Adlice PEViewer is a free tool for displaying the innards of EXE files, both as disk and memory images.

The results can help you troubleshoot programs, see the modules they're loading, the resources they need, and perhaps identify malware that your regular antivirus program has missed.

Launch PeViewer(confusingly called RogueKillerPE in its shortcut) and you're able to open an EXE directly, or click "Load Processes" to view your running processes, and choose the target from a list.

PEViewer quickly analyses your processes, and organises its reports over multiple tabs.

Basic details on offer include a process launch time; its parent process (whatever launched it) and command line; whether it's 32 or 64-bit; its VirusTotal score; possible indications of file safety or malware (it's digitally signed, or uses a packer).

The program can also detect and display text strings within the image, including file names, Registry keys, URLs and more.

Experts can go much further, with a hex viewer, disassembler, PE viewer, resource viewer and more.

Please note, this is the free version of a commercial product, and although it's very usable you do get occasional nag screens.

Version 1.24.0:

- Fixed shell extension


Pluses: Adlice PEViewer looks good, offers lots of reporting functionality, and can analyse running processes as well as disk images.

Negatives: not everything works as you'd expect. We found many strings were displayed with their first character missing (ttp://www.something...), which meant they weren't classified correctly (a "ttp://" string wouldn't appear in the URL tab.)

Overall, the program needs work, but try it anyway-- there's more than enough power here to be useful.