hasherezade/pe_unmapper

GitHub: hasherezade/pe_unmapper

一个小巧的命令行工具，用于在PE文件的原始对齐和虚拟对齐格式之间进行转换，方便还原和分析从内存中导出的PE文件。

Stars: 115 | Forks: 16

# pe_unmapper [![构建状态](https://ci.appveyor.com/api/projects/status/mr5g6h6ld8tc6c5q?svg=true)](https://ci.appveyor.com/project/hasherezade/pe-unmapper) [![GitHub 发布](https://img.shields.io/github/release/hasherezade/pe_unmapper.svg)](https://github.com/hasherezade/pe_unmapper/releases) [![Github 所有版本](https://img.shields.io/github/downloads/hasherezade/pe_unmapper/total.svg)](https://github.com/hasherezade/pe_unmapper/releases) 用于在 PE 对齐方式（raw 和 virtual）之间进行转换的小工具。支持便捷的 PE unmapping：有助于还原从内存中 dump 下来的可执行文件。用法： ``` Args: Required: /in : Input file name Optional: /base : Base address where the image was loaded: in hex /out : Output file name /mode : Choose the conversion mode: U: UNMAP (Virtual to Raw) [DEFAULT] M: MAP (Raw to Virtual) R: REALIGN (Virtual to Raw, where: Raw == Virtual) ``` 示例： ``` pe_unmapper.exe /in _02660000.mem /base 02660000 /out payload.dll ```

标签：C/C++, DAST, DNS 反向解析, DNS 解析, meg, PE Dump还原, PE Unmapper, PE文件处理, PE格式转换, Raw to Virtual, SecList, Virtual to Raw, 事务性I/O, 云资产清单, 信息安全, 内存取证, 内存对齐, 可执行文件修复, 恶意软件分析, 磁盘对齐, 端点检测与响应, 脱壳工具, 逆向工程