README.txt 1.41 KB
Newer Older
Felix Bilstein's avatar
Felix Bilstein committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
 ____      _             ____                        
|  _ \ ___| |_ _ __ ___ |  _ \ _   _ _ __ ___  _ __  
| |_) / _ \ __| '__/ _ \| | | | | | | '_ ` _ \| '_ \ 
|  _ <  __/ |_| | | (_) | |_| | |_| | | | | | | |_) |
|_| \_\___|\__|_|  \___/|____/ \__,_|_| |_| |_| .__/ 
                                              |_|    

=== Malware Dumping Toolkit 0.1 beta ===

Ingredients:

-> dump.py:	The Tool you will use to dump the memory of a process. Run dump.py to start the assistance mode.
-> FixPE.py:	You will use this script to fix the PE Header from your dump.
-> InfoPE.py:	This will write a txt file with all informations you can gather from the PE File.


--- dump.py ---

Just run dump.py in the directory, usage is really simple. You need to install the following libraries:

psutil
https://pypi.python.org/pypi/psutil/

pymdmp
https://code.google.com/p/mdmp/wiki/pymdmp


--- FixPE.py ---

Run the script with 1 argument containing the file you want to fix. We will create a new file (same filename, appended '.patched'), you do not have to bother about backups.

You need to install the library pefile:
https://pypi.python.org/pypi/pefile


--- InfoPE.py ---

Run the script with the PE file as argument you want to scan. We will create a file with the same name appending '.PEinfo.txt' where you can read the output.

You need to install the library pefile:
https://pypi.python.org/pypi/pefile


=== Contact ===

fxb@cocacoding.com