Skip to content

mbandzi/capemon

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

415 Commits
CAPE
CAPE
 
 
bson
bson
 
 
distorm
distorm
 
 
libyara
libyara
 
 
loader/loader
loader/loader
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
alloc.c
alloc.c
 
 
alloc.h
alloc.h
 
 
capemon.c
capemon.c
 
 
capemon.filters
capemon.filters
 
 
capemon.sln
capemon.sln
 
 
capemon.user
capemon.user
 
 
capemon.vcxproj
capemon.vcxproj
 
 
capemon.vcxproj.filters
capemon.vcxproj.filters
 
 
config.c
config.c
 
 
config.h
config.h
 
 
hook_crypto.c
hook_crypto.c
 
 
hook_file.c
hook_file.c
 
 
hook_file.h
hook_file.h
 
 
hook_misc.c
hook_misc.c
 
 
hook_network.c
hook_network.c
 
 
hook_process.c
hook_process.c
 
 
hook_reg.c
hook_reg.c
 
 
hook_reg_native.c
hook_reg_native.c
 
 
hook_services.c
hook_services.c
 
 
hook_sleep.c
hook_sleep.c
 
 
hook_sleep.h
hook_sleep.h
 
 
hook_socket.c
hook_socket.c
 
 
hook_special.c
hook_special.c
 
 
hook_sync.c
hook_sync.c
 
 
hook_thread.c
hook_thread.c
 
 
hook_tls.c
hook_tls.c
 
 
hook_window.c
hook_window.c
 
 
hooking.c
hooking.c
 
 
hooking.h
hooking.h
 
 
hooking_32.c
hooking_32.c
 
 
hooking_64.c
hooking_64.c
 
 
hooks.c
hooks.c
 
 
hooks.h
hooks.h
 
 
ignore.c
ignore.c
 
 
ignore.h
ignore.h
 
 
log.c
log.c
 
 
log.h
log.h
 
 
lookup.c
lookup.c
 
 
lookup.h
lookup.h
 
 
misc.c
misc.c
 
 
misc.h
misc.h
 
 
ntapi.h
ntapi.h
 
 
pipe.c
pipe.c
 
 
pipe.h
pipe.h
 
 
unhook.c
unhook.c
 
 
unhook.h
unhook.h
 
 
utf8.c
utf8.c
 
 
utf8.h
utf8.h
 
 

Repository files navigation

capemon: The monitor DLL for CAPE: Config And Payload Extraction (https://github.com/kevoreilly/CAPEv2).

Much of the functionality of CAPE is contained within the monitor; the CAPE debugger, extracted payloads, process dumps and import reconstruction are implemented within capemon. CAPE's loader is also part of this project.

capemon is derived from cuckoomon-modified from spender-sandbox (https://github.com/spender-sandbox/cuckoomon-modified) from which it inherits the API hooking engine. It also includes a PE dumping engine and import reconstruction derived from Scylla (https://github.com/NtQuery/Scylla), WOW64Ext Library from ReWolf (http://blog.rewolf.pl/) and W64oWoW64 fom George Nicolaou.

About

capemon: CAPE's monitor

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 88.5%
  • C++ 11.4%
  • Other 0.1%