How to use Peverify.exe (PEVerify tool)?

Question

I saw a couple of post(this post specifically) talking about using peverify.exe to check whether the .net exe(or dll) contains unsafe code. But no matter what I do I keep getting File not found or has bad headers error.

Here are my steps -

Open developer power shell for 2022 - Note I did not change the path to where the exe is.
peverify <complete path of the dll or exe>
Enter

I keep getting File not found or has bad headers error. This should be simple yet there is something I am missing?

Other attempts with different command with same result is as follows

peverify.exe <complete path of the exe/dll> /md /il
Tried running the same in Developer Command Prompt for visual studio 2022

What version of .NET are you targeting? PEVerify is for .NET Framework 4 (and other Windows-specific versions). — Joe Sewell, Jul 13 '23 at 21:35

score 1 · Accepted Answer · answered Jul 13 '23 at 21:52

PEVerify is for the "old" Windows-specific .NET Framework. A newer tool was created for .NET 5+ and .NET Core (although it also works with the old .NET Framework), ILVerify.

To install and run (copying from the README, so this information is here instead of susceptible to link rot):

ILVerify is published as a global tool package. Install it by running:
dotnet tool install --global dotnet-ilverify
Example of use:
C:\test>dotnet ilverify hello.dll -r "c:\Program Files\dotnet\shared\Microsoft.NETCore.App\2.1.12\*.dll"
All Classes and Methods in C:\test\hello.dll Verified.
Note that ILVerify requires all dependencies of assembly that is being verified to be explicitly specified on the command line.

The package itself is dotnet-ilverify on NuGet.org (here).

How to use Peverify.exe (PEVerify tool)?

1 Answers1