Helper library to generate DRAKVUF profiles.
Project description
drakpdb
Helper library to generate DRAKVUF profiles.
Installation
pip3 install -r requirements.txt
Example
Generating profile from kernel (with LibVMI)
-
Get PDB name and GUID/Age using
vmi-win-guid# vmi-win-guid name windows7-sp1 Windows Kernel found @ 0x2610000 Version: 64-bit Windows 7 PE GUID: 4ce7951a5ea000 PDB GUID: 3844dbb920174967be7aa4a2c20430fa2 Kernel filename: ntkrnlmp.pdb ... -
Download PDB and parse it to a json profile
python3 drakpdb.py fetch_pdb ntkrnlmp.pdb 3844dbb920174967be7aa4a2c20430fa2 python3 drakpdb.py parse_pdb ntkrnlmp.pdb > ntkrnlmp.json
Generating profile from DLL
- Use symchk.py from moyix/pdbparse to obtain PDB
- Use:
python3 drakpdb.py parse_pdb dllname.pdb > dllname.json
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
drakpdb-0.2.0.tar.gz
(49.5 kB
view details)
Built Distributions
File details
Details for the file drakpdb-0.2.0.tar.gz.
File metadata
- Download URL: drakpdb-0.2.0.tar.gz
- Upload date:
- Size: 49.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 904cbfe82f8d0805b0046cd1cc0b92e4fea14c8fe3ab49ce7656ef10cbc40d29 |
|
| MD5 | 2727cb4b7239641c33b19736279dbb1b |
|
| BLAKE2b-256 | 139c07941e3496659b6ee71bd1de3a1797d463e757b2e8b12f7da847404d18e5 |
File details
Details for the file drakpdb-0.2.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 66.9 kB
- Tags: PyPy, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0384c4701d174c9afe50be926162a2d38ad0070631292f25e1b901227e24f118 |
|
| MD5 | f583cd335a5774d58dc1fff2acb112eb |
|
| BLAKE2b-256 | 9c565ae3dfe008c9008feae6959934c7b304bcac5dc16a2f296b75fff4fc3386 |
File details
Details for the file drakpdb-0.2.0-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 66.9 kB
- Tags: PyPy, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 960110ee4a1dcfcb5ee8d323f6ec6606fdb3bb7504909809581b7ba9330f726b |
|
| MD5 | 36c33493d09950b737ccb4b58de816a5 |
|
| BLAKE2b-256 | 25d975001eadc4897f206e8c2f4563a39eb4d33b50d3093028b343ec985f96e4 |
File details
Details for the file drakpdb-0.2.0-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-pp38-pypy38_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 66.9 kB
- Tags: PyPy, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 359fcf5fdbec51444217c7b936272c24a7095a174af249062de55ffb41205eef |
|
| MD5 | 36bf4fe703a9e9d4c0382c585502bebb |
|
| BLAKE2b-256 | fc4b5a3070a2baa0d07a91dbce72000550deaf4ad2caeb995b71e8152fff79cf |
File details
Details for the file drakpdb-0.2.0-cp312-cp312-musllinux_1_2_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-cp312-cp312-musllinux_1_2_x86_64.whl
- Upload date:
- Size: 96.1 kB
- Tags: CPython 3.12, musllinux: musl 1.2+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ae961292ae283a1363dbc4f56d21057775e45bd98b1df4e707a0fb40f84c2338 |
|
| MD5 | 6898f05bc31a04bc6d94c6919a1b25cc |
|
| BLAKE2b-256 | 2a2d9678ec212d6a4b31efc451571544593fd1fd6d69014099a7f7ca1a5e0740 |
File details
Details for the file drakpdb-0.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 95.9 kB
- Tags: CPython 3.12, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 903f26f8e34a7e28ce785b1dad9f9447070acd0da01ceb3d2fdb5174e625324b |
|
| MD5 | 42e587482293b52523bda828646a3795 |
|
| BLAKE2b-256 | a98e3ffc400e4eeec1ea21f50d0682b008ac960439ae8b279225bf62c8e9546b |
File details
Details for the file drakpdb-0.2.0-cp311-cp311-musllinux_1_2_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-cp311-cp311-musllinux_1_2_x86_64.whl
- Upload date:
- Size: 96.2 kB
- Tags: CPython 3.11, musllinux: musl 1.2+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | dc604532a406d39106a5f8bb3ab59b29fe0fc5c06e1835656d300c204137e59c |
|
| MD5 | 087ded628257c26fb3fdf8488fa57de5 |
|
| BLAKE2b-256 | 9c7d8f3700d8e4c9d3abd9cd9316bfb6a0c78862ee5a598d08de2c667d98eebe |
File details
Details for the file drakpdb-0.2.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 95.9 kB
- Tags: CPython 3.11, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 9830befcf2e6b217ee181a5ef5bed82d03093071418e44fae3b4494c09d93cb9 |
|
| MD5 | 410fc536df75629771bc785572f626a5 |
|
| BLAKE2b-256 | 5103857458cd90d8f0f22749a864a3d4cb72a1bbd70192f9dcff08253cb07cbc |
File details
Details for the file drakpdb-0.2.0-cp310-cp310-musllinux_1_2_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-cp310-cp310-musllinux_1_2_x86_64.whl
- Upload date:
- Size: 96.2 kB
- Tags: CPython 3.10, musllinux: musl 1.2+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 99e1952b569e30f27c4532bb50043e670f2268d59b0899a37054eedbd1c08da2 |
|
| MD5 | 8f55d69a9686cb72add4d013f022db65 |
|
| BLAKE2b-256 | acf44f26caa53d31a9f54b5aed18290432368431505224d572609bb73290f109 |
File details
Details for the file drakpdb-0.2.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 95.9 kB
- Tags: CPython 3.10, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 24979a11a06653ffdd08c7b64acc3be0dfc6190fa33f36d4ad8542c64be1cceb |
|
| MD5 | 0445857fe0d0fbd8ddb2ef7cdcc6cde0 |
|
| BLAKE2b-256 | 89d22aeee91458704c36b95acdcd731e7c792dd959625c6db4236b61bf1bc60d |
File details
Details for the file drakpdb-0.2.0-cp39-cp39-musllinux_1_2_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-cp39-cp39-musllinux_1_2_x86_64.whl
- Upload date:
- Size: 96.0 kB
- Tags: CPython 3.9, musllinux: musl 1.2+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e430f08d1713d58b02145e8933cbd2275a670feff49632c1269dc439f078214f |
|
| MD5 | e82b5029db71bdceb69f55cf0d1c3a82 |
|
| BLAKE2b-256 | 75116062e5344276ca9fe67d96641d8f20947ea9b8366a9acaa2e5e6c4dba1e6 |
File details
Details for the file drakpdb-0.2.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 95.8 kB
- Tags: CPython 3.9, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | aabda22f661410f062d858e5ab1c8f15a7500440dd8dfb68da50fa47c2562d54 |
|
| MD5 | 7a6731e523bc34f58e348bcf17efd7ab |
|
| BLAKE2b-256 | 65c779031b1870a9d45edee063967ddb48db2075c9c83b2af72defe1a7eef516 |
File details
Details for the file drakpdb-0.2.0-cp38-cp38-musllinux_1_2_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-cp38-cp38-musllinux_1_2_x86_64.whl
- Upload date:
- Size: 96.1 kB
- Tags: CPython 3.8, musllinux: musl 1.2+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 73436a3010cbcbf5e6de83895f33b79c7d0be0f3ff31593a00056b5b3841ea1e |
|
| MD5 | 11b3b39d77d430fc1ae1e238634c7368 |
|
| BLAKE2b-256 | 6842cd1dadf3bc54ad833843fe9469bcb7bfd85645b99f682b89262f09d9fe34 |
File details
Details for the file drakpdb-0.2.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.
File metadata
- Download URL: drakpdb-0.2.0-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
- Upload date:
- Size: 96.3 kB
- Tags: CPython 3.8, manylinux: glibc 2.17+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ab87d94848ea6e95527f08cafc29617c73de6f9bea8597c0c9163bf115463661 |
|
| MD5 | e2d7926f4c0bf99b3a78bd618310f90b |
|
| BLAKE2b-256 | d798654adc0706de2f26cc9388d2eccebe29b37b7870de60f58fc5c63cf4edbf |
