| Written by David Reguera García |
| Wednesday 14 March 2007 |
|
DOWNLOAD
PEBTry BETA 5, obtains the debugging privileges also uses a NEW ALGORITHM! to find
the name of an imported function when it does not come up at IMPORT DIRECTORY,
the method is included in the source code, enjoy it :-).
The method I have created consists in starting from an address at the IAT, to obtain
the name of the function searching at the EXPORT DIRECTORY of the library in memory,
through the PEB.
For more information look at the source code. |
Last update ( Wednesday 14 Mach 2007 |
| Written By David Reguera García |
| Monday 12 February 2007 |
|
DOWNLOAD
BETA 2 of PEBTry!!, new features and here are some: Show all the imported libraries at
that moment, in the process memory (obviously the ones loaded with LoadLibrary wil
l appear), also now is easier to handle through the syntax: “pebtry.exe -p PID” , among
other bug fixes, mingw has been used to compile it.
|
Last update ( Monday 12 february 2007 ) |
| Written By David Reguera García |
| Monday, 22 January 2007 |
|
DOWNLOAD
Tool that extracts the PEB from other processes, lists processes, it is capable of trying to get
the PEB of more than one process at a time or from all of the system, still in beta stage,
more things are going to be added, like for example to show all the libraries that imports in
the process.
http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/
NT%20Objects/Process/PEB.html
|
Last update ( Monday, 22 January 2007 ) |
|