README.md 1.07 KB
Newer Older
Felix Bilstein's avatar
.  
Felix Bilstein committed
1
```
Felix Bilstein's avatar
.  
Felix Bilstein committed
2
 ____      _             ____                        
Felix Bilstein's avatar
.  
Felix Bilstein committed
3 4 5 6 7 8
|  _ \ ___| |_ _ __ ___ |  _ \ _   _ _ __ ___  _ __  
| |_) / _ \ __| '__/ _ \| | | | | | | '_ ` _ \| '_ \ 
|  _ <  __/ |_| | | (_) | |_| | |_| | | | | | | |_) |
|_| \_\___|\__|_|  \___/|____/ \__,_|_| |_| |_| .__/ 
                                              |_|    
```
Felix Bilstein's avatar
.  
Felix Bilstein committed
9

Felix Bilstein's avatar
.  
Felix Bilstein committed
10
This project is useful if you want to dump very easy and fast some processes and their Virtual Process Memory
Felix Bilstein's avatar
.  
Felix Bilstein committed
11 12 13
Good for reversing software/malware, but if you want to do serious business you may want to stick with Rekall-Framework.

Created was the project as a part of the Bachelor studies at the University in Bonn, Germany.
Felix Bilstein's avatar
.  
Felix Bilstein committed
14 15 16

### ToDo ###

Felix Bilstein's avatar
.  
Felix Bilstein committed
17 18
- Build a new tool that works on a Windows which is not abandoned
- Create a new Import Table for the dumped PE-File (like Scylla)
Felix Bilstein's avatar
.  
Felix Bilstein committed
19 20 21 22 23 24 25

### WorkFlow ###

- InfoPE.py is a generally PE-File Reading Tool
- dump.py is used for dumping processes
- FixPE.py is able to overwrite the section table.
Useful for working with IDA Pro or others. Remapping the binary file would cause confusion to the tools.