What is readpe?

readpe is a tool to display information about PE (Portable Executable) files. It helps you inspect headers, sections, and the functions that a Windows executable or DLL imports/exports.

Quick note: if your cache seems stale (e.g., you see hints like the TLDR page mentioning an update), run tldr —update to refresh cached pages.

Quickstart: display everything for a PE file

Start with the simplest usage to see all information about a file:

readpe /path/to/executable.exe

This prints all available data about the PE file. If you’re just getting started, this is a good sanity check to verify the file is recognized as a PE.

Show all headers

PE files have multiple headers; you can display them all at once:

readpe --all-headers /path/to/executable.exe

Common pitfall: some binaries may be stripped or obfuscated, which can lead to missing or abbreviated header data. If you don’t see expected headers, try a different PE sample or ensure the file isn’t corrupted.

Show all sections

Sections describe the memory layout of the executable:

readpe --all-sections /path/to/executable.exe

If you’re analyzing malware or packed binaries, section names and sizes can be unusual. Treat such results as clues to investigate further rather than definitive classifications.

Display a specific header

If you only need one header (dos, coff, or optional), specify it explicitly:

readpe --header dos /path/to/executable.exe

Other options:

• dos – DOS header
• coff – COFF/PE header
• optional – Optional header

List imported functions

Many Windows binaries import functions from system DLLs. To see them:

readpe --imports /path/to/executable.exe

This is useful for quick capability profiling or dependency checks.

List exported functions

If the PE exports functions (typical for DLLs or executables exposing APIs), use:

readpe --exports /path/to/executable.exe

Exports can reveal the public API surface exposed by the binary.

Practical tips and pitfalls

• Ensure the target file is actually a PE file. Running readpe on non-PE formats will yield errors or misleading output.
• Run readpe on a file you have permission to read; permission issues can show up as unreadable data.
• When debugging suspicious binaries, cross-check imports/exports with known-good samples to spot anomalies.
• If you’re scripting, you can combine readpe with other tools (grep, awk) to extract specific fields from the output.

Quick reference cheatsheet

• All information: readpe /path/to/executable.exe
• All headers: readpe —all-headers /path/to/executable.exe
• All sections: readpe —all-sections /path/to/executable.exe
• Specific header: readpe —header {{dos|coff|optional}} /path/to/executable.exe
• Imports: readpe —imports /path/to/executable.exe
• Exports: readpe —exports /path/to/executable.exe

If you want more details, check the manual page at the link provided by your system’s package or search for readpe on man pages. This tool is typically updated in your package cache, so keeping the cache fresh helps ensure you see the latest options and behavior.

See Also

• utmpdump: Dump and Load utmp/btmp/wtmp
• qm-cleanup: Clean up resources after QEMU/KVM VMs
• ruget: Rust-based wget alternative
• What Can uname do in Linux?
• s: Web search from the terminal
• v: Quickstart and common usage for the V compiler