README.md 1.19 KB
Newer Older
Felix Bilstein's avatar
.  
Felix Bilstein committed
1
```
Felix Bilstein's avatar
.  
Felix Bilstein committed
2
 ____      _             ____                        
Felix Bilstein's avatar
.  
Felix Bilstein committed
3 4 5 6 7 8
|  _ \ ___| |_ _ __ ___ |  _ \ _   _ _ __ ___  _ __  
| |_) / _ \ __| '__/ _ \| | | | | | | '_ ` _ \| '_ \ 
|  _ <  __/ |_| | | (_) | |_| | |_| | | | | | | |_) |
|_| \_\___|\__|_|  \___/|____/ \__,_|_| |_| |_| .__/ 
                                              |_|    
```
Felix Bilstein's avatar
.  
Felix Bilstein committed
9

Felix Bilstein's avatar
.  
Felix Bilstein committed
10
This project is useful if you want to dump very easy and fast some processes and their Virtual Process Memory.
Felix Bilstein's avatar
.  
Felix Bilstein committed
11 12 13
Good for reversing software/malware, but if you want to do serious business you may want to stick with Rekall-Framework.

Created was the project as a part of the Bachelor studies at the University in Bonn, Germany.
Felix Bilstein's avatar
.  
Felix Bilstein committed
14
Some code fragments (marked in the source) are from Daniel Plohmann, who was leader of the event (Malware Bootcamp).
Felix Bilstein's avatar
.  
Felix Bilstein committed
15 16 17

### ToDo ###

Felix Bilstein's avatar
.  
Felix Bilstein committed
18 19
- Build a new tool that works on a Windows which is not abandoned
- Create a new Import Table for the dumped PE-File (like Scylla)
Felix Bilstein's avatar
.  
Felix Bilstein committed
20 21 22 23 24 25

### WorkFlow ###

- InfoPE.py is a generally PE-File Reading Tool
- dump.py is used for dumping processes
- FixPE.py is able to overwrite the section table.
Felix Bilstein's avatar
.  
Felix Bilstein committed
26
Useful for working with IDA Pro or others. No remapping of the binary file could lead to confusion of those tools.