ProcessMemoryPE.get_fixed_pe() method

CERT-Polska / malduck

:duck: Malduck is your ducky companion in malware analysis journeys

GNU General Public License v3.0

318 stars 30 forks source link

ProcessMemoryPE.get_fixed_pe() method #106

Closed psrok1 closed 1 year ago

psrok1 commented 1 year ago

Method that returns buffer with fixed PE (fixed sections when image=False and same buffer if image=True as we assume that procmem internal buffer is already a correct PE file in that case)

It is needed when we need to pass dump to another library that accepts PE file contents as an input.

psrok1 commented 1 year ago

Well, actually I found that we have already that method. It's procmempe.store(). I guess the naming isn't best.