GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → audibleblink → ino

audibleblink / ino

Licence: other
In 'n Out - See what goes in and comes out of PEs

Programming Languages

go
31211 projects - #10 most used programming language

Labels

winapireverse-engineeringbinary-analysis

Projects that are alternatives of or similar to ino

Ai tetris
AI 俄罗斯方块(C++)
Stars: ✭ 150 (+435.71%)
Mutual labels:  winapi
UniWindowController
Makes your Unity window transparent and allows files dropping
Stars: ✭ 148 (+428.57%)
Mutual labels:  winapi
asm2vec
An unofficial implementation of asm2vec as a standalone python package
Stars: ✭ 127 (+353.57%)
Mutual labels:  binary-analysis
Winlamb
A lightweight modern C++11 library for Win32 API, using lambdas to handle Windows messages.
Stars: ✭ 157 (+460.71%)
Mutual labels:  winapi
Chromely
Build HTML Desktop Apps on .NET/.NET Core/.NET 5 using native GUI, HTML5, JavaScript, CSS
Stars: ✭ 2,728 (+9642.86%)
Mutual labels:  winapi
binary-auditing-solutions
Learn the fundamentals of Binary Auditing. Know how HLL mapping works, get more inner file understanding than ever.
Stars: ✭ 61 (+117.86%)
Mutual labels:  binary-analysis
Winapi Wrapper
Windows API wrapper class for simulating mouse movement, clicking, and more.
Stars: ✭ 92 (+228.57%)
Mutual labels:  winapi
GetConsoleHistoryAndOutput
An Incident Response tool to extract console command history and screen output buffer
Stars: ✭ 41 (+46.43%)
Mutual labels:  winapi
Injectopi
A set of tutorials about code injection for Windows.
Stars: ✭ 237 (+746.43%)
Mutual labels:  winapi
binary viewer
A binary visualization tool to aid with reverse engineering and malware detection similar to Cantor.Dust
Stars: ✭ 55 (+96.43%)
Mutual labels:  binary-analysis
Mctrl
C library providing set of additional user interface controls for Windows, intended to be complementary to standard Win32API controls from USER32.DLL and COMCTL32.DLL.
Stars: ✭ 169 (+503.57%)
Mutual labels:  winapi
Xdpw
XD Pascal: A small embeddable self-hosting Pascal compiler for Windows. Supports Go-style methods and interfaces
Stars: ✭ 199 (+610.71%)
Mutual labels:  winapi
sigkit
Function signature matching and signature generation plugin for Binary Ninja
Stars: ✭ 38 (+35.71%)
Mutual labels:  binary-analysis
Win32 Programming
Win32编程
Stars: ✭ 151 (+439.29%)
Mutual labels:  winapi
crackerjack
A collection of crackmes
Stars: ✭ 37 (+32.14%)
Mutual labels:  binary-analysis
Vac Hooks
Hook WinAPI functions used by Valve Anti-Cheat. Log calls and intercept arguments & return values. DLL written in C.
Stars: ✭ 103 (+267.86%)
Mutual labels:  winapi
PEiD
Yet another implementation of PEiD with yara
Stars: ✭ 12 (-57.14%)
Mutual labels:  binary-analysis
crete-dev
CRETE under development
Stars: ✭ 56 (+100%)
Mutual labels:  binary-analysis
awesome-executable-packing
A curated list of awesome resources related to executable packing
Stars: ✭ 720 (+2471.43%)
Mutual labels:  binary-analysis
kar98k public
pwn & ctf tools for windows
Stars: ✭ 24 (-14.29%)
Mutual labels:  binary-analysis
View All Similar Projects ➔

In 'n Out

Parse and return PE information

ino -v comsvcs.dll

{
  "Name": "<string>",
  "Path": "<string>",
  "Type": "<string file|directory>",
  "Imphash": "<string>",
  "Imports": [{ 
  	"Host": "<string>", 
	"Functions": ["<string>",]},],
  "Exports": ["<string>",],
  "Forwards": ["<string>",],
  "PDB": "<string>",
  "Sections": [{
  	"Name": "<string>",
	"Perm": "<string>",
	"FileOffset": int,
	"VMA": int, 
	"Size": int,
  }],
}

If compiled as a Windows EXE, there will be an additional property:

"DACL": {
      "Owner": "<string>",
      "Group": "<string>",
      "Aces": {
            "Principal": "<string>",
            "Rights": ["<string>", ...]
      }
}
Usage of ino:
  -def string
        Print a .def file for a mathing dll
        Ex: ino -def dbghelp.dll teams.exe
  -dir string
        Directory to recurse
  -exports
        Print Exports only
  -forwards
        Print Forwards only
  -imphash
        Print ImpHash only
  -imports
        Print Imports only
  -type string
        Use with --dir. Get [exe|dll]
  -v    Print additional fields

Cypher / Neo4j

Creating the Dataset

ino -dir /windows/system32 -type dll > sys32.dll.json
ino -dir /windows/system32 -type exe > sys32.exe.json

Importing the Dataset to Neo4j

the below queries are for an old version of the JSON output. they remain as notes for me to reference

CALL apoc.load.json("file:///sys32_dll.json") 
YIELD value AS dllData
MERGE (dll:DLL {name: dllData.Name, complete: false})
SET dll.exports = dllData.Exports
SET dll.path = dllData.Path
SET dll.imphash = dllData.ImpHash
SET dll.complete =  true

WITH dll, dllData UNWIND dllData.Imports AS import
MERGE (dll1:DLL {name: import.Host})
FOREACH (i in CASE WHEN dll1.complete THEN [] ELSE [1] END |
	SET dll1.complete = false)
WITH dll, dll1, import, dllData UNWIND import.Functions as func
MERGE (dll)-[:IMPORTS {fn: func}]->(dll1)

WITH dll, dllData UNWIND dllData.Forwards AS fwd
MERGE (dll3:DLL {name: fwd.Host})
FOREACH (i in CASE WHEN dll3.complete THEN [] ELSE [1] END |
	SET dll3.complete = false)
WITH dll, dll3, fwd UNWIND fwd.Functions as func
MERGE (dll)-[:FORWARDS {fn: func}]->(dll3)
CALL apoc.load.json("file:///sys32_exe.json")
YIELD value AS exeData
MERGE (exe:EXE {name: exeData.Name, path: exeData.Path, imphash: exeData.ImpHash})
SET exe.exports = exeData.Exports

WITH exe, exeData UNWIND exeData.Imports AS import
MERGE (dll:DLL {name: import.Host})
FOREACH (i in CASE WHEN dll.complete THEN [] ELSE [1] END |
	SET dll.complete = false)
WITH dll, exe, import, exeData UNWIND import.Functions as func
MERGE (exe)-[:IMPORTS {fn: func}]->(dll)

WITH exe, exeData UNWIND exeData.Forwards AS fwd
MERGE (dll2:DLL {name: fwd.Host})
FOREACH (i in CASE WHEN dll2.complete THEN [] ELSE [1] END |
	SET dll2.complete = false)
WITH dll2, exe, fwd UNWIND fwd.Functions as func
MERGE (exe)-[:FORWARDS {fn: func}]->(dll2)
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].