GitHub - peterius/processdumper: console utility for software analysis

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 77 Commits
helperlib		helperlib
thirtytwobithelper		thirtytwobithelper
warontencent		warontencent
.gitignore		.gitignore
LICENSE		LICENSE
README		README
driver.cpp		driver.cpp
driver.h		driver.h
functionstohook.xml		functionstohook.xml
ipcsocket.cpp		ipcsocket.cpp
ipcsocket.h		ipcsocket.h
kernelreplacements.cpp		kernelreplacements.cpp
kernelreplacements.h		kernelreplacements.h
libraryloader.cpp		libraryloader.cpp
libraryloader.h		libraryloader.h
loadfiles.cpp		loadfiles.cpp
loadfiles.h		loadfiles.h
processdumper.cpp		processdumper.cpp
processdumper.rc		processdumper.rc
processdumper.sln		processdumper.sln
processdumper.vcxproj		processdumper.vcxproj
processdumper.vcxproj.filters		processdumper.vcxproj.filters
query.cpp		query.cpp
query.h		query.h
reconstitute.cpp		reconstitute.cpp
reconstitute.h		reconstitute.h
resource.h		resource.h
targetver.h		targetver.h
winnt.h		winnt.h
x64_syscalls.asm		x64_syscalls.asm

Repository files navigation

* dirty, unfinished, exploratory code for analyzing software
* Run it from an administrator console or it will quit with some unhelpful error.
* From pretty early on, I started compiling the console application 64 bit.  So while it should work on 32 bit applications, it will likely be broken if compiled for 32 bit.
* installing driver requires:

	bcdedit -set TESTSIGNING ON
	and reboot

	and to turn it off bcdedit -set TESTSIGNING OFF

	I think I used

	MakeCert -r -pe -ss PrivateCertStore -n "CN=test.com(test)" testcert.cer

	for the signing certificate and then set the test certificate in the driver project properties.  Pretty sure it's per-machine

	makecert-test-certificate from msdn