Skip to content

nettitude/binja-fix-stomped-imports

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
plugin.json
plugin.json
 
 

Repository files navigation

Fix stomped imports

Author: Rob Bone (LRQA Nettitude)

Fix stomped imports

Description:

Recover the imports from a stomped PE header by pasting in an IAT dump from dynamic analysis.

Simply copy the IAT during dynamic analysis using e.g. x64dbg and paste it into the plugin dialog.

See the blog post for more details: https://labs.nettitude.com/blog/binary-ninja-plugin-fix-stomped-imports

Live malware example sample: acf361296c9e1cf5b4ceff11e1790c57e6e1d753df9bef087aadad256dc5a123

Minimum Version

5529

License

This plugin is released under an MIT license.

Metadata Version

2

About

Binary Ninja plugin to recover the imports from a stomped PE header.

labs.nettitude.com/blog/binary-ninja-plugin-fix-stomped-imports

Topics

reverse-engineering binary-ninja malware-analysis

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

3 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 2

v1.1 Documentation Update Latest
Sep 19, 2024
+ 1 release

Packages

No packages published

Languages