Commit a975d51e authored by Felix Bilstein's avatar Felix Bilstein
Browse files

.

parent acfd359a
____ _ ____
| _ \ ___| |_ _ __ ___ | _ \ _ _ _ __ ___ _ __
| |_) / _ \ __| '__/ _ \| | | | | | | '_ ` _ \| '_ \
| _ < __/ |_| | | (_) | |_| | |_| | | | | | | |_) |
|_| \_\___|\__|_| \___/|____/ \__,_|_| |_| |_| .__/
|_|
This project is useful if you want to dump very easy and fast some processes and their Virtual Process Memory
Good for reversing software/malware, but if you want to do serious business you may want to stick with Rekall-Framework
### ToDo ###
Build a new tool that works on a Windows which is not abandoned
Create a new Import Table for the dumped PE-File (like Scylla)
### WorkFlow ###
- InfoPE.py is a generally PE-File Reading Tool
- dump.py is used for dumping processes
- FixPE.py is able to overwrite the section table.
Useful for working with IDA Pro or others. Remapping the binary file would cause confusion to the tools.
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment