PESpy

0.1.0

Reverse Engineering toolkit for Microsoft compiler generated files

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PESpy

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PESpy

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2023 lordmilko. All rights reserved.

Package Details

Author(s)

  • lordmilko

Tags

pe pdb portable-executable symbols reverse-engineering dotnet metadata

Cmdlets

Find-PEFile Get-PEExport Get-PEImport Get-PEVftable Get-PEFile Get-PDBSymbol Get-PDBType Get-PDBFile

PSEditions

Desktop Core

Dependencies

This module has no dependencies.

Release Notes

Release Notes: https://github.com/lordmilko/PESpy/releases/tag/v0.1.0

---


PESpy is a C#/PowerShell library for reverse engineering, analyzing and visualizing Microsoft compiler generated file formats.

Given a file, PESpy aims to

* Understand the meaning of *every single byte within that file*
* Support parsing *all known entities*, no matter how obscure
* Minimize abstractions, and mirror native type names wherever possible
* Be highly performant while still being ergonomic. Allocations need be as low as possible!
* Support *all known symbol formats*; COFF, OMF, CodeView, SYM, DBG, PDB files, DNDRB, NB00-NB10, RSDS - if symbols exist, PESpy will read and show them to you
* Unironically provide *information at your fingertips*. The whole entire file hierarchy is exposed via properties; simply open a file, and then poke around in the Locals window
* Support reading PE Files out of a remote debug target where the size of the PE File isn't known upfront
* Provide tools for performing various file operations, including
   * Detecting file types
   * Locating symbol files (no more `symsrv.dll`!)
   * Resolving RPC Servers
   * Manipulating Symbol Keys
   * Parsing vftables
   * Undecorating symbol names
   * Reading and decompressing files contained in Windows installation media
* Be highly NativeAOT friendly

PESpy is capable of interfacing with many different file types, including PE, PDB, OBJ, DOS, NE, LE, DBG, LIB, OMF OMFLIB, OMFDBG and SYM. For more information, please see the project website.

FileList

  • PESpy.nuspec
  • coreclr\System.Threading.Tasks.Extensions.dll
  • PESpy.psd1
  • fullclr\ClrDebug.dll
  • PESpy.Types.ps1xml
  • fullclr\PESpy.dll
  • coreclr\ClrDebug.dll
  • fullclr\PESpy.PowerShell.dll
  • coreclr\PESpy.dll
  • fullclr\System.Buffers.dll
  • coreclr\PESpy.PowerShell.dll
  • fullclr\System.Management.Automation.dll
  • coreclr\System.Buffers.dll
  • fullclr\System.Memory.dll
  • coreclr\System.Management.Automation.dll
  • fullclr\System.Numerics.Vectors.dll
  • coreclr\System.Memory.dll
  • fullclr\System.Runtime.CompilerServices.Unsafe.dll
  • coreclr\System.Numerics.Vectors.dll
  • fullclr\System.Threading.Tasks.Extensions.dll
  • coreclr\System.Runtime.CompilerServices.Unsafe.dll

Version History

Version Downloads Last updated
0.1.0 (current version) 0 5/23/2026