Skip to content

v3.0.0
Compare
Choose a tag to compare
@psrok1 psrok1 released this 03 Dec 11:35
· 106 commits to master since this release
v3.0.0
f6635c8

Breaking changes:

  • Refactored ProcessMemory regions - part of internally used interface changed a bit. iter_regions, readv_regions have slightly different argument names and behavior. Lots of corner-cases related with cross-region access have been fixed.
  • Static configuration extraction engine has different strategy for processing binaries. Firstly it tries to find as many PE/ELF binaries as possible and extracts configuration using both memory- and file-alignment. Then the best config is chosen based on number of successfully ripped config keys.
  • Improved logging (malduck -v extract) and exception handling (especially for PE/ELF parse errors)

New features:

  • [beta] ProcessMemory interface for IDAPython (IDAProcessMemory or idamem, tested in IDA Pro >7.0)
  • Added malduck.crypto.aes.AES.encrypt (but hey, we still need to refactor all these crypto things later...)

Bugfixes:

  • malduck.crc32 is guaranteed to return unsigned value both in Py2/Py3
Assets 2
Loading