PeStudio from Winitor is a free tool that analyzes applications and other files before you run them. It can uncover a wide range of security-related details, such as whether the file in question exports anonymous functions or imports obsolete functions, whether it's compatible with 64-bit operating systems, and much more. It handles a wide range of formats, including EXE, DLL, CPL, OCX, and other program and system files. It doesn't change anything; it simply extracts and displays a wide range of information that will be of great interest to programmers, admins, security providers, and power users.
We extracted the zipped program and saved it to a desktop folder. Since PeStudio is portable freeware, it needs no installation: you can park the executable file anywhere you like, even portable devices and USB drives. The program opened with a simple tabbed, ruled interface that looked more like a properties dialog than a GUI, but PeStudio displays a lot of information in 10 tabs labeled Evidences, File Header, Optional Header, Directories, Sections, Libraries, Imports, Exports, Resources, Manifest, and .NET. Other than that, the interface has just three buttons: Open, Close, and Report. We clicked Open, browsed to an executable file, and selected it. After a brief moment, PeStudio began to populate the first tab, Evidences, with a list view of issues. Checked boxes indicated which of the wide range of potential issues PeStudio detected in the file. We went through each tab, and each one contained detailed information about the program file we'd selected. Clicking Report let us save any tab as an XML file. There are no options or Help file, since neither is needed, and no ads or links to other software; just a simple but useful tool that extracts a wide range of security-related details.
Casual users probably won't get as much out of PeStudio as more-advanced users with knowledge of programming, but it's freely available to anyone who can make use of it, and that's what counts.
PeStudio discovers many security relevant details about any application. The security details may be all libraries that will be needed by an application, all functions that will be used by an application, all functions (also anonymous) that will be published by an application, all functions that will be forwarded to other libraries, all obsolete functions that are exported and imported by an application, whether the Data Execution Prevention (DEP) Windows security mechanism will be used, whether the Address Space Layout Randomization (ASLR) Windows security mechanism will be used, whether a debug file is referenced and its GUID and counter; whether an HTTP, RAS or Socket channel will be opened; whether unused bytes (Caves) are available.