Dump-GUY
commented
3 years ago I hope it will help you I think I found where the problem is. If the dll has no name associated with export func like it has only ordinal the method xxx.decode throws an exception and the dll is not processed. As you can see on screenshot attached.
danielplohmann
No matter if I did not use --auto option or if I modified config.py, DatabaseBuilder.py is still skipping some dlls during processing and parsing exports.
Tested on win7 sp1 professional, win10 pro. Python 3.7
I attached a screenshot where i specified option to parse only dll from my directory and you can see that advapi32.dll, iertutil.dll, crypt32.dll etc.. are still not processed... It's an amazing tool but could you please check this issue?