Skip to content
/ PEEntropy Public

Visualize PE section entropy for malware and binary analysis.

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

VeryCuteLookingCat/PEEntropy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
ImGui Standalone
ImGui Standalone
 
 
Images
Images
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
PEEntropy.sln
PEEntropy.sln
 
 
README.md
README.md
 
 

Repository files navigation

PE Entropy

License

A PE file entropy visualization tool for Windows, designed for malware analysts, reverse engineers, and anyone who wants an intuitive look at entropy patterns in binaries.

Built using ImGui with the DirectX 11 backend.

Features

  • PE section scanning – automatically detects and lists all sections.
  • Per-block entropy analysis – configurable block sizes for fine → coarse inspection.
  • All-sections mode – visualize entropy across the entire binary in a single graph.
  • Interactive entropy graph
    • Hover blocks to inspect RVA, VA, entropy, and size
    • Click blocks to lock selection
  • Copy-paste ready addresses
    • Displays IDA/Ghidra-ready RVA and VA
    • One-click selection → paste → jump to code/data instantly
  • Dark / Light theme toggle
  • Optional console output for debugging and scan logs

Visual Studio Runtime Required

Why This Tool Exists

Entropy alone is not useful unless you can act on it.

This tool is designed to:

  • Quickly locate packed payloads, encrypted blobs, and shellcode
  • Provide precise RVAs and VAs you can jump to immediately in:
    • IDA
    • Ghidra
  • Reduce time wasted manually correlating entropy spikes with disassembly

The goal is shortening the distance between:

“This looks interesting”“I’m reversing it.”

Screenshots

Menu

Getting Started

  1. Build the project using Visual Studio or your preferred IDE.
  2. Run EntropyTool.exe.
  3. Use the toolbar to select a PE file and scan its sections.
  4. Hover over the entropy graph to inspect individual blocks.

Usage Tips

  • Block size: Smaller blocks = finer resolution; larger blocks = smoother graph.
  • All sections: Select “All Sections” at the top of the section list to visualize total entropy.
  • Console output: Enable the console via the toolbar for debugging.

Credits

  • Base ImGui integration inspired by adamhlt/ImGui-Standalone – thank you for providing a minimal ImGui foundation!
  • Graphs made with epezent/implot - thank you for providing necessary libraries!

License

This project is licensed under the GPLv3 License – see LICENSE for details.

About

Visualize PE section entropy for malware and binary analysis.

Topics

windows entropy reverse-engineering malware-analysis binary-analysis pe-file

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

PE Entropy - v1 Latest
Jan 14, 2026

Packages

No packages published

Languages