README.md 990 Bytes
Newer Older
Felix Bilstein's avatar
.  
Felix Bilstein committed
1 2
"""
____      _             ____                        
Felix Bilstein's avatar
.  
Felix Bilstein committed
3 4 5 6 7
|  _ \ ___| |_ _ __ ___ |  _ \ _   _ _ __ ___  _ __  
| |_) / _ \ __| '__/ _ \| | | | | | | '_ ` _ \| '_ \ 
|  _ <  __/ |_| | | (_) | |_| | |_| | | | | | | |_) |
|_| \_\___|\__|_|  \___/|____/ \__,_|_| |_| |_| .__/ 
                                              |_|    
Felix Bilstein's avatar
.  
Felix Bilstein committed
8
"""
Felix Bilstein's avatar
.  
Felix Bilstein committed
9 10 11 12 13
This project is useful if you want to dump very easy and fast some processes and their Virtual Process Memory
Good for reversing software/malware, but if you want to do serious business you may want to stick with Rekall-Framework

### ToDo ###

Felix Bilstein's avatar
.  
Felix Bilstein committed
14 15
- Build a new tool that works on a Windows which is not abandoned
- Create a new Import Table for the dumped PE-File (like Scylla)
Felix Bilstein's avatar
.  
Felix Bilstein committed
16 17 18 19 20 21 22

### WorkFlow ###

- InfoPE.py is a generally PE-File Reading Tool
- dump.py is used for dumping processes
- FixPE.py is able to overwrite the section table.
Useful for working with IDA Pro or others. Remapping the binary file would cause confusion to the tools.