icchy
commented
6 years ago Hello patrafter1999,
Thank you for your comment! First this project is under development, so I am not sure the tracecorn will be able to analyze real-world malware.
Of course you can import your DLLs by adding dll path to unitracer.Windows.dll_path (list object).
Just create directory dll and add following code to your script:
uni = unitracer.Windows()
...
# add search path for dll
uni.dll_path.insert(0, "dll")
Hi icchy,
Thanks a lot for your great work here. I'm quite interested in this project and I tried a locky ransomware sample, and came across an error:
File "/tracecorn/example.py", line 17, in
uni.load_pe('./samples/locky/_00B10000.mem')
File "/tracecorn/unitracer/windows.py", line 370, in load_pe
self._init_ldr(dlls, exe_ldr)
File "/tracecorn/unitracer/windows.py", line 157, in _init_ldr
raise IOError, "{} does not exist".format(dll)
IOError: MPR.dll does not exist
The sample has the following DLLs imported:
['MPR.dll', 'urlmon.dll', 'WININET.dll', 'GDI32.dll', 'SHELL32.dll', 'KERNEL32.dll', 'NETAPI32.dll', 'ADVAPI32.dll', 'USER32.dll']
Could you give me some instructions on how to add DLLs. It seems like the project has 3 DLLs imported by default (kernel32, advapi32, urlmon).
Thanks!