fully functional, free for 30 days