Skip to content
/ unmapper Public

Unmap sections mapped in memory in the memory dump of a PE.

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

limbernie/unmapper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
README.md
README.md
 
 
unmapper.py
unmapper.py
 
 

Repository files navigation

Unmapper

Unmap sections mapped in memory in the memory dump of a PE using pefile.

Rationale

One of the key steps of unpacking malware (also known as self-injection malware) is the dumping of a region of memory. Often, this dumped region of memory (or memory dump) is mapped in memory by the loader. To design and implement a generic unpacker that scales, one key consideration is to be able to fix or unmap that memory dump.

I also want to study the PE format in depth.

Usage

python unmapper.py --help
usage: unmapper.py [-h] [-b BASE] [-o OUT] [-p PATH | -v] [--backup]

Unmap sections mapped in memory in the memory dump of a PE.

options:
  -h, --help            show this help message and exit
  -b BASE, --base BASE  base address in decimal or hexadecimal with '0x' prefix
  -o OUT, --out OUT     unmapped PE file name
  -p PATH, --path PATH  path to memory dump
  -v, --version         show program's version number and exit
  --backup              back up memory dump

About

Unmap sections mapped in memory in the memory dump of a PE.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages