KasperskyLab / Vbscriptinternals
Scripts for disassembling VBScript p-code in the memory to aid in exploits analysis
Stars: ✭ 74
Programming Languages
python
139335 projects - #7 most used programming language
VBscriptInternals
Author: Boris Larin
This repository contains scripts for disassembling VBScript p-code in the memory to aid in exploits analysis.
https://securelist.com/delving-deep-into-vbscript-analysis-of-cve-2018-8174-exploitation/86333/
Contents
kl_vbs_disasm_ida.py
- Script for IDA Pro
kl_vbs_disasm_windbg.py
- Script for WinDbg with PyKD extension
Usage
Set breakpoint at
function vbscript!CScriptRuntime::RunNoEH
and use appropriate script after breakpoint is hit.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].