Giter Site home page Giter Site logo

memloader's People

Contributors

romanrusetsky avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

crackercat akpotter actorexpose hugmyndakassi 5l1v3r1 clayne getsync 1f3lse empty2081

memloader's Issues

IDA Pro 7.6 SDK Changes

In the SDK version 7.6 there are some changes, so that it compiles correctly I share my solution.

Scripts & SDK

SDK: renamed confusing inf_is_32bit() -> inf_is_32bit_or_higher(); added inf_is_32bit_exactly(), inf_is_16bit(), inf_get_app_bitness()

in MemoryLoader.cpp:

line 135 change:
else if (inf_is_32bit()) {
to
else if (inf_is_32bit_or_higher()) {

line 148 change:
if (!inf_is_64bit() && !inf_is_32bit()) {
to
if (!inf_is_64bit() && !inf_is_32bit_or_higher()) {

MemZipLoader won't load

Hi, and THANK YOU VERY MUCH for that plugin, I also get annoyed by McAfee whenever reversing binaries, and popping a full VM just to unpack generic malware is annoying.

I downloaded the archive and ran the following script:

Expand-Archive .\BinaryPackage.zip                                           
cp .\BinaryPackage\MemoryLoader.dll 'C:\Program Files\IDA Pro 7.5\'          
cp .\BinaryPackage\MemoryLoader64.dll 'C:\Program Files\IDA Pro 7.5\'        
cp .\BinaryPackage\MemZipLoader.dll 'C:\Program Files\IDA Pro 7.5\loaders\'  
cp .\BinaryPackage\MemZipLoader64.dll 'C:\Program Files\IDA Pro 7.5\loaders\'
cp .\BinaryPackage\UrlLoader.dll 'C:\Program Files\IDA Pro 7.5\loaders\'     
cp .\BinaryPackage\UrlLoader64.dll 'C:\Program Files\IDA Pro 7.5\loaders\'

Integrity check:

gci -r 'C:\Program Files\IDA Pro 7.5\' | ? Name -IMatch "(Memory|URL|MemZip)Loader(64|).dll" | % {Get-FileHash $_.fullname} | select hash, path
PS C:\tmp> gci -r 'C:\Program Files\IDA Pro 7.5\' | ? Name -IMatch "(Memory|URL|MemZip)Loader(64|).dll" | % {Get-FileHash $_.fullname} | select hash, path

Hash                                                             Path
----                                                             ----
4DEC6D0FA09EABBC2358BEDC8B4E239198D78FAF96F4505846061F6CFA0B2DB3 C:\Program Files\IDA Pro 7.5\MemoryLoader.dll
330A217D92D3C1C39E4431C7ABC48D01C69F379960F6902FE36C9BE3C4F528C6 C:\Program Files\IDA Pro 7.5\MemoryLoader64.dll
786BF93D2500B47D3C3C3590EF9ED2AA40AEC2F2B39CC2939DE09B4E70C806A0 C:\Program Files\IDA Pro 7.5\loaders\MemZipLoader.dll
5E3A410ED5D6273C509D091D4D1FE386947E88B58C0A2722A1FF46B9FBD2BA27 C:\Program Files\IDA Pro 7.5\loaders\MemZipLoader64.dll
C45ED73B96C3FE96AB8907D1EBA80512948A697A831A646BC985A2C024E0C2D5 C:\Program Files\IDA Pro 7.5\loaders\UrlLoader.dll
5724D32F520F390DA68D6B61F3C3F49511F54BF2B1C21C9DCE2EA5EA7F508D3B C:\Program Files\IDA Pro 7.5\loaders\UrlLoader64.dll

When loading IDA Pro, I only see the UrlLoader being loaded, the MemZipLoader isn't loaded:

Possible file format: UrlLoader (C:\Program Files\IDA Pro 7.5\loaders\UrlLoader64.dll)
Possible file format: ZIP (C:\Program Files\IDA Pro 7.5\loaders\archldr_zip64.dll)

  bytes   pages size description
--------- ----- ---- --------------------------------------------
  2048000   250 8192 allocating memory for b-tree...
  2048000   250 8192 allocating memory for virtual array...
   262144    32 8192 allocating memory for name pointers...
-----------------------------------------------------------------
  4358144            total memory allocated

I am using IDA Pro 7.5.201028.

image

I'm willing to provide assistance to diagnose this on request, thanks again.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.