Helper library to generate DRAKVUF profiles.

Project description

drakpdb

Helper library to generate DRAKVUF profiles.

Installation

pip3 install -r requirements.txt

Example

Generating profile from kernel (with LibVMI)

Get PDB name and GUID/Age using vmi-win-guid

# vmi-win-guid name windows7-sp1
Windows Kernel found @ 0x2610000
        Version: 64-bit Windows 7
        PE GUID: 4ce7951a5ea000
        PDB GUID: 3844dbb920174967be7aa4a2c20430fa2
        Kernel filename: ntkrnlmp.pdb
        ...

Download PDB and parse it to a json profile

python3 drakpdb.py fetch_pdb ntkrnlmp.pdb 3844dbb920174967be7aa4a2c20430fa2
python3 drakpdb.py parse_pdb ntkrnlmp.pdb > ntkrnlmp.json

Generating profile from DLL

Use symchk.py from moyix/pdbparse to obtain PDB

Use:

python3 drakpdb.py parse_pdb dllname.pdb > dllname.json

Project details

Release history Release notifications | RSS feed

This version

0.2.2

Aug 1, 2024

0.2.1

Aug 1, 2024

0.2.0

Jul 31, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

drakpdb-0.2.2.tar.gz (49.6 kB view hashes)

Uploaded Aug 1, 2024 Source

Built Distributions

drakpdb-0.2.2-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (66.9 kB view hashes)

Uploaded Aug 1, 2024 PyPy manylinux: glibc 2.17+ x86-64

drakpdb-0.2.2-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (66.9 kB view hashes)

Uploaded Aug 1, 2024 PyPy manylinux: glibc 2.17+ x86-64

drakpdb-0.2.2-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (66.9 kB view hashes)

Uploaded Aug 1, 2024 PyPy manylinux: glibc 2.17+ x86-64

drakpdb-0.2.2-cp312-cp312-musllinux_1_2_x86_64.whl (96.1 kB view hashes)

Uploaded Aug 1, 2024 CPython 3.12 musllinux: musl 1.2+ x86-64

drakpdb-0.2.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (95.9 kB view hashes)

Uploaded Aug 1, 2024 CPython 3.12 manylinux: glibc 2.17+ x86-64

drakpdb-0.2.2-cp311-cp311-musllinux_1_2_x86_64.whl (96.2 kB view hashes)

Uploaded Aug 1, 2024 CPython 3.11 musllinux: musl 1.2+ x86-64

drakpdb-0.2.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (96.0 kB view hashes)

Uploaded Aug 1, 2024 CPython 3.11 manylinux: glibc 2.17+ x86-64

drakpdb-0.2.2-cp310-cp310-musllinux_1_2_x86_64.whl (96.2 kB view hashes)

Uploaded Aug 1, 2024 CPython 3.10 musllinux: musl 1.2+ x86-64

drakpdb-0.2.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (95.9 kB view hashes)

Uploaded Aug 1, 2024 CPython 3.10 manylinux: glibc 2.17+ x86-64

drakpdb-0.2.2-cp39-cp39-musllinux_1_2_x86_64.whl (96.0 kB view hashes)

Uploaded Aug 1, 2024 CPython 3.9 musllinux: musl 1.2+ x86-64

drakpdb-0.2.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (95.8 kB view hashes)

Uploaded Aug 1, 2024 CPython 3.9 manylinux: glibc 2.17+ x86-64

drakpdb-0.2.2-cp38-cp38-musllinux_1_2_x86_64.whl (96.1 kB view hashes)

Uploaded Aug 1, 2024 CPython 3.8 musllinux: musl 1.2+ x86-64

drakpdb-0.2.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (96.3 kB view hashes)

Uploaded Aug 1, 2024 CPython 3.8 manylinux: glibc 2.17+ x86-64

Hashes for drakpdb-0.2.2.tar.gz

Hashes for drakpdb-0.2.2.tar.gz
Algorithm	Hash digest
SHA256	`7016c48ed84809d1abd7ef6d9ef561a675a404e75fd6ca59beb8805c6b185c8e`
MD5	`0fa472f3a084f282e15fbf13af0af3ef`
BLAKE2b-256	`ffa3d150f872232ac4ef553e40b7e4c8125e7383407166e6b4b226a3a2cf071f`

Hashes for drakpdb-0.2.2-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Hashes for drakpdb-0.2.2-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm	Hash digest
SHA256	`5241945d1ed711b1f645f115e81f2d5772fa08caefa40c83ca46a05b6ed6a9f0`
MD5	`1f91e708e5f1386872c00673cbd06c48`
BLAKE2b-256	`55b6e2480482f7880d029087314c5b2a22c0880e84c87d8e5d90fb3a4ebc6234`

Hashes for drakpdb-0.2.2-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Hashes for drakpdb-0.2.2-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm	Hash digest
SHA256	`787bcc15424562f4761f61224008223a2a5ff45d71981a20d9bb9dc4957da284`
MD5	`02f5af55f4c240da3c99ef41c94e7d11`
BLAKE2b-256	`a3ade5244b82e0eb8a62a7d9d436400af0a936e780b77c15756db91f24f08a0e`

Hashes for drakpdb-0.2.2-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Hashes for drakpdb-0.2.2-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm	Hash digest
SHA256	`b27077713ed88b6c1415251453dad708137a5f56f54b1abdbdec9275d9c39f7c`
MD5	`2a43a1a3dbca8d1db31b9327b07f3a6c`
BLAKE2b-256	`daa7d749f6c44bf362c2b0f0b7536a4003aae6c4ee0de57cb8270661c273a75e`

Hashes for drakpdb-0.2.2-cp312-cp312-musllinux_1_2_x86_64.whl

Hashes for drakpdb-0.2.2-cp312-cp312-musllinux_1_2_x86_64.whl
Algorithm	Hash digest
SHA256	`5bdde0faa76cf67beff0713722a02756499eae84a6805cd9e402a42aea71d2a9`
MD5	`82008d1955b707e16ae70108716cbf69`
BLAKE2b-256	`53edadcd75107fad773e8b15696774fcbd5afe5d3661e27a703c41d8bbe34e91`

Hashes for drakpdb-0.2.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Hashes for drakpdb-0.2.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm	Hash digest
SHA256	`0ab4966d75ef522f4a610f3fcbac819609a190ed7ce64c7e52e724b4a6d2f3f7`
MD5	`1224d39186bb3eeca59e6be8a0bc5c8e`
BLAKE2b-256	`9580b9393d9c90cc62fca62b8fc513e470be61d1c6ab87eaf2b8203fc0ef9f30`

Hashes for drakpdb-0.2.2-cp311-cp311-musllinux_1_2_x86_64.whl

Hashes for drakpdb-0.2.2-cp311-cp311-musllinux_1_2_x86_64.whl
Algorithm	Hash digest
SHA256	`8b034d529f1d890b86b27e55d2c634131ae23043b2df3c694bd5f4ed9d4cdd89`
MD5	`0de90eca437ea1f802afcfa976812013`
BLAKE2b-256	`678219d7e8ac6e4887c9bbc39095c81e5c4da8aadc8a2c1c243b49d0bc31fea7`

Hashes for drakpdb-0.2.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Hashes for drakpdb-0.2.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm	Hash digest
SHA256	`d46e0ff080dca6c113adf365721953af05004b6d7deb485abca50c74443418d1`
MD5	`c5b24fc63a4c81d03c9a733fab121868`
BLAKE2b-256	`fbdaadae882bcbbdccfac2540fdecaccf900bb6eca9cd9fd8772a4c95856a665`

Hashes for drakpdb-0.2.2-cp310-cp310-musllinux_1_2_x86_64.whl

Hashes for drakpdb-0.2.2-cp310-cp310-musllinux_1_2_x86_64.whl
Algorithm	Hash digest
SHA256	`4f2d4d0f85fd36d9e606327ebe2c00a13456665a64c85580708782c15fe146d8`
MD5	`3968f72445036a8eb47b68f6d87b3390`
BLAKE2b-256	`d3d548e15a8fc806485496c5039a9b36e16808860c3af6af586ef6304c7eaac9`

Hashes for drakpdb-0.2.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Hashes for drakpdb-0.2.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm	Hash digest
SHA256	`2184354bc569f7dc2420d94b3b0e33606c1917b706ed63832498a621632f1a34`
MD5	`b380c78455a22c33b65f1cab04f1f71b`
BLAKE2b-256	`cc4de7db30a3f61d6f053483834324916fcedbe7fcf6f65e3a8826a775abb0bf`

Hashes for drakpdb-0.2.2-cp39-cp39-musllinux_1_2_x86_64.whl

Hashes for drakpdb-0.2.2-cp39-cp39-musllinux_1_2_x86_64.whl
Algorithm	Hash digest
SHA256	`cb33b8b5e07e7d4c80f9ac85497cdb4f5e824766115427744e094181d4a2614b`
MD5	`69e1def5b9c8a028d9944b9e01e8e2ff`
BLAKE2b-256	`2d591d6a919c5e9d6f003669d48b0c9f904df212885c25cd7f5fbe89ca322d0f`

Hashes for drakpdb-0.2.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Hashes for drakpdb-0.2.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm	Hash digest
SHA256	`771a11fb99f12d3087f8c13cae879d0bb2ab162be6c3fe838dd38c64872347cc`
MD5	`ecea21fe54219fd4d7482a041f069645`
BLAKE2b-256	`367cea705f3f0969ded2bb7a7f7359fd81eaceff446745663f16ae96bdf9b7a7`

Hashes for drakpdb-0.2.2-cp38-cp38-musllinux_1_2_x86_64.whl

Hashes for drakpdb-0.2.2-cp38-cp38-musllinux_1_2_x86_64.whl
Algorithm	Hash digest
SHA256	`ea276b2a7d0c216f26a4591eb3bb11f380efa342237368c7b83fbf6b1b47c1fc`
MD5	`89bb4562e42bb03a3c8a4e51c31204da`
BLAKE2b-256	`d941b2ad22946a95749228ea2227b4b7789d7ddd6f4e840760a2c8378150de69`

Hashes for drakpdb-0.2.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Hashes for drakpdb-0.2.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm	Hash digest
SHA256	`c73451349c154ce3aa3c013e9da95541240282422eb0d97a0414bb69340dfbf9`
MD5	`79efa30f278f056580613292e89b6d22`
BLAKE2b-256	`011ac50e1a2aefff19a012367f603763b4fa613f664e6f75b6f821df908720ec`