Skip to content

nchgroup/dllview

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

dllview

A command-line tool to inspect Windows PE files (.exe, .dll): imports, exports, sections, and PE header metadata.

Build

git clone https://github.com/nchgroup/dllview.git
cd dllview
go build .

Usage

dllview -f <file.exe>   # inspect a local PE file
dllview -u <url>        # inspect a PE file from a URL (loaded in memory, not saved to disk)

Help

$ ./dllview -h
Usage of ./dllview:
  -exports
        Show exported symbols
  -f string
        Path to a local PE file
  -filter string
        Filter imports by DLL name (case-insensitive substring)
  -info
        Show PE header info (arch, timestamp, subsystem)
  -search string
        Regex to search DLL/function names; output: dllname.function
  -sections
        Show PE sections
  -u string
        URL of a PE file (loaded into memory, not saved to disk)

Examples

# Local file — show all imports
dllview -f connect.exe

# Show PE header info and sections
dllview -f connect.exe -info -sections

# Show exported symbols (useful for DLLs)
dllview -f sample.dll -exports

# Filter imports by DLL name
dllview -f connect.exe -filter ws2_32

# Search across all DLL/function names with regex (case-insensitive)
dllview -f connect.exe -search createthread
dllview -f connect.exe -search "^Virtual"
dllview -f connect.exe -search "ws2_32|winhttp"

# Remote file
dllview -u https://example.com/sample.exe -info -search connect

Output — imports

=== Imports ===
! Imported DLL: kernel32.dll
	 + GetModuleHandleW
	 + ExitProcess
	 + ...
! Imported DLL: ws2_32.dll
	 + WSAStartup
	 + connect
	 + ...

Output — -info

=== PE Info ===
Machine:    AMD64 (x86-64)
Timestamp:  2025-01-15T10:22:01Z
Sections:   6
Flags:      EXECUTABLE
Subsystem:  Windows CUI (console)
ImageBase:  0x0000000140000000
EntryPoint: 0x00012345

Output — -sections

=== Sections ===
Name          VirtSize      RawSize       Flags
.text         0x1A200       0x1A400       CODE|EXEC|READ
.rdata        0x8F10        0x9000        IDATA|READ
.data         0x1200        0x400         UDATA|READ|WRITE

Requirements

  • Go 1.16+
  • No external dependencies (uses Go standard library only)

PoC

import pefile
import sys


def get_imports(file_path):
    pe = pefile.PE(file_path)
    if hasattr(pe, "DIRECTORY_ENTRY_IMPORT"):
        for entry in pe.DIRECTORY_ENTRY_IMPORT:
            print("! DLL Importada:", entry.dll.decode("utf-8"))
            for imp in entry.imports:
                print("\t +", imp.name.decode("utf-8"))


file_path = sys.argv[1]
get_imports(file_path)

About

A command-line tool to inspect Windows PE files (.exe, .dll): imports, exports, sections, and PE header metadata.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages