sentinelabs / memloader Goto Github PK
View Code? Open in Web Editor NEWMemory Loader Open Source Project by Sentinel-Labs.
License: Other
Memory Loader Open Source Project by Sentinel-Labs.
License: Other
In the SDK version 7.6 there are some changes, so that it compiles correctly I share my solution.
SDK: renamed confusing inf_is_32bit() -> inf_is_32bit_or_higher(); added inf_is_32bit_exactly(), inf_is_16bit(), inf_get_app_bitness()
in MemoryLoader.cpp:
line 135 change:
else if (inf_is_32bit()) {
to
else if (inf_is_32bit_or_higher()) {
line 148 change:
if (!inf_is_64bit() && !inf_is_32bit()) {
to
if (!inf_is_64bit() && !inf_is_32bit_or_higher()) {
Hi, and THANK YOU VERY MUCH for that plugin, I also get annoyed by McAfee whenever reversing binaries, and popping a full VM just to unpack generic malware is annoying.
I downloaded the archive and ran the following script:
Expand-Archive .\BinaryPackage.zip
cp .\BinaryPackage\MemoryLoader.dll 'C:\Program Files\IDA Pro 7.5\'
cp .\BinaryPackage\MemoryLoader64.dll 'C:\Program Files\IDA Pro 7.5\'
cp .\BinaryPackage\MemZipLoader.dll 'C:\Program Files\IDA Pro 7.5\loaders\'
cp .\BinaryPackage\MemZipLoader64.dll 'C:\Program Files\IDA Pro 7.5\loaders\'
cp .\BinaryPackage\UrlLoader.dll 'C:\Program Files\IDA Pro 7.5\loaders\'
cp .\BinaryPackage\UrlLoader64.dll 'C:\Program Files\IDA Pro 7.5\loaders\'
Integrity check:
gci -r 'C:\Program Files\IDA Pro 7.5\' | ? Name -IMatch "(Memory|URL|MemZip)Loader(64|).dll" | % {Get-FileHash $_.fullname} | select hash, path
PS C:\tmp> gci -r 'C:\Program Files\IDA Pro 7.5\' | ? Name -IMatch "(Memory|URL|MemZip)Loader(64|).dll" | % {Get-FileHash $_.fullname} | select hash, path
Hash Path
---- ----
4DEC6D0FA09EABBC2358BEDC8B4E239198D78FAF96F4505846061F6CFA0B2DB3 C:\Program Files\IDA Pro 7.5\MemoryLoader.dll
330A217D92D3C1C39E4431C7ABC48D01C69F379960F6902FE36C9BE3C4F528C6 C:\Program Files\IDA Pro 7.5\MemoryLoader64.dll
786BF93D2500B47D3C3C3590EF9ED2AA40AEC2F2B39CC2939DE09B4E70C806A0 C:\Program Files\IDA Pro 7.5\loaders\MemZipLoader.dll
5E3A410ED5D6273C509D091D4D1FE386947E88B58C0A2722A1FF46B9FBD2BA27 C:\Program Files\IDA Pro 7.5\loaders\MemZipLoader64.dll
C45ED73B96C3FE96AB8907D1EBA80512948A697A831A646BC985A2C024E0C2D5 C:\Program Files\IDA Pro 7.5\loaders\UrlLoader.dll
5724D32F520F390DA68D6B61F3C3F49511F54BF2B1C21C9DCE2EA5EA7F508D3B C:\Program Files\IDA Pro 7.5\loaders\UrlLoader64.dll
When loading IDA Pro, I only see the UrlLoader being loaded, the MemZipLoader isn't loaded:
Possible file format: UrlLoader (C:\Program Files\IDA Pro 7.5\loaders\UrlLoader64.dll)
Possible file format: ZIP (C:\Program Files\IDA Pro 7.5\loaders\archldr_zip64.dll)
bytes pages size description
--------- ----- ---- --------------------------------------------
2048000 250 8192 allocating memory for b-tree...
2048000 250 8192 allocating memory for virtual array...
262144 32 8192 allocating memory for name pointers...
-----------------------------------------------------------------
4358144 total memory allocated
I am using IDA Pro 7.5.201028.
I'm willing to provide assistance to diagnose this on request, thanks again.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.