Provided by: pev_0.81-7_amd64
NAME
pedis - disassemble PE sections and functions
SYNOPSIS
pedis [OPTIONS]... pefile
DESCRIPTION
pedis is a PE disassembler relyng on udis86 library. It can disassembly entire sections, functions or any file position you want. It's part of pev, the PE file analysis toolkit. pefile is a PE32/PE32+ executable or dynamic linked library file.
OPTIONS
--att Set AT&T assembly syntax (default: Intel). -e, --entrypoint Disassemble the entire entrypoint function. -f, --format <text|csv|xml|html> Change output format (default: text). -m, --mode <16|32|64> Disassembly mode (default: auto). -i <number> Number of instructions to disassemble. -n <number> Number of bytes to disassemble. -o, --offset <offset> Disassemble at specified offset, either in decimal or hexadecimal format (prefixed with 0x). -r, --rva <rva> Disassemble at specified RVA, either in decimal or hexadecimal format (prefixed with 0x). -s, --section <name> Disassemble en entire section given. -V, --version Show version. --help Show this help.
EXAMPLES
Disassemble RVA 0x4c4df from putty.exe: $ pedis -r 0x4c4df putty.exe Disassembly the entrypoint of a 64-bit PE32+ wordpad.exe: $ pedis -m 64 --entrypoint putty.exe Disassembly in 16-bits mode, starting from offset 0x40, 32 bytes of code from game.exe: $ pedis -m 16 -o 0x40 -n 32 game.exe
REPORTING BUGS
Please, check the latest development code and report at https://github.com/merces/pev/issues
SEE ALSO
ofs2rva(1), pehash(1), peldd(1), pepack(1), peres(1), pescan(1), pesec(1), pestr(1), readpe(1), rva2ofs(1)
COPYRIGHT
Copyright (C) 2012 - 2020 pev authors. License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.txt>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. PEDIS(1)