Add entry-point recovery through databases of known entrypoint code hashes

glmcdona / Process-Dump

Windows tool for dumping malware PE files from memory back to disk for analysis.

http://split-code.com/processdump.html

MIT License

1.63k stars 261 forks source link

Add entry-point recovery through databases of known entrypoint code hashes #19

Closed glmcdona closed 4 years ago

glmcdona commented 4 years ago

Adds databases of known entrypoints. During dumping of modules, if the OEP is invalid it will attempt to make a guess as to where the original entry point was using this database.

Standardize line endings in output logs.

Fixes issue #15 and #1.