Skip to content

schrodyn/memberref2yara

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dump_table.py
dump_table.py
 
 
memberref2yara.py
memberref2yara.py
 
 

Repository files navigation

memberref2yara

Dump .NET MemberRef Table as a Yara Rule.

This is rather unstable right now. You have been warned.

Quick and dirty tool to dump the MemberRef table from .NET PE Files and also generate a Yara rule for the table data.

Requirements

  • python3 (Tested with python3.7)
  • vivisect
  • pefile

Bugs

Yes, there are bugs. This is alpha software and a project for learning. I will fix them. Real Soon Now™

TODO

  • Fix rule name
  • Ditch all superfluous code
  • Scan for .NET magic vs. offset from CLI header
  • Swap pefile for vivisect PE library
  • Add some additional helpers
  • For the love of all that is holy, add some error handling!

About

Dump .NET MemberRef Table as a Yara Rule

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages