PE Header Inspector (Windows EXE and DLL)
Drop in a Windows .exe or .dll to read its Portable Executable header. This tool follows the MZ DOS stub to the PE signature, then reports the CPU architecture, whether it is 32-bit or 64-bit, the subsystem (GUI or console), the section count, the link timestamp, and the decoded characteristics flags. The file is read entirely in your browser and never uploaded.
How to inspect a PE header
- Drag a Windows .exe or .dll onto the box, or click browse to pick one.
- Read the architecture, bitness, subsystem, and section count that appears.
- Check the characteristics flags and link timestamp for build details.
Examples
A 64-bit application
app.exe (a modern Windows program)
x86-64, 64-bit, Windows GUI, EXECUTABLE_IMAGE + LARGE_ADDRESS_AWARE
Frequently asked questions
Is my EXE or DLL uploaded anywhere?
No. The file is read and parsed entirely in your browser using JavaScript. Nothing is sent to a server, so even confidential or unreleased binaries stay on your device.
What is a PE header?
PE stands for Portable Executable, the file format Windows uses for .exe and .dll files. After the legacy MZ DOS stub, an e_lfanew pointer leads to a PE signature followed by the COFF file header (machine type, section count, timestamp, flags) and an optional header that records whether the image is 32-bit (PE32) or 64-bit (PE32+).
How does it tell 32-bit from 64-bit?
It reads the optional header magic word. The value 0x10b marks a PE32 (32-bit) image and 0x20b marks a PE32+ (64-bit) image. The reported architecture comes from the separate COFF machine field, for example 0x14c for x86 or 0x8664 for x86-64.
What is the difference between an EXE and a DLL here?
Both share the PE format. The COFF characteristics word carries a DLL bit (0x2000); when it is set the file is a library, otherwise it is a standalone executable. The tool decodes that bit and shows an EXE or DLL badge.
What does the link timestamp mean?
The COFF header stores a 32-bit timeDateStamp, usually the Unix time when the linker produced the file. The tool shows it as an ISO date. Note that reproducible builds sometimes zero this field or set it to a fixed value, so treat it as a hint rather than proof.
Why does it say the file is not a PE?
It validates the leading MZ bytes and then the PE signature reached through e_lfanew. A file that lacks those, such as a Linux ELF binary, a renamed document, or a truncated download, is rejected because it has no readable PE header.
Related tools
File Type Identifier
Find out what a file really is from its magic bytes, not its extension. Detects images, audio, video, archives, fonts, and more in your browser. Private.
Hex Viewer
View any file as a classic hex dump in your browser: byte offsets, two-digit hex, and an ASCII gutter side by side. Nothing is uploaded. Copy the dump.
Strings Extractor
Extract readable text from any binary file in your browser, like the Unix strings command. See each printable run with its byte offset, set a minimum length.
Base64 File Encoder
Encode any file to Base64 and a data URI in your browser. Drop a file to get the raw Base64 and a ready data: URI to copy. Nothing is uploaded.
CBOR Decoder
Decode a CBOR file (RFC 8949) to readable JSON in your browser. Handles integers, byte strings, arrays, maps, tags, and floats. Nothing is uploaded.
CSV File Inspector
Inspect a CSV file in your browser: detect the delimiter, encoding and BOM, count rows and columns, guess the header, and preview sample rows. Private.