Lupo Wiki
Welcome to the lupo wiki!
Download all the DLLs from this repo. You also need all the VC++ dependencies, the easiest way to do that is to install Visual Studio (Community version works) and select all the C++ components.
Once you have downloaded the DLLs, copy them over to the 'winext' folder of the debugger you are using (x86 or x64).
Note: Make sure you download the correct DLL version, x86 is the one for 32-bit WinDbg and x64 is the one for 64-bit WinDbg.
Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x86\winext\
Path: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\winext\
That's it! You are ready to use the tool.
In order to use the tool, you need to start the WinDbg session and then attach the process you are planning to debug. Once that has been done, you can start using the tool by following these steps:
- Load the main extension into the debugger by using this command in WinDbg:
.load lupo
- Check if the extension has loaded as intended by using this command:
.chain
- Click on the extension name to see all the available modules:
- Run any of the modules as a commandline argument:
!lupo.gnet
- The tool should now run and extract IOC based on the module selected.
Once the module is running, the results will be displayed on the screen and also written to a file.
This txt file should have the same info as displayed on the screen.
