PE bear A Portable Executable Reversing Software

Pe-bear Reverse Engineering Software
Pe-bear Reverse Engineering Software

PE-bear is a multiplatform reversing (reverse engineering) software for PE files with friendly GUI.

Its objective is to deliver fast and flexible “first view” for malware analysts, stable and capable to handle malformed PE files.


Fresh test builds (ahead of the official release) can be downloaded from the AppVeyor build server. They are created on each commit to the main branch. You can download them by clicking on the build version, then choosing the tab Artifacts. WARNING: those builds may be unstable.

An archive of old releases is available here:

Feature and Details

  • handles PE32 and PE64
  • views multiple files in parallel
  • recognizes known packers (by signatures)
  • fast disassembler – starting from any chosen RVA/File offset
  • visualization of sections layout
  • selective comparing of two chosen PE files with reversing
  • adding new elements (sections, imports)

How to build

pebear_demo reversing test
pebear_demo test


  • git
  • cmake
  • Qt5 (optionally Qt4)
  • bearparser (submodule of the current repository)
  • capstone (submodule of the current repository)
  • Clone

Use recursive clone to get the repo together with submodules:

git clone --recursive

Building on Windows

Use CMake to generate a Visual Studio project. Open in Visual Studio and build.

Also See: Reverse Engineering Tools List

Building on Linux and MacOS

To build it on Linux or MacOS you can use the given scripts:

  • – default, builds with Qt5
  • – builds with Qt5
  • – builds with Qt4

To generate the .app bundle on MacOS you can use:


What you build in new version 0.6.5

  • fixed crashing on opening of the DiffWindow after PE was resized
  • fixed signatures matching ( Issue #18 )
  • parse Debug Directory as an array of entries ( Issue #15 )
  • fixed parsing PE files with atypical section alignment ( Issue #11)
  • fixed modifying data in Bound Imports Directory
  • fixed modifying export name

New Features Update

  • updated Capstone (switched to the active branch next )
  • added a wizard for adding imports ( Issue #16 )
  • added undo for resize operations
  • show all the matched signatures in the General Panel (not only one of them)
  • load signatures from the current directory, as well as from User Data Directory (UDD)
  • added filtering to signatures listing window
  • allow to export disassembly of the section into a file ( Issue #14 )
  • allow to dump sections, or export disassembly from all opened files at once
  • show info about the atypical PE features as a tool-tip in a tree view

Download PE-bear

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Previous Article
Mac laptop

Is It Possible to Hack Your Laptop Camera?

Next Article
Side-Channel Attack

What is A Side-Channel Attack?

Related Posts