https://github.com/willscott/godmpe
Munging of Windows PE files
https://github.com/willscott/godmpe
Last synced: about 1 year ago
JSON representation
Munging of Windows PE files
- Host: GitHub
- URL: https://github.com/willscott/godmpe
- Owner: willscott
- Created: 2019-12-03T03:42:52.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2019-12-04T01:29:36.000Z (over 6 years ago)
- Last Synced: 2025-02-06T10:32:23.769Z (over 1 year ago)
- Language: Go
- Size: 9.77 KB
- Stars: 1
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
GoDmPe
=====
GoDmPe (Pronounced Go Dump PE) is a tool for dumping windbg memory dumps into a Portable Executible (PE) format.
The windbg dump provides regions of virtual address space, but is not structured in a way to be directly analyzable by executible debugging tools.
The program restructures a dump back into the memory space specified in a portable executible format so that standard windows debugging tools can analyze the program.
Usage
----
```
godmpe mem.dmp template.exe out.exe
```
This will take a memory dump (`mem.dmp`) of `template.exe` and apply the runtime setting ofm emory to the memory space specified by `template.exe`, written to `out.exe`.
`out.exe` can then be analyzed by ghidra or IDA.