8000 GitHub - desperadosec/appcut: A helper tool to grab binary blobs from IDA-analyzed binaries and wrap them via Python.
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

desperadosec/appcut

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
test
test
 
 
DumpFunc.py
DumpFunc.py
 
 
README.md
README.md
 
 
dump.py
dump.py
 
 
func.py
func.py
 
 
unex.py
unex.py
 
 

Repository files navigation

AppCut

AppCut is a supplemental tool to extend and extract the functionality of IDA Pro's AppCall function.

The IDA API AppCall function allows an analyst to call an unexported function within a binary. For instance, if a piece of malware has a Domain Generation Algorithm (DGA) or custom encoder, AppCall can be used to invoke it with arbitrary parameters and use the function to obtain results.

But what if you want to extend this, or use a function without having to start IDA? I designed AppCut to export the function to a binary blob, and allow malware analysts to wrap the function with CTypes and invoke it via Python. This way, a function can be incorporated into a larger framework, automated malware analysis script, and so on.

About

A helper tool to grab binary blobs from IDA-analyzed binaries and wrap them via Python.

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages
0