[Vol-dev] New On this list
Jason Reynolds
JReynolds at pathwayforensics.com
Fri Oct 9 15:57:46 CDT 2009
Hi!
I'm new to this list but I'd like to help on a few parts of the PE parsing apparati. I will be reviewing the source this week.
Is there any objection to a -v (verbose) flag which would output offsets to header references to the specified objects to assist
with manual image inspection?
Typically I use automated tools to an extent, but another feature I'd like to add is actual PE extraction if the executable was fully
loaded into memory (say the file self removes, or a rootkit lives only in RAM). This way we could plug things directly into objdump
or another disassembler of choice (IDA Pro here).
Thoughts? Suggestions?
Regards,
Jason Reynolds
More information about the Vol-dev
mailing list